Risk Management
Services
GridSME is proud to offer organizations a
variety of risk management services,
including the following:
INPUTS
Reliability StandardsOUTPUTS
Desired Operational/Compliance Performance Control Activities Policies Procedures Processes Practices 1. Control Environment 2. Risk Assessments 3. Information & Comm. 4. Monitoring5. Control Activities
RISK ASSESSMENTS
Strategic identification of enterprise risks & latent organizational weaknesses
Health assessment and internal risk control system development
INTERNAL CONTROL
ASSESSMENTS
Strengthening of internal compliance programs to reduce regulatory intrusion
RISK-BASED MOCK
AUDITS
Systematic event causal analysis for identifying and resolving root causes
ROOT CAUSE ANALYSES
1847 Iron Point Rd #140 Folsom, CA 95630(916) 800-4545
customerservice@gridsme.com www.gridsme.com
With a focus on risk matrix methodology, GridSME has developed compliance specific risk assessment methods and tools to help organizations define and articulate their most immediate inherent, control, and detection regulatory risks. The goal of this practice is to strategically identify and manage regulatory risks and latent organizational weaknesses invisible to the corporate risk profile. GridSME utilizes specific risk assessment methods to identify regulatory compliance risks, determine risk priorities, and develop plans to manage or eliminate known issues and unacceptable plausible impacts.
Using our Maturity Assessment Tool, we interview your subject matter experts (SMEs) to identify your organization’s strengths and weaknesses for each of the five components of internal control.
We perform an Inherent Risk Assessment (IRA) using our IRA Tool, designed around NERC’s criteria for evaluating an entity’s risk to the Bulk Electric System (BES).
Finally, we provide a roadmap to a future state that includes a higher level of strategic organizational maturity.
Risk Assessments
Comm. & Information
Control Act Monitoring
Control Environment Risk Assessment
Percentage of Maturity Component
Cont ro l Sy stem C ompone nt 77% 73% 45% 38% 31%
Sample diagram of control system component maturity shown above.
LEVEL 1 Reactive Ad Hoc Informal Inconsistent Chaotic LEVEL 2 Managed Repeatable Localized Emerging Isolated LEVEL 3 Structured Standardized Defined Measured Competent LEVEL 4 Adoptive Strategic Disciplined Predictable Aligned LEVEL 5 Optimized Proactive Transforming Agile Adaptive Synthesized
Internal Controls Maturity Level
Business Value Gap
Str at egi c Opti mi zati on
GridSME focuses on effectively designed and implemented compliance-oriented internal risk controls. Our team has developed compliance specific methods and tools to assist Registered Entities in the development and cataloging of internal risk control frameworks. This process ensures that your organization can better articulate to regulators the health and effectiveness of the organization’s compliance-related control systems.
Internal Control Assessment & Development
GridSME assists organizations in the following areas:
Utilization of specific compliance-related control assessment tools to assist
clients in assessing, testing, and cataloging existing internal risk control activities.
Evaluation and testing of internal risk controls for design and operational
effectiveness given inherent risk factors.
Utilization of the GridSME
Internal Risk Control System (IRCS) scorecard to define the residual risk and control elements that are under or over controlled.
Development of internal
controls hierarchy , control activities cataloging tools, and corresponding workflow diagrams that articulate the health and effectiveness of the organizational compliance
GridSME assists organizations in the following areas:
Testing and assessment of the
organization’s development of documentation to support ERO Inherent Risk Assessments (IRA) and Internal Controls Evaluations (ICE).
Conducting mock internal control
evaluations that include selected testing of control design, implementation, and effectiveness.
Utilization of the ICE process
framework currently deployed by the ERO in order to reduce the organization’s ERO audit scope and regulatory risk.
To complement the traditional mock audit approach that ensures your organization is prepared for an actual Electric Reliability Organization (ERO) audit engagement, GridSME utilizes a mock audit methodology that is tailored to the ERO’s new
Risk-Based Compliance
Monitoring approach. The goal is to help organizations articulate their strong internal compliance systems to regulators in order to reduce regulatory intrusion.
Risk-based Mock
Audits
The focus of the practice includes using industry standard Root Cause Analysis (RCA) methodology and the associated tools to address and eliminate recurring regulatory risk, violations, and audit findings. Additionally, RCA is utilized to increase mitigation plan quality.
Root Cause Analysis
Training describes the phases of investigation for undesirable conditions or problems, and it addresses the attributes and appropriate application for each of the following causal analysis methods and associated tools:
GridSME assists organizations in the following areas:
Application of the RCA methods and tools to identify and analyze
compliance or reliability issues at the root level, enabling the identification of corrective actions and mitigation that is adequate to prevent reoccurrence.
Providing expert training on the fundamentals of systematic event causal
analysis for task level employees.
Event and Causal Factor
Analysis
Change Analysis Barrier Analysis Task Analysis
Fault Tree Analysis
Management Oversight and Risk
Tree (MORT)
Human Performance Evaluation ERO Cause Coding
Symptom (Obvious)
Underlying Root Cause (Not Obvious)
If you are interested in obtaining more information about risk-based mock audits, root cause analyses, or Internal Risk Control Systems (IRCS), as well as how they can help your organization better manage regulatory risk while efficiently maintaining compliance, contact GridSME today. Our team will arrange an informational meeting in a format that works best for your organization.
Obtaining Risk Management Services
Consider the return on investment of IRCS...
Reduce audit preparation resource hours
Reduce/eliminate violations and penalties
Reduce organizational risk
Reduce human drift
Reduce latent organizational deficiencies
Improve operating efficiency
Improve grid reliability
Increase compliance certainty
Have smaller compliance engagements
Reliability and integrity of critical information
Safeguard assets
Cost savings, profit, and growth
Reliability Excellence Best practices &
benchmarking Engrained behaviors Compliance margin Continuous improvement Compliance Excellence Senior management engagement Preventive measures Detection, cessation, reporting Remediation 1847 Iron Point Rd #140 Folsom, CA 95630 (916) 800-4545 customerservice@gridsme.com www.gridsme.com
About Earl Shockley
Risk Management Services Team Lead
Earl Shockley is a decisive, action-oriented, senior executive with a unique blend of managerial, regulatory, and technical experience in the electric utility industry. He has focused the previous 8 years on directing business unit start-ups and operational sustainability of the North American Electric Reliability Corporation (NERC) ERO programs.
Earl has over 35 years of industry experience spanning military service and east/west coast power system grid operations. He has achieved greater levels of responsibility and authority during the course of his accomplishments. His leadership was key in the development and deployment of many of the ERO’s key programs, including the following:
Reliability Risk Management program
Event Analysis & Cause Code Assignment program
Bulk Power System Crisis Management program
Human Performance Fundamentals / Lessons Learned program Earl was instrumental in the shift from the “zero-defect”
compliance and enforcement approach to one that focus-es on a company’s inherent risk and ability to manage re-liability risk with associated internal risk control programs. Earl has also led many NERC analytical and investigative efforts, including the FERC/NERC Inquiry & Investigation of the September 8, 2011, Arizona-California Blackout, the joint FERC/NERC Compliance Investigation of the February 2008 Florida Blackout, and the FERC/NERC in-quiries of the February 2011 Southwest Cold Snap event and October 2011 Northeast Snow Storm event.