2013 Internal Compliance Program Assessment – ICPA
Version 2.0
December 3, 2012
CONTACT INFORMATION
Entity Name:
NERC # Registry ID:
Primary Compliance Contact Name:
Primary Contact Title:
Office Phone:
Cell Phone:
Email:
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Alternate Compliance Contact Name:
Alternate Compliance Contact Title:
Office Phone:
Cell Phone:
Email:
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Authorizing Entity Officer Name:
Authorizing Entity Officer Title:
Mailing address (Not a P.O. Box):
Telephone:
Email:
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
Click here to enter text.
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L • W W W . W E C C . B I Z
155 NORTH 400 WEST • SUITE 200 • SALT LAKE CITY • UTAH • 84103 -1114 • PH 801.582.0353 • FX 801.582.3918
Internal Compliance Program Assessment
PURPOSE
The WECC Internal Compliance Program Assessment (ICPA) is a tool to help entities
assess their internal compliance programs. The ICPA will assist WECC in its review and
understanding of the programs that entities have implemented to ensure compliance
with the NERC Reliability Standards. The ICPA is:

Based on relevant FERC orders, FERC direction, and WECC and NERC experience
related to robust internal compliance programs. The ICPA includes an Appendix
containing referenced or supporting FERC documents.

Composed of nineteen questions designed to focus on various aspects of an entity’s
program.

Designed to prompt an entity to identify and gather specific, relevant information related
to its internal compliance program.

Adaptable to allow for the unique constraints of smaller entities as well as flexible
enough to recognize distinct characteristics across the variety of programs.
INSTRUCTIONS
1. For each question below, choose the statement that best describes the
responsible entity’s current status.
2. Please attach supporting documentation or provide associated page numbers
and paragraph references within the ICP, and submit this completed package to
WECC.
For example, this documentation package may include, but not be limited to:







Organizational charts;
Internal policies and procedures;
Emails
Training manuals
PowerPoint presentations with associated attendance rosters;
ICP workshops; and/or
CBT modules.
Note: For the purposes of this document, “compliance program(s)” refers to programs
concerned with compliance with NERC Reliability Standards.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Internal Compliance Program Assessment
SURVEY QUESTIONS
1. ICP
Is the ICP an established, formal program? For example, does the ICP contain fully
documented plans, policies, processes and/or procedures, internal controls, and
other systematic preventive measures for governance, management, and
operational level policies and procedures?
Choose the statement that best describes the ICP:
0.
NO
1.
PARTIAL The ICP has some documented compliance standards, policies and
procedures, but does not address all policies and procedures.
2.
YES
The ICP does not have any documented standards, policies, or procedures.
The ICP has well documented compliance standards, policies, procedures,
internal controls, and other systematic preventative measures.
Describe, in narrative form, how the entity documents its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:



The entity’s ICP document(s)
Policies, processes and/or procedures associated with the entity’s reliable operations as part of
the Bulk Electric System in compliance with NERC Reliability Standards
Other documented processes as applicable
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
2. Identify and Update Requirements
Does the ICP identify and list all NERC Reliability Standards applicable to the entity?
Does the ICP contain a process and/or procedures for updating this list as
Standards change?
Choose the statement that best describes the ICP:
0.
NO
1.
PARTIAL The ICP identifies all or some of the NERC Reliability Standards applicable
to the entity, but does not contain procedures for updating this list as
Standards change.
2.
YES
The ICP does not have a process for identifying the NERC Reliability
Standards applicable to the entity.
The ICP identifies all NERC Reliability Standards applicable to the entity
and contains a process for updating this list as Standards change. The
Standard identification and update process has been reviewed and
approved by an authorized entity officer or equivalent.
Describe, in narrative form, how the entity identifies and lists the applicable
NERC Reliability Standards in its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:



A plan or other document that lists NERC Reliability Standards that apply to the entity
A description of the process and/or procedure the entity follows to update this list when
Standards change, as applicable
Version control records of the entity’s Reliability Standards lists
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
3. Risk Assessment
Does the ICP include procedures to assess reliability risks and practices related to
the NERC Reliability Standards on an annual basis?
Choose the statement that best describes the ICP:
0.
NO
The ICP does not document how reliability risk is assessed.
1.
PARTIAL
Although the ICP includes procedures to assess reliability risks and
practices, the entity does not assess risk on an annual basis.
2.
YES
The entity assesses its reliability risks, and the ICP includes procedures to
assess compliance risks and practices at least annually. This process has
been reviewed and approved by an authorized entity officer or equivalent.
Describe, in narrative form, how the entity assesses reliability risks:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:



