CRSI's Keys to a Successful NERC CIP Audit

Share Article

CRSI audit support services guide organizations in presenting succinct narratives, evidence, and documentation, while enabling compliance teams to face a NERC CIP audit with a high degree of confidence.

Becoming Audit Ready

Client partners utilize CRSI because we eliminate surprises, aid in writing effective RSAWs, simulate audits by Regional Entities in method and scope, guide organizations in resolving issues, and train SMEs to be effective witnesses.

Many electric utilities are scheduled for a NERC CIP or NERC 693 audit this year. What are the first thoughts that pop-up? For many compliance teams, it begins with an assessment to discover if the organization is ready for a NERC CIP or NERC 693 audit. If the organization is not ready, are there sufficient resources for the compliance team prepare for a successful audit while running day-to-day operations? It is important to understand your organization is not alone. CRSI has partnered with utilities of all types and sizes, with varying degrees of audit readiness.

As a best practice, CRSI highly recommends utilizing a third-party to alleviate the burden on internal resources, provide a fresh perspective, and an objective, unbiased evaluation.

A Few of the Keys to Audit Success:

1. Conduct a Gap Analysis. Between 12 and 18 months out from an audit, every organization should perform a readiness evaluation providing a snapshot of exactly where the compliance program is strong, and what gaps exist that need to be mitigated.

2. Get organized. Utilize document management programs and always ensure the most current compliance documents are readily available and easy to find.

3. Succinct narratives. Ensure Reliability Standard Audit Worksheets (RSAWs) are well written. An organization's RSAWs should walk audit teams directly through evidence in a logical sequence that enables auditors to get to the heart of the matter without needing to read entire policies, procedures, plans, or logs.

4. Practice. Practice. Practice. Effective compliance programs utilize Mock Audits that mirrors a formal audit process in the appropriate region. This should include Subject Matter Expert (SME) interviews, data requests, daily out-briefs for leadership groups, and provide you a report noting all observations and recommendations with a prioritized task list the organization should use to complete mitigation steps.

5. SME training. The importance of having SMEs as effective witnesses cannot be overstated. Many people are uncomfortable in public speaking situations, let alone in an interview with an auditor team. Training and coaching will dramatically improve SME testimony. Great SME presentations often strengthen a piece of evidence that might not otherwise stood on its own. This is critical during an audit, as having subject matter experts ready to face an auditor is key in setting the tone of the audit and ensuring a more positive outcome of an audit.

What makes CRSI’s audit support services stand out? – Simple:

CRSI has worked with more than 250 utilities in the past five (5) years alone, spanning all NERC regions and has also worked on behalf of Regional Entities to conduct formal audits. Our client partners utilize CRSI because we eliminate surprises, aid in writing effective RSAWs, simulate audits by Regional Entities in method and scope, guide organizations in resolving issues, and train SMEs to be effective witnesses. The end result? Confidence in your compliance program, team, and that the organization is fully prepared for an audit.

For a one-on-one discovery session to see how CRSI can help you be successful, call 866-492-7072 today.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jonathan Roe
@CoRiskSolutions
Follow >
Corporate Risk Solutions, Inc.
Like >
Visit website