Internal Compliance Governance Program Vs. Internal Compliance Program
In our discussions with clients we have come to realize that the commonly referred to “internal compliance program”, by name can create a lot of confusion when determining where the line in the sand is drawn between this and other compliance programs such as NERC CIP and 693. In response to the confusion, N&ST refers to the same program as the Internal Compliance Governance Program (“ICGP”) which speaks to the intent of the ICGP: to help an entity properly govern it’s many other compliance initiatives.
What is an ICGP?
FERC Penalty Guidelines define an internal compliance program as one designed to prevent and detect violations through the implementation of standards and procedures based on standards of behaviors and internal controls. A successful ICGP is one that documents day-to-day compliance maintenance and monitoring activities; not one that exists as a document disassociated with observable behaviors. Furthering the emphasis on having a successful ICGP, the Revised Policy Statement on Penalty Guidelines, issued in September of 2010, made the granting of compliance credits explicit in instances where an entity houses an effective program. This would potentially lower penalties associated with Possible Violations identified during NERC and Regional Entity audits.
How N&ST Builds the ICGP
Critical to the success of any ICGP will be the identification of potential implementation and maintenance bottlenecks. This will require research into existing processes that may be fortified into the program and staff interviews to ensure responsibilities are appropriately assigned and that reporting norms are transparent. Focal points, guided by the 2013 Implementation Plan issued by the Electric Reliability Organization (“ERO”) Compliance Monitoring and Enforcement Program (“CMEP”), will be self-reports, self certifications, periodic data submittals, and exception reporting.
- Data gathering and staff interviews to ascertain those practices which which work today, whether formalized or informal,
- Develop the draft ICGP Framework,
- Develop internal control mechanisms,
- Establish data management procedures,
- Establish the Technical Feasibility Exception (TFE) Lifecycle Program,
- Establish procedures for addressing non-compliance,
- Establish compliance Calendar, and
- Finalize the ICGP.
To learn more about how N&ST’s development of an ICGP for your organization can prove a lasting and effective tool to managing your varied compliance efforts.