Loading...
The URL can be used to link to this page
Your browser does not support the video tag.
Home
My WebLink
About
Agenda Report - April 4, 2012 C-09
AGENDA ITEM Ah CITY OF LODI COUNCIL COMMUNICATION AGENDA TITLE: Adopt Resolution Approving City of Lodi Risk Management and Compliance Program MEETING DATE: April 4, 2012 PREPARED BY: Electric Utility Director RECOMMENDED ACTION: Adopt a resolution approving City of Lodi Risk Management and Compliance Program. BACKGROUND INFORMATION: The City Council established a Risk Oversight Committee (ROC) on January 18,2006 to ensure compliancewith the City's Energy Risk Management Policies (ERMP). Requirements imposed on the City for the Electric Utility Department by the North American Electric Reliability Corporation and the Western Electricity Coordinating Council requires an internal compliance program. Staff recommends incorporating internal compliance requirements into the ERMP with oversight by the ROC. The existing ERMP has been revised to incorporate these requirements and is titled "City of Lodi Risk Management and Compliance Program" (RMCP), see Attachment A. The revised document also incorporates indirect purchases through the Northern California PowerAgency of electric energy, capacity, generator fuel, transmission, transportation, storage, renewable energy credits, greenhouse gas offsets, resource adequacy capacity and ancillary services to meet the City's service obligations in amounts and for such quantities as are: 1) necessaryto meet the minimum amounts called for in ROC's laddering strategy; 2) consistent with the ERMP; and 3) approved by the ROC. Purchases outside the authority granted above may be authorized by specific City Council resolution which may specify the limits of the authority delegated, including the maximum dollar amount of the authority and the duration of the contracts and/or transactions that may be executed. On March 19, 2012 the ROC discussed and approved the proposed RMCP. Staff recommends rescinding Resolution No. 2011-06 and adopting the attached resolution approving the ERMP. FISCAL IMPACT: Not applicable. FUNDING: Not applicable. > P Eli beth A. Kirkley Electric Utility Director PREPARED BY: Kevin Riedinger, Electric Operations Superintendent EK/KR/Ist APPROVED: Konradt Bartlam, City Manager s +' Scope..........................................................................................................................444 City of Lodi Risk Management and Mission Statement/Statement of Commitment ...........................................................444 Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 7.1 Scope of the Risk Management Policies...... ..................... ......... ....... Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Purpose......................................................................................................................444 Scope..........................................................................................................................444 Mission Statement/Statement of Commitment ...........................................................444 Goal............................................................... ........ ....... ...............................55-5 OrganizationalStructure and Chart ........... ............ .................................555 LeadershipSupport ................................... ............ ................................888 Energy Risk Management Policies ("ERMP").. .......... ..........................885 7.1 Scope of the Risk Management Policies...... ..................... ......... ....... 8M 7.2 Program Objectives ..................................... .... ..................... ....... 919 7.3 Program Strategies ........................... .......................................................... 919 7.4 Risk Inventory ............................ .................................................. 919 Transaction Limits and Controls .... .............. ............... .....................111 8.1 Regulatory Compliance.. ...... ........... ............................................ 111 8.2 Indirect Purchases (N ................. ............ ................................... 1131 8.3 Direct Purchases. ................. ................................................... 111 8.4 All s:........... ....................... ............................................12312 8.5 thoriz nsaction Types .................................................... 133 Prohibited T ion Ty....................................................................... 131 3 Authorized Tran Type................................................................. 133 Res......................................................................................................1414.14 Emploentives .......................................................................................141414 Compliancrcement ................................................................................141414 Reporting....... .....................................................................................141414 Compliance Com ns................................................................................151U5 LessonsLearned....................................................................................................151U5 14.1 Compliance Communications Protection for Whistleblowers ............................ 15315 Program Review/Evaluation/Modification/Distribution ........................................151 Risk Oversight Committee.....................................................................................181818 Electric Utility Director (NERC Compliance Officer)................................................181818 City of Lodi Risk Management and Compliance Program Page 1 of 42 -Ell City of Lodi Risk Management and Subject Matter Experts (SMEs).............................................................................. Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 NERC/WECC Compliance Program Oversigh ......... ..........................262626 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 Electric Operations Superintendent (NERC Compliance Director) ...........................1919 As assigned or contracted (NERC Compliance Administrator).................................202020 Subject Matter Experts (SMEs).............................................................................. 222 AllEmployees.......................................................................................................222222 Background........................................................................................................... 