06-Audit and Compliance Tips

Report
Audit & Compliance
Tips
Jagan Mandavilli
Senior Compliance Engineer
Lessons Learned
● Sabotage Reporting (CIP-001-2a)
 Contractor produces procedure
 Ensure operating personnel are aware of
procedures and maintain documentation of
awareness
• Training records
• Emails
 Entities do not need to “establish communications
contacts” with the FBI
 Entity should include a valid local FBI number in
contact list, based on NERC guidance
 Auditors verify the FBI contact number
2
NSRS
January 9, 2013
Lessons Learned
● Protection Systems (PRC-005-1.1b)
 An entity is responsible for demonstrating compliance for
any portion of a protection system it owns.
 If your entity has a Coordinated Functional Registration
(CFR) or Joint Registration Organization (JRO), let
Texas RE know.
 Automatic Voltage Regulator (AVR) equipment is
included in Generation Control, not the Generation
Protection System. Therefore, no need to self-report
under PRC-005 if the equipment was not included in
maintenance and testing of the Generation Protection
System.
3
NSRS
January 9, 2013
Lessons Learned
System
Conditions
PRC-005
Gen
Protection
Trans
Protection
PRC-019
Coordination
PRC-005
PRC-001 Coordination
System
Controls
Gen Controls
Turbine /
Boiler
Controls
4
NSRS
January 9, 2013
Lessons Learned
● Protection Systems (PRC-005-1.1b)
 Entity provides a listing of the sources for each
basis
 Provide actual source documents such as:
• Manufacturer’s maintenance procedures (O&M
Manuals)
• IEEE references (and associated calculations)
• NERC Protection System Maintenance (Technical
Reference)
• Other authoritative documentation (studies based on
history)
5
NSRS
January 9, 2013
Lessons Learned
● Generating real and reactive capability verification
(TOP-002-2a, R13)
 Net leading and lagging reactive capability testing is performed
every 2 years.
 The entity completes the ERCOT Operating Guides Section 8,
Attachment D, Seasonal Unit Net Real Power Capability
Verification Form, and submits its to the Qualified Scheduling
Entity (QSE) to be uploaded into ERCOT’s Net Dependable
Capability and Reactive Capability (NDCRC) in the Market
Information System (MIS).
 Auditors have accepted this form as evidence of performing
the test.
 Data fields for including weather, water conditions, fuel quality,
or fuel quantity are not provided on the form.
6
NSRS
January 9, 2013
Lessons Learned
● Differences in Derived Limits (IRO-005-3a,
R10)
 Operate the Bulk Electric System to the most
limiting parameter.
 Evidence could include following a directive from
ERCOT or a Local Transmission Operator
(TOP) where there was an instance of
differences in derived limits.
7
NSRS
January 9, 2013
Lessons Learned
● Registered Entity Responsibility
 is responsible for all the functions (CIP and 693)
performed by contractors or agents
 is responsible for providing all evidence including
procedures and records of work performed by
contractors or agents
QSE = Contractor or Agent
● Facility Ratings
 Generally, this should include all equipment up to
the point of interconnection
• Interconnection agreement
• Diagrams
8
NSRS
January 9, 2013
Audit Update
● 2013 Audit Schedule Posted
 COMPLIANCE>Compliance Audit>Audit Schedule
 http://www.texasre.org/compliance/audit/schedule/
Pages/Default.aspx
● Audit Scope
 Actively Monitored List
• Tier 1
• Tier 2
• Tier 3
9
NSRS
January 9, 2013
Audit Update
● Year 2013
 If previously audited or spot checked in most
cases, current in-force document is adequate
• Previous audit or spot checked is the book-end
 New Revisions to existing standards
• Only need to provide evidence for the current
enforceable standard.
• Auditors will use their judgment on whether to look at
evidence of previous versions.
10
NSRS
January 9, 2013
FTP Site
● Texas RE has established its FTP site to provide a secure
method of exchanging large amounts information between
registered entities and Texas RE.
● Primary use:
 Request for Information (RFI)
 Event Analysis
 Compliance Investigations
 Audits
 Spot checks
● The FTP site uses SSL (Secure Sockets Layer) that allows
upload and download of information through an encrypted
session.
11
NSRS
January 9, 2013
CONTACT INFORMATION
[email protected]
(512) 583-4944
You may also submit questions to [email protected]
12
NSRS
January 9, 2013

similar documents