Risks and Controls for VAR-001-4 and EOP-004-2 Richard Shiflett Ruchi Ankleshwaria
2 Introductions Richard Shiflett Compliance Risk Engineer Joined WECC in February 2014 11 years experience with Bureau of Reclamation, Grand Coulee Dam (GO, GOP, TO) as a senior electrical engineer and compliance manager Retired Navy Chief Intelligence Specialist and six years experience as a nuclear mechanical operator Ruchi Ankleshwaria Compliance Risk Engineer Joined WECC in March 2013 6 years of industry experience prior to joining WECC 4 years at a BA/TO/TOP/GO/GOP in WECC as an EMS engineer and project controls engineer 2 years as a project manager Certified Project Management Specialist (PMP)
3 Agenda Introduction Risks and Controls VAR-001-4 Risks and Controls EOP-004-2 Risks and Controls Key Takeaways
4 Risk and Controls Risk Controls Residual Risk
5 Types of Internal Controls Internal Controls Management Practices People Tools Processes Systems
6 Importance of Risk and Controls Reduces the likelihood of causing a violation Provides efficiency through a proactive approach rather than reactive Helps in identifying details that are not obvious Helps in implementing good organizational processes Help with continuity of operations and other processes
7 How Did WECC Identify Risks and Controls? Analyze VAR-001-4 and EOP-004-2 requirements highlight key takeaways Research potential causes based on violation history Research best practices implemented by entities WECC Subject Matter Experts industry experience
8 List of Standards VAR-001-3 and VAR-001-4 Version 3-1/1/2014 Version 4-10/1/2014 EOP-004-2 1/1/2014
9 VAR-001-4 Requirement Mapping VAR-001-4 R1 R2 R3 R4 and R5 R6 E.A.13 E.A.14 E.A.15 E.A.16 E.A.17 E.A.18
10 VAR-001-4 R1 Each Transmission Operator shall specify a system voltage schedule as part of its plan to operate within System Operating Limits and Interconnection Reliability Operating Limits. 1.1. Each Transmission Operator shall provide a copy of the voltage schedules to its Reliability Coordinator and adjacent Transmission Operators within 30 calendar days of a request.
11 VAR-001-4 R1 Risks and Controls RISKS - Failure to include system voltage schedule or change in voltage schedule as part of TOP s plan - Failure to retain evidence of providing a copy of voltage schedule within 30 Calendar days - Peer review the voltage control plan - Implement change management process for voltage schedule changes - Have a process to maintain logs of all the requests received and sent - Proactively send voltage schedule to appropriate entities CONTROLS
12 VAR-001-4 R2 Each Transmission Operator shall schedule sufficient reactive resources to regulate voltage levels under normal and contingency conditions.
13 VAR-001-4 R2 Risks and Controls RISKS - Failure to schedule reactive resources in contingency conditions - Failure to schedule sufficient reactive resources - Failure to retain evidence that reactive resources were scheduled as per the studies or assessments - Develop a process for scheduling reactive resources - Perform periodic review to confirm system operators knowledge of the available reactive resources - Perform after-the-fact studies to validate the model when there is voltage excursion CONTROLS
14 VAR-001-4 R3 Each Transmission Operator shall operate or direct the Real-time operation of devices to regulate transmission voltage and reactive flow as necessary.
15 VAR-001-4 R3 Risks and Controls RISKS - Failure to utilize available reactive resources to regulate voltage and reactive flows - Failure to direct reactive resource utilization - Failure to retain evidence of actions taken to maintain voltage - Maintain a list of reactive resources that are available to provide voltage support - Maintain logs of reactive resource allocations for voltage support - Maintain high visibility of the voltages at critical areas CONTROLS
16 VAR-001-4 R4 and R5 R4 & R5 are superseded by WECC Regional Variance E.A.13 E.A.18 R4 and R5 are superseded by the WECC Regional Variances E.A.13 E.A.18
17 VAR-001-4 E.A.13 and E.A.14 E.A.13 and E.A.14 Highlights Each TOP shall issue one of the types of voltage schedules to the GOP as listed in the requirement for a specific period of time. Each TOP shall provide one of the types of voltage reference point to the GOP as listed in the requirement.
VAR-001-4 E.A.13 and E.A.14 Risks and Controls 18 RISKS - The TOP fails to issue one of the three types of voltage schedule - The TOP fails to specify the applicable period for the voltage schedule -The TOP fails to provide reference points for the voltage schedule - Develop a template for issuing voltage schedule - Maintain and periodically verify the list of GOPs in the TOPs area - Specify the voltage schedules in the Generation Interconnection Agreement CONTROLS
19 VAR-001-4 E.A.15 and E.A.16 E.A.15 Each Generator Operator shall convert each voltage schedule specified in Requirement E.A.13 into the voltage set point for the generator excitation system. E.A.16 Each Generator Operator shall provide its voltage set point conversion methodology from the point in Requirement E.A.14 to the generator terminals within 30 calendar days of request by its Transmission Operator.
