Skip Ribbon Commands
Skip to main content
Internal Controls

Internal Controls and Risk Management are critical in achieving operational, strategic, compliance, and reporting objectives. Comprehensive risk management identifies risks to an organization, while implemented internal controls provide reasonable assurance of the mitigation of risks and reaching operational objectives. An effective internal control program can make operations more efficient, protect company assets, and assist in compliance with NERC Standards and Requirements. 

An Internal Control Program consists of five components: 

Internal Controls.png 

Control EnvironmentFoundation of the program, represents: organizational integrity, ethical values, commitment to competence, etc.
Risk AssessmentWhat are the risks to your organization?
Control Activities What activities do you perform to mitigate those risks?
Information & CommunicationWhat information are you capturing with those control activities, who are you telling, and how are you telling them?
Monitoring ProcessesOngoing monitoring, performed by both the departments where the control resides to ensure consistency and accuracy, and by an oversight function or department


Simply put, Internal Controls are those activities that we perform to ensure that what we want to happen will happen, and the things we do not want to happen will not happen.

ReliabilityFirst will continue to add guidance documents to this Knowledge Center.

Internal Control Program & ActivitiesNERC & CMEP ActivitiesAssessments
Documents designed to help you prepare for ReliabilityFirst Compliance Monitoring teams review of internal controls as a part of CMEP activities (audit, spot-checks, and guided self-certifications) NERC and ERO documents that include information on Internal Controls as a part of a risk-based environment.

Voluntary internal control review activities are performed by RF’s Entity Development group and are called Assessments. There are three types of Assessments: Internal Controls Evaluations (ICE), Appraisals, and Self-Assessments.

Presentations Get Control of Yourself!
Presentations and Articles.png Reoccuring Newsletter Articles.png

Presentations from workshops related to Internal Controls.

Reoccurring Newsletter Articles that focus on developing a strong internal control program based on the ERO risk elements and discuss each element with suggestions and industry examples.