ABOUT NPCC Governance & Corporate Leadership Team Management Team Membership Careers Resources Contact Us PROGRAM AREAS Standards & Criteria Compliance RAPA SAIS COMMITTEES DER Forum Gov/Reg Affairs Reliability Coordinating Regional Standards NEWS Search SIGN IN

Entity Risk Assessment

The Entity Risk Assessment group performs Inherent Risk Assessments (IRA) and develops Compliance Oversight Plans (COP) that provide risk-based focus internally and to registered entities.

Entity Risk Assessment Resources

  • The ERO CMEP Implementation Plan is the annual operating plan used by the ERO Enterprise in performing CMEP responsibilities and duties. 
    Annual ERO CMEP Implementation Plan
  • The ERO Enterprise Guide for Compliance Monitoring describes processes within the Risk-Based Compliance Oversight Framework to identify, prioritize and address risks to the bulk power system (BPS). Risk Elements, Inherent Risk Assessments (IRA), Internal Controls Evaluations (ICE), CMEP Tools, and Compliance Oversight Plans (COP) are addressed. 
    ERO Enterprise Guide for Compliance Monitoring
  • The ERO Enterprise Guide for Internal Controls describes the approach used to assess the effectiveness of design and implementation of a registered entity’s internal controls to mitigate risks to reliability of the bulk power system (BPS) and supports the development of the entity’s Compliance Oversight Plan (COP). Guidance is provided for assessing internal controls during compliance monitoring activities. 
    ERO Enterprise Guide for Internal Controls
     
Compliance Oversight Plan (COP)

Compliance Oversight Plan (COP)

COPs provide entity specific results to both internal NPCC Staff and to registered entities to provide focus on risk-based activities.

Inherent Risk Assessments (IRA)

Inherent Risk Assessments (IRA)

The Inherent Risk Assessment (IRA) is a review of potential risks posed by an individual entity to the reliability of the bulk power system (BPS).

Internal Controls

Internal Controls

The existence of strong processes and controls in the entity compliance program supports compliance looking backward and sustainability looking forward.

Internal Compliance Program (ICP)

Internal Compliance Program (ICP)

The Internal Compliance Program describes the entity’s organization, communication and implementation of compliance obligations and culture.

Presentations, Forms, Examples

Presentations, Forms, Examples

This page provides documents related to risk assessments, controls, operations, planning, cybersecurity, best practices, and other self-help information.

Latest Documents

  Upcoming Events


  News Highlights


NERC Issues Section 1600 Data Request for Internal Network Security Monitoring

May 25, 2023

GridSecCon 2023 Call for Abstracts – Deadline March 31

March 01, 2023

Security Notice

This is a Northeast Power Coordinating Council, Inc. (NPCC) information system. You have no reasonable expectation of privacy regarding communications or data transiting or stored on NPCC’s information system. At any time and for any lawful purpose, NPCC may monitor, intercept, record, and search any communications or data transiting or stored on this information system. At NPCC’s sole discretion, NPCC may disclose pertinent information to the U.S. Government and its authorized representatives to protect the security of critical infrastructure and key resources, ensure information security, or to comply with any applicable law, regulation, legal process, or enforceable governmental request. By continuing, you acknowledge that you understand and consent to the terms and conditions described in this notice. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited and may subject violators to criminal, civil, and/or administrative action.