Agenda Compliance and Certification Committee June 4, 2014 | 1:00 p.m. - 5:00 p.m. ET June 5, 2014 | 8:00 a.m. - Noon ET Hilton Palm Beach Gardens Palm Beach Gardens, FL Introductions and Chair’s Remarks NERC Antitrust Compliance Guidelines and Public Announcement Agenda Items

1. Administrative – Secretary and Terry Bilke

a. Compliance and Certification Committee (CCC) Roster Update* and Hearing Procedures Training

b. Anti-trust Compliance Guidelines

c. Secure document CCC site

i. Registration [LINK]

ii. Secure site (once approved) [LINK]

d. 2015 meeting dates

i. March 3-4, 2015 at NERC Corporate Headquarters in Atlanta, GA

ii. June 10-11, 2015 at NRECA Conference Center in Arlington, VA

2. Committee Business

a. Consent Agenda

i. Meeting Agenda (Approve)

ii. CCC March 2014 Meeting Minutes* – (Approve) Terry Bilke [LINK]

iii. Interim membership – (Approve) Martin Huang

b. Welcome and Introductory comments – Terry Bilke , Roy Thilly

c. NERC Board and MRC Update from May meetings *- Patti Metro

i. Update on Enterprise Wide Risk Committee (EWRC) Activities

d. Reliability Issues Steering Committee (RISC) Update – Terry Bilke

e. Review of CCC action items – Patti Metro

f. CCC 2014 Work Plan – Patti Metro

3. Subcommittee Updates

a. Nominating Subcommittee * – Martin Huang

i. CCC Sector openings

ii. CCC Member Upcoming Term Expirations

b. ERO Monitoring Subcommittee (EROMS) – Ted Hobson

i. Independent Audits* – Mechelle Thomas

• Standards Process Manual (SPM) and Standards Applicable to NERC (SAN)

• Closeout on status of non-conformance findings from audit of NERC Compliance Monitoring Enforcement Program (CMEP) and Organization Registration and Certification Program (ORCP)

ii. NERC Self-certification for CMEP and ORCS

iii. 2014 Stakeholders Perception Survey

iv. New procedures to support EWRC

v. Report for Procedure Reviews/Revisions

c. Compliance Processes and Procedures Subcommittee (CPPS) – Matt Goldberg

i. Status of existing RSAW suggested changes for PRC-004

ii. Quality reviews of compliance elements (outreach to NERC Standards Staff)

iii. CCCPP-010 Revisions

d. Organization and Certification Subcommittee (ORCS) – Jennifer Flandermeyer

i. Risk-Based Registration Advisory Group Update

ii. Status of letter for closure of RISC request on Planning Authority /Planning Coordinator issue

iii. Resolution of MRRE action item

4. CCC Ongoing Projects

a. Team 2 - Voluntary vs. Involuntary Internal Controls Whitepaper * (Approve) – Bob Hoopes

b. Team 4- Data Retention (Identify Reasonable Record Retention and Sampling) – Terry Bilke

5. NERC Staff Reports Including Status of CCC Work Plan Deliverables

a. Reliability Assurance Initiative (RAI) Update

i. Regional Pilots (objectives and observations) - Jerry Hedrick

Compliance and Certification Committee Agenda | June 4-5, 2014 2

ii. Enforcement Pilots -Ed Kichline

iii. Communication Plan for Registered Entities with 2015 audits – Jerry Hedrick

iv. RSAW Update on CCC Input – Jerry Hedrick

v. MRRE Status Update and Future CCC Input – Jerry Hedrick/Adina Mineo

b. Enforcement Q&A on violation processing – Ed Kichline

6. Member Round Table – Terry Bilke

7. Review of Action Items and CCC Work Plan Deliverables

8. Future Meeting Dates

a. September 17-18, 2014: Vancouver, BC (Joint Standing Committees location)

b. December 3-4, 2014: Phoenix, AZ (APS host location)

c. March 3 – 4, 2015: Atlanta, GA (NERC)

d. June 10 -11, 2015: Arlington, VA (NRECA host location)

9. Adjourn

*Background materials provided

Compliance and Certification Committee Agenda | June 4-5, 2014 3

Resolution The Compliance and Certification Committee thanks Terry Bilke for his dedication, leadership, and expertise which has helped this committee fulfill its responsibilities. In his role as Chair of the CCC his ideas and enthusiasm have driven improvements to its structure while providing value to stakeholders and the Electric Reliability Organization. Whereas Terry will now transition to a new role representing the CCC on the Reliability Issues Steering Committee it is apparent he will be instrumental in the continued reliability of the North American electric grid.

6/02/2014 8

Compliance and Certification Committee

Chair Terry Bilke

Consulting Advisor

MISO

720 City Center Drive

Carmel, Indiana 46082-4202

(317) 249-5463

(317) 249-5358 Fx

tbilke@

midwestiso.org

Vice Chair Patricia E Metro

Manager, Transmission and

Reliability Standards

National Rural Electric Cooperative

Association

4301 Wilson Blvd.

Mail Code EP11-253

Arlington, Virginia 22203

(703) 907-5817

(703) 907-5518 Fx

patti.metro@

nreca.coop

RE-FRCC Ted Hobson

Chief Compliance & Risk Officer

JEA

21 W. Church St,

Jacksonville, Florida 32202-3139

904-665-7126

904-665-4238 Fx

hobste@jea.com

RE-RFC Robert Hoopes

Senior Director-FERC/NERC

Compliance

PPL Corp.

2 North 9th Street

Allentown, Pennsylvania 18101

610-774-6913

rehoopes@

pplweb.com

RE-SERC Gregory D Pierce

Director, Transmission

Compliance

Entergy Corporation

639 Loyola Ave

L-ENT-24A

New Orleans, Louisiana 70113-3125

(504) 576-4993

gpierc2@

entergy.com

RE-SPP Jennifer Flandermeyer

Senior Manager Compliance

Programs

Kansas City Power & Light Co.

P.O. Box 418679

Kansas City, Missouri 64141-9679

816-701-7851

816-654-1189 Fx

Jennifer.Flandermeye

r@

kcpl.com

RE-WECC Jana Van Ness

Director, Regulatory Compliance

Arizona Public Service Co.

400 North 5 Street

Phoenix, Arizona 85004

602-250-2783

602-250-2783 Fx

jana.vanness@

aps.com

Cooperative Thomas A. Smith

Senior Manager of System

Operations

Tri-State Generation & Transmission

Association, Inc.

P.O. Box 33695

Denver, Colorado 80233

(303) 254-3547

(303) 254-6030 Fx

tsmith@

tristategt.org

Electricity Marketer Richard Comeaux

Director - Regulatory Compliance

NRG Energy, Inc.

112 Telly Street

New Roads, Louisiana 70760

(225) 663-0043

(225) 618-3334 Fx

keith.comeaux@

nrgenergy.com

Federal/Provincial

Utility/Power

Authority

Ajay Garg

Manager, Policy and Approvals

Hydro One Networks, Inc.

483 Bay Street, TCT ST-04

Toronto, Ontario M5G 2P5

(416) 345-5420

ajay.garg@

HydroOne.com

Federal/Provincial

Utility/Power

Authority

(CCC Nominating

Committee)

Martin Huang

Vice President, Grid Operations

British Columbia Hydro and Power Authority

333 Dunsmuir Street 11th Floor

Vancouver, British Columbia V6B5R3

(604) 455-1800

martin.huang@

bchydro.com

(514) 879-4100 dupuis.caroline@ hydro.qc.ca

Caroline DupiusManager, System Control Policies & Planning

Hydro-Quebec TransEnergie

6/02/2014 9

Investor Owned

Utility

Barbara Kedrowski

Project Manager Federal

Regulatory and Policy

We Energies 414-221-3572

barbara.kedrowski@

we-energies.com

ISO/RTO Gregory Campoli

Supervisor, Reliability

Compliance and Assessment

New York Independent System Operator

3890 Carman Road

Schenectady, New York 12303

(518) 356-6159

(518) 356-6119 Fx

gcampoli@

nyiso.com

ISO/RTO Matthew F Goldberg

Director, Reliability & Operations

Compliance

ISO New England, Inc.

One Sullivan Rod

Holyoke, Massachusetts 01040-2841

413-535-4029

mgoldberg@

iso-ne.com

Large End-Use

Customer

Small End-Use

Electricity Customer

To Be Named

Small End-Use

Electricity Generator

James Stanton

Principal Advisor

Quanta Technology

1707 Brill Dr.

Friendswood, Texas 77546

(713) 444-9998

(610) 757-1685 Fx

jstanton@

quanta-

technology.com

U.S. State James E. Spearman

Executive Assistant & Senior

Technical Advisor

Public Service Commission of South Carolina

101 Executive Center Drive

Columbia, South Carolina 29210

(803) 896-5142

(803) 896-5231 Fx

james.spearman@

psc.sc.gov

Canada Federal To Be Named

Canada Provincial To Be Named

State/Municipal Shawn T Abrams

Vice President of Planning and

Power Supply

South Carolina Public Service Authority

Santee Cooper

PO Box 2946101

Moncks Corner, South Carolina 29461

843-761-8000

843-761-7038 Fx

tom.abrams@

santeecooper.com

Small End-Use

Electricity Customer

Kevin Conway

VP Operations

INTELLIBIND

1312 North Monroe Street

Spokane, Washington 99201

Kevinc@

intellibind.com

Federal/Provincinal John Louis Hairston

Chief Compliance Officer

Bonneville Power Administration

905 NE 11th Ave.

DG-7

Portland, Oregon 97232

503-230-5262

503-230-3270 Fx

jlhairston@

bpa.gov

Transmission

Dependent Utility

Daniel Herring

Manager, NERC Training

DTE Electric

2000 2nd Ave

Detroit, Michigan 48226-1279

(313) 235-5365

herringd@

dteenergy.com

Jerry M Maio 801-530-6724

jmaio@utah.gov

Rick TerrillDirector, Regulatory & MarketSupport

Luminant Mining Company1601 Bryan Street, Suite 24-045DDallas, TX 75201

(214) 875-8750(214) 875-8747 Fx

rick.terrill@luminant.com

6/02/2014 10

RE-TRE Charles B Manning

Vice President Human Resources,

Chief Compliance Officer

Electric Reliability Council of Texas, Inc.