The entity’s compliance reliability risk assessment process
Minutes/Agendas from the past 12-24 months of risk assessment meetings
Final risk reports (Please redact all confidential information)
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
4. Officers/Personnel
Has the entity named and staffed a Compliance Officer, FERC/NERC
additional FERC/NERC personnel as required to support its ICP?
Director, or
Smaller Entities: A smaller entity may not have sufficient staff to dedicate
one employee as a full-time Compliance Officer or FERC/NERC Director. In
such cases, has the entity assigned one person the responsibility to
coordinate or monitor the entity’s compliance responsibilities?
Note: If the entity does not currently have an assigned compliance official, or has not
assigned compliance coordination and/or monitoring to one person, please answer
“NO” to this question.
Choose the statement that best describes the ICP:
0.
NO
The entity has not identified or assigned compliance responsibility and
accountability to a Compliance Officer, FERC/NERC Director/Manager, or
other high-ranking official.
1.
PARTIAL
The entity has identified and assigned responsibility for some compliance
activities to various employees throughout the organization.
2.
YES
The entity has identified and assigned responsibility and accountability to
a Compliance Officer or other high-ranking official, FERC/NERC
Director/Manager, and additional personnel as required. For larger
organizations, at least one position is fully dedicated to FERC/NERC
compliance, for smaller organizations, at least one position is partially
dedicated to FERC/NERC compliance. Provide the name and title of the
employee(s) currently staffing this/these positions.
Name(s):
Click here to enter text.
Describe, in narrative form, how the entity has assigned compliance
responsibility in the organization:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:


Compliance Organizational Chart
Defined Roles and Responsibilities assigned to entity personnel for each NERC Reliability
Standard identified in Item 2 above
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
5. Independent Access to Executives
Does the assigned compliance official(s) have independent access to the CEO or
equivalent and/or Board of Directors?
Note: If your entity does not currently have an assigned compliance official,
please answer “NO” to this question.
Choose the statement that best describes the ICP:
0.
NO
The entity’s assigned compliance official does not have independent
access to the CEO or equivalent and/or Board of Directors.
1.
YES
The entity’s assigned compliance official has independent access to the
CEO and/or Board of Directors.
Describe, in narrative form, how the entity provides independent access to the
CEO or equivalent and/or Board of Directors for its employee(s) responsible for
compliance:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:


Organizational chart or plan showing independent access
Sample meeting minutes, notes, agendas, emails, etc., showing independent access to senior
management
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
6. Independently Managed
Is the ICP operated and managed so it is independent of those responsible for
compliance with the NERC Reliability Standards?
Smaller Entities: A smaller entity may not have the available personnel to
manage its ICP separately from the work groups that are responsible for
complying with NERC Reliability Standards. In such cases, those personnel
responsible for compliance should at minimum have independent access to the
company’s assigned compliance official, the CEO or equivalent, and/or the Board
of Directors (see item 5 above).
Choose the statement that best describes the ICP:
0.
NO
The ICP is not managed or operated independently of the work groups
that are responsible for complying with NERC Reliability Standards.
1.
PARTIAL
The ICP is managed by the work groups that are responsible for
complying with NERC Reliability Standards, but it is managed
independently.
2.
YES
The ICP is managed and operated independently of the work groups that
are responsible for complying with NERC Reliability Standards.
Describe, in narrative form, how the entity independently manages its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include the following document or equivalent:


Organizational chart or plan which shows how the program is independently managed
For smaller entities, please provide applicable documentation
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
7. Resources
Has the entity dedicated resources (staff and budget) to support its ICP?
Choose the statement that best describes the ICP:
0.
NO
The entity’s budget does not provide for any staff resources to work on
NERC compliance.
1.
PARTIAL
The entity has provided for staff resources within its budget but cannot
demonstrate that staff resources were actually allocated to NERC
compliance.
2.
YES
The ICP is fully budgeted and fully or partially staffed (relative to the
number of full time equivalent staff that implement the Reliability
Standards) on a year-round basis.
Describe, in narrative form, the support the entity allocates to its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include the following document or equivalent:

Organizational chart or plan which shows compliance roles and responsibilities and how they
are staffed
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
8. Leadership Support
Does the ICP have the support and participation of senior management (Officer
Level)? This includes reviewing compliance reports, participating in compliance
meetings, and communicating the importance of compliance to entity personnel on a
regular basis.
Choose the statement that best describes the ICP:
0.
NO
Senior management does not actively support or routinely participate in
the ICP.
1.
PARTIAL
Senior management reviews compliance reports, participates in
compliance meetings, and communicates to employees their commitment
to compliance at least semi-annually.
2.
YES
Senior management is actively involved in compliance efforts, reviews
compliance reports, participates in compliance meetings, and
communicates to employees its commitment to compliance frequently,
both formally and informally. Compliance activities occur at least quarterly.
Describe, in narrative form, the support the ICP receives from the entity’s Officer
Level leadership:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:





Samples of Senior Management Communications for the past 12 months
Samples of Compliance meeting agendas for the past 12 months
Samples of Compliance committee meeting minutes for the past 12 months
Samples of relevant e-mail memos, newsletters, etc. for the past 12 months
Description of management review/approval process
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
9. Measurable Compliance Performance Targets
Does the entity promote compliance by including measurable compliance
performance targets in the ICP? For example, the entity might use an Excel
spreadsheet to list all requirements, who is responsible for each requirement, target
dates, and status of compliance with each. Additional targets might include, but are
not limited to, completing self-certifications on time, achieving “full compliance”
following a mock audit, completing mitigation plans on time, or other relevant goals.
Choose the statement that best describes the ICP:
0.
NO
The ICP does not identify measureable compliance performance targets.
1.
PARTIAL
The ICP contains general compliance performance targets, but the
performance targets are not specific or measureable.
2.
YES
The ICP includes measureable, specific compliance performance targets
for employees. These targets might include, but are not limited to, full
compliance for each requirement, timely self-certification submittals,
mitigation plan target dates, successful mock audits, etc.
Describe, in narrative form, how the entity measures its compliance performance:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:


Specific NERC compliance performance targets and goals and how they are measured
Sample results
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
10. Compliance Training
Does the ICP require compliance training for all entity staff, contractors and vendors
who have direct responsibility for the implementation of the processes and
procedures that demonstrate compliance with the NERC Reliability Standards?
Relevant personnel include but are not limited to: Subject Matter Experts (SMEs),
Engineers, Technicians, Vegetation Management implementers and System
Operators (as applicable). Does this training measure understanding through
quizzes, exams, surveys, etc?
Choose the statement that best describes the ICP:
0.
NO
The ICP does not require training for relevant personnel.
1.
PARTIAL
The ICP requires training for personnel that have a direct responsibility for
compliance with NERC Reliability Standards.
2.
YES
The ICP includes detailed training for personnel, including contractors and
vendors that have a direct responsibility for compliance with NERC
Reliability Standards, including assisting personnel who must keep
professional credentials up-to-date. Training also includes overview
compliance awareness training for other employees that do not have a
direct responsibility for compliance with NERC Reliability Standards. All
training includes procedures that measure the degree of understanding
and comprehension of such Standards (quizzes, etc.), consistent with a
Registered Entity’s collective bargaining agreements.
Describe, in narrative form, how the entity provides compliance training to all
personnel, including contractors and vendors (see above):
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:




Compliance Training Program
Compliance Communications Program
Samples of training modules
Attendance records
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
11. Compliance Communications
Does the ICP require communication to all appropriate relevant employees, including
contractors and vendors, etc.? Has the ICP, (i.e. all plans, policies, and procedures)
been widely disseminated throughout the entity?
Choose the statement that best describes the ICP:
0.
NO
The ICP has not been distributed.
1.
PARTIAL
The ICP has been distributed only to the employees that are involved in
the development and implementation of the ICP.
2.
PARTIAL
The ICP has been distributed only to the employees that have a direct
responsibility for compliance with the NERC Reliability Standards.
3.
YES
The ICP has been distributed to all employees, and, if applicable, to
contractors and vendors.
Describe, in narrative form, how the entity disseminates the ICP to all appropriate
relevant employees, including contractors and vendors:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:




Compliance Training Program
Compliance Communications Program
Website samples
Sample e-mail memos, newsletters, etc.
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
12. Program Implementation
For the purposes of this question the word implement means, “actual fulfillment by
concrete measures.” Has the entity implemented its ICP; i.e. all plans, policies, and
procedures? Are logs, meeting minutes, forms, agendas, and other records being
kept to show compliance policies and procedures are being followed and are
operating as intended?
Choose the statement that best describes the ICP:
0.
NO
The entity has not implemented its ICP.
1.
PARTIAL
The entity has partially implemented its ICP and is continuing to work on
full implementation. The entity has evidence of an implementation plan
with set milestone and completion dates.
2.
YES
The entity has fully implemented its ICP. Entity is currently following all
processes and procedures detailed in the ICP and can provide records as
evidence.
Describe, in narrative form, how the entity implements and documents its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one of more of the following or equivalent:


Samples from each policy and procedure of the entity’s ICP (including measurements in item 9
above, Measurable Compliance Performance Targets.)
Logs, meeting minutes, forms, agendas, and other records used to support “proof of
performance” of items 1-11 and 13-19 in this self-assessment.
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
13. Promoting Compliance through Employee Incentives
Does the entity’s ICP include provisions for compensation, awards, employee
recognition, or other incentives (monetary or non-monetary) to encourage the
relevant employees’ compliance with the NERC Reliability Standards? Is
accountability for compliance built-in to applicable corporate compensation programs,
from senior management to front-line personnel? Is compliance with NERC Reliability
Standards a performance factor on job descriptions and performance evaluations?
Choose the statement that best describes the ICP:
0.
NO
The ICP does not provide any form of incentives or recognition to
encourage accountability for employee compliance with the NERC
Reliability Standards.
1.
PARTIAL
Entity has incentives to encourage employee compliance with NERC
Reliability Standards; however, the ICP or any other document specific to
compliance does not detail a formal incentive and/or recognition structure.
2.
YES
The ICP includes provisions for, and details of, incentives and/or
recognition to encourage employee compliance with the NERC Reliability
Standards and accountability for compliance. The entity addresses
incentives for compliance in its corporate compensation program from
senior management to front-line personnel. The entity’s personnel
policies and procedures related to incentive pay or bonuses include
provisions for compliance issues; i.e., number of self-reported violations,
number of audit violations, mitigation plan target dates, etc.
Describe, in narrative form, how the entity promotes compliance through
incentives:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:





Company policies relating to compensation and performance measurement
Company programs relating to awards, employee recognition, or other incentives relating to
compliance
Samples of non-confidential information related to actual awards or other incentives
Job Descriptions
Other examples of programs or policies entity uses to promote a culture of compliance
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
14. Enforcement
Does the ICP include procedures for disciplinary action for employees involved in
violations of the Reliability Standards? Are available Human Resources (HR)
disciplinary programs utilized as necessary? Is Senior Leadership or the Board
involved as necessary?
Choose the statement that best describes the ICP:
0.
NO
The entity’s ICP does not include disciplinary action for employees who
are responsible for violations of NERC Reliability Standards.
1.
PARTIAL
The entity takes disciplinary action for employees responsible for
violations of NERC Reliability Standards; however, the entity does not
have a formal documented disciplinary action procedure.
2.
YES
The entity’s ICP includes detailed disciplinary action procedures for
employees involved in NERC Reliability Standard violations, including
involving HR, Senior Leadership, and/or the Board as necessary. The
entity has administered disciplinary action when appropriate.
Describe, in narrative form, the entity’s disciplinary action for employees that are
responsible for violations of NERC Reliability Standards:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include:


Company policies relating to disciplinary actions for compliance violations
Samples of any recent disciplinary actions (past 12-24 months) – redacted if necessary
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
15. Self-Audit
Does the ICP include a formal, internal self-auditing process for compliance with all
applicable NERC Reliability Standards on an annual basis? Are results reported
internally?
Choose the statement that best describes the ICP:
0.
NO
The ICP does not include an internal self-auditing and reporting process.
1.
PARTIAL
Although the ICP includes a process for internal self-auditing and
reporting, the entity does not self-audit and report on at least an annual
basis.
2.
YES
The ICP includes internal self auditing and reporting for compliance on an
annual basis for full compliance with all applicable NERC Reliability
Standards. Audit results are reported and reviewed internally.
Describe, in narrative form, how the entity self-audits its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one of more of the following or equivalent:


ICP self-audit program
Sample of the audit reports or other results (past 12-24 months) – redacted if necessary
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
16. Self-Reporting
Does the ICP include specific processes and/or procedures to promote prompt
detection and self-reporting of possible violations to the Regional Entity (WECC)?
Choose the statement that best describes the ICP:
0.
NO
1.
PARTIAL The ICP does not include procedures for self-reporting possible violations of
applicable NERC Reliability Standards, but the entity has self-reported
violations to WECC since the entity was registered.
2.
YES
The ICP does not include procedures for self-reporting possible violations of
applicable NERC Reliability Standards.
The ICP includes procedures for self-reporting possible violations of
applicable NERC Reliability Standards. In addition, entity has followed these
procedures and, if a violation was found, promptly self-reported the violation
to WECC.
Describe, in narrative form, how the entity encourages timely self-reporting in its
ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:



Procedure for self-reporting
A sample of recent self-reports
A list of the entity’s self-reports for the past 12 months
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
17. Program Evaluation
Does the entity regularly review and modify its ICP?
Choose the statement that best describes the ICP:
0.
NO
1.
PARTIAL The ICP does not specify a review cycle; however, the entity has reviewed
and modified its ICP since the entity was registered.
2.
YES
The ICP does not have an identified review cycle.
The ICP is reviewed on an annual cycle. It is modified as necessary.
Describe, in narrative form, how the entity reviews and modifies its ICP:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:


ICP review program
A sample of recent reviews, including version control records
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
18. ICP Modifications
Does the ICP include a process and/or procedure to prevent recurrence of NERC
Reliability Standard violations? This includes assessing the effectiveness of internal
controls and making changes to the ICP following a violation, if necessary.
Choose the statement that best describes the ICP:
0.
NO
1.
PARTIAL The ICP does not have a process and/or procedure specifically designed to
prevent recurrence of violations. However, the ICP is reviewed on an annual
basis.
2.
YES
The ICP is not modified following a violation to prevent recurrence of NERC
Reliability Standard violations.
The ICP contains a process and/or procedure that require review and
possible modifications following a violation to prevent recurrence of Reliability
Standard violations and the ICP is updated as needed to reflect lessons
learned, changes in best practices, etc. These updates are reviewed at least
annually by senior management.
Describe, in narrative form, how the entity modifies its ICP to prevent recurrence
of violations:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include one or more of the following or equivalent:


ICP process for modifying the program following a violation
A sample of changes made to the ICP following a violation, including version control records
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
19. External Industry Participation
Has the entity participated in outreach activities to share compliance program
activities with other entities, adjacent utilities, local organizations, etc.? Does the
entity participate in WECC-related conferences and user meetings such as CIPUG,
CUG, Open Mic, WICF, etc.?
Choose the statement that best describes the ICP:
0.
NO
1.
PARTIAL The entity has participated occasionally in compliance outreach activities
since June 18, 2007.
2.
YES
The entity has not participated in compliance outreach activities.
The entity regularly participates in outreach activities to share compliance
program activities with other entities, adjacent utilities, and/or local
organizations. The entity also attends WECC-related conferences and user
meetings such as CIPUG, CUG, Open Mic, WICF, etc.
Describe, in narrative form, the entity’s external industry participation:
Click here to enter text.
Please provide supporting evidence. Examples of supporting evidence may
include some or all of the following or equivalent:




Sample presentations made to professional organizations
Names of persons participating on regional or national compliance committees, does not include
participation in Standards Development processes.
Attendance records for technical conferences, industry webinars, etc.
Applicable Document(s), Page and Section
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Date and/or Version
Click here to enter text.
Internal Compliance Program Assessment
AUTHORIZATION
An authorized individual must sign and date this Internal Compliance Program
Assessment. By doing so, this individual, on behalf of the entity’s organization, certifies
that the information submitted herein is accurate.
1. This certifies that I am
(Officer’s Name)
of
(RE)
.
2. I am an officer, employee, attorney or other person authorized to sign this
Internal Compliance Program Self-Assessment on behalf of (RE) .
3. I have read and am familiar with the contents of the Internal Compliance Program
Self-Assessment and related documents submitted herein.
4. I understand that based on the answers herein, WECC may request more
information specific to
(RE) ‘s ICP.
5. To the best of my knowledge, the information provided in this response is correct.
Authorized Signature: Click here to enter text.
Name (Print):
Click here to enter text.
Title:
Click here to enter text.
Date:
Click here to enter text.
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Internal Compliance Program Assessment
Appendix A: Overview of FERC Statements by Question
For purposes of this document, the following acronyms apply:
SOE= FERC Revised Policy Statement on Enforcement dated May 15, 2008
http://www.ferc.gov/whats-new/comm-meet/2008/051508/M-1.pdf
SOC= FERC Policy Statement on Compliance dated October 16, 2008
http://www.ferc.gov/whats-new/comm-meet/2008/101608/M-3.pdf
P=Paragraph Number
Risk Assessment/Identify Requirements (#2, #3)
 Prepare an inventory of current compliance risks (SOE, P59)
o (Note: This will result in a list of current program requirements)
 Companies are in the best position to determine the risks their activities entail and how
best to assure compliance (SOC, P9 and 17)
Establish/Modify Compliance Organization (#4, #5, #6)
 Create an independent Compliance Officer who reports to the Chief Executive Officer
and the Board, or to a committee thereof (SOE, P59)
 The program is supervised by an officer or other high-ranking official; this official has
independent access to the board and/or CEO (SOE, P58)
 Senior management may designate compliance officials within the company; This may
be a position devoted exclusively to compliance matters or may be an assigned duty of
an employee (SOC, P13 and P15)
Document Standards, Policies, and Procedures (#1, #9)
 Company has in place rigorous procedures and processes (SOC, P4)
 Companies should invest in systematic preventive measures to keep the company in
compliance with the Commission’s statutes, regulations and orders (SOC, P16)
 The company has an established, formal program (i.e. plans, policies, and procedures)
for internal compliance. It is well documented (SOE P58)
 An inventory of compliance practices (SOE, P59)
 Promote compliance by identifying measurable performance targets (SOE, P59)

Communicate Standards, Policies, and Procedures (#10, #11)
 The ICP is widely disseminated within the company (SOE, P58)
 These factors include … the scope and depth of employee training (SOC, P5)
 The importance [of] tools and training sufficient to enable employees to comply with
Commission requirements (SOC, P6 and SOE, P59)
 Systematic and effective preventive measures (such as careful hiring, training,
accountability, and supervision), are fundamental to an effective compliance program
(SOC, P16)
 The company frequently provides training to all relevant employees; the training is
sufficiently detailed and thorough to instill an understanding of relevant rules and the
importance of compliance (SOE, P58)
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12
Internal Compliance Program Assessment
Implement, Promote, and Enforce (#12, #13, #14)




It is not enough to create a good compliance program on paper; the company must carry
through to implement the program (SOC, P16)
A company has rigorous procedures and processes that provide effective accountability
for compliance (SOC, P4 and SOE, P58)
The company responds to wrongdoing (SOE, P58)
Steps taken by a company to end violations and remedy the misconduct (SOC, P21)
Monitor, Audit, and Report (#15, #16, #17)
Auditing and Reporting
 Systematic internal auditing (SOC, P19)
 The company has an ongoing process for auditing compliance with Commission
regulations (SOE, P58)
 The importance on good-faith self-reporting (SOE, P62)
 The compliance plan can call for the company to hire an independent third party auditor
to review its business practices in order to ensure compliance (SOE, P45)
ICP Review
 Periodic review and evaluation of the effectiveness of the program (SOC, P16)
 The company frequently reviews and modifies its compliance program (SOE, P58)
Continuous Improvement (#18, #19)
 Are new or modified prospective controls needed to prevent a recurrence? (SOC, P21)
 Ensure that steps are taken within the company to improve compliance practices (SOE,
P44)
 Describe measures taken by the company to end the practices that led to the violations
(SOE, P45)
 Work with industry associations to develop compliance best practices (SOC, P7);
encourage the continuing exchange of ideas and best practices among regulated
companies (SOC, P7)
Leadership/Corporate Culture (#7, #8)
 The responsibility for a culture of compliance rests squarely on the shoulders of senior
management (SOC, P13)
 Senior management actively involved in compliance efforts (SOE, P58)
 Senior management provides adequate resources for the compliance program to
operate adequately (SOC, P14 and SOE, P58)
 These factors include the active support of senior management (SOC, P5)
 Senior management should communicate to employees its commitment to compliance
frequently, both formally and informally (SOC, P14)
WECC Compliance Monitoring and Enforcement Program
Internal Compliance Program Self-Assessment Version 2.0 12/3/12