Disclaimer: MRO is committed to providing non-binding guidance to industry stakeholders on important industry topics. Subject matter experts from MRO’s organizational groups have authored some of the articles in this publication, and the opinion and views expressed in these articles are those of the author(s) and do not necessarily represent the opinions and views of MRO. The following article was written by Theresa Allard, Compliance Manager at Minnkota Power Cooperative.
I’ve had several conversations lately worth bringing to a broader audience. At a high level, these discussions reveal a certain amount of confusion regarding the purpose of the North American Electric Reliability Corporation (NERC) Reliability Standards, as well as the distinct roles of Subject Matter Experts (SMEs) and the Compliance Department.
Let’s begin with the purpose of the standards, which serve as the foundational framework for Bulk Electric System (BES) stability. To navigate these requirements effectively, it is essential to address the common misconception that NERC compliance is just a paperwork exercise designed to “pass an audit.” These standards aren’t meant to be punitive ─ they’re proactive ─ and provide a common playbook. At the end of the day, you implement these requirements to ensure resilience during the ‘worst-case scenarios’ that inevitably challenge the power grid.
When an event occurs, compliance is what separates a managed incident from a cascading failure. It demonstrates due diligence, operational discipline, and accountability to reliability of the grid. NERC compliance is a lot like insurance: you don’t buy it because you expect something bad tomorrow; you buy it because you understand the concept of risk management. It protects people, assets, credibility, and continuity when things go wrong.
SMEs are selected based on the work they perform in their daily jobs. If you’re an Engineer, you are assigned engineering requirements that protect the work you do. If you work in Energy Management Systems (EMS), you are assigned Critical Infrastructure Protection (CIP) reliability standard requirements that protect your work as an EMS Analyst, and so on.
SMEs often have varying attitudes about this role. The difference lies in how compliance is treated:
- When treated as paperwork, it feels heavy and disconnected.
- When treated as risk management, it becomes muscle memory.
When operations are smooth, compliance can feel invisible or like busy work. Until it isn’t. The difference doesn’t show up on routine days; it shows up during outages, cyber events, misoperations, and investigations. You can’t create discipline, controls, or culture after an incident. You’ve either invested in them beforehand, or you’re explaining why they didn’t exist.
The Compliance Department is the bridge between the NERC standards and the SMEs. We do much of the legwork behind the scenes to take the burden of compliance off the technical staff. For example, we:
- Monitor new and revised standards to understand the impact on our utility.
- Track industry best practices to help business units improve our own processes.
- Help develop, monitor, and test internal controls to ensure our processes work as planned.
- Facilitate document reviews to ensure our processes are maintained.
- Act as the primary point of contact between our utility and the regulators.
In other words, we function as a risk management department with a focus on NERC standards. Importantly, the Compliance Department does not dictate how to do anyone’s job, and we are not the technical experts.
Think of the Compliance-SME relationship like a Venn Diagram. The Compliance team are the experts on how to do compliance; SMEs are the experts in their technical areas. There is a space in the middle where we intersect. For an effective partnership, Compliance needs to understand enough about the subject matter, and SMEs need to understand enough about compliance, but we each have our own distinct function within our organization.
Understanding the importance of each role and understanding that this is about the management of risk is a mindset that matters. Compliance isn’t about checking boxes or fearing fines; it’s about protecting reliability and ensuring we can operate with confidence. When we understand this, we aren’t tempted to treat compliance as a regulatory burden. We treat it as risk management.
About the Author
Theresa Allard is the NERC Compliance Manager at Minnkota Power Cooperative, a generation and transmission cooperative that serves eastern North Dakota and northwestern Minnesota.
After graduating from the University of North Dakota with a Bachelor of Science in Industrial Technology and then working for an HVAC contractor for several years, Allard joined Minnkota in 2007 as a CAD Technician, which enabled her to learn about electrical utilities, the power grid, substations, protection and control systems, and the culture of working at a cooperative. She then became involved in NERC Compliance in 2010 as a Compliance Coordinator and was promoted to her current role as Compliance Manager in 2015. As Compliance Manger, she is responsible for implementing MPC’s NERC Compliance Program, which includes oversight of both the Critical Infrastructure Protection (CIP) and the Operations and Planning standards. She has been highly involved in the evolution of Minnkota’s Compliance Program from something brand new to an established program. She has also overseen the development of Minnkota’s Compliance management tool, coordinates the implementation of new and revised NERC Standards, has lead Minnkota through several audits, oversees self-reports and mitigation plans, and developed and implemented a risk assessment and Internal Controls program, among other achievements.
Allard is currently the Vice Chair of the MRO CMEPAC. She has also been involved in the MRO’s NSRF, the Mid Continent Compliance Forum (MCCF) board, and various NATF groups. She also is a member of internal committees such as Minnkota’s GridEx planning committee, NATF steering committee, and the whistleblower committee, among others. In her free time, Allard enjoys traveling, hanging out with friends and family (especially her significant other and combined six children), and outdoor activities such as running, golfing, kayaking, and camping.