Fear, uncertainty, and doubt—nearly 5 years into mandatory electric reliability standards and there’s still plenty of it to go around. Some people seem to want it that way. But with regard to compliance audits, it’s just not necessary. I’ve been through a few. Follow these five tips and you too can come out the other end of a NERC audit calm, cool, and collected.
1. Ignore the audit
Perhaps that’s a bit of an exaggeration, but the point is that the audit should not be your focus. Put your attention on reliable operations. Be diligent at maintaining compliance. Keep proper documentation always. If you’re doing what you’re supposed to be doing all along, then the audit becomes no big deal.
2. Remember, it’s just an audit
Uncertainty and doubt breed fear. “What if we can’t find all the maintenance records in time?” “What if the auditor disagrees with our interpretation of that standard?”
Relax! It’s just an audit. The worst thing that can happen is the audit team issues findings of possible violations. You still have time to address those during the enforcement process before they become official alleged violations. After that, you can contest a violation and request a hearing. And you even have an opportunity to appeal a notice of penalty to FERC.
I’m not saying the audit is meaningless, just keep it in perspective. It’s the first step in an enforcement process with multiple opportunities to demonstrate compliance. Documents that take time to locate can be submitted later. Interpretations of standards can be argued at hearing.
Auditors asking for confidential records or showing up at your door (sometimes even with FERC representatives in the group) can be very intimidating. Don’t be afraid, though. Speak up! NERC and regional entity auditors aren’t always right and, in my experience, they usually could do a better job of explaining why they’re asking for something. Now, be careful about refusing to answer a question or provide a requested document. However, don’t hesitate to ask an auditor the basis for his or her request if it seems to imply an assumption or interpretation with which you disagree. At NERC’s recent seminar on audits, Michael Moon, Director of Compliance Operations, said, “This is not a gotcha game. It’s an open book test.” Throughout the seminar, the presenters also encouraged entities to ask questions of their auditors and provide feedback on the audit experience.
4. Shut up
While you should not hesitate to speak up for yourself during an audit, in general, I counsel people to be quiet. With nerves on edge and outsiders questioning one’s work product, there’s a natural tendency to talk—to explain, to justify, to relate interesting stories. This is even more the case when auditors, as they are trained to do, refrain from the personal smalltalk common in business meetings.
Don’t. An audit is not a typical business meeting. You and the auditors are not on the same team. These people are there to determine if you are being compliant with the reliability standards. Answer their questions. But stick to the facts.
5. Do what you say, say what you do
This is both the easiest thing to get wrong and the easiest thing to get right. A number of NERC standards require entities to develop procedures and then follow them. Examples of this include vegetation management plans, maintenance intervals, emergency operations plans, and facility ratings. But besides some general guidelines or limited criteria, the exact procedures or policies are left up to the entities themselves. What could be easier than writing your own standards?
Unfortunately it seems that many entities take this flexibility further than it was intended. They seem to think that because they get to write the procedures themselves, their practices can vary from the procedures if “within reason” or “for the purpose of maintaining reliability.”
Similarly, for many standards a specific procedure document isn’t required, yet an entity may have one for its own reasons. In such a case, there appears even less need to follow the procedure exactly.
Not true! With all due respect to the technical expertise of the engineers and technicians, you need to understand that what we’re dealing with are federal regulations. To be compliant, you must follow the standard exactly as written. If the standard says that you must write a procedure and then implement it, then that is what you must do. Sure, you could have written the procedure differently, but you didn’t. On the other hand, if what you’re doing is better, then change the procedure to match. Even if a procedure document wasn’t required, inconsistencies may lead auditors to question compliance in practice. Don’t let that happen.