244 NERC/WECC Compliance Program Structure ............... ......... ..........................262626 NERC/WECC Compliance Program Oversigh ......... ..........................262626 Independent Access to Executives ............. ............. ...........................272 727 Independent Management ........................... ... ......... .....................282828 Resources......................................................... ................... .......... .... 282825 Performance Targets ....................................... ................... ..282828 Outreach....................................................................................................... 292929 Requirements Identification ............. .............. ...........................31311 NERC/WECC Standards Requireme racke urrent.... ......................313121 Procedures and Other Documents.. ........... .......................................31311 Compliance Training.......... ............... ............................................ 323232 RiskAssessment.......... .................. ................................................ 343434 Controls ogram M ng ........................................................ 343434 35.1 itorin..............................................................................35315 elf -Audit ....... ................................................................................... 35315 HardControls....... .............................................................................. 3636 Serting.................. ............................................................................37337 36.1 ry of Potential ulatory Violations — Review Process ......................... 37317 36.2 Res to and Re ing Potential Violations ............................................. 3737 Remediating even epeat Violations..................................................... 383838 Self -Certification. .................................................................................... 393939 Document Retentio icy...................................................................................404040 Storage................................................................................................................. 404040 ComplianceSystem...............................................................................................404040 References............................................................................................................ 424242 RevisionHistory....................................................................................................424242 ResponsibleSenior Manager or Delegate..............................................................424242 City of Lodi Risk Management and Compliance Program Page 2 of 42 +• City of Lodi Risk Management and Compliance Program Version 1.0 Rev. Date: 3/22/2012 Document: Annual Approval: City of Lodi Risk Management and Compliance Program Page 3 of 42 s +' City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 1 Purpose The purpose of this Risk Management and Compliance Program ("Program") is to foster a culture of compliance and control for the City of Lodi ("City") Electric Utility Department ("EUD"). The Program expects a high level of compliance to regulations, laws, and the City's agreements, policies and procedure while mana ' risks a routine basis. The Program is laid out to control the organizatio iviti ntrolling risk and compliance are part of the City's infrastruct 2 Scope This Program outlines the City's internal control structure to guide compliance with regulations, procedures and policies. It includes a cross—sec employees who are responsible to overs compliance and risk management an Council. The Program applies to all th responsible for complying wj made readily available tq� 3 Mi of c buildIc program s compliancji pliance which Lce and control nce and coni bust, rigo on, provid ciplin nd Lt 's a Cityedgeable an , document, and monitor vith ement and the City and vendor personnel ,ties and procedures. It is toe a superior and effective program to manage risk nts dlWtric utility practices and encourages a culture aghout th'TLUD. The City implements all opportunities to to every business practice and to continuously improve its nd transparent. The City is co d to ying with all applicable laws and regulations. In addition, the City is comm ent risk management and compliance awareness and continuous improve of processes and procedures. This commitment allows the City to develop and maintain an organizational culture that supports staff in meeting these concerns through education/training, ethical conduct, decision making, and a culture of transparency. City of Lodi Risk Management and Compliance Program Page 4 of 42 -loll I- . . City of Lodi Risk Management and Creating a culture of accountabili 2. Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 4. Reviewing and developing go ensure a corporate commitment to 4 4 Goal The goal of this Program is to create a culture of compliance and control within the daily activities that is characterized by clear communication, consistent documentation and implementation of the following practices: -. I- . . 1. Creating a culture of accountabili 2. Adopting reporting procedures to 's man isk Oversight Committee (ROC) and the City Council. 3. Identifying and communicating sped ns and oppNO improvement. 4. Reviewing and developing go ensure a corporate commitment to 4 compliance and control. 5. Conducting regular traini Id awar ograrr 6. Assessing the Pro for adequ d p g recommendations to address planning, auditin udget iss 7. Using appropr munication -ties involved with the Program. 8. nd ass responsibilit'71IRMe key individuals who are accoun appli ortions of the Program. Providing a ntatio ework that supports compliance, and includes clear processes, ies, an edures. 10. ating a culture ontinuous improvement through regular assessments and tions. Thes essments may be self—assessments, internal audits, and in ent thi rty assessments. 11. Adhere ed regulatory requirements. 12. Cooperatin ith regulatory agencies. 13. Promptly assessing and reporting of potential violations to regulatory agencies, if required. 5 Organizational Structure and Chart City of Lodi Risk Management and Compliance Program Page 5 of 42 -E City of Lodi Risk Management and ll Compliance Program Version 1.0 Rev. Date: 3/22/2012 Document: Annual Approval: The Program is overseen by the ROC which is comprised of the City Council member who serves as a Northern California Power Agency ("NCPA") commissioner or alternate, the City Manager, Deputy City Manager, City Attorney and the Electric Utility Director; or in the case of their absence, their designees. The City Manager shall appoint the chair of the ROC. Additional non-voting members may be invited to participate on the ROC based on supporting expertise required by the ROC. The ROC shall meet three to six months, or as Manager or City Council transacted and shall appoint one of its me A quorum for the ROC to do busind . The ROC shall request attendance other persons as appropriate. q Arl 4 � 4 i 4 4 4 4 4 — ff IskCversighI Uommiftee — — — — -der by the City ;s and business designee, to perform Members or their IftLreports from, The City Council is rI.