Internal Controls and Risk Management are critical in achieving operational, strategic, compliance, and reporting objectives. Comprehensive risk management identifies risks to an organization, while implemented internal controls provide reasonable assurance of the mitigation of risks and reaching operational objectives. An effective internal control program can make operations more efficient, protect company assets, and assist in compliance with NERC Standards and Requirements.
An Internal Control Program consists of five components:
| Control Environment | Foundation of the program, represents: organizational integrity, ethical values, commitment to competence, etc. |
| Risk Assessment | What are the risks to your organization? |
| Control Activities | What activities do you perform to mitigate those risks? |
| Information & Communication | What information are you capturing with those control activities, who are you telling, and how are you telling them? |
| Monitoring Processes | Ongoing monitoring, performed by both the departments where the control resides to ensure consistency and accuracy, and by an oversight function or department |
Simply put, Internal Controls are those activities that we perform to ensure that what we want to happen will happen, and the things we do not want to happen will not happen.
ReliabilityFirst will continue to add guidance documents to this Knowledge Center.