In early
May, EnergySec released a very important “opinion
piece” that I think all people involved with NERC compliance (not just NERC
CIP) should study carefully; this includes employees of NERC entities, NERC and
FERC, as well as consultants providing compliance services to NERC entities. More
generally, it includes anyone who cares about the integrity of the process of
auditing NERC standards.
I won’t try
to summarize this document, since it speaks very eloquently for itself. You
need to read it very carefully, not just for what it says but for the implications of what it says. This means
you really have to read it as you read the poems, short stories, etc. you were
assigned to read in high school or college English classes (and you did read them, didn’t you?).
Just like in
high school or college, I am going to give you an assignment. I want you to:
- Read the document carefully. Twice.
- Keep in mind that this document was written by ex-auditors
(three of the principals of EnergySec are ex-WECC auditors). Try to
understand the pain they must be feeling due to the actions described in
the document – that is, what they believe those actions are doing to their
long-cherished ideals of Auditor Independence.[i]
- This is a very tightly-written document. Many of its most-important points are
stated only in a single sentence, and may not even be the main subject of
the sentence. Look for those
points.
- Ask yourself the following questions: “What are the
implications of EnergySec’s argument for the future of NERC CIP auditing
and compliance?”; “What are the implications for the other NERC
standards?”; “What are the implications for the ERO itself?”[ii]
Remember,
most of your grade for this course will depend on this assignment. And don’t tell me your dog ate it.
Note on 4/1/16: I have just linked this post in a post I put up today. Please note that EnergySec's conclusion in their opinion piece isn't the same as mine. I am saying the SGAS have most likely made CIP v5 (and v6) unenforceable in the strict sense that violations that are appealed to the Federal courts will never be upheld. EnergySec is saying the SGAS constitute a serious threat to auditor independence, but they don't go as far as my conclusion.
The views and opinions expressed here are my own and don’t
necessarily represent the views or opinions of Deloitte & Touche LLP.
[i]
Coincidentally, I have been learning a lot about Auditor Independence, in the almost
two months since I joined the Advisory arm of a public accounting firm. There are very strict and thoroughgoing rules
that apply not just to the auditors themselves, but to all of the rest of us
who couldn’t explain the difference between a credit and a debit to save our
lives. I have to follow some of the same
rules described in the EnergySec document.
[ii]
The notices for the SGAS now carry disclaimers stating they’re not providing
compliance guidance, etc. However, I believe the main thrust of EnergySec’s
objections to the SGAS is that the simple fact that the meetings are closed to
the wider NERC community, and no record is published of them, constitutes a
huge threat to auditor independence, if it doesn’t destroy it altogether. It is
quite clear that the SGAS won’t be opened up, and their results won’t be shared
with the community.
Once again, I apologize that the email feed seems to be getting messed up. I unfortunately don't have any control over that.
ReplyDeleteThat ‘opinion piece’ should really be a required reading for NERC employees and its related consultants. It is very delicate, tough work, considering the energy resource being handled and the various interests and industries that are dependent upon it. There really should be a more streamlined and faster auditing measures for NERC operations, which is hopefully as tight as the writing in that article. Thanks for sharing!
ReplyDeleteKent Gregory @ Armature