�`ible for making high-level, broad policy and strategy statements as contained in this document. The City Council sets the policy, and adopts the Program as developed and recommended by the ROC and delegates the City Manager to execute it. The City Council will review the Program every year. Additionally, the City Council will receive reports every three to six months from the City Manager regarding risk management activities. . The City Council reviews the Program updates on a regular basis and provides direction and additional support, as needed. City of Lodi Risk Management and Compliance Program Page 6 of 42 s +' City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 Risk Oversight Committee The ROC shall have the responsibility for ensuring that business is conducted in accordance with the Energy Risk Management Policies in Section 7. The ROC shall adopt and bring current risk management business practices, defining in detail the internal controls, strategies and processes for managing risks associated with the adoption of those business practices; including but not limited to a Laddering Strategy. As used herein the term Laddering Strategy shall mean an objective an adua 01hrm to secure varying percentages of the City's projected future p bedsn point in time. Determination of regulatory non-compliant d directi-report such non- compliant activities shall be made by the RO R end to the City Council the categories of transactions permitte i s k it osetransactions. City Manager The City Manager has overall responsibili policy adopted by the City Council. Th Council regarding business transacte occasions as the City Council shall d' . for executi nlWeinsuring comTRW a with NOW - r shat regular reports to the City such inte nd/or upon such kverybe provi three to six ent activities. .,he m Repo months to the City Council regaling ergy Electric Utility Direct The Electric Utility Di for the the hs to the highl ng between tF votingl khb the Departme O acts as the Compliance Officer t0 ctric Utility Director has access to This ensures communication of compliance anization. Records of communication and -ity Manager are stored for at least 48 months. The EU articipatItel ROC through the Electric Utility Director. The Electric Utility Dire all proforecast information and coordinate the receipt and dissemination vaand transactional information undertaken on the City's behalf through Finance Department The Finance Department shall participate on the ROC through the Deputy City Manager and provide accounting and cash flow information to the ROC. Legal Department City of Lodi Risk Management and Compliance Program Page 7 of 42 -Ell City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 6 7 The Legal Department shall participate on the ROC through the City Attorney and provide legal advice and representation and ensure that business is carried out in compliance with all applicable laws, regulations executive orders and court orders. Specific responsibilities for some positions are further described in Attachment A. Leadership Support This Program, as approved by the City Coun senior management. Senior management r I meetings, and communicates to employees formally and informally. During ROC meetings, of potential non-compliance are discussed and s and agendas are stored for at least 48 months. Energy Risk Management P The purpose of the Program bulk power procurement is manages the Program. The ROC meets every three Manager or City CounciA and appoin ne of its quor o do b re attenda n ity Manager ma ROC at such inter 7.1 Sco he Risk Manaee ;?pros participation of all articipates in t to compliance ided, any instances eetij&minutes Policies ated with the City's Med. The ROC to order by the City and transacted business perform this task. A Heir designees. The ROC ier persons as appropriate. rding business transacted -ity Council directs. The risk ement polici a applied to all aspects of the City's wholesale procureme Vacti long-term contracting associated with energy supplies, including gene projects and associated financing related to generation, transmission, tranrage, Renewable Energy Credits ("REC"), Green House Gas ("GHG") offsets, Reuacy ("RA") capacity, ancillary services and participation in Joint Powers Agencies ("JPA") and regulatory compliance as set forth in exhibit B to this policy. This Program does not address the following types of general business risk, which are treated separately in other official policies, ordinances, and regulations of the City: fire, City of Lodi Risk Management and Compliance Program Page 8 of 42 -loll City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 7.2 accident and casualty, health, safety; workers compensation and other such typically insurable perils. Program Objectives 1. Maintain a regularly updated inventory of risks that could impact rates and security of the City's bulk power procurement program. 2. Establish risk metrics and reporting mechanisms t provi a both quantitative and qualitative assessments of potential i to r 3. Adopt business practices that en ge comp development of appropriate levels of operating reser ds, con etail rate stability and maintain appropriate security for estab f 4. Minimize the City's electric utility rates. 7.3 Program Strategies 1. Identify, measure, and control r stability. 2. Assign risk management resp committees for each of ese4 7.4 Risk Inventory The EUD must inventor dress t monito ' orting he ri! ce Ris Volume Risk edit Risk • tional Risk • Con Liabilitie verse effect on retail rate d individuals and ies of risk as a component of the Price Risk— Pric s k associated with the change of power costs and can be segmented into tw ries: 1. Wholesale prices may increase while positions are still open. 2. Wholesale prices may decrease after positions are closed. Volume Risk — Volume risk is the risk that demand for power will either fall below or exceed then existing contracted power supplies. City of Lodi Risk Management and Compliance Program Page 9 of 42 s +' City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 Credit Risk — Credit risk is the risk associated with entering into any type of transaction with a counterparty, and can be segmented into the following five categories: 1. Counterparties fail to take delivery of, or pay for, energy sold to them. 2. Counterparties fail to deliver contracted for energy. 3. Counterparties, refuse to extend credit or charge a premium for credit risks. 4. Counterparty transactions are too suppliers. 