Risk Management Services

Similar documents
Regulatory Compliance Management for Energy and Utilities

Fraud Risk Management

Program Guide for Risk-based Compliance Monitoring and Enforcement Program. ERA-01 Rev. 1. NPCC Manager, Entity Risk Assessment

BIG DATA KICK START. Troy Christensen December 2013

IT Governance. What is it and how to audit it. 21 April 2009

Regulatory Compliance Framework An Electric Utility Model. Abstract. Grier Consulting Group LLC

An Introduction to Organizational Maturity Assessment: Measuring Organizational Capabilities

Location of the job: CFO Revenue Assurance

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Enterprise Security Tactical Plan

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

AstraZeneca US Compliance Program

Safety Management Systems (SMS) guidance for organisations

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

SECURITY. Risk & Compliance Services

MISO Annual Compliance Program Update

Leveraging a Maturity Model to Achieve Proactive Compliance

IT Risk & Security Specialist Position Description

Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff

Project Management for Process Improvement Efforts. Jeanette M Lynch CLSSBB Missouri Quality Award Examiner Certified Facilitator

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

North American Electric Reliability Corporation. Compliance Monitoring and Enforcement Program. December 19, 2008

fs viewpoint

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

Policy : Enterprise Risk Management Policy

Effective Root Cause Analysis For Corrective and Preventive Action

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

Domain 1 The Process of Auditing Information Systems

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

The Value of Vulnerability Management*

Army Regulation Product Assurance. Army Quality Program. Headquarters Department of the Army Washington, DC 25 February 2014 UNCLASSIFIED

July New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Problem Management: A CA Service Management Process Map

How quality assurance reviews can strengthen the strategic value of internal auditing*

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

P3M3 Portfolio Management Self-Assessment

Risk Management Policy

DATA QUALITY MATURITY

In the launch of this series, Information Security Management

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

HITRUST CSF Assurance Program

AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC

Financial services regulatory compliance. Changing demands require the right perspective

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

Supplier Training 8D Problem Solving Approach Brooks Automation, Inc.

Enterprise Risk Management & Information Technology

ROADMAP TO SAP SECURITY

Certified Information Security Manager (CISM)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

HSMS. Group Health AND Safety Management System

Transmission Function Employees Job Titles and Descriptions 18 C.F.R 358.7(f)(1)

Transforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance

Enterprise Risk Management: Concepts & Issues

Audit of the Policy on Internal Control Implementation

Root Cause Analysis Concepts and Best Practices for IT Problem Managers

TransAlta Corporation Energy Trading Compliance Program Assessment

2013 SMS Audit Results

1. This bulletin, which contains the Charter of the Office of Internal Oversight Services (IOS) of

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Site monitoring Transformed forever?

Using Leading Indicators to Drive Sustainability Performance. Responding to changing circumstances and improving future performance

How To Manage Asset Management

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

DOE O 226.1A, IMPLEMENTATION OF DEPARTMENT OF ENERGY OVERSIGHT POLICY CONTRACTOR ASSURANCE SYSTEMS CRITERIA ATTACHMENT 1, APPENDIX A

LeadingAge Maryland. QAPI: Quality Assurance Performance Improvement

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

Lean Six Sigma Training The DMAIC Story. Unit 6: Glossary Page 6-1

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Organization transformation in times of change

Leveraging CMMI framework for Engineering Services

Compliance Management Systems (CMS) Division of Depositor and Consumer Protection

Design Maturity Matrix

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business Continuity Position Description

Cisco IT Technology Tutorial Overview of ITIL at Cisco

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

PMO Starter Kit. White Paper

The Leader for Exceptional Client Service. Shared Services Consulting

Internal Audit Checklist

Building a Data Quality Scorecard for Operational Data Governance

Session 4. System Engineering Management. Session Speaker : Dr. Govind R. Kadambi. M S Ramaiah School of Advanced Studies 1

The PNC Financial Services Group, Inc. Business Continuity Program

Internal Financial Controls

Audit of the Management of Projects within Employment and Social Development Canada

Procuring Penetration Testing Services

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

TRAINING TITLE: CAPA System Expert Certification (CERT-003)

Solution Overview Better manage environmental, occupational safety, and community health hazards by turning risk into opportunity

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

Transcription:

Risk Management Services GridSME is proud to offer organizations a variety of risk management services, including the following: RISK ASSESSMENTS Strategic identification of enterprise risks & latent organizational weaknesses INTERNAL CONTROL ASSESSMENTS Health assessment and internal risk control system development RISK-BASED MOCK AUDITS INPUTS Reliability Standards 1. Control Environment 2. Risk Assessments 3. Information & Comm. 4. Monitoring 5. Control Activities Control Activities Policies Procedures Processes Practices OUTPUTS Desired Operational/Compliance Performance Strengthening of internal compliance programs to reduce regulatory intrusion ROOT CAUSE ANALYSES Systematic event causal analysis for identifying and resolving root causes 1847 Iron Point Rd #140 Folsom, CA 95630 (916) 800-4545 customerservice@gridsme.com www.gridsme.com

