Compliance is raising its ugly head
again as new regulatory requirements
and standards are being mandated, fines are being increased and compliance is
being scrutinized in public forums. Specifically, within the electric utility and energy
related industries, new regulations, such as
the NERC (commissioned by the Federal
Energy Regulatory Commission), CIP Reliability Standard and ISA SP99, associated
with the operations of critical infrastructure, are being developed that will call for
new compliance requirements associated
with facilities, systems and equipment
heretofore not previously addressed.
Issues such as security, reliability and
safety represent the focus of many of these
regulations and standards. These are issues
associated with the basic production and
operations of many organizations. In addition, hefty fines up to a million dollars per
day per event have been established to
enforce compliance through legislation
such as the Energy Policy Act of 2005.
Smart Business talked to Ron Blume,
vice president of energy services, about
how the new compliance requirements will
affect businesses across the country.
What are the characteristics of these new
programs?
What is certain is that many of the new
programs will be:
- Expensive to implement and sustain
(potentially millions of dollars); - Comprehensive, pervasive and evolving;
- Documentation intensive;
- Entity-wide in their impact (not just
operations or IT); - Requiring serious resources (funds,
staff, systems) to establish, implement and
maintain; - Impacting operating efficiencies
(reporting, validating, auditing, testing,
redundancies and training); and - Some have teeth (monetary fines for
non-compliance).
The new programs will require numerous
ingredients, including, but not limited to,
new and revised policies, processes and
documentation. In addition, relationships and collaboration between and across
organizations will need to be developed as
well as executive level governance initiatives with provisions for accountability and
authority. Provisions to manage evolving
requirements and underlying configuration
and change control are major tasks along
with training programs and provisions for
monitoring and reporting.
What type of project, methodologies and
resources does it require to design, implement and operate the new programs?
One of the key concepts that we have discovered to be effective in minimizing the
impact on the organization in addressing
these new requirements is to employ an old
but effective method to design the revisions
required to the policies, processes and documentation. That concept is business
process re-engineering; a proven approach
to document the current processes and
identify changes that need to be made to
establish a compliant set of processes. In
reality, this is the underlying reason business process re-engineering was conceived:
enhancement and improvement in processes. In this scenario, we are leveraging the
concept to migrate to a set of regulatory compliant processes.
Effective use of business process re-engineering techniques will:
- Provide an effective and proven
method to facilitate change; - Provide the necessary vision across the
organization; - Provide an effective visual training tool;
- Ensure all elements of the process are
addressed; - Provide a clear visual as to what triggers the process and leads to the end
results; - Establish the framework and structure
in writing required operating procedures; - Highlight the need for performance
measurements; and - Support the subsequent auditing
process (internal and external).
From an operations and ongoing perspective, business process re-engineering will:
- Support the ability to assess Full Time
Equivalents (FTEs) impact for sustainability of the new regulations and standards; - Facilitate the integration of metrics
and control objectives; - Provide continuous opportunity to
improve underlying processes; - Advance Carnegie Mellon University’s
capability maturity model; - Facilitate reduction of risks (improved
management of people, assets and identification of internal controls); - Provide a means to correctly allocate
limited resources; and - Position process for automation with
the right kind of software.
How does an organization conform to these
new requirements?
We are finding that these compliant program efforts require a multi-disciplined and
cross-functional team to design and implement. The compliance function, which usually has strategic organizational visibility
and responsibility across the organization,
can be effective in the implementation of
effective compliance programs.
RON BLUME is vice president of energy services for DYONYX. Reach him at (214) 726-0201 or [email protected].