2705 West Lake Drive

Taylor, Texas 76574

5122483036

(512) 248-3992 Fx

cmanning@

ercot.com

Electricity Marketer Jason L Marshall, P.E.

Director, Reliability Compliance

ACES

4140 West 99th Street

Carmel, Indiana 46032

(317) 344-7204

jmarshall@

acespower.com

Merchant Electricity

Generator

Silvia Mitchell

Director, NERC Reliability

Standards & Compliance

NextEra Energy

700 Universe Boulevard

Juno Beach, Florida 33408

(561) 694-4414

silvia.parada.mitchell @fpl.com

IOU

(Nominating)

Helen Nalley

Compliance Director

Southern Company (205) 257-2055

HRNALLEY@

southernco.com

U.S. Federal Darrell G. Piatt

OER/DRS Electrical Engineer

Federal Energy Regulatory Commission

76 Ridgeview Lane

Birmingham, Alabama 35242

(205) 914-1845

darrell.piatt@

ferc.gov

David Roth

General Counsel

Northern Star Generation Services Company (713) 580-6399

(713) 589-8408 Fx

david.roth@

northernstargen.com

Cooperative Sector Shane Sanders

Director of System Operations

Southwest Transmission Cooperative, Inc. 520-586-5239

ssanders@

swtransco.coop

Cooperative W. Clay Smith

Executive Vice President - Chief

Legal and Compliance Officer

Georgia Systems Operations Corporation

2100 East Exchange Place

P.O. Box 2087

Tucker, Georgia 30085/2087

(770) 270-7660

(770) 270-7938 Fx

clay.smith@

gasoc.com

William Temple

Program Manager, Reliability

Compliance

Northeast Utilities (860)-665-3908

templwj@nu.com

State/Municipal Martyn Turner

Transmission Compliance

Manager

Lower Colorado River Authority (512)-730-6281

(512) 356-6045 Fx

mturner@lcra.org

U.S. Federal To Be Named

Thomas DeVita

Associate Counsel

North American Electric Reliability

Corporation

1325 G Street NW

Suite 600

Washington, D.C. 20005

(202) 400-3000

(202) 644-8099 Fx

thomas.devita@

nerc.net

NERC Staff

RE-NPCC

6/02/2014 11

Jerry Hedrick

Director of Regional Entity

Assurance and Oversight

North American Electric Reliability

Corporation

3353 Peachtree Road, N.E.

Suite 600, North Tower

Atlanta, Georgia 30326

(404) 446-2560

(404) 446-2595 Fx

jerry.hedrick@

nerc.net

Nina Johnston

Attorney

North American Electric Reliability

Corporation

1325 G Street, N.W.

Suite 600

Washington, D.C. 20005-3801

(202) 400-3000

(202) 644-8099 Fx

nina.johnston@

nerc.net

Edwin Kichline

Senior Counsel and Associate

Director of Enforcement

Processing

North American Electric Reliability

Corporation

1325 G Street, N.W.

Suite 600

Washington, D.C. 20005-3801

(202) 400-3000

(202) 644-8099 Fx

ed.kichline@

nerc.net

Sonia C. Mendonca

Associate General Counsel &

Director of Enforcement

North American Electric Reliability

Corporation

1325 G Street, N.W.

Suite 600

Washington, D.C. 20005-3801

(202) 400-3000

(202) 644-8099 Fx

sonia.mendonca@

nerc.net

Rebecca Michael

Associate General Counsel

North American Electric Reliability

Corporation

1325 G Street, N.W.

Suite 600

Washington, D.C. 20005-3801

(202) 400-3000

(202) 644-8099 Fx

rebecca.michael@

nerc.net

Adina Mineo

Senior Compliance Operations

Auditor

North American Electric Reliability

Corporation

3353 Peachtree Road, N.E.

Suite 600, North Tower

Atlanta, Georgia 30326

(404) 446-2560

(404) 561-0484 Fx

adina.mineo@

nerc.net

Earl W Shockley

Senior Director of Compliance

Analysis & Certification

North American Electric Reliability

Corporation

3353 Peachtree Road, N.E.

Suite 600, North Tower

Atlanta, Georgia 30326

(404) 446-2560

(404) 446-2595 Fx

earl.shockley@

nerc.net

116-390 Village Blvd. Princeton, NJ 08540

609.452.8060 | www.nerc.com

1

Antitrust Compliance Guidelines

I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately.

II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):

• Discussions involving pricing information, especially margin (profit) and internal cost information and participants’ expectations as to their future prices or internal costs.

• Discussions of a participant’s marketing strategies.

• Discussions regarding how customers and geographical areas are to be divided among competitors.

Antitrust Compliance Guidelines 2

• Discussions concerning the exclusion of competitors from markets.

• Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.

• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.

III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:

• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.

• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.

• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.

• Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.

DRAFT Minutes of Meeting Compliance and Certification Committee March 11, 2014 | 1:00 p.m. - 5:00 p.m. EDT March 12, 2014 | 8:00 a.m. - Noon EDT

NERC Atlanta Office 3353 Peachtree Road, NE Suite 600, North Tower Atlanta, GA 30326 (See [LINK] to complete March 2014 Agenda package on the NERC website for all related documents and presentations). Introductions and Chair’s Remarks

NERC Antitrust Compliance Guidelines and Public Announcement

Mr. Terry Bilke explained the Antitrust Guidelines and Public meeting announcement. The Committee approved the agenda.

Agenda Items

1. Administrative – Secretary and Terry Bilke

a. Compliance and Certification Committee (CCC) Roster Update (Primary and Plus)

Mr. Bilke circulated the current roster and requested that member make updates to the roster. Also, subcommittee chairs are responsible for updating subcommittee rosters.

b. Comments by Mr. Jerry Hedrick Mr. Hedrick made welcoming remarks and provided an overview of the NERC Compliance Operations group. Mr. Hedrick is now the Director, Regional Entity Assurance and Oversight. Ms. Adina Mineo will now serve as the NERC contact for the CCC.

2. Committee Business

a. Approve Nominating Subcommittee*

The Committee approved the CCC Nominating Subcommittee (NSC) appointments. The NSC appointments included: Kevin Conway, Ted Hobson, Martin Huang, Jason Marshall, and Helen Nalley. Mr. Bilke also appointed Mr. Huang as the Chair of the NSC.

b. CCC December 2013 Meeting Minutes* –Terry Bilke [LINK]

The Committee approved the CCC December 2013 Meeting Minutes.

Compliance and Certification Committee Agenda | March 11- 12, 2014 2

c. Status of 2014 CCC Work Plan and Goals - Terry Bilke

Mr. Bilke discussed the meeting with NERC Senior Executives regarding the CCC’s 2014 work plan and goals. The CCC will provide the Board of Trustees (BOT) its final work plan that outlines the CCC’s activities at the May 2014 BOT meeting. Ms. Patti Metro will coordinate with NERC staff to develop an executive summary to provide to the BOT that will highlight how the CCC’s work plan and activities align with ERO’s Strategic Plan and how to move forward with the work plan

d. Report of February 2014 Member Representatives Committee (MRC) and Board of Trustees

(Board) Meetings * – Patti Metro

Ms. Metro provided information relating to the MRC, Board, Standards Oversight and Technology Committee (SOTC), Corporate Governance and Human Resources Committee (CGHRC) meetings. Refer to Agenda Item background document for detailed notes.

e. Reliability Issues Steering Committee (RISC) Update* – Clay Smith

Mr. Clay Smith provided update on the RISC roster, included in the agenda package. Additionally, Mr. Smith provide the 2014 RISC meeting schedule, overview of the Reliability Risk Management Process, ERO Priorities-RISC Updates and Recommendations, and the RISC Member Handbook and Charter. The RISC Charter pending approval in May 2014. The Committee should review and make comments.

Refer to agenda package for all RISC-related documents.

3. FERC Enforcement Activities Update* – Roger Morie

Mr. Roger Morie gave an overview of FERC’s role in reliability Enforcement and provided discussion on the 2013 Report on Enforcement. Refer to presentation in the agenda package for further details.

4. Subcommittee Updates

a. Nominating Subcommittee – Martin Huang

The Committee approved Interim CCC membership of Mrs. Caroline Dupuis of Hydro-Québec TransÉnergie as a CCC Representative for the Federal/Provincial Utility Sector.

Silvia Mitchell membership was approved by BOT in February 2014.

b. Openings were shared as well as solicitation for officers for 2 year term beginning on July 1ERO

Monitoring Subcommittee (EROMS) – Ted Hobson

i. Report on recent survey results and future survey timeline

ii. Perception survey wrap-up* Completed ERO Effectiveness and Stakeholder Perceptions Survey Report, dated November 2013. There are three main themes between the 2013 and 2012 report recommendations. The Committee recommends that NERC continue to move forward with the 2012 recommendations which are tied to the three themes that have prevailed over the past three years the survey has

Compliance and Certification Committee Agenda | March 11- 12, 2014 3

been conducted – (1) Return on Investment (ROI) of compliance program; (2) inconsistencies within and across regions; and (3) transparency of the enforcement and penalty processes. In this context, ROI means reliability benefits versus resources expended on compliance. Refer to the full report within the Agenda package for further details on recommendations. The Committee approved the 2013 ERO Effectiveness and Stakeholder Perceptions Survey Report and approved the submittal of the final report to the BOT. The Committee approved EROMS presenting 2013 Comments-Conduct Concern Analysis to NERC staff and to work with NERC on any follow up questions. The Committee approved a third party, independent audit firm for the 2014 audits (Final vote had one abstention by Mr. Kevin Conway, no opposition).

iii. New procedures

Depending on the results of the independent audit CCCPP-002: Compliance Monitoring Program for Reliability Standards Applicable to NERC will either need to be revised or retired if it is determined that there are no standards applicable to NERC.

iv. Report for Procedure Reviews/Revisions

Item not covered due to other discussions

c. Procedures Subcommittee (PROCS)/Standards Interface Subcommittee (SIS) –Matthew

Goldberg

i. Updated Scope Document for Compliance Processes and Procedures Subcommittee (CPPS)*

The Committee re-endorsed the final scope document, as amended, for the CPPS. After discussion, the Committee determined that the final scope document should not reference the Reliability Assurance Initiative, but rather the CPPS will support the development and implementation of enhancements to the CMEP… (See section 2ii of the CPPS scope document).

