NERC Compliance: Internal Controls That Sit on the Shelf Are of Little Value

The North American Electric Reliability Corporation (NERC) recently issued a Lesson Learned, highlighting a failure of internal controls at a generation facility. The notice serves as a reminder to electric generators and others responsible for compliance with reliability standards that having and implementing internal controls is essential to reliability standard compliance. NERC has in the past reminded the industry of the importance of having well-designed controls, and the need to ensure that the personnel responsible for implementing the reliability standards understand and implement such controls. The Lesson Learned highlights a failure to implement existing internal controls during battery maintenance that ultimately resulted in progressive voltage drops over transmission lines and damage to generating units. The generator apparently had adequate written internal controls that should have mitigated or prevented this event, but responsible personnel did not have or follow those written procedures during the maintenance.

In its Enterprise Guide for Internal Controls, NERC advised that operational and compliance performance, and thereby reliability, is improved when a registered entity designs and implements effective internal controls. Moreover, the presence of effective internal controls has the potential to result in lighter-handed compliance oversight by NERC and its Regional Entities, such as subjecting only the standards that govern operations of greatest reliability risk to scrutiny in an audit or other compliance monitoring process. Effective internal controls also have the potential to mitigate penalties if reliability standards violations nevertheless occur.

But having well-designed internal controls on paper is only half the battle. Even well-designed internal controls are of little value if they are not implemented, which is what the Lesson Learned highlights. In that case, the generator had a comprehensive switching plan that contained all actions to be performed in connection with opening and closing breakers during battery maintenance, such as checking if alarms were still present during the switching activity. Although the generating station operator responsible for opening and closing breakers during battery maintenance had technical instructions regarding actions to be performed on specific equipment, the operator did not have the switching plan in hand at the time. Further investigation revealed that a number of operators only followed the technical instructions, and not the switching plan. As a result, certain necessary steps were not followed and the station was left without monitoring capabilities for over an hour, during which time the progressive voltage drops went undiagnosed.

Registered entities should consider the following best practices in connection with their internal controls:

• Raise awareness of the existence and purpose of internal controls and why it is important for employees to adhere to them.
• Ensure that employees understand that they are responsible for understanding and implementing internal controls, and that there are consequences for failing to do so.
• Consider periodic training of key personnel to help sensitize staff to the requirements and risks associated with failing to implement NERC-related requirements.
• Ensure that responsible personnel have all necessary internal controls, procedures, and technical documentation in hand when performing key operations.