ABOUT NPCC Contact Us Governance & Corporate Membership News Careers Links PROGRAM AREAS Standards & Criteria Compliance RAPA SAIS COMMITTEES DER Forum Gov/Reg Affairs Reliability Coordinating Regional Standards LIBRARY About Publications Reports Resource Adequacy Miscellaneous Search SIGN IN
   ☰   Entity Risk Assessment
CDAA Workshop / Webinar Register / Certification Canadian Monitoring Enforcement and Mitigation Entity Risk Assessment CCEP Documents Feedback Compliance Procedures Consistency Reporting Tool NERC Compliance Hotline
 

Entity Risk Assessment

NPCC’s Entity Risk Assessment efforts are comprised of key functions including:

  • Conducts Inherent Risk Assessments (IRA) on registered entities;
  • Conducts formal Evaluations of Internal Controls (EIC) on volunteering registered entities;
  • Develops Compliance Oversight Plans (COP) for registered entities; and
  • Reviews and analyzes Internal Compliance Program (ICP) questionnaires for registered entities.

Entity Risk Assessment Resources

  • The Annual ERO CMEP Implementation Plan is the annual operating plan used by the ERO Enterprise in performing CMEP responsibilities and duties. 
    Annual ERO CMEP Implementation Plan
  • The ERO Enterprise Guide for Compliance Monitoring describes processes within the Risk-Based Compliance Oversight Framework to identify, prioritize and address risks to the bulk power system (BPS). Risk Elements, Inherent Risk Assessments (IRA), Internal Controls Evaluations (ICE), CMEP Tools, and Compliance Oversight Plans (COP) are addressed. 
    ERO Enterprise Guide for Compliance Monitoring
  • The ERO Enterprise Guide for Internal Controls describes the approach CEAs use to assess the effectiveness of design and implementation of a registered entity’s internal controls to mitigate risks to reliability of the bulk power system (BPS) and supports the development of the entity’s Compliance Oversight Plan (COP). Guidance is provided for assessing internal controls during compliance monitoring activities. 
    ERO Enterprise Guide for Internal Controls
     
Compliance Oversight Plan (COP)

Compliance Oversight Plan (COP)

COP conveys a tailored compliance monitoring oversight strategy for each registered entity, based on entity specific factors such as compliance history and events, IRA, EIC and other performance factors.
Inherent Risk Assessments (IRA)

Inherent Risk Assessments (IRA)

The Inherent Risk Assessment (IRA) is a review of potential risks posed by an individual entity to the reliability of the bulk power system (BPS).
Evaluation of Internal Controls (EIC)

Evaluation of Internal Controls (EIC)

The evaluation of Internal Controls is to focus compliance oversight efforts by recognizing the internal controls as an entity that employs to mitigate risks for specific Reliability Standards and reliability, security & resilience to the BPS.
Internal Compliance Program (ICP)

Internal Compliance Program (ICP)

The Internal Compliance Program describes the entity’s organization, communication and implementation of Compliance obligations and culture. ERA evaluates the ERO ICP questionnaire and informs the audit and enforcement staff of strengths, weaknesses and recommendations.
Presentations, Forms, Examples

Presentations, Forms, Examples

This page provides NPCC Compliance Workshop and Webinar Presentations related to Risk Assessment, Controls, Operations and Planning, Cybersecurity, Forms, Better Practices and other Self-help information.

Latest News

Upcoming Meetings

No meetings were found.

Latest Documents

Security Notice

This is a Northeast Power Coordinating Council, Inc. (NPCC) information system. You have no reasonable expectation of privacy regarding communications or data transiting or stored on NPCC’s information system. At any time and for any lawful purpose, NPCC may monitor, intercept, record, and search any communications or data transiting or stored on this information system. At NPCC’s sole discretion, NPCC may disclose pertinent information to the U.S. Government and its authorized representatives to protect the security of critical infrastructure and key resources, ensure information security, or to comply with any applicable law, regulation, legal process, or enforceable governmental request. By continuing, you acknowledge that you understand and consent to the terms and conditions described in this notice. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited and may subject violators to criminal, civil, and/or administrative action.