The Committee will request the Board approve the CPPS scope document, the establishment of the CPPS, and retire the previous two subcommittees ( PROCS and SIS) at May 2014 BOT meeting

ii. CCC Policies and Procedures Review

No report.

iii. Standards Committee Request on Interpretations

The Standards Committee reached out to CCC to determine what happens when FERC rejects or interprets a Reliability Standard or Requirement where a current RSAW exists and what enforcement guidance should be given to Regions and NERC regarding the RSAW. NERC is

Compliance and Certification Committee Agenda | March 11- 12, 2014 4

working to develop a process for further guidance when an existing RSAW needs revised. The CPPS will report more in the future.

Mr. Goldberg provided information on discussion surrounding possible elimination of Violation Severity Levels (VSLs) in the standards. This is awareness that if VSLs would be removed, a Rules of Procedure change would be needed and the CCC would need to be involved.

iv. Support for EROMS on Independent Audit (ROP sections related to Standards Process)

CCC members will volunteer support.

v. RAI Update

The CPPS continues to discuss and support RAI activities. The CPPS will continue considerations of RAI a and work with NERC to identify indicators of success and effectiveness.

vi. Recommendations on RSAWs (Status on prior candidates for correction and any new issues)

Terry Bilke provided an overview of some of the technical issues spotted by the NERC Resources Subcommittee in the BAL RSAWs. The Resources Subcommittee is also willing to offer suggestions on good practices and controls if there is a home for such information.

vii. Quality reviews of compliance elements (outreach to standards staff)

No report.

viii. Feedback from staff on RAI team on RSAW Recommendations

No report.

d. Organization and Certification Subcommittee (ORCS) – Keith Comeaux

i. Risk-Based Registration

Rebecca Michael provided an update on the current status of the risk-based registration and reported a white paper will be released in March. ORCS will continue involvement in the risk-based registration project and will continue to work with NERC staff.

ii. Update and closure of RISC request on Planning Authority /Planning Coordinator issue

Jennifer Flandermeyer will be finishing a draft response to the NERC RISC on this issue in the near future. Mr. Comeaux reported that ORCS review indicated that this issue was primarily limited to WECC.

iii. Status of MRRE

No report.

iv. CCC Policies and Procedures review – ORCS responsibility

No report.

Compliance and Certification Committee Agenda | March 11- 12, 2014 5

5. CCC Ongoing Projects

a. Team 1 – RAI Benefits and Impacts Matrix– Bob Hoopes

NERC posted the team’s RAI Benefits and Impacts Matrix on January 27, 2013, prior to the February 2014 Board meeting [LINK].

b. Team 2 - RAI Question and Answer Document - Bob Hoopes [LINK]

The team provided NERC updates to the RAI Question and Answer document. The team will continue to work with Mr. Hedrick and NERC staff to determine needs regarding updates to this document, as well as other formalized guidance on RAI.

c. Team 3 - RSAW Input Team– Jim Stanton

Mr. Jim Stanton was not present. Mr. Bilke provide a brief overview of team activities. The team completed RSAW recommendations awhile back and will need to determine how the team can support further RSAW activities. And what do they need to do

d. Team 4- Data Retention (Identify Reasonable Record Retention) – Terry Bilke

Mr. Bilke provided an update on possible improvements and recommendations for data retention and sampling. The Committee should review and provide comments to the whitepaper that consolidates recommendations based on the surveys and team research. Comments on white paper are due by March 21. Refer to presentation in the agenda package for further details.

e. Team 5 - Internal Control Guidance (coordination w/RBRCWG) – Martyn Turner

The team needs guidance on whether to continue to request samples of internal controls to provide as RAI guidance. There was discussion on the Committee’s need to determine short and long-term goals for RAI-related guidance documents.

6. NERC Staff Update

a. Reliability Assurance Initiative (RAI) Update

i. Regional Pilots (objectives and observations) - Jerry Hedrick

M. Hedrick provided update on status of the pilots and continued work toward the convergence of audits processes into a single, consolidated process.

ii. Enforcement Pilots -Ed Kichline

Mr. Kichline provided information on the enforcement pilots. Specifically, Mr. Kichline highlighted completed activities, as well as long-term solutions to address the addressed issues concerning processing time, communication during the enforcement process, and processes for multi-region registered entities (Refer to agenda package).

iii. Communication Plan for Registered Entities with 2015 audits – Jerry Hedrick

Compliance and Certification Committee Agenda | March 11- 12, 2014 6

iv. CCC Support of the RAI Activities indefinite

v. CCC Member Initiated RAI Questions

Introduction of the Department of Energy’s Electricity Subsector Cyber Security Capabilities Maturity Model (ES-C2M2) as a framework that is consistent with the RAI to support the removal of the IAC language from CIP Version 5. (Bill Temple) The ERO enterprise is working along with registered entities to manage the transition to compliance with Version 5 of the CIP Standards. RAI efforts, including consideration of a registered entity’s management practices and self-monitoring, offer a broader alternative to including the Identify, Assess, and Correct language in the Standards. ES-C2M2 is one of many frameworks under examination for their effectiveness in demonstrating mature management practices that could afford registered entities the benefits of aggregation of noncompliance and a presumption of enforcement discretion for minimal risk issues.

Updates on the use of the Proforma Internal Controls Document as several regions are beginning to have discussions and ask for internal controls as part of their audits. (Silvia Parada-Mitchell)

Mr. Hedrick stated he will work with the Regional Entities to determine appropriate approach to requesting internal controls and work with Mr. Bob Hoopes (lead on one of the RAI work teams) to draft guidance regarding the voluntary nature of an internal controls review.

b. Enforcement Statistics – Ed Kichline, Sonia Mendonca

Refer to agenda package for statics information.

7. Member Round Table – Terry Bilke Mr. Rick Terill- Expressed concern on how RAI will remove IAC language for CIP v 5 standards and how RAI will address the removal. Mr. Thomas Stickland- Stated that he would like to understand what NERC and the Regions are doing towards making investments into better technology related to operations that auditors may not be familiar with. Ex IPP6 vs IPP4. The Committee approved a motion to thank Mr. Jack Wiseman for his contributions to the CCC. The CCC and ORCS would like to formally thank Jack Wiseman for his support over since 2009. We wish him well in his retirement.

8. FRCC Stakeholder Issue (CIP CAR or other Guidance) – Ted Hobson Refer to the agenda background documents. Mr. Hobson stated this was an older issue and is no longer relevant. The Committee agreed and will remove it from the agenda.

Compliance and Certification Committee Agenda | March 11- 12, 2014 7

9. Review of Action Items

1. Compliance and Certification Committee (CCC) Roster Update (Primary and Plus) - tasked participants to review for accuracy and completeness (All).

2. 2014 Work Plan - develop executive summary with specific deliverables to better communicate the projects to the BOT (Metro and Mineo).

3. Caroline Dupuis approved as an interim member until NERC BOT approval - get on the BOT agenda for approval (NERC).

4. CCC Policies and Procedures Review - CCCPPs review of responsibilities. Action Item – CCC SharePoint site discussion with CCC executive committee (Metro).

5. Nominating Subcommittee - Openings were shared - solicit nominations for openings (Huang and NERC).

6. Update and closure of RISC request on Planning Authority /Planning Coordinator issue – Action Item – Letter to RISC to close this out (Flandermeyer).

7. ORCS will coordinate the review and comments on the Risked Based Registration Whitepaper.

8. Development of a white paper, or expansion of current product, to address voluntary versus non-voluntary related to internal controls (Hedrick and Hoopes team).

9. CPPS scope document provided to the BOT in May 2014.

10. Determine whether there is anything NERC wants the CPPS to assist on the RSAW recommendation.

10. NERC/CCC NERC Internal Audit Update – Mechelle Ferguson-Thomas and Clay Smith

a. Closeout on status of non-conformance findings from audit of NERC Compliance Monitoring Enforcement Program (CMEP) and Organization Registration and Certification Program (ORCP

NERC is still on track. Some recommendations will be included with the risk-based registration process.

b. Planning for independent audit of NERC’s conformance to the Standards Process Manual and the Standards Applicable to NERC

Received volunteers for the audit during 2014.

c. Update on RMICS activities

Committee is now becoming a full board committee. Committee work plans and audit plans have been approved and includes EROMs audits and NERCs audit plans.

11. Future Meeting Dates a. June 4-5, 2014: Juno Beach, FL (FPL host location) b. September 17-18, 2014: Vancouver, BC (Joint Standing Committees location)

Compliance and Certification Committee Agenda | March 11- 12, 2014 8

c. December 3-4, 2014: Phoenix, AZ (APS host location)

12. Adjourn

The Committee approved the motion to adjourn. *Background materials provided

CCC Nominating Subcommittee Summary

May 4th, 2014

2 RELIABILITY | ACCOUNTABILITY

FOR APPROVAL: Interim CCC Membership

• The CCC NSC seeks committee approval of the following interim membership to be effective May 4th

2014 for a 3-year term:

• John Hairston, BPA, representing Federal Utility• Kevin Conway, Intellibind, representing Small End-

Use Electricity Customer

3 RELIABILITY | ACCOUNTABILITY

FYI: BOT Approval of CCC Membership

• NERC Board of Trustees approved the following NERC Compliance and Certification Committee officer/membership appointment at its May 7th, 2014 meeting:

• Officer Appointments:o Ms. Patti Metro as the CCC Chair for the period of July 1st 2014 – Jun 30th 2016

o Ms. Jennifer Flandermeyer as the CCC Vice Chair for the period of July 1st 2014 – Jun 30th 2016

• New Member appointments:o Ms. Caroline Dupuis of Hydro-Québec TransÉnergie representing the

Provincial/Federal Utility sector for a three-year term

o Mr. Rick Terrill of Luminant Mining representing the Large End-Use Electricity Customer sector for a three-year term

• Member reappointments:o Ms. Jennifer Flandermeyer of Kansas City Power & Light representing RE-SPP for a

three-year term

o Mr. William Temple of Northeast Utilities representing RE-NPCC for a three-year term

4 RELIABILITY | ACCOUNTABILITY

Current Membership Vacancies

• Voting Positions (1): Large End-use Electricity Customer Sector (one position)

• Non-Voting Positions (3): Government Sector – US Federal (one position) Government Sector – Canadian Federal (one position) Government Sector – Canadian Provincial (one position)

5 RELIABILITY | ACCOUNTABILITY

Upcoming Term Expirations

• 7 members with term expiring in Feb 2015

Agenda Item 2c Compliance and Certification Committee Meeting

June 4 -5, 2014

Report of May 2014 Member Representatives Committee (MRC) and Board of Trustees (BOT)

Meetings Information

1. For information and discussion only Background The following are notes provided by Patti Metro (CCC vice-chair) and Terry Bilke (CCC chair). These notes are not provided to accurately represent all agenda topics. Finance and Audit Committee (FAC) Agenda Item 2a - 2013 Audited Financial Statements: Review Audit Findings and Recommendations There were no unacceptable findings from the financial audit. The following are recommended adjustments based on the audit:

o NERC expensed the events analysis software rather than capitalized the software. This type of accounting is being discussed to determine the appropriate way manage such expenses.

o In shifting the NERC 401k plan, discovered the need to change a definition of compensation.

