MISO Annual Compliance Program Update Corporate Governance & Strategic Planning Committee April 2013 Presented by Lori A. Spence 0
Table of Contents TOPIC SLIDES General Board Obligations 2 Board Compliance Obligations 3-4 Elements of Internal Compliance Programs 5 -NERC -FERC Benefits of Internal Compliance Programs 6 MISO s Internal Compliance Program 7 MISO s Compliance Program Models 8-11 - Operational Excellence Model - Process Driven Compliance Model - Three Lines of Defense Model What s Next for Compliance at MISO 12 1
Board Obligations - Generally Primary duties are fiduciary Fiduciary duties are: 1. The duty of care Board actions and conduct are informed and considered; decisions made must be with requisite care Inform itself of all material information reasonably available to it; Carefully consider that information and all reasonable alternatives; Act with requisite care in discharging its duties. 2. The duty of loyalty Board acts in good faith, in a manner it reasonably believes is in: The best interests of the corporation; The interests of the corporation and the stakeholders; and Above any personal interest. 2
Board Obligations - Compliance Governing Authorities * shall: [B]e knowledgeable about the content and operation of the [compliance] program to prevent and detect violations of the law; Periodically receive information on the implementation and effectiveness of the program; [E]xercise reasonable oversight with respect to the implementation and effectiveness of the program; and Periodically receive training on the program and on its responsibilities. * Can be delegated to Board committees. 3
Board Obligations Compliance (cont d) Duty of oversight requires: Exercise of a good faith attempt to be well-informed of relevant facts; A good faith attempt to assure that a reasonable information and reporting system exists for detecting/preventing corporate wrongdoing; Appropriately monitoring the effectiveness of these internal reporting and compliance systems. 4
What is an Internal Compliance Program? NERC A Corrective Action Program including effective incentives to promote compliant behaviors A Culture of Compliance Existence of Internal Controls FERC Senior Management Leadership Prompt detection/cessation/self-reporting Preventative Measures In Place Effective remediation 5
Benefits of an Internal Compliance Program 1. Provides framework for MISO employees to: Incorporate compliance into their everyday job responsibilities Detect, stop, and remediate identified issues Achieve Operational Excellence 2. Facilitates reliability of the Bulk Electric System 3. A vital source of protection against monetary penalties imposed by the regulators Up to 95% reduction allowed by FERC Improvements to an Internal Compliance Program can be seen as above and beyond for credit toward penalty 6
MISO s Internal Compliance Program Five Five compliance Compliance Areas areas FERC NERC SSAE16 Financial Corporate (Records Retention, Human Resources, etc.) Seven Seven elements Elements of of compliance Compliance 1. Oversight 5. Monitoring and Auditing 2. Policies and Procedures 6. Enforcement and Discipline 3. Reporting and Communication 7. Corrective Action 4. Education and Training Other Program Requirements Identification and maintenance (lifecycle) of regulatory requirements Assigns responsibility for requirements to Owner 7
MISO s Compliance Program Models 1. Operational Excellence Model 2. Process-Driven Compliance Model 3. Three Lines of Defense Model 8
9
Process-Driven Compliance Model 10
Three Lines of Defense Model 1. Direct Management Control Business Areas 2. Supporting Controls Risk Management, Compliance Services, Performance Improvement, Business Continuity 3. Independent Assurance Internal Audit Executive Management and Committees Board/Corporate Governance & Strategic Planning and Audit & Finance Committees 1 st Line of Defense Management Process Ownership & Controls Process & Internal Control Measures 2 nd Line of Defense Risk Management Compliance Services Performance Improvement 3 rd Line of Defense Internal Audit External Audit Regulator Business Continuity 11
What s Next for Compliance at MISO Continuous evaluation of business maturity in line organizations relative to compliance (processes and controls) Ongoing improvements to lifecycle management of compliance obligations Evaluate Internal Compliance Program against Best Practices Building process-based compliant activities into every day operational management practices (first line of defense) 12