The NERC Compliance Monitoring and Enforcement Program (CMEP) defines a variety of compliance monitoring methods that MRO uses to assess compliance with NERC Reliability Standards among all users, owners, and operators of the bulk power system in MRO’s regional footprint. Using a risk-based approach, MRO determines the type and frequency of compliance monitoring tools (i.e., off-site or on-site audits, spot checks or self-certifications) that are warranted for a particular registered entity based on the unique risks that an entity poses to reliability and security. The determination of the appropriate CMEP tools will be adjusted, as needed, within a given implementation year.
This risk-based approach includes developing a Compliance Oversight Plan (COP) for each registered entity that tailors compliance monitoring activities to the registered entity. The COP is dynamic and requires updating from time to time as the entity’s risk profile changes.
Each year, NERC publishes a consolidated Implementation Plan, which communicates the CMEP priorities for the year for the Electric Reliability Organization (ERO) Enterprise. Additionally, MRO performs a regional risk assessment (RRA) to identify, assess and recommend mitigating activities for the most impactful reliability and security risks in MRO’s regional footprint. This important assessment can be found in our website Library. The CMEP IP and the MRO RRA provide inputs to inform risk-based compliance monitoring activities. MRO conducts its oversight work according to the CMEP and the ERO Compliance Auditor Manual, as well as professional auditing standards, and seeks to ensure the transparency, accountability and quality of all work related to monitoring of registered entities’ compliance with NERC Reliability Standards. Compliance monitoring is accomplished through the following activities, which are conducted in accordance with the NERC Rules of Procedure Appendix 4C.
MRO’s Risk Assessment and Mitigation team is responsible for assuring risks are properly addressed through the appropriate application of NERC Reliability Standards and corresponding comprehensive mitigation efforts by industry to address identified noncompliance and prevent reoccurrence. Through the risk assessment and mitigation process, MRO gains a greater understanding of potential and actual risks and provides feedback to the standard-setting process to strengthen reliable operations through a technically, sufficient set of standards.
Enforcement staff are responsible for resolving all violations of NERC Reliability Standards in a fair, accurate, and objective manner using the NERC ROP, CMEP, and FERC-approved Sanction Guidelines. Enforcement determinations are scaled to the risk posed by the particular facts and circumstances surrounding each violation. MRO may exercise discretion to resolve matters posing minimal risk to reliability of the bulk power system outside the enforcement process (i.e. Compliance Exception process).
The ERO Enterprise Program Alignment Process is intended to enhance efforts to identify, prioritize, and resolve alignment issues across the ERO Enterprise. This is a repeatable, transparent process that registered entities (or other relevant industry stakeholders) may use to report any perceived inconsistency in the approach, methods, or practices implemented and executed by the Regional Entities. Although NERC encourages stakeholders to work to resolve any issues with the Regional Entity involved, a consistency reporting tool is available through a third-party, EthicsPoint, which allows stakeholders to submit consistency issues-anonymously. Submit an Issue using the Consistency Reporting Tool