Reliability Assurance Initiative (RAI) 101

Ben ChristensenSenior Compliance Risk Analyst,

Cyber Security

2

Agenda

• Introduction to Reliability Assurance Initiative– Risk Elements– Inherent Risk Assessment (IRA)– Internal Controls Evaluation (ICE)

• Overview of WECC’s IRA and ICE process and documents

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

3

Introduction to RAI

• Implements risk based compliance monitoring and enforcement

• Initial discussions by NERC in 2012• Regional RAI pilots during 2013 and 2014• 2014 NERC and Regions designed the risk

based framework

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

4

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

Overview of Risk Based Framework

5

Risk Elements

• Replaces prior actively monitored lists• WECC identified region wide risk elements– 10 O&P risk elements– 6 CIP risks elements

• WECC identified NERC Standards and Requirements associated with risk elements

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

6

IRA Overview

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

7

What is the IRA?

• Review of inherent risks posed by an entity to the BPS

• Review of an entity’s characteristics– Such as event history, compliance history, devices

owned/operated, types of transmission lines, generation portfolio, etc.

• IRA process is located on the WECC website

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

8

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

WECC’s IRA Process

Identify Major Inputs

into IRA

Review Entity Background

Identify Initial List of Applicable Functions

and Standards

Identify and Review

Applicable Risk Element

Determine Monitoring

Strategy

9

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

IRA Surveys

• Currently posted on WECC website

• Completed by Registered Entities

• Helps identify Entity’s inherent risks

10

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

IRA Final Report

• Documents WECC’s assessments and evaluations

• Helps develop Registered Entity’s Compliance Oversight Plan

• Summary of Final Reports provided to Entity

11

Internal Controls Evaluation (ICE)

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

12

What is ICE?

• Voluntary process• WECC will evaluate internal controls related to

the risks and associated standards• WECC will make recommendations to

strengthen controls• ICE process is located on the WECC website

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

13

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

WECC’s ICE Process

Identify key controls related to

risks

Request controls information

Test effectiveness of controls

Identify how well controls address risks and provide

compliance assurance

14

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

ICE Surveys

• Currently posted on WECC website

• Completed by Registered Entities

• Helps identify Entity’s internal controls

15

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

ICE Final Report

• Documents WECC’s assessments and evaluations

• Helps develop Registered Entity’s Compliance Oversight Plan

• Summary of Final Report provided to Entity

16

How will WECC use IRA and ICE?

• WECC can better tailor compliance monitoring activities using existing CMEP tools (i.e., audits, spot checks, or self-certifications)

• WECC may use the results to focus the depth and scope of monitoring engagements

• Not a one size fits all but a risk based approach

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

17

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C OU N C I L

Additional Resources

• NERC RAI Page• NERC Risk Elements Guide• WECC CMEP IP• IRA

– IRA Process– IRA Survey template– IRA Report template

• ICE– ICE Process– O&P ICE Survey– CIP ICE Survey