Voluntary internal control
review activities are performed by RF’s Entity Development group and are called
Assessments. There are three types of Assessments:
1) Internal Control Evaluations
(ICE),
2) Appraisals, and
3) Self-Assessments.
All three types of Assessments
focus on risks and reliability. ICE’s are specific to the risks
identified in the NERC reliability standards, while Appraisals and
Self-Assessments focus on primary risk areas identified by RF or the entity
(e.g. misoperations).
The primary objective of an
Assessment is to identify and measure an organization’s Internal Controls
surrounding compliance, risk, or operations. With an overall goal of continuous
improvement and operational excellence, the Assessment will potentially
identify unknown risks, best practices, and opportunities for improvement by assessing
the organization’s Management Practices around the scope of the
Assessment. Management Practices are a natural grouping of common,
functional activities (or Internal Controls) that Registered Entities already
perform to ensure the reliability, resiliency, and security of their respective
systems. These practices are assessed to determine the maturity of an
organization’s processes and sustainability. The set of Management Practices
form a uniform, repeatable, and transparent continuous improvement model that
can be predictive of an entity’s ability to remain reliable, resilient, and
secure on an ongoing basis.
For more information regarding
the benefits of signing up for an Assessment, please contact Entity
Development. Management Practices Abstracts are useful summaries that will provide a brief
overview of the framework. The framework for the Management Practices is shown
graphically below: