In the opening post of this series on comparing different NERC compliance approaches, I talked about the deficiencies of using Excel to manage NERC compliance. In this post, let us turn our attention to homegrown solutions, usually MS Sharepoint or Document Management platform-based, that support varying degrees of data and document management and perhaps, notifications.
Your team had put the hard work, long hours and spent the necessary CapEx to get a homegrown solution up and running. After the dust settles on the launch party, how do such solutions measure up to the Compliance teams’ needs? Let’s look at four key areas to understand why homegrown solutions do not meet the mark.
With over 1,000 requirements, NERC compliance is incredibly cumbersome and tedious. You need policies and procedures for every standard and requirement. Each of these policies and procedures comes with its own workflows or Tasks. You have to set and keep track of various data points including:
- How many workflows and tasks you have in flight
- Who is responsible for each of those processes and activities
- How many tasks each person is currently assigned and has coming up
- How many tasks are late, by person, department, requirement, or standard
- What tasks and activities are coming up
- Who has activities due in the next 1, 7, or 30 days
- Who is on vacation, and have their tasks been re-assigned to someone else
Homegrown applications typically fall short on such detailed tracking of Tasks. They lack the comprehensive task management capabilities offered by an automated NERC-specific solution like SigmaFlow. These include:
- Automated delivery of initial task notification, scheduled reminders and proactive escalations as needed
- Automatically identifying who should work on the Task or who the escalation point is, based on its context
- Supporting multiple Task triggers – manual, time-based schedule or rule-based.
- Automatically monitoring the task and data to identify potential non-compliance situations and proactively launch remedial steps.
The waterfall failure of having only basic notification capabilities is that while they consistently execute repeatable tasks, they provide no opportunity to analyze and refine your workflows. Real-time historical analysis and forecasting capabilities in SigmaFlow let you answer questions like how often specific deadlines are missed or nearly missed. Seeing the big picture lets you know where to take a closer look. Drilling down through the dashboard, you can discover if one team or facility is presenting most of the risk. You must be able to extract insights from your compliance system in order to improve your compliance processes.
Tracking & measuring the effectiveness of your compliance program
Managing the day-to-day activities and the comprehensive Task management needs are a must, if that is all your homegrown solution does, then you’re leaving money on the table. You’re sitting on a goldmine of data about how your business functions at a wide variety of levels. To maximize ROI on your compliance management solution, it should help you take that data from tactical workhorse to strategic asset.
Automated NERC-specific solutions like SigmaFlow gives you the big picture visibility that lets you manage your compliance program’s overall efficiency and gauge how well it’s mitigating your compliance risk. This includes:
- Continuously monitor and validate data to ensure quality, so RSAWs and other required audit documentation is always current and accurate
- Detecting data issues, and potential deadline fails, and present the information in a management dashboard so you can manage by exception
- Providing compliance analytics dashboard that lets you clearly identify what is working and what are potential problem areas.
With the right compliance management solution, you can understand the problem, put a process in place to fix it, then record results again to see if it’s working. Rinse and repeat. It may take some trial and error, and it will likely take some time, but using your data in a strategic way pays tremendous dividends.
Stay tuned for part 3 of this series, where we will explore homegrown solutions a bit deeper regarding NERC awareness and the need for an easily updated compliance management solution.