5. Inability to finance capital projects or course of wholesale operations. Operational Risk — Operational risk consists of t controlled business activities. Operational risk i 1. Inadequate organizational infrastr ur make and execute decisions, i and balances, incomplete a ime reporting, failure to separa compati 2. Absence, shortage 3. Lack or failure o, software, comm "regulation , e and/or receiv Exposure include cmc Reliability cil ("WECC") a ted number of incurred in the effectivelyWau uted or potential f %inco ufficor to nce ofinternal checks and untimely Is such as computers, 7. , or sanctions-33'�esult of violating laws and tin actual obligations, failure to address legal issues etent dvice, not drafting contracts effectively, etc. fines an ation associated with the North American ration (' ERC") and/or Western Electricity Coordinating vironmental compliance violations. 5. ErrNLomissions a conduct of business, including failure to execute transa vio of guidelines and directives, etc. Contingent LiabilitieswContingent liabilities consist of liabilities that the City could incur in the event of the failure of other parties to discharge their obligations. At present, these consist of three principle categories: 1. Guarantees and step up provisions in the enabling agreements for the JPAs of which the City is a member. City of Lodi Risk Management and Compliance Program Page 10 of 42 s +' Ily authorized to enter City of Lodi Risk Management and pacity, and generator fuel, )rage, RECs, offs Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 !d cific City Council resolution. The resolution may 2. Project closure, decommissioning, environmental remediation and other obligations which result from the City's own activities and from JPA projects and activities. 3. Provisions for take or pay, termination payments and/or margin calls in the City's long-term electric power supply agreements. 8 Transaction Limits and Controls 8.1 The EUD utilizes transaction limits and identified risks. Regulatory Compliance Regulatory compliance controls includes both includes self -audits, policies and procedures. calendared reminders, forms with mand4j" assessments. 8.2 Indirect Purchases (NCPA) The City Manager and the EI contracts for the purchase tl transmission, transport to meet th 's service nece minir a with above may b the limits of the 14 Land the duration date evidence, and self - Utility Dire re Ily authorized to enter i NCPA of tric en pacity, and generator fuel, )rage, RECs, offs capacity and ancillary services Lions in amo uch quantities as are: 1) ounts calle OC's Laddering Strategy; 2) roved by the ROC. Purchases outside the authority !d cific City Council resolution. The resolution may y del , including the maximum dollar amount of the e contra Oand/or transactions that may be executed. In add it r purchases th h NCPA, counterparty credit limits and minimum counterpa ng criteria be described in NCPA's then current "Energy Risk 0 Management ", whi made a part of this document, and the most recent is attached hereto be found at http://www.ncpa.com/financial- information/5.html. over, the City Manager and Electric Utility Director are authorized to purchase electric energy, capacity and fuel to meet the City's share of amounts called for under NCPA's then current Energy Risk Management Policy upon approval of the ROC. Material changes to NCPA's Energy Risk Management Policy are reported to the City Council as part of the quarterly reporting under the City's ERMP. 8.3 Direct Purchases City of Lodi Risk Management and Compliance Program Page 11 of 42 -Ell City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 The City Manager and the Electric Utility Director are severally authorized to enter contracts for the direct purchase of electric energy, capacity generator fuel, transmission, transportation, storage, RECs, GHG offsets, RA capacity and Ancillary Services to meet the City's service obligations in amounts and for such quantities as are: 1) necessary to meet the minimum amounts called for in ROC's Laddering Strategy; 2) consistent with this ERMP; and 3) approved by the ROC. Purchases outside the authority granted above may be authorized by specific City Council resolution. The resom� authority delegated, including the maximum a duration of the contracts and/or transactio at may be For contracts executed directly by the City, t, the such procurement, including, but not limite copyrighted by the Edison Electric Institute, the Department of General Services, and the North waived by resolution of the City Council. ��nt the terms of the contract, the minimu the contract of not less than a BBB -cd Baa3 credit rating established by M� of the City Council. 141111111111116, 8.4 All Purchases: Any City Council resolut Elect follr ed, including,B4 s to be included; de n years or moi States ecify the limits of the thority and the I form contracts for ktedand . thallkilifornia rgy Stand unless obtain and ma ain during Las of the date of award of NOWard and Poor's and a Paived by resolution brizing the City Manager or cify generally at least the e description of energy and energy services to be fixed or formula price, energy and ancillary if of -to -exceed period of time; period of delivery iethe eliveries are on -peak or off-peak; and the point of de n the locus on t terstate transmission system on which the delivery is made. Any City Cou olutio OC recommendation authorizing the City Manager or Electric Utility D ract for generator fuel shall specify generally at least the following terms an ions; quantity and the description of fuel services to be procured, including 4bu not limited to scheduled fuel and fuel transportation services, specifying a not -to -exceed period of time; period of delivery denoted in years or months or years and months; and point of delivery of the locus on the interstate transportation system at which the transfer of title is made. All procurement of electricity and generator fuel by contract shall conform to the requirements of the ERMP. City of Lodi Risk Management and Compliance Program Page 12 of 42 s +' City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 8.5 Prohibited and Authorized Transaction Types 8.5.1 Prohibited Transaction Types: Speculative buying and selling of energy products is prohibited. Speculation is defined as buying energy products that are not needed for meeting forecasted obligations, selling energy products that are not owned and/or selling energy products that are not surplus without simultaneously replacing that energy product jhjjowerjLost. In no event shall transactions be entered into to speculate on Siang prices. 8.5.2 Authorized Transaction Types: 1. Purchase capacity, RECs or REC types, or efli what is expected to be generated or purch contracts. 