VAR-001-4 E.A.15 and E.A.16 Risks and Controls 20 RISKS - Converted voltage schedules are not applied to all the excitation systems - GOP fails to convert voltage schedules for certain time periods to voltage set points as provided by TOP - GOP fails to document all the converted voltage schedules specific to each excitation system type - GOP fails to submit required set point conversion methodology to the TOP within 30 days - Peer review of the voltage set point conversion methodology - Develop a process to submit the methodology to the TOP once updated - As part of commissioning activities, include a task to develop the voltage set point conversion methodology CONTROLS
21 VAR-001-4 E.A.17 Each Transmission Operator shall provide to the Generator Operator, within 30 calendar days of a request for data by the Generator Operator, its transmission equipment data and operating data that supports development of the voltage set point conversion methodology
22 VAR-001-4 E.A.17 Risks and Controls - The TOP fails to retain evidence of the GOP request for the information. - The TOP fails to provide data within 30 days - Log and track all the requests. - Develop a process for timely review and submission of required data to the GOP CONTROLS RISKS
23 VAR-001-4 E.A.18 Each Generator Operator shall meet the following control loop specifications if the Generator Operator uses control loops external to the Automatic Voltage Regulators (AVR) to manage MVar loading: E.A.18.1. Each control loop s design incorporates the AVR s automatic voltage controlled response to voltage deviations during System Disturbances. E.A.18.2. Each control loop is only used by mutual agreement between the Generator Operator and the Transmission Operator affected by the control loop.
24 VAR-001-4 E.A.18 Risks and Controls RISKS - The GOP fails to recognize its external control loop as applicable - The GOP fails to include AVR s response to voltage deviation in its control loop s design - The GOP fails to retain evidence of mutual agreement between the TOP and GOP - Develop a process to review AVR and control loop designs for new and replacement excitation systems - For new generators, add the external control loop design as part of the interconnection agreement CONTROLS
25 VAR-001-4 R6 After consultation with the Generator Owner regarding necessary step-up transformer tap changes and the implementation schedule, the Transmission Operator shall provide documentation to the Generator Owner specifying the required tap changes, a timeframe for making the changes, and technical justification for these changes.
26 VAR-001-4 R6 Risks and Controls RISKS - TOP fails to provide documentation to GO - TOPs documentation to the GOs fails to include all the details as specified in the requirement - TOP fails to maintain evidence of consultation with the GO - Develop a tap change request template that outlines all the required information - Develop a process for tap change request - Develop a process to monitor outage coordination which ensures GO tap changes occur within the implementation period CONTROLS
27 EOP-004-2 Event Reporting
28
29 EOP-004-2 R1 Each Responsible Entity shall have an event reporting Operating Plan in accordance with EOP-004-2 Attachment 1 that includes the protocol(s) for reporting to the Electric Reliability Organization and other organizations.
30 EOP-004-2 R1 Risks and Controls Risks Failure to have an event reporting operating plan Failure to include protocol for reporting Failure to include all requirements of Attachment 1 Controls Periodic review of new standards being effective. Peer Review of the operating plan. Exercise the operating plans
31 EOP-004-2 R2 Each Responsible Entity shall report events per their Operating Plan within 24 hours of recognition of meeting an event type threshold for reporting or by the end of the next business day if the event occurs on a weekend.
32 EOP-004-2 R2 Risks Failure to fully implement the Operating Plan Failure to identify an event as reportable event Failure to submit the report as per Attachment 2 of the standard or the DOE form Failure to follow the protocol as per the Operating Plan Failure to report within required timeframe Failure to retain evidence after event was reported
33 EOP-004-2 R2 Controls Train operators on the reporting timelines, reporting protocols, and Attachment 1 thresholds Create a quick reference of the reportable event types for operators Keep blank copies of Attachment 2 or the DOE form readily available Review event logs from the previous shift Ensure collected data is sufficient to identify an event based on its threshold
34 EOP-004-2 R3 Each Responsible Entity shall validate all contact information contained in the Operating Plan pursuant to Requirement R1 each calendar year.
35 EOP-004-2 R3 Risks and Controls Risks Failure to validate all the contacts within a calendar year Not all of the contacts listed in the operating plan are validated Evidence of the validated contacts is insufficient or missing Controls Identify the personnel responsible for validating contacts and documenting evidence Set up reminders for at least 2 personnel to annually validate the contacts Document validation process
36 Examples of Common Controls Roadmap for Identifying Risks and Controls Resources to Build the Processes
37 Examples of Common Controls Integrate training into documentation changes and change management activities Implement a document management system or process If possible, identify primary and backup person while assigning responsibilities. Perform periodic review of compliance activities to confirm that the processes are followed. Perform periodic risk assessment to evaluate effectiveness of the controls.
38 Road Map for Identifying Risk and Controls Utilize Reliability and Audit recommendations provided by WECC Review past violation root causes Get input from standard owners and SMEs How to identify risk and implement controls? Highlight Key indicators in the Standard
39 Resources NIST Guide for Conducting Risk Assessments CMMi - Risk Management CERT Resilience Management Model COSO Internal Control Integrated Framework Internal Controls Working Guide: NERC Internal Controls: NERC Presentation
40 Key Takeaways Use the key indicators and failure points to identify risks Establish a combination of controls to address these risks Periodically monitor risks and update internal controls as necessary WECC Subject Matter Experts are available to help
41 Contact Information Richard Shiflett Compliance Risk Engineer (801) 819-7609 rshiflett@wecc.biz Ruchi Ankleshwaria Compliance Risk Engineer (801) 883-6881 rankleshwaria@wecc.biz