Preparing for Your NERC Audit Checklist
Preparing for an Audit
As compliance experts, we want to make the regulatory compliance process as painless as possible for our clients. We offer a multitude of compliance tools and services to relieve your entity from the headaches and anxiety of maintaining compliance. Call us to schedule a demo of our services. For now, here is a high-level checklist you can use to prepare for your next NERC audit.
1. Identify the Standards and Requirements Included
- Before you receive your audit package, it is always a good idea to read through the CMEP and the NERC website and to pay special attention to the NERC ERO areas of focus and most frequently violated standards. This will give some insight into the standards and requirements that the regions most likely will examine. Once you receive your company’s audit package, check the audited standards against the ERO Enterprise Compliance Monitoring and Enforcement Program Implementation Plan (CMEP) for the year of your audit.
- Next, review the inherent risk assessment (IRA) to find your entity’s potential areas of focus. Because the IRA is one input that helps the RE refine the scope of the audit, we suggest looking at the areas that pose the most risk to the bulk power system, according to your IRA.
- Then, review any past compliance issues your asset has had. This includes previous self-reports, violations, and mitigation plans since your last audit.
2. Understand the Types of Evidence that Auditors Will Want to See
- Policies and Procedures will be the first set of evidence used. Your entity’s policies and procedures are the sets of documentation that help prove you have a system in place to meet compliance with the standards and requirements.
- You want to provide evidence that you follow those processes and procedures. This evidence can consist of screenshots, reports, training records, and so on, which prove your entity is following those processes and actually is meeting the intent of the standards and requirements. A real-life example would be the reports from your investigation into the operation of protection systems for PRC-004, as well as the MIDAS submittals and missed operation reports.
- Additional evidence that may be required during the course of the audit, such as additional engineering reports or additional training records, can further solidify the position that your entity meets compliance with the appropriate standard and requirement. This information may be called upon during the audit and might not be shared up front. The goal is to give the auditors exactly what they ask for first, but enough to prove that your entity meets compliance with the standard.
3. Develop Your RSAW Narratives and Evidence Packages
- Developing the narratives in the RSAW is one of the first steps to completing it. The narratives will explain how your entity complies with the standard and requirement(s), and how they are supported by the evidence referenced in the RSAW. The goal is to explain to the auditor the actions your entity takes to comply with the requirements and to guide them through the evidence that is provided. Make sure to guide the auditor(s) to the pieces of evidence you want them to review throughout your narrative. Do not expect them to understand your processes and how you comply with the standard if you simply list the evidence. Be very specific.
- Be sure to describe all the tools that you used to meet compliance. Internal controls are extremely important, and the auditors want to know what they are and how they are used to comply with the standards.
- It is important that preparation for your entity’s audit begins far in advance of receiving the audit package from the RE. By monitoring violation trends, risks, and areas of regulatory focus, and by developing your entity’s position for compliance with the associated standards and requirements, you can be a step ahead when the audit package does arrive. It is also important to remember that while on site the audit team likely will want to observe your entity’s control room or control center, to speak with Operators, and to get a general feel for your entity’s Culture of Compliance.
4. Prepare for Any Non-compliance Findings
- We hope you do not find any potential instances of noncompliance as you prepare, and we encourage you to use the Self-Report process if you do. This will need to be done prior to receipt of an audit notification letter in order to prevent the RE from including the self-report as an audit finding.
5. Conduct a Mock Audit – And Make It as Real as Possible
- It is very important to prepare for every aspect of the audit. By conducting a realistic mock audit, your entity can get a feel for the direction and lifecycle of the official audit. This requires that you stage real interviews, conduct question-and-answer sessions, and even go through an additional evidence request beyond the samples and evidence provided in the RSAWs. If staff who are familiar with this process are unavailable, there are third-party entities and consultants, like Certrec, who specialize in these activities. It is good practice to perform witness coaching sessions or to conduct internal meetings to prepare those individuals who are going to be interviewed. For example, the operators will be asked questions during the actual onsite audits and will need to be reminded to only answer the questions being asked and refer only to the evidence that you provided.
This checklist is one of the many ways that we, at Certrec, can help you prepare your asset and people for a successful NERC Audit. Contact us at 817-738-7661 or NERCExperts@certrec.com to learn more about our NERC program and audit services.
Share
Related Posts
Services
Preparing for Your NERC Audit Checklist
Respond to NRC requests and share information securely.
NERC Audit Checklist
Streamline Your NERC Audit Preparation Process
As a trusted resource in regulatory compliance, Certrec simplifies your journey through complex regulatory requirements, enabling a smooth audit experience. Our comprehensive NERC Audit Checklist offers a structured approach to preparing, ensuring you’re ready for every phase of the audit process. This checklist covers crucial steps, from identifying standards to preparing evidence, guiding you through the preparation, and reducing audit stress.
NERC Audit Checklist
Designed for Compliance Success
Certrec’s NERC Audit Checklist is crafted by compliance experts to help you avoid common pitfalls and ensure effective audit preparation. With this checklist, you can:
- Identify applicable standards and audit requirements.
- Gather and organize necessary audit evidence.
- Develop robust RSAW narratives and evidence packages.
- Strategize to handle any potential noncompliance findings.
- Conduct thorough mock audits to prepare your team.
NERC Audit Checklist
Avoid the Challenges of Manual Compliance Preparation
Traditional methods can be overwhelming, requiring multiple tools and extensive manual effort. Certrec’s NERC Audit Checklist organizes your compliance needs into a comprehensive resource, allowing for more effective and streamlined preparation.
NERC Audit Checklist
Key Features of the NERC Audit Checklist
- Understand Audit Evidence Requirements
Collect all essential documentation, including policies, procedures, and records that prove your compliance. Ensure you have supporting materials such as screenshots, reports, training records, and other documentation. - Develop RSAW Narratives and Evidence Packages
Create clear narratives in your RSAW to guide auditors through your compliance evidence. Explain how your processes meet compliance standards and outline any internal controls used to maintain compliance. - Prepare for Potential Noncompliance
Use the self-report process for any potential noncompliance findings before the audit. This proactive step helps mitigate findings during the audit. - Conduct a Realistic Mock Audit
Engage in a mock audit to simulate the official process, including interviews, question-and-answer sessions, and evidence requests. Familiarize your staff with the audit process, ensuring they can confidently present your compliance evidence.
Automate your NERC audit preparation, evidence management, compliance tracking, and follow-up actions.
Certrec offers tailored audit preparation services to assist you with every aspect of your NERC audit journey. Our team can conduct mock audits, provide witness coaching, and support you with RSAW development.
Community Insights
Research questions from individual NRC inspectors and see responses across participating sites.
Save Time and Resources
Based on the experience of our clients, we have concluded IMS provides a realistic savings of $70,000 per site per year.
Controlled NRC Access
Manage NRC access to responses and remove access once an inspection ends.
Secure
We are ISO/IEC 27001:2022 certified, completing yearly audits and SOC 2 Type 2 examinations.
Vendor-Hosted Solution
Free up your IT resources. IMS is cloud-based with all data FedRamp secure and stored in the U.S. For the past 7 years our availability has been greater than 99.9%.
Mobile Friendly
IMS is accessible through a web browser and is mobile and tablet friendly for use while in the field.
