In the last installment of our Automated Approach to Operations and Planning Processes series, we looked at the challenges of data submittals and how solutions like SigmaFlow can help. Today’s topic is related: self-reporting. Like data submittals, self-reporting seems relatively straightforward until you dig into all the different must-dos for various entities, standards, and requirements and the complexities related to preventing, identifying, and mitigating self-reporting incidents.
Challenges with the self-reporting process
Let’s start with some context around self-reporting. If you run an internal control or audit process and identify an anomaly around a situation or event, you’re required to self-report your findings to NERC and/or your regional entity. The specifics around what you have to report to whom in what format vary (although NERC and the regions do provide some guidance), but it’s fair to say that NERC always looks favorably on proactive self-reports. They would much rather you tell them about it first than wait for a NERC auditor to discover the problem, and any relevant penalties reflect this attitude (i.e. you get dinged less if you self-report than if you wait for an auditor to find it.)
This scenario presents two sets of challenges. First, you need the processes in place to consistently identify qualifying events – you can’t self-report issues if you don’t know about the issues in the first place. This involves both an agreed-upon understanding of what constitutes an anomaly worthy of a self-report as well as a trigger mechanism to let you know when that type of anomaly has occurred.
Once you’ve identified the qualifying events, you face many of the same obstacles that we examined in our article on data submittal. You need to track down the details that demonstrate what went wrong, when and why and how you missed it, any relevant evidence or other documentation, and then organize all that information into the required format for submittal.
How an automated solution identifies possible violations
An automated compliance management solution like SigmaFlow solves both of the challenges presented above. To begin, it provides the transparency and centralized data collection necessary to measure real-time, historical, and/or forecasted information against identified risk measurements. This in turn allows you to identify risk and trigger the appropriate alerts, remediation, or mitigation activities.
Put more simply, SigmaFlow lets you define certain rules to monitor, and when those rules trip, we alert you that you have or had a problem. Then the system addresses the second half of the self-reporting process: what to do next. When SigmaFlow flags that self-reporting conditions have been met based on the conditions or rules that you defined, it alerts you and helps gather the necessary information into the appropriate format. This allows you to review the scenario and take the appropriate further action, from whether or not to proceed with the self-report to how to remediate the anomaly.
Asset management offers a great example for how an automated solution like SigmaFlow can streamline this process from end-to-end. Without compliance management software in place, asset management happens very manually. Your employees are out in the field, not in front of a computer, so can’t manage the process electronically in real time. They may change out a piece of equipment that affects the Facility Ratings, but forget to update the Facility Ratings spreadsheet when they get back to the office. As a result, you don’t tell the appropriate authority that your rating changed because of the new equipment, and you need to create a self-report.
SigmaFlow prevents this situation in the first place by providing a centralized system in which to enter information like equipment changes, then serving up any necessary to-dos as a result of that change. For example, when a facility’s rating changes more than a predefined percentage, the company may have an obligation to notify external partners. With automated notifications from SigmaFlow, that requirement and its attendant tasks get routed to the right people with the agreed-upon details and policy-defined timelines.
When issues do occur, automated monitoring and notifications add value by detecting and remediating violations as soon as possible. In the Facilities Management example, SigmaFlow can monitor equipment changes captured in external Work Order solutions. If a new work order is observed that reflects back-dated changes that impact the facility rating, it may be necessary to file a self-report. SigmaFlow can automatically notify compliance of the possible self-report conditions, generate a form with the necessary self-report data and initiate any supporting approvals, other business processes, internal notifications or external partner notifications.
Finally, an automated compliance management solution not only enables you to proactively prevent incidents and manage self-reporting conditions at the time they occur, but to gain business insight by analyzing your self-reporting statistics. SigmaFlow delivers lookback analysis, for example, that can show how many self-report situations have occurred across different facilities and sites to see if there are more problems in certain areas.
This is a powerful tool for compliance managers. You can easily see how many self-reports you filed, when and where and why. If you know that you performed 1,000 equipment changes, for instance, but only had to file one self-report, it sends a very clear and quantifiable message to executives. In this way, SigmaFlow can be an excellent performance indicator – a single source of truth to demonstrate change and improvement in the organization.
SigmaFlow is a leading provider of Process Execution solutions. The company’s NERC Compliance Solution is a real-time, evidentiary based software solution that solves the challenges of CIP & 693 Compliance. The SigmaFlow Compliance Solution manages all documents, data, and work activities while automatically collecting and building the evidence for NERC compliance in a real-time repository. SigmaFlow products place a strong emphasis on embedding domain knowledge through a process-driven template-based-architecture. Contact us at email@example.com to learn more.