Agenda Item 2cii - Total ERO Enterprise – Actual to Budget Variance Analysis NERC was 10% under-budget in personnel expenses including lower travel costs and staffing

delays associated with filling positions. In 2015, NERC plan to cut its budget on meeting expenses.

Compliance Committee Meeting (BOTCC) Agenda Item 2 - Reliability Assurance Initiative (RAI) Progress Report – Presented by Jerry Hedrick, Lane Lanford, Sonia Mendonca

a. RAI Compliance Activities Overview i. Next Steps

Finalize documentation of the single detailed program design Complete the evaluation to assure:

1. Effectiveness 2. Sustainability 3. Transparency

ii. Develop examples to demonstrate methodology iii. RAI Oversight Plan Framework

Inherent Risk Assessment Internal Controls Evaluation – still sounds voluntary Oversight scoping

iv. Timeline for Implementing Single Compliance Design Framework May 2014 – Present the framework overview August 2014 – Finalize documentation of the converged pilots October 2014 – Incorporate single design into the CMEP annual plan December 2014 – Complete regional evaluations and adoption of processes January 2015 – Execute on deployment and training

NOTE: Stressed that this was for those entities that would like to participate in this new program. b. RAI Enforcement Activities Overview – a new process below has been in place in each Region

since January with the goal to process minor infractions within 60 days. c. NERC RAI Program Overview Q&A for Triage, Aggregation, and Discretion Pilots

i. Aggregation pilot Selected entities Minimal risk issues Record corresponds to contents of FFT spreadsheet Presumption of discretion

ii. Discretion pilot Selected entities Minimal risk issues Record corresponds to contents of FFT spreadsheet

Agenda Item 3 - Reliability Standard Audit Worksheet (RSAW) Review and Revision Process Shared the work completed by the MRC work group that Terry Bilke and Patti Metro were the

CCC representatives. There was pushback from John Seelke and Scott Henry. The concerns were noted by the BOTCC and will be discussed at the MRC meeting.

Proposal is ready for approval by BOT, but the topic is not on the BOT agenda for approval. The BOT will work with NERC staff to determine when the proposal can be approved.

Proposal a. Substantive revisions posted for at least 15 business days b. Comments to focus on:

i. Any material change in scope ii. Technical error

iii. Effective date concern iv. Additional postings for further revisions

c. Final revisions reviewed by chair of Standards Oversight and Technology Committee (SOTC)

i. RSAW goes into effect; or ii. RSAW revisions reviewed by full SOTC

Agenda Item 4 Key Compliance and Enforcement Metrics and Trends NERC staff was asked to include FFT information on material posted after the BOT meeting. CIP violations continue to be the type of violations that take longer to process through the

enforcement system. A majority of violations are entity self discovered. In the 1st Quarter of 2014 89% were self

discovered. From January 1, 2013 – April 1, 2014

o FFT – 43%

o NOP – 28% o SNOP -29%

10 Most Violated Standards – remained the same from 2013 to April 2014 o CIP-007 - Cyber Security — Systems Security Management o CIP-006 - Cyber Security — Physical Security of Critical Cyber Assets o CIP-005 - Cyber Security — Electronic Security Perimeter(s) o PRC-005 – Protection System Maintenance (most violated since 2007) o CIP-004 - Cyber Security — Personnel & Training o CIP-003 - Cyber Security — Security Management Controls o CIP-002 - Cyber Security — Critical Cyber Asset Identification o VAR-002 - Generator Operation for Maintaining Network Voltage Schedules o CIP-009 - Cyber Security — Recovery Plans for Critical Cyber Assets o FAC-009 - Establish and Communicate Facility Ratings (Replaced by FAC-008-3)

Standards Oversight and Technology Committee Meeting (SOTC) Agenda Item 2 – CIP Version 5

a. Response to FERC Directives – i. All four directives are being addressed by the drafting team

Modify “identify, assess, and correct” language (IAC) (February 3, 2015) Additional criteria for Low Impact classification category Define “communication networks” and add protections (February 3, 2015) Add protections for vulnerabilities caused by transient devices

ii. Project is on schedule for BOT approval in November 2014 to meet filing deadline of January 2015.

b. Implementation Update i. What has been done

Completed two of the six scheduled transition study pilots Performed initial compatibility assessments Identified initial lessons learned

ii. What is currently being done Completing four remaining transition study pilot Revising FAQs and developing RSAWs Prioritizing and drafting reports on key identified issues

iii. What will be done Complete transition study report Develop guidance for key compatible program elements

iv. Transition Study Key Dates and Activities June

• Completion of initial studies • Begin publishing RSAWs

July • Deliver papers on Impact Rating of Generation Resource Rating, Sub-

Station Transfer Trip, and Programmable Devices • Refresh FAQs

August • Publish findings from the transition studies

Key Outputs

• Collaborative efforts to share information to support the transition • Guidance to support consistency of oversight approach

Agenda Item 3 – Stage 2 GMD Standard Established GMD event and developed TPL-007 draft standard. Draft standard and benchmark GMD event were presented to the GMD Task Force and

standing committees in March, 2014. Benchmark and draft standard posted for informal comment. Stage 2 standard will be presented to the Board of Trustees for approval at its November

2014 meeting.

Agenda Item 4 – Physical Security Standard The ballot concluded on May 5. NERC is on track to deliver this standard within 90 days as directed by FERC.

Agenda Item 5 - ERO Enterprise IT Applications Gerry Cauley gave a presentation on an approach to develop adequate tools to achieve

efficiencies and drive best practices. Process and Internal Control Changes

o Slow-down and regroup on enterprise application development o Demonstrate success and control pace of projects o Move away from custom designed applications o Improve vendor procurement and contracting o Strengthen development oversight and resources o Add CIO with significant application development oversight experience o Improve internal technical resource depth and allocations o Independent consulting support to oversee development vendors o Better development milestone planning and reporting o More periodic code reviews o Improved management reporting

Key projects include o BES exception and standards balloting o CRATS o Reliability Assessment Database System (RADS)

It was found that a key vendor had significant problems with their architecture. NERC will no longer use this vendor which will result in the loss of about $600k.

Agenda Item 6 - TOP/IRO Response Update Goal is to file the revised standards no later than January 31, 2015.

Agenda Item 7 - Reliability Standards Quarterly Status Report (including Standards Committee Report)

NERC is working on items in the 2014-2016 Reliability Standards Development Plan

(RSDP). Focus is on addressing outstanding directives. It is projected that by the end of 2014 there will only be 30 outstanding directives assuming there are no new directives issued in 2014. At one time, there were over 200 outstanding directives including pre-2012 and those issued in 2013 and 2014.

Agenda Item 8 - Periodic Review of NERC ANSI Accreditation NERC initially received its accreditation (standards development process) in 2003. Last accreditation was in May of 2013. ANSI reviews are triggered every 5 years, if processes manual is revised, or by audits by

the ANSI Executive Standards Committee.

Member Representatives Committee Meeting (MRC) Agenda topics provided expanded discussion opportunities from the items discussed at the BOT committee meetings.

Agenda Item 3 – Recommended Slate of Stakeholder-based Members to the Reliability Issues Steering Committee (RISC) Election The slate was endorsed for BOT action with Terry Bilke endorsed as the CCC

representative on the RISC.

Agenda Item 4 - Request for MRC Members to Serve on the Board of Trustees Nominating Committee Solicited volunteers or nominations from the MRC membership to serve on the

Nominating Committee The BOTNC will recommend nominees for election/re-election to the NERC Board of Trustees

(Board) at the Member Representatives. Committee meeting in February 2015. Janice Case will chair the BOTNC. The Board will review the slate for the MRC volunteers

and approve in late May. Bruce Scherr is retiring from the NERC Board.

Agenda Item 5 - Responses to the Board’s Request for Policy Input 5a - Reliability Standard Audit Worksheet (RSAW) Review and Revision Process – Agreed that the

presented material is a workable solution and that improvements will be ongoing. Very clear that the CCC is a resource to provide technical support to the BOTSC and in the development of RSAWs.

5b - Risk-Based Registration Initiative – Mark Lauby gave an update on this. The whitepaper will outline the following:

o Clarification of terms and improved procedures o New BES definition as model and anchor for RBR o Entity risk assessment in a common registration form o Eliminate functional registrations if not material (PSE & IA)

o Threshold synchronization with the new BES definition o Standard requirement applicability (DP/LSE, GO/GOP & TO/TOP) o Status quo for other functional registration categories

5c - Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information o Sharing and Capabilities to determine if there is a need to physically separate the ESISAC

with the staff being in a separate space. This option would cost $250K to $300K annually. o Cybersecurity Risk Information Sharing Program (CRISP) – tool box to share information.

It is a public/private partnership. It shares near real time information on cyber threat and develops tools

to enhance awareness to prioritize protection of its critical infrastructure

Entities that have a “front end box” collects data and sends it encrypted to a national lab for analysis.