2. Sell existing capacity, RECs or REC types, or energy t City's obligations. _ 3. Purchase generator fuel that is facilities. 4. Sell surplus generator i surplus due to load b due to hydrological' 5. Ex rans 6 ase simple electricity positio 7. ple call options e d to be in ex( ligations above tine facilities or of the ed generating lable for purchase, becomes Od, or due to increased energy le commodity purchases or sales. rs to limit price exposure on short generator fuel or ing agreWnts on owned generating facilities that are ,the City's obligations. 8. Purcha emission Wances, including GHG offsets, deemed necessary to comply&gulatiogM ownedgenerating facilities. 9. Purchase or se mission rights or congestion revenue rights to manage congestion pric 10. A purchase/sale of energy at the California Oregon Border and an offsetting sale/purchase of energy at North Path 15 ("NP15") to take advantage of City -owned transmission capacity rights. 11. A purchase of generator fuel and a sale of energy to take advantage of excess owned generating facilities. City of Lodi Risk Management and Compliance Program Page 13 of 42 s +' City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 12. A sale of generator fuel and a purchase of electricity to take advantage of market heat rate. 13. Exercise costless collars. 9 Resources The City is dedicated to making the best use of all appropriate resources from all applicable entities as part of the Program. The City iscom fitted dre all areas of high risk through the use of its own resources to impr rob sand transparent Program. The City Council has approved sufficient fu The requirements of this Program are buds 10 Employee Incentives Personal Performance Regulatory compliance is incorpo assessments. Employees are rec( identifying opportunities for impr 11 Compliance Enforcement Compliance exceptions 4 directive in the Ma to violations of sal. Suc viol inary action ma` been determh suspensio kincrimij without law and may and the City. 12 Reporting ns, which vi All exceptio Lcouncil in the �lrninMWr of the Program. staffed o ar-round basis. al performance ng their peers for ority limits, requirements or ported immediately to the City rly exception report. ject to review and may be cause for discipline or ude writifn notices to the individual involved that a iemotion or re -assignment of the individual involved and :)r benefits. Violations may also constitute violations of malties and civil liabilities for the offending covered party Reports are provided by the City Manager to the City Council, every three to six months, regarding risk management activities, such as the City's forward purchases, market exposure, credit exposure, transaction compliance and other relevant data. Management and Council Reports include but are not limited to: 1. Load and resource balances as forecast and adopted in the current operating year's City of Lodi Risk Management and Compliance Program Page 14 of 42 s +' City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 budget (including regulatory, state and federally mandated resource balances). 2. Load and resource balances as adjusted due to operating conditions or purchases occurring during the quarter. 3. An assessment of market exposure. 4. An assessment of the quarterly change in power supply cost from budget. 5. Credit exposure by counterparty. 6. A summary of any purchases made during the quart 7. An assessment of any counterparty credit Ms. 8. NERC/WECC Compliance program status. %t Other reports are provided to the City Council 13 Compliance Communications Company employees have various means in whi including potential violations of regulatol�u contact information. 14 Lessons Learned Any lessons learned frorr are encouraged to be shl and in ining a 14.18 ipliance Comm may 04 role in t any type staff is encouragli ating a law or re ection, invest o ution for s room posters provide violations, r simil lWy violations, or near misses i all staff. L I d are shared regularly with staff L This inclu s learned provided by regulatory and discovered within the City's business practices. for Whistleblowers ►me fdVd with evidence to their manager that the City ion. Communication of potential violations plays a pivotal in, and prevention of violations. No employee will receive ing out on compliance issues of any type. The City staff, to the public are encouraged to report evidence of possible compliance violateical business conduct, questionable operations, problems with compliance controls, orting or auditing concerns, and violations of laws or regulations. The City will promptly investigate all complaints and attempt to maintain the whistleblowers anonymity. Complaints may be made through the suggestion box, to the employee's supervisor, to the employee's manager or director. The City employs a hotline that allows for anonymous reporting. 15 Program Review/Evaluation/Modification/Distribution City of Lodi Risk Management and Compliance Program Page 15 of 42 —lo City of Lodi Risk Management and ll Compliance Program Version 1.0 Rev. Date: 3/22/2012 Document: Annual Approval: The Program is designed to ensure that reporting parties report to their supervisors, the Electric Utility Director to promote, maintain, and monitor compliance; 2) to discuss the effectiveness of the Program; and 3) evaluate alignment of the Program and the City's organization. Interim to the annual review, the Program will be reviewed and modified as necessary if: • An event analysis determines that a modification to this program would be beneficial. The City experiences a regulation violat Lessons learned or changes have been id • Any significant changes to the Program a changes are approved by the ROC. New revisions of the Program are distributed to solicited from the ROC. The City employees are" inform contractors and vendors as a nd they Program. uncil. Minor �lved an are ew significa isions, khave access to the current City of Lodi Risk Management and Compliance Program Page 16 of 42 • Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Attachment A Risk Management and Compliarl&e Program Attachment A Page 17 of 42 s Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 16 Risk Oversight Committee The ROC has the responsibility for following: 1. Ensure that business is conducted in accordance with the Program and the ERMP. 2. Adopt and bring current risk management business practices, defining in detail the internal controls, strategies and processes r ma g ris ssociated with the adoption of those business practices; in but to a Laddering Strategy. As used herein the term Laddering Stra shall me ective and graduated method to secure varying percentages City, wer needs at least three years into the future at any given po Reco to the City Council the categories of transactions permitted an k limits for t ansaons. 3. Regularly assess risk and monitor exposures. 