Compliance is raising its ugly head again as new regulatory requirements and standards are being mandated, fines are being increased and compliance is being scrutinized in public forums. Specifically, within the electric utility and energy related industries, new regulations, such as the NERC (commissioned by the Federal Energy Regulatory Commission), CIP Reliability Standard and ISA SP99, associated with the operations of critical infrastructure, are being developed that will call for new compliance requirements associated with facilities, systems and equipment heretofore not previously addressed.
Issues such as security, reliability and safety represent the focus of many of these regulations and standards. These are issues associated with the basic production and operations of many organizations. In addition, hefty fines up to a million dollars per day per event have been established to enforce compliance through legislation such as the Energy Policy Act of 2005.
Smart Business talked to Ron Blume, vice president of energy services, about how the new compliance requirements will affect businesses across the country.
What are the characteristics of these new programs?
What is certain is that many of the new programs will be:
- Expensive to implement and sustain (potentially millions of dollars);
- Comprehensive, pervasive and evolving;
- Documentation intensive;
- Entity-wide in their impact (not just operations or IT);
- Requiring serious resources (funds, staff, systems) to establish, implement and maintain;
- Impacting operating efficiencies (reporting, validating, auditing, testing, redundancies and training); and
- Some have teeth (monetary fines for non-compliance).
The new programs will require numerous ingredients, including, but not limited to, new and revised policies, processes and documentation. In addition, relationships and collaboration between and across organizations will need to be developed as well as executive level governance initiatives with provisions for accountability and authority. Provisions to manage evolving requirements and underlying configuration and change control are major tasks along with training programs and provisions for monitoring and reporting.
What type of project, methodologies and resources does it require to design, implement and operate the new programs?
One of the key concepts that we have discovered to be effective in minimizing the impact on the organization in addressing these new requirements is to employ an old but effective method to design the revisions required to the policies, processes and documentation. That concept is business process re-engineering; a proven approach to document the current processes and identify changes that need to be made to establish a compliant set of processes. In reality, this is the underlying reason business process re-engineering was conceived: enhancement and improvement in processes. In this scenario, we are leveraging the concept to migrate to a set of regulatory compliant processes.
Effective use of business process re-engineering techniques will:
- Provide an effective and proven method to facilitate change;
- Provide the necessary vision across the organization;
- Provide an effective visual training tool;
- Ensure all elements of the process are addressed;
- Provide a clear visual as to what triggers the process and leads to the end results;
- Establish the framework and structure in writing required operating procedures;
- Highlight the need for performance measurements; and
- Support the subsequent auditing process (internal and external).
From an operations and ongoing perspective, business process re-engineering will:
- Support the ability to assess Full Time Equivalents (FTEs) impact for sustainability of the new regulations and standards;
- Facilitate the integration of metrics and control objectives;
- Provide continuous opportunity to improve underlying processes;
- Advance Carnegie Mellon University’s capability maturity model;
- Facilitate reduction of risks (improved management of people, assets and identification of internal controls);
- Provide a means to correctly allocate limited resources; and
- Position process for automation with the right kind of software.
How does an organization conform to these new requirements?
We are finding that these compliant program efforts require a multi-disciplined and cross-functional team to design and implement. The compliance function, which usually has strategic organizational visibility and responsibility across the organization, can be effective in the implementation of effective compliance programs.
RON BLUME is vice president of energy services for DYONYX. Reach him at (214) 726-0201 or email@example.com.