There are two companies with this hardware and software in place. The goal is to have 22-23 entities from different sectors by the end of

the year. Expected cost is 100-125k per year per user. NERC looking to deploy “basic” CRISP service, which would be $200-

300k/year. If enough users deploy CRISP, NERC would like to get extended services (an additional $600-$850k per year)

Agenda Item 6 - Additional Policy Discussion from Board Committee Meetings Finance and Audit Committee – no additional discussion Compliance Committee - no additional discussion Standards Oversight and Technology Committee

o Critical Infrastructure Protection (CIP) Version 5 Response to FERC Directives and Implementation Update – Stressed the need to get guidance out soon.

o Stage 2 Geomagnetic Disturbance (GMD) Standard - The standard is not intended to be prescriptive on the solution to mitigate problems. Operating procedures can be part of the solution.

o Physical Security Standard - Gerry Cauley noted that a lot of hard work went into this and hopes that the FERC doesn’t expect that all standards should follow this expedited path.

Agenda Item 7 - 2015 Business Plan and Budget Mike Walker provided update. Gerry Cauley noted a new strategic metric that is a composite of category 1-3 events. Many initiatives forecasted or in progress that will impact the budget. See presentation

beginning 23 at http://www.nerc.com/gov/bot/MRC/Agenda%20Highlights%20nad%20Minutes%202013/mrc_presentation_May_2014.pdf

NERC projects <1% operating expense increase an <2% increase.

No net increase in FTE, but reallocation, but will decrease budget adjustment by 6% due to attrition, hiring delays.

Incentives 18.4% of total salary expense. NERC’s consulting budget goes down except in CIP, where it more than doubles. NERC setting aside $3.6M for IT capital.

Agenda Item 8 - 2014 Long-Term Reliability Assessment: Development Plan and MRC Input Presented by John Maura. NERC will be conducting a survey of the MRC with the expectation to receive more input

from the MRC on the following emerging issues” o Accommodating system needs and adapting to change o Continued integration of variable generation o Generation retirements and coordination of outages o Increased dependence on natural gas o Increased use of demand-side management o Nuclear generation retirements and/or long-term outages

Agenda Item 9 - Essential Reliability Services Whitepaper Presented by Tom Burgess. This is a thirty person task force lead by Ken McIntyre from ERCOT. The task force will develop a whitepaper of what it determines are “essential services”. Initial discussions propose the following core services:

o Operating Reserve o Frequency Response o Ramping Capability o Active Power Control o Reactive Power and Voltage Control o Disturbance Ride-Through Tolerance

Agenda Item 10 - Five-Year Performance Assessment NERC posted its 5 year assessment and only received a few sets of comments. Time-line

o May 4: Preview Regional Entity assessments with ERO Boards o End of May: Finalize Regional Entity assessments o June: Post revised draft of five-year assessment o July 21: File five-year assessment with FERC

Board of Trustees Meeting (BOT) Agenda Item 2 - Committee Membership and Charter Changes Approved the Compliance and Certification Committee membership and leadership

changes. o New Member Appointments:

Mr. Rick Terrill of Ruminant Mining.

Ms. Caroline Dupuis of Hydro-Québec TransÉnergie. o Member Reappointments:

Mr. William Temple of Northeast Utilities. Ms. Jennifer Flandermeyer of Kansas City Power & Light.

o Officer Appointments: Ms. Patti Metro as the CCC chair for the period of July 1, 2014 – Jun 30, 2016. Ms. Jennifer Flandermeyer as the CCC vice chair for the period of July 1, 2014 –

Jun 30, 2016. Approved the formation of the CCC Compliance Processes and Procedures

Subcommittee and the retirement of the SIS and PROCS. Approved the Critical Infrastructure Protection Committee membership. Approved the Personnel Certification Governance Committee membership.

Agenda Item 3 Remarks by Board Chair – Fred Gorbet He shared his thoughts from pre-meetings with NERC senior Management and Regional

Entities senior management. Appreciated the policy input and how beneficial that input is to the Board in making decisions. Thought the discussion on RSAWs was helpful and the Board will use the information to influence the decision on steps to improve the RSAW process.

Agenda Item 4 Remarks by FERC Commissioner John Norris Thanked the industry for the good work as the ERO has evolved and matured. An

example is the shift from CIP3 to CIP5. He is concerned that people are confusing critical loads with critical assets that support the Bulk Electric System. He encouraged the industry to ask the right questions when looking critical assets and to do what the industry thinks is best. Don’t just respond to the politics of the day.

Agenda Item 6 - Remarks by Mr. Denis O’Brien, CEO, Exelon Utilities Welcomed the group to Philadelphia. He spoke about the history of Philadelphia and his

history with Exelon. Job is to keep the lights on and the gas flowing. # 1 priority is safety when doing that job.

Agenda Item 7 - President’s Report by Gerry Cauley He has seen the maturation in standards development including the orders that are

issued from the Commission. The process is working as it should always have been working. Basically, that the industry, the ERO and the Commission are communicating and working together to develop standards that improve reliability.

Agenda Item 8 - Standards Demand Data (MOD C) – MOD 031-1 — Adopted Voltage and Reactive Control – VAR-002-3 – Adopted Operating Personnel Communications Protocols – COM-002-4 – Adopted Violation Risk Factor/Violation Severity Level Revisions – Adopted

o TPL-001-4

o CIP Version 5 (CIP-003-5, CIP-004-5.1, CIP-006-5, CIP-008-5, CIP-009-5) o MOD-026-1 and MOD-027-1 o PRC-005-2 and PRC-005-3 o BAL-003-1

Physical Security Standard - Large ballot pool with 500 participants

Agenda Item 9 - Amendments to SERC Bylaws – Approved Agenda Item 10 - State of Reliability Report Presented by Tom Burgess. The purpose of the report is to provide an independent view of performance. The

results indicate that there has been sustained highly reliable performance. The report identifies trends and risks to reliability and provides recommendations for

improving reliability. The report can serve as risk- informed input to:

o Reliability Issues Steering Committee (RISC) project prioritization o Standards projects o Reliability assurance initiatives o Event analysis reliability assessment, and critical infrastructure protection

During the report period there were no high stress days in 2013. The Transmission system was highly reliable with no identified cascading events. Frequency Response has remained stable. There has been a decline in the severity of transmission outages due to relay mis-

operations. Roughly 1 in 10 relay operations are mis-operations. The number of Energy Emergency Alerts has declined

Agenda Item 11 - Summer Assessment Presented by John Moura. All Regions meet summer capacity margins. The Board will approve the Summer Assessment on it May 13 conference call.

Agenda item 12 - ERO Strategic Plan Metrics – Approved Gerry Cauley noted NERC is collaborating with the Regions on a 3 year strategic plan. Some of the metrics are being adjusted and the plan will be updated fairly often.

Agenda Item 13 - Canadian Affairs – Jim Burpee Exports to the US have increased since 2012 with a vast majority from Manitoba,

Ontario, and Quebec. None of the exports are from coal generation sources. Minnesota Power is building an additional transmission tie with Manitoba which can be

used to balance against the large wind farms in the MRO regions Expect that by 2050, all nuclear and fossil fuels will be retired replaced with hydro,

renewables and gas generation.

Canada is concerned with the FERC language regarding the physical security standard order. Feel these critical stations designations will draw attention to critical facilities.

Agenda Item 14 - Committee Reports Operating Committee Planning Committee Critical Infrastructure Protection Committee Member Representatives Committee Personnel Certification Governance Committee Standards Committee Reliability Issues Steering Committee

o Charter Amendments – Approved o Committee Membership Appointments – Approved

Compliance and Certification Committee o 2014-2016 Work Plan – Approved – Gerry suggested because of the unique

structure of the CCC, that the CCC augment the RAI efforts to provide stakeholder input prior to the implementation of the new CMEP structure.

o 2013 Stakeholder Perception Survey Results and Report Recommendations – Accepted

Electricity Sub-Sector Coordinating Council

Agenda Item 15 - Forum and Group Reports North American Energy Standards Board Regional Entity Management Group North American Transmission Forum

o 345kV breaker issue: 945 of the approximately 1000 have been identified and data collected and mitigation steps are under way.

o Next focus will be on protection system misoperations. Work on best-practices is underway.

o Working with EPRI on resiliency and developing a set of best practices. o Conducted an assistance visit along with INPO with one of its members on off-

site power to nuclear stations. North American Generator Forum

Agenda Item 16 - Board Committee Reports Corporate Governance and Human Resources

o Compliance Committee Mandate Amendments – Approved Compliance – Met in both open and closed session. BOTCC recommends that the RSAW

process presented at the MRC be implemented. Not looking for formal Board approval, but the Board is suggesting tweaking of language to incorporate the comments received during the various meetings. The minutes will reflect next steps and once the procedure is finalized the SOTCC mandate will be modified to reflect the additional role related to RSAWs.

Finance and Audit – Major responsibility is the oversight of the NERC/RE business plan and budget.

o 2013 Audit Financial Statements – Accepted o First Quarter Statement of Activities – Accepted

Enterprise-wide Risk – first meeting of the new committee which meets in closed session. Mentioned the inclusion of the Chair of the CCC and REMG are members of the committee. Reviewed the CCC work plan which was approved by the Board.

Standards Oversight and Technology – Gerry mentioned the transition of the IDC to the Eastern Interconnection RCs. He is committed to provide a report at the August Board meeting.

Closing Remarks by the Board Chair - Appreciated the comments by Commission Norris on the maturing of the organization.

Agenda Item 2d NERC Compliance and Certification Committee

June, 2014

NERC RISC Update for the CCC The following are personal notes taken during the May 7, 2014 Reliability Issues Steering Committee (RISC) meeting. There may be inaccuracies.

Background Introductory Remarks-Tom Burgess

• Tom Burgess would like to see the RISC taking actionable items to benefit reliability.

• There should be solid metrics around the risk control.

• NERC’s business plan and budget is designed around risk.

• NERC looking to create a risk management dashboard of risk management (Are we accomplishing the desired reliability objectives?).

Board Meeting Review

• Commissioner Norris’ comments at the BOT meeting were helpful in that the focus for NERC should be on those things that matter to BES reliability.

• The state of reliability and summer assessment reports were good work products that note the involvement of RISC.

• The “Essential Reliability Services” effort is forward looking and something that will support reliability.

• The Cyber Risk Information Sharing Program (CRISP) can play a big role in Cyber Security.

