During an Inherent Risk Assessment (IRA), ReliabilityFirst reviews the potential risks posed by an individual entity to the reliability of the Bulk Power System.  ReliabilityFirst considers factors such as assets, system, geography, interconnectivity, prior compliance history and factors unique to the entity. 

• ReliabilityFirst currently schedules and performs IRAs for each entity based upon the CIP and Operations and Planning audit schedules.

• However, this schedule and the IRAs may be revised based on emerging risks, an entity's performance, or any other changes that may impact the entity's risk to the Bulk Power System. 

• After ReliabilityFirst completes an IRA, it establishes an entity-specific Compliance Oversight Plan (COP) which includes the analysis & results (Risk Categories) and Oversight Strategy which includes audit periodicity and CMEP monitoring tool(s) (e.g., audit, self-certification).  The COP Report also includes an Appendix detailing the entities inherent risk (18 ERO Risk Factors) and an Appendix detailing the Standards and Requirements which are associated to the identified Risk Categories.