An Open Letter to the Newly Minted NERC Compliance Manager
- May 14, 2019 1:43 pm GMT
- 758 views
Congratulations! Whether it's a recent promotion, new job, or the addition of compliance activities to your current position, your take on the transition is likely a combination of job satisfaction, doubt, confusion, and the typical “drinking from the firehose” sensation. All perfectly normal. All you need to do is get your arms around the issues, get a plan together, and things will be just fine. Right? Maybe you’ve inherited a program that runs like a well-oiled machine with nary a blip of non-compliance. Maybe you’ve inherited a program that has a “few issues.” Maybe you get to start a new program from scratch for a newly registered entity. All these scenarios have their unique challenges, but the one constant is you. Here are a few pointers to help you on your journey.
You can’t do the job alone.
Historic challenges have resulted from the Compliance Manager’s difficulties in gaining the cooperation of the operations, maintenance and IT personnel in their company. You must have the full support of senior management for your activities and requests for input across the organization. And, everyone should be perfectly clear on that support.
It’s not uncommon for senior management to view compliance as a regulatory issue that consists of filing papers and reports in a timely manner. In this case, nothing could be farther from the truth. Compliance with reliability standards involves both planning and Real-time operations, plus documented procedures and evidence the procedures have been executed as prescribed, within the timeframe allotted.
If your organization's compliance tasks and coordination appear to be overwhelming, get some help. Depending on how familiar you are with the history and purposes of the standards, a conversation with someone who focuses almost exclusively on compliance can be helpful. You may or may not need the assistance of an outside advisor, and even if you do, you might not need it for a long period of time. But, for the initial conversation, any credible advisor will be happy to have that “why and how” conversation with you at no charge. At times, understanding “why” can help you determine and manage “how” to accomplish compliance activities.
As for understanding “why,” consider some short training sessions for personnel who act as compliance performers. Very few of the NERC Reliability Standards require additional work by the operating or maintenance departments over and above their normal activities. The challenge is producing and archiving evidence of the activities.
If they haven’t contacted you, reach out to your region to make sure your Inherent Risk Assessment is up-to-date if it has been executed or schedule the assessment if it has not. Get to know your regional compliance team. Consider making a trip to visit them or meet them at a workshop or conference. Each and every one of them want you to succeed. They are excellent resources when the occasional “what the heck is this?” question comes up. Which it will.
Don’t be afraid of Internal Controls. They are your friends and can save you much work as you manage your compliance program. The degree to which you have viable controls in place will play a factor in your Inherent Risk Assessment and Compliance Oversite Plan. Internal controls also help you sleep better at night by providing some assurance that key compliance efforts and the production of evidence is getting the proper level attention and follow up.
Subscribe to the NERC Standards, Compliance and Enforcement Bulletin. It helps you keep up with and anticipate changes to the standards. It also provides great information on the latest thinking in compliance steps, lessons learned, and best practices to save you some time and effort. The current bulletin and old bulletins are available under Program News on both the NERC Standards home page and the Compliance & Enforcement home page.
Join industry groups where ideas and advice are freely shared and where you can ask questions of similar Registered Entities who will share their experiences. As mentioned above, regional outreach in the form of Compliance Workshops is useful in two ways: you get to know the personnel who you will be working with on compliance issues; and you’ll meet other entities who likely have some of the same questions you have.
Finally, it is doable, this new responsibility you have. Try to relax, take a deep breath, and reach out for some resources to help you. No one knows everything, but a robust structure exists in the NERC and Regional Entity websites, industry forums, and key advisors to point you in the right direction. Good luck in your new position!