• Can there be metrics established for cyber security to track posture and trends? The challenge with this is entities don’t report the little things.

Reliability Leadership Summit

• The draft agenda is for the September 11, 2014 is attached below.

• If people have thoughts on speakers, sent a note to Tom Burgess and Bob Schaffeld.

Summary_Agenda_RLS_2014-09-11__5-5 Future RISC Meetings a. June 17, 2014 8:00-5:00 CDT - In-Person Meeting Atlanta, GA b. July 10, 2014 9:00-12:00 EDT - Conference Call c. August 14, 2014 12:30-2:30 PDT - Post-BOT Meeting, Vancouver, BC d. September 11, 2014 9:30-4:30 EDT - Reliability Leadership Summit, Washington, DC e. September 12, 2014 8:00-2:30 EDT - In-Person Meeting, Washington, DC f. October 07, 2014 9:00-12:00 EDT - Conference Call g. November 13, 2014 12:30-2:30 EST - Post-BOT Meeting, Atlanta, GA h. December 02, 2014 8:00-5:00 MST - In-Person Meeting, Phoenix, AZ

Compliance and Certification Committee MeetingAgenda Item 3bi – SPM and SAN Audit Update

Mechelle ThomasDirector, Internal Audit and Corporate Risk Management

RELIABILITY | ACCOUNTABILITY2

NERC SPM and SAN Audit

Audit Objective: • Ensure NERC’s compliance with Standards Applicable to NERC

and the Standards Processes Manual.

Audit Scope:• NERC Standard Process Manual;• Reliability Standards Applicable to NERC (to be determined).

Audit Team:• PwC - Independent Auditor (will serve as audit team lead);• CCC Observers;• NERC Internal Audit.

RELIABILITY | ACCOUNTABILITY3

NERC SPM and SAN Audit Timeframe

Sep 19th

Finalize Audit Report &

Implementation Plan

2014Mar Apr May June July Aug Sep

Audit Planning Activities Audit Testing & Reporting

June 26th

Audit Kick-off Meeting with

NERC Staff

July 7th

Audit Commencement

Aug 15th

Issue Initial Draft Report

RELIABILITY | ACCOUNTABILITY4

NERC SPM and SAN Audit

Next Steps: • CCC Observers to provide Conflict of Interest Forms and Bios

(due in June)• NERC Staff to gather requested data• Continued planning activities (e.g., mapping risk matrix to shall

statements)

Compliance and Certification Committee MeetingAgenda Item 3bi – CMEP and ORCP Remediation Status

Mechelle ThomasDirector, Internal Audit and Corporate Risk Management

RELIABILITY | ACCOUNTABILITY6

NERC CMEP & ORCP Audit

Non-Compliance Findings

# NERC ROP Auditor Observation Auditor Recommendation

Management Action Plan & Implementation

DeadlineStatus

1 501.3.3: NERC shall develop and maintain a program to monitor and oversee the NERC Organization Registration and Organization Certification Programs activities that are delegated to each Regional Entity through a delegation agreement or other applicable agreement.

While documentation provided evidenced NERC’s oversight for Regional Entities’ (RE) responsibilities for ROP Statement 501 Sections 1.4.1, 1.4.2, and 1.4.4 for certified entity functions, support did not evidence NERC’s oversight of the RE’s ORCP activities included in ROP Statement 501 Section 1.4.3 for non-certified functions TP and PA.

ROP 501 1.4.3 Ensure that all transmission Facilities of the bulk power system are the responsibility and under the control of one and only one Transmission Planner, Planning Authority, and Transmission Operator.

NERC provided evidence that it initiated a project to map the functions in the fourth quarter of 2012.

NERC should implement a periodic monitoring procedure to confirm that all Transmission Facilities are mapped to one and only one TP, PA and TOP.

Compliance operations will complete a Common Registration Form (CRF) for implementation to provide for the correct and complete registration of owner, users and operators of the Bulk Electric System. In addition, it will provide for the complete mapping of all the inter-relationships between registered entities on the NCR.

Implementation Deadline: The completion of the CRF will be by December 31, 2014. Milestones will be tracked on a three month basis through completion.

Open

RELIABILITY | ACCOUNTABILITY7

NERC CMEP & ORCP Audit (cont’d)

Non-Compliance Findings

# NERC ROP Auditor Observation Auditor Recommendation

Management Action Plan & Implementation

DeadlineStatus

2 501.3.3.1: This program shall monitor whether the Regional Entity carries out those delegated activities in accordance with NERC requirements, and whether there is consistency, fairness of administration, and comparability.

In accordance with the December 23, 2010 NERC filing with FERC, NERC planned to develop spot checks of registered entity functions to assess whether REs are consistently applying compliance evaluations of Reliability Standards for each registered entity function by December 31, 2011; however, no evidence was provided to demonstrate the results of this program.

NERC should implement a program to monitor the RE implementation of the ORCP requirements and include an evaluation of the consistency, fairness in administration, and comparability of registered entity functions across RE’s.

Compliance operations will complete the review of all eight REs by December 31, 2014. The purpose of this review is to procedurally identify how NERC performs its registration and certification oversight activities through onsite engagements with the REs. These engagements will confirm the consistency, fairness in administration, and comparability of registered entity functions across REs regarding the ORCP.

Implementation Deadline: December 31, 2014. Milestones will be tracked on a three month basis through completion.

Open

RELIABILITY | ACCOUNTABILITY8

NERC CMEP & ORCP Audit (cont’d)

Process Improvement Opportunities

# NERCROP Auditor Observation Auditor Recommendation

Management Action Plan & Implementation

DeadlineStatus

3 Section 400 and 500: CMEP and ORCP

NERC processes and procedures related to the CMEP and ORCP are not consistently maintained, organized and updated.

NERC should require annual updates to its CMEP and ORCP process manuals which support the ROP. NERC should enhance the organization, maintenance, and storage of its CMEP and ORCP process manuals by utilizing a consistent document retention tool across the organization.

Review and update any Audit, Registration and Certification, and Compliance process manuals.Implementation Deadline: December 31, 2014 and annually thereafter by December 31.

Open

4 Section 402.1

While NERC has a variety of procedural documents supporting its monitoring program of the RE’s CMEP, it has not developed a concise document that summarizes all activities of its monitoring program.

NERC should develop an overall monitoring procedural document to summarize the activities it uses to conduct monitoring of the RE’s CMEP and how those activities are designed to address ROP requirements.

NERC Compliance Operations will develop /review and update present process procedures.Implementation Deadline: December 31, 2014 and annually thereafter by December 31.

Open

5 Section 402.1

While NERC has a variety of procedural documents supporting its monitoring program of the RE’s CMEP, it has not developed a concise document that summarizes all activities of its monitoring program.

NERC should develop an overall monitoring procedural document to summarize the activities it uses to conduct monitoring of the RE’s CMEP and how those activities are designed to address ROP requirements.

NERC Enforcement will develop /review and update present process procedures.Implementation Deadline: December 31, 2014 and annually thereafter by December 31.

Open

RELIABILITY | ACCOUNTABILITY9

NERC CMEP & ORCP Audit (cont’d)

Process Improvement Opportunities

# NERCROP Auditor Observation Auditor Recommendation

Management Action Plan &

Implementation Deadline

Status

6 Section 402.1.2

The independent auditors observed that activities conducted by NERC to evaluate the goals, tools and procedures of the REs occur regularly throughout the year; however, no evidence was observed supporting NERC’s overall annual evaluation of the RE’s CMEP goals, tools, and procedures.

Within the CCCPP-10 filing, the CCC developed a list of criteria for use by NERC in evaluating the compliance programs of each RE. NERC should ensure these criteria are addressed as part of the RE CMEP annual report process. To enhance evidence of NERC’s annual evaluation of RE CMEP goals, tools, and procedures, NERC should develop a response to the RE annual report that addresses the RE responses and summarizes NERC’s own observations of the RE throughout the year.

NERC Compliance Operations will develop /review and update present process procedures .Implementation Deadline: December 31, 2014 and annually thereafter by December 31.

Open

7 Section 402.2

To enhance the implementation of the FFT and SNOP processes in late 2011 and 2012, NERC provided support to select REs to streamline the development of documentation associated with the FFT and SNOP enforcement requirements; however, NERC’s role in executing the RE requirement was not clearly documented in RE delegation agreement.

In cases where NERC provides assistance to REs, NERC should document such support as a part of its oversight responsibilities.

Document NERC’s support to REs if and when NERC provides extraordinary assistance to REs.Implementation Deadline: As necessary.

RELIABILITY | ACCOUNTABILITY10

NERC CMEP & ORCP Audit (cont’d)

Process Improvement Opportunities

# NERCROP Auditor Observation Auditor Recommendation

Management Action Plan & Implementation

DeadlineStatus

8 Section 402.3

NERC’s Agreed Upon Procedures (AUP) audits and AUP Spot Checks of the Regional Entities included a review of the RE’s data management procedures; however, based upon the significance of data in supporting other CMEP procedures, NERC should complete monitoring of RE data management more timely than the current five year audit schedule of RE compliance with the overall CMEP.

Leading practices in data management indicate a more frequent monitoring program is required to address emerging technology risks. As a result, in addition to the ROP five year monitoring requirement, NERC should develop a more frequent monitoring program to evaluate the Regional Entities’ data management procedures over data reporting requirements, data integrity, data retention, data security, and data confidentiality.

NERC Compliance Operations will develop a plan on how to assess the data management /reporting requirements as it relates to emerging technology risks in oversight activities.Implementation Deadline: December 31, 2014.

Open

9 Section 402.9

NERC has a manual process for communicating auditing skill training opportunities and monitoring who is required to complete training for NERC and RE compliance audits.

In addition to notifying auditors of training opportunities via email, NERC should create a catalog of available auditing skill trainings and publish the list to the appropriate individuals. NERC should utilize available training technology to enhance monitoring the satisfactory completion of training requirements by compliance auditors.

NERC Compliance Operations will work with NERC training department and the REs to develop an integrated schedule of available training activities.Implementation Deadline: December 31, 2014 and will be updated as needed (ongoing process).

