Skip to content

When an Auditor Gets Audited

Audits exist to provide an independent, objective evaluation of an organization’s compliance with rules and regulations. While this kind of oversight shines a light on opportunities for improvement and allows the organization to reset priorities, it can also be stressful for staff and not an easy exercise to go through.

At MRO, we have always strived to make audits collaborative by promoting Highly Effective Reliability Organizations (HEROs) and strong internal control programs. The work it takes to demonstrate compliance with rules and regulations is minimized with these two investments.

In the first quarter of 2022, MRO was audited by the North American Electric Reliability Corporation (NERC) on its adherence to NERC’s Rules of Procedure (ROP). As a compliance organization, we too strive to be a HERO and embody the five HRO[1] principles:

  1. Preoccupation with failure.
  2. Reluctance to simplify interpretations.
  3. Sensitivity to operations.
  4. Committed to resilience.
  5. Deference to expertise.

We entered the NERC audit engagement with these as our guiding principles.

 The audit took over four months to complete, and during that time MRO devoted a full time equivalent (FTE) in support of the audit process. MRO is in the process of mitigating the findings identified during the audit. Almost all of the findings related to items that MRO was already in the process of improving. MRO will collaborate with its partners in the ERO Enterprise to identify best practices. This process has helped MRO reprioritize initiatives and future investments to provide our stakeholders with strong regional leadership and outreach to promote reliability and security of the bulk power system.

Even beyond the findings, the audit has shown a light on opportunities for improvement in MRO’s oversight processes and procedures. MRO identified several opportunities for improvement during audit preparation, including improving the clarity of documentation, capturing institutional knowledge, and augmenting the documentation of our professional judgement.

On a more personal note, early in the audit process, I was walking through a document the Compliance Monitoring Department created to analyze MRO’s annual CMEP Implementation Program (CMEP IP). The document assessed MRO’s plan to use outreach, audits, self-certifications, and other tools to address CMEP IP areas of focus. This is an undocumented process that relies on institutional knowledge of five members of the Compliance Monitoring team to implement annually. During the interview process, I found myself getting defensive in my responses to the auditors questions. Why was that? Because like all subject matter experts, I take pride in my work and the work in question is not a requirement. The Compliance Monitoring team called my attention to this, which allowed me to go back to MRO’s HERO principles. Future discussions were more transparent with the audit team and thus more productive.

As many of you know, going through an audit is a lot of work. Having outside parties assess your work is difficult. MRO found opportunities to improve and reprioritized out continuous improvement activities as a result of the feedback from this audit. Oversight shines a light on opportunity and allows an organization to reset priorities.

– Jeff Norman, Director of Compliance Monitoring

[1] The theory and principles of High Reliability Organizations are described in the book “Managing the Unexpected – Assuring High Performance in an Age of Complexity” by Drs. Karl E. Weick and Kathleen M. Sutcliffe (2001, Jossey-Bass)