Strategic Optimization Control System Component Rev. 4/11/16 Risk Assessments With a focus on risk matrix methodology, GridSME has developed compliance specific risk assessment methods and tools to help organizations define and articulate their most immediate inherent, control, and detection regulatory risks. The goal of this practice is to strategically identify and manage regulatory risks and latent organizational weaknesses invisible to the corporate risk profile. GridSME utilizes specific risk assessment methods to identify regulatory compliance risks, determine risk priorities, and develop plans to manage or eliminate known issues and unacceptable plausible impacts. Comm. & Information Risk Assessment Control Environment Monitoring Control Act 31% 38% 45% 73% Percentage of Maturity Component Sample diagram of control system component maturity shown above. 77% Using our Maturity Assessment Tool, we interview your subject matter experts (SMEs) to identify your organization s strengths and weaknesses for each of the five components of internal control. We perform an Inherent Risk Assessment (IRA) using our IRA Tool, designed around NERC s criteria for evaluating an entity s risk to the Bulk Electric System (BES). Finally, we provide a roadmap to a future state that includes a higher level of strategic organizational maturity. Business Value Gap LEVEL 5 LEVEL 1 Reactive Ad Hoc Informal Inconsistent Chaotic LEVEL 2 Managed Repeatable Localized Emerging Isolated LEVEL 3 Structured Standardized Defined Measured Competent LEVEL 4 Adoptive Strategic Disciplined Predictable Aligned Optimized Proactive Transforming Agile Adaptive Synthesized Internal Controls Maturity Level

Internal Control Assessment & Development GridSME focuses on effectively designed and implemented complianceoriented internal risk controls. Our team has developed compliance specific methods and tools to assist Registered Entities in the development and cataloging of internal risk control frameworks. This process ensures that your organization can better articulate to regulators the health and effectiveness of the organization s compliance-related control systems. GridSME assists organizations in the following areas: Utilization of specific compliance-related control assessment tools to assist clients in assessing, testing, and cataloging existing internal risk control activities. Evaluation and testing of internal risk controls for design and operational effectiveness given inherent risk factors. Utilization of the GridSME Internal Risk Control System (IRCS) scorecard to define the residual risk and control elements that are under or over controlled. Development of internal controls hierarchy, control activities cataloging tools, and corresponding workflow diagrams that articulate the health and effectiveness of the organizational compliance related control system.

Risk-based Mock Audits To complement the traditional mock audit approach that ensures your organization is prepared for an actual Electric Reliability Organization (ERO) audit engagement, GridSME utilizes a mock audit methodology that is tailored to the ERO s new Risk-Based Compliance Monitoring approach. The goal is to help organizations articulate their strong internal compliance systems to regulators in order to reduce regulatory intrusion. GridSME assists organizations in the following areas: Testing and assessment of the organization s development of documentation to support ERO Inherent Risk Assessments (IRA) and Internal Controls Evaluations (ICE). Conducting mock internal control evaluations that include selected testing of control design, implementation, and effectiveness. Utilization of the ICE process framework currently deployed by the ERO in order to reduce the organization s ERO audit scope and regulatory risk. Risk-based Compliance Oversight Framework

Root Cause Analysis The focus of the practice includes using industry standard Root Cause Analysis (RCA) methodology and the associated tools to address and eliminate recurring regulatory risk, violations, and audit findings. Additionally, RCA is utilized to increase mitigation plan quality. GridSME assists organizations in the following areas: Application of the RCA methods and tools to identify and analyze compliance or reliability issues at the root level, enabling the identification of corrective actions and mitigation that is adequate to prevent reoccurrence. Providing expert training on the fundamentals of systematic event causal analysis for task level employees. Training describes the phases of investigation for undesirable conditions or problems, and it addresses the attributes and appropriate application for each of the following causal analysis methods and associated tools: Event and Causal Factor Analysis Fault Tree Analysis Change Analysis Management Oversight and Risk Tree (MORT) Barrier Analysis Human Performance Evaluation Task Analysis ERO Cause Coding Symptom (Obvious) Underlying Root Cause (Not Obvious)

Obtaining Risk Management Services If you are interested in obtaining more information about risk-based mock audits, root cause analyses, or Internal Risk Control Systems (IRCS), as well as how they can help your organization better manage regulatory risk while efficiently maintaining compliance, contact GridSME today. Our team will arrange an informational meeting in a format that works best for your organization. Consider the return on investment of IRCS... Reduce audit preparation resource hours Reduce/eliminate violations and penalties Reduce organizational risk Reduce human drift Reduce latent organizational deficiencies Reliability Excellence Best practices & benchmarking Engrained behaviors Compliance margin Continuous improvement Improve operating efficiency Improve grid reliability Increase compliance certainty Have smaller compliance engagements Reliability and integrity of critical information Safeguard assets Compliance Excellence Senior management engagement Preventive measures Detection, cessation, reporting Remediation Cost savings, profit, and growth 1847 Iron Point Rd #140 Folsom, CA 95630 (916) 800-4545 customerservice@gridsme.com www.gridsme.com

About Earl Shockley Risk Management Services Team Lead Earl Shockley is a decisive, action-oriented, senior executive with a unique blend of managerial, regulatory, and technical experience in the electric utility industry. He has focused the previous 8 years on directing business unit start-ups and operational sustainability of the North American Electric Reliability Corporation (NERC) ERO programs. Earl has over 35 years of industry experience spanning military service and east/west coast power system grid operations. He has achieved greater levels of responsibility and authority during the course of his accomplishments. His leadership was key in the development and deployment of many of the ERO s key programs, including the following: Reliability Risk Management program Event Analysis & Cause Code Assignment program Bulk Power System Crisis Management program Human Performance Fundamentals / Lessons Learned program Earl was instrumental in the shift from the zero-defect compliance and enforcement approach to one that focuses on a company s inherent risk and ability to manage reliability risk with associated internal risk control programs. Earl has also led many NERC analytical and investigative efforts, including the FERC/NERC Inquiry & Investigation of the September 8, 2011, Arizona-California Blackout, the joint FERC/NERC Compliance Investigation of the February 2008 Florida Blackout, and the FERC/NERC inquiries of the February 2011 Southwest Cold Snap event and October 2011 Northeast Snow Storm event.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information