Open

RELIABILITY | ACCOUNTABILITY11

NERC CMEP & ORCP Audit (cont’d)

Process Improvement Opportunities

# NERCROP

AuditorObservation

Auditor Recommendation

Management Action Plan & Implementation Deadline Status

10 Section 403.11.1

Although performed once every three years, due to on-going enforcement activities and/or confidentiality requirements, the BA, RC and TOP audit reports evidencing the three year audit performance requirement may not be publicly posted to NERC’s website.

To enhance transparency associated with this requirement, NERC should confirm that each RE has appropriately satisfied the function audit requirement as a part of NERC’s response to the RE annual report.

NERC Compliance Operations is updating the present process procedures for the management of audit reports.Implementation Deadline: December 31, 2014 and will be a standard operating type of procedure (ongoing process).

Open

11 Appendix 4C.5

Although all REs agreed to use the FFT enforcement treatment during its issuance in September 2011, consistent implementation of the new enforcement treatment was not applied across the registered entities until FERC responded to the filing in March 2012.

For all new ROP requirements, NERC should develop a procedure to ensure Regional Entities are implementing these updates consistently across their registered entities.If the REs cannot implement these processes consistently, NERC should confirm that this difference is clearly documented.

As part of its oversight obligations, NERC will review Regional Entity processes that implement currently effective Rules of Procedure.NERC will document any differences in implementation, as discovered, for tracking and training purposes.Implementation Deadline: December 31, 2014.

Open

RELIABILITY | ACCOUNTABILITY12

NERC CMEP & ORCP Audit (cont’d)

Process Improvement Opportunities

# NERCROP

AuditorObservation Auditor Recommendation Management Action Plan &

Implementation Deadline Status

12 Section 502.2.2.7

NERC has a manual process for communicating auditing skill training opportunities and monitoring who is required to complete training for Certification evaluations.

In addition to notifying auditors of training opportunities via email, NERC should create a catalog of available auditing skill trainings and publish the list to the appropriate individuals. NERC should utilize available training technology to enhance monitoring the satisfactory completion of training requirements by compliance auditors.

Compliance operations will work with the NERC training department and the REs to develop an integrated schedule of available training activities. Compliance operations will also develop a notification process to inform auditors of this training.Implementation Deadline: December 31, 2014 and will be updated as needed (ongoing process).

Open

13 Appendix 5B

While NERC and the Regional Entities do identify users, owners and operators of the Bulk Power System that are not appropriately registered in the NERC Compliance Registry, there is only an informal process.

While Appendix 5B outlines the criteria NERC and the REs utilize to identify whether a user, owner, or operator of the BPS should be registered in the NCR, NERC should develop a formal process document that describes its best effort procedures to identify all owners, users, and operators that should be registered.

Compliance operations will complete a formal process document that outlines the Common Registration Form (CRF) for implementation to provide for the correct and complete registration of owner, users and operators of the BES. In addition, this process document will outline how it will provide for the complete mapping of all the inter-relationships between registered entities on the NCR.Implementation Deadline: The completion of the CRF will be by December 31, 2014.

Open

Compliance and Certification Committee MeetingAgenda Item 3bi – Enterprise-wide Risk Committee (EWRC)

Mechelle ThomasDirector, Internal Audit and Corporate Risk Management

RELIABILITY | ACCOUNTABILITY14

Enterprise-wide Risk Committee (EWRC)

• 2014 EWRC Chairman : David Goulding

• EWRC Members include:

NERC Board of Trustees; the chair of the Compliance and Certification Committee; the chair of the Regional Entity Management Group.

• EWRC Roles and Responsibilities remain the same as the Risk Management and Internal Control Sub-Committee

CCC CPPS Report

Matt Goldberg & Jim StantonJune CCC Meeting

West Palm Beach Gardens

RSAWs (Work Plan Deliverable 12)

• BOT approved RSAW Review & Revision Process • Opportunity for comment when RSAWs are posted• CPPS will take as a Standing Item review of RSAW-

related questions. Actions from today’s meeting:– NERC should revise RSAWs that still include, or do not

indicate, retirement of Paragraph 81 Requirements– Issue identified with document retention provisions of

Draft PRC-026 RSAW– NERC should coordinate with Regions on how certain data

is being requested via audits versus 1600 data requests, specifically for PRC-004

• Supports NERC BOT Assignment (Work Plan, p16)

PRC-004 Audit Item

At least one region has been requesting protection system operations data as a part of compliance audit data requests for PRC-004. “Operations” are not part of the requirements noted in PRC-004. The data requests appear to stem from the NERC ERO-RAPA group. Recommend the data request not be associated with an audit/and or clearly noted as not being a compliance element of the audit.

CMEP Effectiveness (Work Plan Deliverable 13)

• CPPS will draft CCCPP-010 revisions to include effectiveness assessment criteria– Focus on results-based criteria that support NERC

objectives/goals for risk-based CMEPs– Reduce number of existing Criteria– NERC will coordinate with CPPS to provide an

overview of the Compliance & Enforcement trends matrix presented to the BOTCC quarterly and Aggregation of Minimal Issues Pilot conclusions. (Work Plan Deliverable 14)

• Possible completion by September

RAI Oversight Plan Framework

ScopeScope

Applicable Standards

RiskElements

Controls Not Evaluated

CMEP Tools

IRA

ICE

Com

plia

nce

Ove

rsig

ht P

lan

Oversight Scoping

Inherent RiskAssessment

Internal ControlsEvaluation

Input Input

CMEP Tools

NotificationsFocused: 90 DaysNarrowly Focused: 30 Days

Scheduling ofTasks

• RE Functions• Characteristics - ERO / Regional• Events• RISC

Other Work Plan Deliverables

• Internal Controls Q&A Document and Internal Controls Guide – in holding pattern pending release of NERC documents

• RAI Data Retention and Sampling – Waiting for comment period

Other CPPS Work Plan Activities • Review criteria for audit/review of NERC adherence to Standards

Processes Manual.• Review existing CCC Procedures to support 2014 NERC Internal

Audits and CCC oversight (i.e., CCCPP-005, CCCPP-006, CCCPP-008, CCCPP-009 and CCCPP-010), and identify any necessary work for 2014 to carry out these CCC Procedures.

• Review relationship between NERC’s RAI and ROP. • Revise CCC Procedures to conform to the new monitoring model

that includes NERC internal auditor and EWRC involvement. Receive reports from NERC on status and execution of RAI and to NERC from ad hoc Working Groups.

• Provide input on development of work plan related to RAI elements not part of Calendar Year 2013 RAI work effort.

• Assess how CMEP practices change after RAI is adopted in regards to: (a) monitoring practices (as embodied in CCCPP-010 and also including assisting EROMS in the annual Regional Entity Audit Criteria work); (b) enforcement; and (c) Standards development.

ORCS Update

Jennifer Flandermeyer, ORCS ChairNERC CCC MeetingJune 4, 2014

RELIABILITY | ACCOUNTABILITY2

• Risk Based Registration (RBR)• Status of RISC request for Planning Coordinator• 2014 Work Plan discussion• ORCS Leadership discussion and selection

Discussion Items

RELIABILITY | ACCOUNTABILITY3

• June 2 Posting: Draft design framework, proposed revisions to Appendix 2b/Appendix 5b of Rules of Procedure Comments due June 23, 2014

• July: draft for MRC• August: Final Package will be posted for 45-day comment

period • November: Presented to the NERC Board• File with FERC by end of calendar year• Implement in 2015

RBR Timeline for 2014

RELIABILITY | ACCOUNTABILITY4

Update on ORCS Work Plan

• Risk Based Registration (previous slides)• MRRE

– Process in formation by ECEMG– ORCS will offer preliminary comments in June– Process to facilitate consistency projected implementation by end of

2014

• Monitoring of impacts of NERC initiatives to guidance documents– RoP changes proposed– Coordination with Standards and Enforcement

RELIABILITY | ACCOUNTABILITY6

• Details of Risk Based Registration

Appendix

RELIABILITY | ACCOUNTABILITY7

• Comments and issues discussed Reciprocal relationships among de-registered entities and RC/BA/TOP Entities that de-register but have an “orphaned” BES Element Relationship of materiality and BES exception process Materiality factors of registration BES “User” category Functional Model relationship and Registration Criteria Speed of implementation of the RBR process Common registration form for consistent RBR implementation Use of a one-time attestation for compliance

o Obligation on registered entity to update for any changeso Used in compliance monitoring and enforcement areas

• Everyone is encouraged to submit comments by June 23, 2014

Risk Based Registration (RBR)

RELIABILITY | ACCOUNTABILITY8

• 15 functions currently listed• 3 proposed functions for removal: PSE, IA, LSE• NERC is conducting technical reviews for Registry Criteria• Proposed changes for roles of other entities:

Thresholds for GO/GOP and TO/TOPo Align threshold criteria with BES criteriao Change Generating “Units” to “Facilities” to tie in BES Definition

Threshold change for DPo Section 3a: increase from 25 MW to 75 MWo Section 3b: DPs under 75 MW that have UFLS programs will be subject to

PRC-006 and other applicable Regional Standards

• 12 remaining functions (RC, BA, TOP, etc.) will not change

RBR Proposed Changes

RELIABILITY | ACCOUNTABILITY9

• Rebuttable presumption that an entity is material to BES• Five factors to consider for registration materiality• Burden of proof:

If an Entity is proposing to be removed from the registry, the entity has the burden to show that they are not material to BES

If a Region/NERC is proposing to add an entity to the registry, Region/NERC has the burden to show that they are material

• Materiality determinations will be made by a centralized panel• Materiality test for registration is separate from the BES

exception process, but they are closely linked

Registration Materiality Test

RBRCWG May 7, 2014

Voluntary Nature of RAI Internal Controls Assessments

Developed by the NERC Compliance and Certification Committee’s Risk-based Reliability Compliance Working Group (RBRCWG)

Background The assessment of Registered Entity internal controls associated with NERC’s Reliability Assurance Initiative (RAI) has been the subject of some confusion across the industry. There are currently two (2) documents posted to the NERC website that address this concept: RAI Q&A document and the RAI Benefits and Impacts document. These documents indicate that the assessment of Registered Entity internal controls by NERC and/or the Regional Entities is voluntary on the part of the Registered Entity. Related excerpts from these two documents are included in Appendix 1. The complete documents are posted on the NERC website.1 Recently, some Registered Entities have been receiving requests from the Regional Entities for internal controls documentation in 90-day audit notification letters. Additionally, some Registered Entities have reported being provided with feedback from Regional Entities that the assessment of a Registered Entity’s internal controls must be performed as part of their compliance monitoring. This feedback is consistent with the NERC presentation to the CIP V5 Standards Drafting Team on March 18, 2014, “Enforcement Approach to CIP Version 5 Under RAI.” In particular, Slide 6 provided:

• Internal Controls Reliance o The Registered Entity’s internal control practices will be provided and reviewed by the

Regional Entity. o The Regional Entity will evaluate the level of the entity’s internal control program to

tailor compliance activities in conjunction with the Risk Assessment. As some Registered Entities believe that the review of internal controls is an area of its business management, there is concern that a required review of internal controls by the ERO Enterprise is beyond the scope of compliance to the NERC reliability and cyber security standards. The intent of this white paper is to establish assumptions and to provide a proposed solution to resolve the conflicting messages from the ERO Enterprise with respect to the voluntary nature of the assessment of Registered Entity internal controls. Assumptions The following assumptions were developed by the Risk-based Reliability Compliance Working Group (“RBRCWG”) with respect to the members’ understanding of internal controls.

