Voluntary internal control review activities are performed by RF’s Entity Development group and are called Assessments.  There are three types of Assessments:

1) Internal Control Evaluations (ICE),

2) Appraisals, and

3) Self-Assessments. 

All three types of Assessments focus on risks and reliability.   ICE’s are specific to the risks identified in the NERC reliability standards, while Appraisals and Self-Assessments focus on primary risk areas identified by RF or the entity (e.g. misoperations).

The primary objective of an Assessment is to identify and measure an organization’s Internal Controls surrounding compliance, risk, or operations. With an overall goal of continuous improvement and operational excellence, the Assessment will potentially identify unknown risks, best practices, and opportunities for improvement by assessing the organization’s Management Practices around the scope of the Assessment.  Management Practices are a natural grouping of common, functional activities (or Internal Controls) that Registered Entities already perform to ensure the reliability, resiliency, and security of their respective systems. These practices are assessed to determine the maturity of an organization’s processes and sustainability. The set of Management Practices form a uniform, repeatable, and transparent continuous improvement model that can be predictive of an entity’s ability to remain reliable, resilient, and secure on an ongoing basis.

For more information regarding the benefits of signing up for an Assessment, please contact Entity Development. Management Practices Abstracts are useful summaries that will provide a brief overview of the framework. The framework for the Management Practices is shown graphically below: