Skip to main content
Texas Reliability Entity
Texas RE webCDMS Access Go to webCDMS
Go Search
Skip Navigation Links
Compliance
Enforcement
Reliability
Registration
Standards & Rules
Stakeholder Outreach
About Us
Skip Navigation Links
Compliance
Compliance Audit
Audit Schedule
Audit Information by NERC Entity Type
Audit FAQs
Self-Reporting
Self-Certification
Complaints
Data Submission
Skip Navigation LinksHomeComplianceCompliance AuditAudit FAQs



Audit FAQs

Entities registered with the North American Electric Reliability Corporation (NERC) are subject to audit by Texas Reliability Entity, Inc. (Texas RE) for compliance with the NERC Reliability Standards that apply to the functions for which the entity is registered. Certain organizations that are registered with the Electric Reliability Council of Texas (ERCOT) independent system operator (ISO) will also be audited for compliance with ERCOT Protocols and Operating Guides.

Texas RE’s audits of NERC standards are conducted in accordance with the NERC Rules of Procedure, especially those found in Appendix 4C, the Compliance Monitoring and Enforcement Procedure (CMEP), especially Section 3.1. NERC’s procedures generally conform to generally accepted government auditing standards. Audits of ERCOT Protocols and Operating Guides follow the same general approach, when conducted.

In this section, find answers to frequently asked questions about compliance audits. If you have any questions or concerns, please contact Texas RE Information External Link

How do I know if my organization has been scheduled for an audit?
Texas RE publishes an audit schedule on November 1 of the preceding year in its annual implementation plan. The audit schedule is posted on the Texas RE and NERC Web sites; schedule updates are made approximately once a month, but changes are minimal.

How often will my organization be audited?
It depends on the functions for which a company is registered with both NERC and the ERCOT ISO. Each registered entity is subject to audit on a three-year or six-year cycle. Present practice is for qualified scheduling entities (QSEs) with resources and transmission/distribution system providers (TDSPs) with control centers to receive audits of applicable NERC Reliability Standards and ERCOT Protocols on a three-year cycle. Most other entities will be on a six-year audit cycle. The ERCOT ISO currently receives audits annually but only for part of the NERC standards that cover the functions for which it is registered.

If warranted, Texas RE may conduct unscheduled audits.

What NERC standards and requirements will be covered in a NERC compliance audit?
There are over 1,000 requirements in the approved NERC standards, but not all are part of typical audits in a given year. The Texas RE annual implementation plan also lists those standards and requirements that will be part of that year’s program. They are known as the actively monitored standards; they are selected out of the universe of NERC standards to cover areas deemed most significant to reliability. Other NERC standards may be included if Texas RE finds a need to examine them, due to triggering events or other circumstances.

The audits cover three past years’ requirements as well as those in the current year.

How does Texas RE’s approach to audits of ERCOT Protocols and Operating Guides differ from the audits of NERC Reliability Standards?
The approach is essentially the same, and protocol and operating guides questions, if asked, will be included with the audit package. Texas RE has developed a questionnaire derived from certain requirements in the protocols and operating guides that is used to guide the audit and provide for the entity’s initial responses.

What’s the difference between an on-site audit and an off-site audit?
Entities on a three-year audit cycle typically receive on-site audits; in other words, the audit team goes to the entity’s facilities. Entities on a six-year cycle typically do not receive a visit from an audit team, but rather supply information and conduct interviews via Webex to complete the audit. The audit packages are prepared similarly and shipped out at least 60 days prior to the audit, with responses due back 30 days prior.

What will my organization need to do in preparation for the audit?
The entity will receive an audit package with basic questions about the entity, request for accommodations and directions, information about the audit team and its authority. For a NERC compliance audit, the entity will receive a set of reliability standard audit worksheets (RSAWs). For an ERCOT Protocol audit, a protocol and operating guides requirement questionnaire will be included the package.

After the audit package is received, the entity will complete the initial responses to the questionnaires and RSAWs and return to Texas RE 30 days prior to the start of the actual audit. If requested, the entity should provide additional responses to Texas RE prior to the audit, and the entity should be prepared to answer additional questions and provide documentation at the actual audit. For an on-site audit, the entity will need to make physical arrangements for the audit team’s visit as detailed in the audit package.

What are the steps of the audit process, and how long do they typically take?
After the initial audit package is sent, the entity has about a month to prepare responses. Texas RE will begin its review in the month preceding the audit and may request additional information. Additional questions may be asked by the auditors prior to the actual audit date to clarify the evidence that was submitted by the entity.

When the actual audit commences, the team leader will introduce the process and the agenda, and the evidence will be reviewed in depth and corroborated with entity management and subject matter experts. An audit typically takes two-and-a-half days to three days. At the end, an exit interview will provide preliminary results.

Over the next 60 days, the auditors will assemble their notes and produce a draft report. After a comment period for the entity to review the draft, the audit report will be submitted to NERC for posting if there were no violations.

What does my organization need to make available for the auditors?
The entity needs to provide evidence for support of its compliance during the duration of the audit period. Texas RE requests that responses be prepared in searchable electronic formats, whether in the original submittal or subsequent information provided. Subject matter experts at the entity should assist in preparation of responses and be available for additional support and information. In particular, the RSAWs and questionnaires submitted are requested to be in MS Word format. All documents should be appropriately marked for confidentiality. Subject matter experts at the company should assist in preparation of responses and be available for additional support both prior to and during the audit.

When will my company get the results of the audit?
An exit interview at the end of the audit will provide the auditor’s initial findings, including any possible violations. The audit report will be sent to the entity by 60 days after the audit, and the registered entity will have 10 days to respond with comments on the report. If there are possible violations, Texas RE’s enforcement group will conduct a thorough review after the audit to validate any possible violations and conduct follow-ups, including calculation of penalties.

What about confidentiality of information provided to the auditors?
Section 1500 of the NERC Rules of Procedure provides guidance on confidential information and how it’s handled. It provides for the protection of confidential information by the Regional Entities and NERC. It describes how entities should request consideration of information that they believe needs to be treated as confidential or critical energy infrastructure information, as well as describing how the information must be marked.   

What is a spot-check audit?
A spot-check is a mini-audit that is typically focused on just a few requirements. It may be used to validate self-certifications, to follow up on complaints, or to check on compliance following a system event. An entity is given 20 days to prepare a response for a spot-check; usually the auditors conduct these off-site but may travel to the entity’s site if the situation warrants. A short report of results is provided, similar to a regular audit.

What kinds of evidence must be submitted to Texas RE?
Entities must submit sufficient, appropriate and adequate evidence to provide a reasonable basis for auditors’ findings and conclusions. In general, written statements that an entity complies with the standard are the weakest forms of evidence. Written procedures for compliance are better, but still not necessarily sufficient to demonstrate compliance.  The best types of evidence are specific examples that show entities have actually implemented their procedures for compliance. For example, if a standard requires that a program must be established for the maintenance and testing of “widgets”, then entities should submit their program document, maintenance schedules showing last and next test dates, and specific test records for some individual widgets. If the entity owns a large quantity of widgets, then  auditors will ask for a small random sample of test records out of the total population of widgets.

 

© 2011 Texas Reliability Entity. All rights reserved.
Site Map | Terms of Use | Privacy | Contact Us