1 See NERC website at: Program Areas and Departments / Compliance & Enforcement / Reliability Assurance Initiative / NERC and Industry Collaborative Documents / NERC RAI Q&A document at Question A.8 and the RAI Benefits and Impact document at Section E.2.

1

RBRCWG May 7, 2014

1. Most Registered Entities have internal controls that support compliance to the NERC standards,

whether they refer to them as internal controls, management controls, policies, procedures, practices, or some other description.

2. A Registered Entity’s internal controls, in some cases, may be documented, but, in other cases, they may not be documented.

3. A Registered Entity’s internal controls may or may not be documented in a “program” that readily lends itself for review by the Regional Entity but the internal control(s) may exist in actual practice.

4. There is no expectation on the part of the ERO Enterprise that Registered Entities will expend resources “packaging” internal controls into an internal controls program for the benefit of the Regional Entity.

5. In whatever form the Registered Entity’s internal controls exist, if they are assessed by the Region to be effective, the entity may benefit from some reduction in compliance monitoring scope commensurate with the effectiveness of the its internal controls.

6. Should the Registered Entity decline to share its internal controls with the Region, the entity probably will not benefit from compliance monitoring scope reduction based on its internal controls.

7. Should the Registered Entity decline to share its internal controls with the Region, the entity should not expect to receive an expansion of compliance monitoring from its previous level of compliance monitoring, solely on the basis of its decision not to share internal controls with the Region.

Proposed Solution The ERO Enterprise should reach a common understanding between NERC and the eight Regions on the issue of whether evaluation of Registered Entity internal controls by the Regions or NERC is either a voluntary or mandatory aspect of compliance monitoring activities. Once consensus is reached regarding this determination, if it is made in the affirmative regarding the mandatory nature of the evaluation of internal controls, the ERO enterprise should amend their respective Compliance Monitoring and Enforcement Programs to add this method of compliance monitoring, including citation to the section of the Rules of Procedure that documents the authority to evaluate Registered Entity internal controls. In addition, all references to the voluntary nature of internal controls assessments should be deleted from the CMEP and other related documents currently posted to NERC’s website. Additional outreach should also be performed regarding this determination. On the other hand, if the ERO Enterprise concludes that it does not have the authority to compel entities to share internal controls or does not intend to compel entities to share internal controls, NERC should ensure that the use of evaluation of internal controls is consistently represented in documentation utilized across the ERO enterprise, noting the voluntary nature of a Registered Entity’s decision to share its internal controls for evaluation. This includes specific language to be consistently used by the Regions in their audit preparation communications to entities with respect to the voluntary nature of

2

RBRCWG May 7, 2014

internal controls assessments. Additional outreach should also be performed regarding this determination. The RBRCWG volunteers to provide assistance to the ERO enterprise regarding the necessary and appropriate communications discussed above once a final determination regarding internal controls assessments has been made by the ERO enterprise.

3

RBRCWG May 7, 2014

Appendix 1

References to the “Voluntary” Nature of RAI Internal Controls Assessments The two excerpts listed below from the referenced NERC documents indicate the voluntary nature of the RAI internal controls assessments. 1. Risk‐Based Reliability Compliance Working Group (RBRCWG) NERC Reliability Assurance Initiative

Program Overview Q&A, Initial Version: May 7, 2013. FAQ A.8 http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/RAI%20QA%20Document.pdf

Q&A# A.8 Is the RAI intended to be voluntary for registered entities? Certain aspects of the RAI will be voluntary for registered entities; others will not. Scoping Compliance Monitoring. The ERO Enterprise will scope the compliance monitoring for each registered entity in accordance with results of the entity’s risk assessment. An entity can voluntarily establish internal controls designed to reduce its control risk (see A.3.), which could have a positive influence on the scoping of compliance monitoring by the Regional Entity. Conversely, the entity can voluntarily elect to not establish internal controls or share them with the Regional Entity.

2. Reliability Assurance Initiative (RAI) Benefits and Impact (Initial Version: September 30, 2013),

Section E.2. http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/RAI%20Impacts%20and%20Benefits%20V1.pdf

Section E.2. Assessing Registered Entity Internal Controls Impact: In accordance with GAGAS practices, the CEA will implement a systematic process to understand and evaluate internal controls as they relate to compliance with the Reliability Standards. A general benefit is that the entity will receive compliance-related feedback from the CEA on its internal controls. This could lead to developments that strengthen entity controls, improving compliance and enhancing operations, thereby resulting in a more reliable BES. While the Rules of Procedure (ROP) clearly express the use of GAGAS and Institute of Internal Auditor guidelines with regards to conducting audit engagements which in turn require the evaluation of internal controls, an entity cannot be found in noncompliance based on any activity related to its internal controls. Additionally, entities with effective internal controls in place may be given credit when assessing civil penalties. The additional work required to organize and present its internal controls to the CEA in support of the assessment may create a need for additional resource attention. Two scenarios can occur in the context of this RAI item. a. The entity declines to share its internal controls with the CEA.

Potential Outcome: The nature, timing, and frequency of audit engagements will be adapted to appropriately address risk in the absence of the ability to effectively understand and evaluate

4

RBRCWG May 7, 2014

controls. Further, the entity would not benefit from the CEA’s experience gained from reviewing internal controls of other entities.

b. The entity shares its internal controls with the CEA, and the CEA determines the controls to be

effective. Potential Outcome: The CEA accrues the benefit of increased understanding of how the entity, through its internal controls, ensures it is in compliance with the Reliability Standards. The entity can benefit from this assessment in several ways. First, the entity receives the feedback that the CEA believes the entity’s internal controls are effective. Second, the entity—via the dialog with the CEA in the course of the assessment—may learn about potential enhancements to its internal controls. Third, the entity may benefit from a reduction in compliance monitoring scope, testing, or frequency, as determined by the CEA.

5

NERC CCC Reliability Assurance Initiative (RAI) Data Retention and Sampling Team UpdateCompliance and Certification Committee Meeting, June, 2014

2 RELIABILITY | ACCOUNTABILITY

Topics

• Team members• Team scope and deliverables• Survey summary• Project timeline and next steps

3 RELIABILITY | ACCOUNTABILITY

Team Members

• Ed Kichline Ed.Kichline@nerc.net • Leigh Anne Faugust leigh.faugust@nerc.net• Christina Bigelow Cbigelow@misoenergy.org• Terry Bilke TBilke@misoenergy.org • Kevin Conway kevinc@intellibind.com• Jennifer Flandermeyer Jennifer.Flandermeyer@kcpl.com• Ajay Garg ajay.garg@HydroOne.com• Lou Oberski lou.oberski@dom.com• Rick Terrill rick.terrill@luminant.com• Bill Graham bill.graham@nerc.net• Barb Kedrowski Barbara.Kedrowski@we-energies.com• Derrick Davis Derrick.Davis@TEXASRE.org

4 RELIABILITY | ACCOUNTABILITY

Team Scope and Deliverables

• Objective: Identify/recommend improvements to make data retention and sampling more efficient/effective and less burdensome

• Catalog existing data retention requirements (differences in standards, RoP, Compliance Process Bulletin, etc.)

• Identify the types/classes of data and information audited (Real time data, documentation, event triggered, etc.)

• Outline principles of data retention and sampling What amount of data is necessary to satisfy compliance Amount needed to provide assurance the reliability goals are being met

• Identify, via survey and other outreach, problems experienced in data retention and sampling

• Draft whitepaper/report with recommendations based on survey and team research• Assist NERC with creation of/changes to documents based on recommendations.

5 RELIABILITY | ACCOUNTABILITY

159 Survey Respondents

0

20

40

60

80

100

120

FRCC MRO NPCC RFC SERC SPP TRE WECC

Your Region(s) and Audit Cycle (check all that apply, including if you are subject to two audit cycles)

3 Year Audit Cycle

6 Year Audit Cycle

Not Applicable

6 RELIABILITY | ACCOUNTABILITY

Data Retention Challenges

0

20

40

60

80

100

120

140

160

Differing retentionperiods among the

standards

Being asked for data thatis no longer relevant

The volume of datarequested

The storagerequirements

Conflicts between thedata retention in the

standards and my otherretention obligations

Which do you consider the most challenging or problematic issue with regard to data retention for compliance (where 1 is the most problematic and 5 is the least troublesome)

1

2

3

4

5

N/A

7 RELIABILITY | ACCOUNTABILITY

Next Steps

• Revise draft whitepaper based on comments by RAI leadership and CPPS feedback

• Post paper for public comment mid June• Make changes based on comment late June• Draft RoP changes: TBD• Draft supporting documents (e.g. process bulletin,

audit handbook supplement):TBD• Post changes to RoP for comment:TBD

8 RELIABILITY | ACCOUNTABILITY

Questions and Answers

Whereas, Greg Pierce is retiring from Entergy and departing the CCC. Whereas, Greg Pierce has faithfully and effectively represented SERC and the Industry on the CCC for six years. Whereas, Greg Pierce has lead the metrics-related work within the CCC to include chairing the Performance Metrics Task Force. Resolved, the CCC thanks Greg for his service and wishes him success in his future endeavors.