4. Evaluate effectiveness of controls. 5. Determine if non-compliance has 6. Review and provide input to the 7. Address cross—functional 8. Notify the City Humaq perf issues a ' ns. municate nage complian 11. status reports. 12. Prov tus updates 13. Obtain ncil ad ce Prog ssues. 0ectric Utility Director of to compliance with applicable to all parties involved. h the Internal Hotline. e City Council. I of Program modifications. 17 Electric Utility Dir C Compliance Officer) 1. Oversee the execu n of the NERC Internal Compliance Program (ICP). 2. Approve all required procedures and assessments (i.e. critical infrastructure assessment, etc.). 3. Review status reports, industry updates, and compliance meeting notes (NERC, WECC, environmental). Attachment A Page 18 of 42 s Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 4. Provide input to and approve the risk assessment and control plan. 5. Continually assess the effectiveness of the ICP. 6. Communicate operational and regulatory compliance issues to the ROC. 7. Prioritize and oversee corrective actions. 8. Make recommendations on any disciplinary action. 9. Identify Subject Matter Experts ("SME") fus responsibility and authority supported a appr Monitors compliance status by reviewin -asse activities. 10. Manage and sign -off on audits and the and annual self -assessments. 11. Track, approve and oversee implem completion. 12. Create and manage NERC/WEC� 13. Assign staff responsible f ticip revision of NERC/WECC ility 5 14. Direct and review in dits, si an reports. 18 EI peratio inten ort to the Electri y Dire 2. usiness partner RC/WE an rate reporting. rojects, and assign artmental level. ther reporting ERC self— ' atio and itigation plans to ,orkin ms, as required. 9 the development and third party assessments/audits ERC Compliance Director) pliance Administrator to ensure compliance 3. Provide r complian dates to the Electric Utility Director. 4. Along with 'anc inistrator, act as the liaison between the California Independent rator ("CAISO") and PG&E for NERC and WECC regulatory compliance reporequirements. Ensure that no reliability obligation is missed or overlooked, identify the responsible entity and assign the SMEs for each requirement of the NERC and WECC reliability standards. 5. Along with the Compliance Administrator consolidates documentation to ensure that the reliability obligation is met. Attachment A Page 19 of 42 s Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 6. Review and monitor progress and status of action plans, milestones, and deadlines provided by the NERC/WECC Compliance Administrator or responsible department managers. 7. Implements compliance mitigation plans to completion and reports the status to the Electric Utility Director. 8. Assess adequacy and make recommendations to the cross—functional planning, auditing and blI ing i! 9. Review compliance meeting notes, st 10. Manages City actions and documents for 1 development and revision of NERC/WECC 19 As assigned or contracted (NERC Compliance 1. Assigned by the Compliance Officer 2. Serve as the NERC/WECC Reliabil 3. Attend, as determined by the EI Regulatory Commission(" C associated with Reliabili 4. Share best practices 19 Dire rove pr 5.[dinate apl se chq' a NERC/WE ctric Operatioaprior to subm ility Director to address ndIWederal Energy nces and workshops notes for City review. ntendent and Electric Utility anges to the NERC/WECC Reliability Standards and Operations Superintendent. iards'l perinte zation Request comments and seek the , and Electric Utility Director reviews and 7. Notify tFRWs of chang_r additional information related to Standards in their areas of respons 8. Develop and m onsistent framework for compliance to NERC/WECC Standards and ensure comp ce processes are maintained. 9. Provide NERC/WECC compliance related internal training and awareness programs throughout the organization and notifications of external training opportunities related to Reliability Standards. Develop and provide notes to the Electric Operations Superintendent. 10. Develop and provide SMEs training for NERC/WECC standard compliance. Attachment A Page 20 of 42 s Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 11. Assist with the evaluation of NERC Compliance risks and recommend controls. 12. Verify sufficient processes are in place to ensure NERC/WECC compliance with applicable Reliability Standards. 13. Coordinate and assist with the development and revisions to NERC/WECC compliance policies, processes, and procedures. 14. Recommend and assist to oversee NERC a where cross—functional cooperation is rA 15. Monitor to assure NERC/WECC related applicable Reliability Standards are revi 16. Prepare the City for NERC/WECC audits and audits. 17. Monitor the status of SMEs, deadlin checks, audits and action plan mile, Operations Superintendnt. Ae 18. Immediately report NE or events approaching the Risk Oversight Cort 19. Assist the Electric 0 en ovide NERC/WEC'q kLerintendent, Risk Superinten Ctial NERC/WPM those causes. ce Working Groups procedures for all LN ely manner. cont all N C/WECC WECC self-cer i ication, spot and the results to the Electric ties, pot ial non—compliance, erations Superintendent and Risk Oversight Committee to -compliance activities and provide rmation to the Electric Operations ee, and WECC. 21. D and maintain a RC/WECC incident response and reporting process. 22. Assist ctric Opera Superintendent with implementing the NERC/WECC incident se and ting process. 23. Perform or c rformed any actions related to mitigation plans submitted to WECC and provi icient documentation of mitigation actions to the Electric Operations Superintendent. 24. Track NERC/WECC compliance mitigation plans to completion. 25. Regularly report NERC/WECC compliance status to the Electric Operations Superintendent. 26. Monitor and administer the NERC Alert program. Attachment A Page 21 of 42 s Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 27. Prepare quarterly NERC/WECC compliance status reports for the City Council that includes updates on compliance and Standards development activities. 28. Monitor the implementation of the NERC/WECC Internal Compliance Program and report progress to the Electric Operations Superintendent. 29. Administers the centralized compliance management system for maintaining NERC/WECC compliance related information. A1111116, 20 Subject Matter Experts (SMEs) 1. Understand NERC/WECC Reliability Stan 2. Assist the NERC/WECC Compliance Admini policies, processes, and procedures. 3. Attend all required compliance training. 4. Follow compliance policies, 5. Perform duties in a manner that 6. Monitor controls and perform an 7. Fully document all compl 8. Meet deadlines lead i' audits liance ac ,, 9. ie r %miediately noticipate in work gr ds relative to on pdating compliance ons. activities. ions, spot checks, regulator compliance records and documentation. potential non—compliant events. L rev comment on regulations or NERC/WECC hnical expertise. 