Risk Management Services

Transcription

1 Risk Management Services GridSME is proud to offer organizations a variety of risk management services, including the following: RISK ASSESSMENTS Strategic identification of enterprise risks & latent organizational weaknesses INTERNAL CONTROL ASSESSMENTS Health assessment and internal risk control system development RISK-BASED MOCK AUDITS INPUTS Reliability Standards 1. Control Environment 2. Risk Assessments 3. Information & Comm. 4. Monitoring 5. Control Activities Control Activities Policies Procedures Processes Practices OUTPUTS Desired Operational/Compliance Performance Strengthening of internal compliance programs to reduce regulatory intrusion ROOT CAUSE ANALYSES Systematic event causal analysis for identifying and resolving root causes 1847 Iron Point Rd #140 Folsom, CA (916) [email protected]

2 Strategic Optimization Control System Component Rev. 4/11/16 Risk Assessments With a focus on risk matrix methodology, GridSME has developed compliance specific risk assessment methods and tools to help organizations define and articulate their most immediate inherent, control, and detection regulatory risks. The goal of this practice is to strategically identify and manage regulatory risks and latent organizational weaknesses invisible to the corporate risk profile. GridSME utilizes specific risk assessment methods to identify regulatory compliance risks, determine risk priorities, and develop plans to manage or eliminate known issues and unacceptable plausible impacts. Comm. & Information Risk Assessment Control Environment Monitoring Control Act 31% 38% 45% 73% Percentage of Maturity Component Sample diagram of control system component maturity shown above. 77% Using our Maturity Assessment Tool, we interview your subject matter experts (SMEs) to identify your organization s strengths and weaknesses for each of the five components of internal control. We perform an Inherent Risk Assessment (IRA) using our IRA Tool, designed around NERC s criteria for evaluating an entity s risk to the Bulk Electric System (BES). Finally, we provide a roadmap to a future state that includes a higher level of strategic organizational maturity. Business Value Gap LEVEL 5 LEVEL 1 Reactive Ad Hoc Informal Inconsistent Chaotic LEVEL 2 Managed Repeatable Localized Emerging Isolated LEVEL 3 Structured Standardized Defined Measured Competent LEVEL 4 Adoptive Strategic Disciplined Predictable Aligned Optimized Proactive Transforming Agile Adaptive Synthesized Internal Controls Maturity Level

3 Internal Control Assessment & Development GridSME focuses on effectively designed and implemented complianceoriented internal risk controls. Our team has developed compliance specific methods and tools to assist Registered Entities in the development and cataloging of internal risk control frameworks. This process ensures that your organization can better articulate to regulators the health and effectiveness of the organization s compliance-related control systems. GridSME assists organizations in the following areas: Utilization of specific compliance-related control assessment tools to assist clients in assessing, testing, and cataloging existing internal risk control activities. Evaluation and testing of internal risk controls for design and operational effectiveness given inherent risk factors. Utilization of the GridSME Internal Risk Control System (IRCS) scorecard to define the residual risk and control elements that are under or over controlled. Development of internal controls hierarchy, control activities cataloging tools, and corresponding workflow diagrams that articulate the health and effectiveness of the organizational compliance related control system.

4 Risk-based Mock Audits To complement the traditional mock audit approach that ensures your organization is prepared for an actual Electric Reliability Organization (ERO) audit engagement, GridSME utilizes a mock audit methodology that is tailored to the ERO s new Risk-Based Compliance Monitoring approach. The goal is to help organizations articulate their strong internal compliance systems to regulators in order to reduce regulatory intrusion. GridSME assists organizations in the following areas: Testing and assessment of the organization s development of documentation to support ERO Inherent Risk Assessments (IRA) and Internal Controls Evaluations (ICE). Conducting mock internal control evaluations that include selected testing of control design, implementation, and effectiveness. Utilization of the ICE process framework currently deployed by the ERO in order to reduce the organization s ERO audit scope and regulatory risk. Risk-based Compliance Oversight Framework

5 Root Cause Analysis The focus of the practice includes using industry standard Root Cause Analysis (RCA) methodology and the associated tools to address and eliminate recurring regulatory risk, violations, and audit findings. Additionally, RCA is utilized to increase mitigation plan quality. GridSME assists organizations in the following areas: Application of the RCA methods and tools to identify and analyze compliance or reliability issues at the root level, enabling the identification of corrective actions and mitigation that is adequate to prevent reoccurrence. Providing expert training on the fundamentals of systematic event causal analysis for task level employees. Training describes the phases of investigation for undesirable conditions or problems, and it addresses the attributes and appropriate application for each of the following causal analysis methods and associated tools: Event and Causal Factor Analysis Fault Tree Analysis Change Analysis Management Oversight and Risk Tree (MORT) Barrier Analysis Human Performance Evaluation Task Analysis ERO Cause Coding Symptom (Obvious) Underlying Root Cause (Not Obvious)

6 Obtaining Risk Management Services If you are interested in obtaining more information about risk-based mock audits, root cause analyses, or Internal Risk Control Systems (IRCS), as well as how they can help your organization better manage regulatory risk while efficiently maintaining compliance, contact GridSME today. Our team will arrange an informational meeting in a format that works best for your organization. Consider the return on investment of IRCS... Reduce audit preparation resource hours Reduce/eliminate violations and penalties Reduce organizational risk Reduce human drift Reduce latent organizational deficiencies Reliability Excellence Best practices & benchmarking Engrained behaviors Compliance margin Continuous improvement Improve operating efficiency Improve grid reliability Increase compliance certainty Have smaller compliance engagements Reliability and integrity of critical information Safeguard assets Compliance Excellence Senior management engagement Preventive measures Detection, cessation, reporting Remediation Cost savings, profit, and growth 1847 Iron Point Rd #140 Folsom, CA (916) [email protected]

7 About Earl Shockley Risk Management Services Team Lead Earl Shockley is a decisive, action-oriented, senior executive with a unique blend of managerial, regulatory, and technical experience in the electric utility industry. He has focused the previous 8 years on directing business unit start-ups and operational sustainability of the North American Electric Reliability Corporation (NERC) ERO programs. Earl has over 35 years of industry experience spanning military service and east/west coast power system grid operations. He has achieved greater levels of responsibility and authority during the course of his accomplishments. His leadership was key in the development and deployment of many of the ERO s key programs, including the following: Reliability Risk Management program Event Analysis & Cause Code Assignment program Bulk Power System Crisis Management program Human Performance Fundamentals / Lessons Learned program Earl was instrumental in the shift from the zero-defect compliance and enforcement approach to one that focuses on a company s inherent risk and ability to manage reliability risk with associated internal risk control programs. Earl has also led many NERC analytical and investigative efforts, including the FERC/NERC Inquiry & Investigation of the September 8, 2011, Arizona-California Blackout, the joint FERC/NERC Compliance Investigation of the February 2008 Florida Blackout, and the FERC/NERC inquiries of the February 2011 Southwest Cold Snap event and October 2011 Northeast Snow Storm event.