- VNF Alerts
- VNF Updates
- Seminars & Events
- Other Publications
- News & Media Mentions
- Join Distribution Lists
- Connect With Us
Professionals
Related Practices
FERC Issues Guidance Order on NERC Compliance Audits
Print PDFJanuary 21, 2009
On January 15, the Federal Energy Regulatory Commission (FERC) issued guidance to improve the consistency of compliance audits conducted by the North American Electric Reliability Corporation (NERC), and eight Regional Entities with delegated responsibility for enforcing the mandatory Reliability Standards approved by FERC. Compliance audits performed by NERC and the Regional Entities are formal evaluations of the compliance of registered users, owners, and operators of the bulk-power system with the applicable requirements contained in the mandatory reliability standards. Compliance audits may result in findings that a registered entity is fully complaint, or reveal a potential violation of one or more reliability standard requirements.
Key Issues
In its order, FERC finds that additional consistency in compliance audit processes would be beneficial for NERC and the Regional Entities and provides guidance for implementing Section 3.1 of the NERC Compliance Monitoring and Enforcement Program (CMEP). Specifically, FERC proposes a variety of consistency improvements, including:
- Use of NERC Staff rather than Regional Entity staff to conduct audits of the eight Regional Entities;
- Audit team training to improve interview skills, selection of samples, and evaluation of evidence;
- During the pre-audit process, NERC should ensure that requests for information and documents are consistent across Regional Entities;
- Audit team use of spreadsheet checklists for all requirements to be audited; and
- Allowance of sufficient time for pre-audit reviews of mitigation plans.
FERC also finds that during a compliance audit, neither monetary penalties, sanctions, nor litigation/settlement costs should be considered or discussed by the audit team when making decisions about potential violations. Due to FERC’s concern that auditors limit their findings, where penalties can be disproportionate to the cost of formally resolving violations, FERC intends to force the hand of auditors to employ a more mechanical application of violation procedures.
FERC states that audits should assess the reliability compliance program of a registered entity, consistent with the recent FERC compliance Policy Statement. And the audit team should notify a registered entity of findings that are not on-going violations, but that could become violations.
Implications
FERC expects NERC to implement this guidance order, as appropriate, in ongoing and future compliance audits to ensure consistency in the audit processes. While greater consistency and clearer guidance regarding compliance audit processes would benefit registered entities, FERC’s focus on the complete separation of audit and penalty determination roles may effectively limit auditors' ability to exercise practical judgment when considering the implications of finding compliance violations. Taking flexibility away from auditors could ultimately lead to increased penalties, sanctions, and litigation costs that are triggered by compliance audits, once NERC adopts FERC’s guidance.