12. Coop with the Com ce Administrators and any authorized entities reviewing complia d docum ion, including providing access to documentation and evidence. 21 All Employees 1. Every employee at the City has an obligation and responsibility to help ensure that the City is complying with all applicable regulatory requirements. If any employee becomes aware of a potential compliance issue, the employee must notify a member of management immediately for further review. 2. Attend any annual (or more frequent) required training which includes regulatory compliance updates. Attachment A Page 22 of 42 • Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Attachment B Electric Utility Attachment B Page 23 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 22 Background The Federal Energy Policy Act of 2005 provides the FERC authority to approve and enforce rules and regulations to protect and improve the reliability of the nation's bulk power system. Through this Act all electric power entities that impact the Bulk Electric System must comply with FERC approved Regulatory Standards, and public utilities that sell electricity at market-based rates must comply ' h ma ule conduct and ongoing reporting and compliance requirements. Th Stat ompliance Registry criteria describe which entities are required egister w' and comply with the Regulatory Standards. For those entities, ma ry an ulatory Standards with the first set of standards approved by FER o effect a 18, 2007. The Statement of Compliance Registry requires, into the program if they are a participant of the City is registered as a Distribution Pro vi this sole criteria and does not meet a Under this statutory framework, sta organizations and approved b ER( electric reliability organizati I Quebec, Electric Reliabil' cil c interconnections. Withi RC reliab' ' n func v ity's EUD is requiT allWie to its registe Pro "DP"). egiona nd Loa her things, egister Frequent . The g Entity (LSE) based on the iteria. by elecIvliability elegated authority as the North America that include n, and Western has further delegated regional ties. The City is located within the all FERC approved Reliability Standards `ad Serving Entity ("LSE"), and Distribution The EU OMLC Internal CojWnce Program (ICP) is supported by the City's Risk ManagemelilWComplian,Mrogram referred to as the Program. The ICP suppor u sof compliance framework presented in the FERC's October 2008 Policy State ompliance. • Role of senior management in fostering compliance; • Effective preventive measures to ensure compliance; • Prompt detection, cessation, and reporting of violations; and • Remediation efforts Attachment B Page 24 of 42 • Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 This ICP provides the framework to support compliance with the FERC reporting requirements and NERC and WECC Reliability Standards. Attachment B Page 25 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 23 NERC/WECC Compliance Program Structure 24 The EUD'sICP is a rigorous, established and formal program. The EUD strives to achieve a high level of business and personal ethical standards, as well as compliance with the laws and regulations that apply to its business. . The EUD ICP is managed at a high level and p continuously monitor, evaluate, update, andA To effectively and efficiently manage the co nce centralized compliance management system € system the EUD has identified and documente requirement. In order to continuously be audit and supporting documentation have been identi d are used in the compliance system that i rates accuracy and timeliness. The NERC C m and WECC for updates and guidance uding Application Notices, and best practi uidanc The ICP is continuously eval Compliance Administratq& re in place to UD has implemented a Point. Within the ply with each r vidence, uous Forms ;ure completeness, nuously monitors NERC `Compliance or and the NERC rall City Riskl�anagement and Compliance Program, j ected by the Compliance Officer. Attachment B Page 26 of 42 • Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 NERC/WECC Compliance Program Oversight Structure. 4 4 4 r q I II I II I II I I 4 I II I II I II I II II 4 ,,gin The NERC Compliance A, Operatio intende func ' ni th19 Com 'RC ComplianIth m and assign ss to addr Administrator. provide s on complia The NERC Matter Experts requirements, sub operational and busi 4 4 4 4 4 works directly with the Electric ility for performing reliability the Compliance Officer. is nsible for performance of the NERC compliance ility t ess compliance concerns as well as monitoring ncerns. y act as a business partner to the NERC also attend annual cross departmental team meetings to nd standards developmental activities. Fupported by the NERC Compliance Director and Subject > the effort to ensure that all Reliability Standards, nts and the appropriate controls are clearly reflected in processes. SMEs work directly with the NERC Compliance Director and have direct responsibilities for performing reliability functions. The NERC Compliance Administrator assists directly with the SMEs to provide compliance expertise. 25 Independent Access to Executives Attachment B Page 27 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 The NERC Compliance Administrator monitors and reports the department's compliance status with the NERC and WECC Reliability Standards to the Compliance Officer and the ROC. The NERC Compliance Administrator has access to the Compliance Officer to provide input and ask questions regarding any concerns with the compliance program. 26 Independent Management It is crucial that the Compliance Administrat of interest exist nor any other impairment ei Compliance Administrator is not responsible responsible for compliance. 27 Resources The EUD is dedicated to making the b WECC, NERC, FERC and others as par Officer is committed to use any and transparent NERC compliancgMQgrai The City Council has app requirements of this cord basis. 28 Pe p and comp D promotes cofflu Lce indicators h ives. The follow • Regul Is: perfo ivideresults and no conflict provid ed findings. The e m: the work groups ources from PG&E, krt. The Compliance robust, rigorous, and Phistration of the ICP. The fully staffed on a year-round ng measurable performance targets. Key stand performance in relation to strategic goals ance indicators are the 2012 year's NERC/WECC cked and current. The EUD ma applicable regulatory requirements that are applicable to the City and up list as the regulations change. Any significant changes to the list are forwarded the applicable supervisor for inclusion in annual training and/or email notifications if necessary. • Recommended improvements are acted on. Following a mock audit or through other means, the EUD considers and acts on recommendations for improvement within 90 days of any accepted recommendations. Attachment B Page 28 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 • Mitigation plans are timely. The EUD determines appropriate mitigation plans for applicable violations. • Operates with no NERC regulatory violations. The EUD strives for full compliance with no violations occurring. • Respond to all NERC Alerts timely. The EUD reviews, determines response timely action on alerts that are determi • Provide timely training. 29 Outreach The EUD's outreach focuses on a comm good relationship with PG&E, WECC, promoting meaningful training/edu assistance. The following describes • Communications - O in order to prom regulatory requir t and ails, Iia provides peri raining and Educ • Alerts — NERC , • Pa ion in the 5 improve 11 C to imp L nd pring the ' The EUD will take se by the City. . The City maintains a mmunications, Pg compliance reach program: !lbns staff a ained on NERC related activities nual aware of the p tance of compliance with the Electric or, Electric Operations RC Com plian nistrator sends out compliance tes, compliance clarifications, compliance notices and I orts. rovided as described in section 339. are communicated to all appropriate staff. ards, Policy, and WECC Criteria Development Drafting The City i U to improving reliability of the electric system. We participate in the draftin cess of Standards, policies and WECC Criteria by providing comments, assisting drafting teams, and voting. • Users Groups/Conferences/Webinars - The NERC Compliance Administrator and other City staff attend and participate in regional and national events, conferences, and trainings to help ensure the company maintains awareness of emerging or changing regulations and to learn and share best -compliance practices. The City is Attachment B Page 29 of 42 II Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 able to stay up-to-date on new and pending developments as they relate to the Reliability Standards by attending industry related seminars, as well as regional sponsored training. Meeting topics are summarized and reviewed by the Electric Utility Director, Electric Operations Superintendent, Departmental Management, SMEs and other key individuals. Examples of such conferences, meetings, and trainings include: o WECC compliance user grou o WECC monthly call o Critical Infrastructure Protectid�IP'�aTdar3lvW groups o Western Interconnection Complia�um (WICF) o NERC and FERC Sponsored ConferrWce�Training Rule Making Proceed Committees and The City employs the NERC Complia1W Adminningi orNFCC, NERC, and FERC committee activities as well sous standmittees. The City assigns SMEs to provide input to va standards s through the NERC Compliance Administrat personnel i tivities provide information jOnc NERC nce Adminis a NERC Compliance Director. r chap gulatory requi entthe NERC Compliance Director tes with t ted p el to ensure that: 1) the new regulatory ments are and and esses and procedures are developed to help Attachment B Page 30 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 30 Requirements Identification The City is registered with NERC as an LSE, and DP. It is interconnected to the PG&E transmission system, who is the Transmission Owner and Transmission Planner. The City is within the CAISO Balancing Authority and Planning Authority. PG&E and the CAISO share responsibilities through a Coordinated Function Registr 'on Agr ement as the Transmission Operator of the facilities that injdjftnne C The Regional Reliability Organization overt Organization. The City develops its processes to comply with these organizations as it relates to compliance The NERC Standards Requirements that are applicable' compliance website under the "FERC Agmillbatanda http://compliance.lodielectric.com 31 NERC/WECC Standards Req The City maintains a list applicabCity ar are dent becorf licable supe onal Reliability City are Ii ker: d procedures of e City cable NERC/ C Sta ds requirements that are this list as ti s change. New updates to the list s to the list ar compliance within 30 days of the ignificant changes are automatically forwarded to ;lust nnual training and/or email notifications if TheERC Compliance inistrator performs the process of updating all versions of the I R ved Reliabilit ndards as new Standards are revised. The procedure for this proces gntained NERC Compliance Administrator and is called "Updating the FERC Appr elia tandards List." 32 Procedures and nts The City maintains the following compliance related procedures that are available to all staff at http://compliance.lodielectric.com • Communication and Emergency Response • Event Analysis • Facility Coordination Attachment B Page 31 of 42 II Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 • Model Data Submittal • Protection System Testing Maintenance and Validation • Risk Based Assessment Methodology • Sabotage Recognition and Incident Reporting • NERC Alert Response • Updating the FERC Approved Reliabil' dar The following compliance related reporting s, lists, on http://compliance.lodielectric.com: • Risk Management and Compliance Progr o Attachment B: ICP • FERC Approved Standards • Risk Based Assessment Meth gy Fo • Processes • Evidence Document • Compliance Tas 'Ca I I Log Substation Main otage Reportin lidation Fo and logs are available • Miso n Log • Data Sub unications • Facility Modifi ions Documents 33 Compliance Training The City continually develops processes, procedures, and controls to help prevent the occurrence of regulatory violations. In addition, they encourage staff to participate in compliance related training and educational opportunities. Attachment B Page 32 of 42 s Electric Utility Department- NERC/WECC ployees an -term This training provides general info r Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Sabotage Recognition ident Res EW employees and long-term • New Orientation All new employees are sufficiently trained to perform compliance related activity, including affected contractors and vendors, prior to them performing any compliance related duties. • Annual Training Annual training will be provided to all table below. Documentation of the L completion certificates, and other rel Training log by employee. Controls al upcoming training refreshers by empl scribed in the ng materials, ntained in the nders for Attachment B Page 33 of 42 Overview Awareness ployees an -term This training provides general info r con rs that are responsible for NERC, FERC, and WECC requireme ecent NERC ance or could be an expected changes, and internal c liance nterface RC or WECC.. program changes. Sabotage Recognition ident Res EW employees and long-term This trai escribes ologies for tractors. Note: Any EUD ide resp to sabotage, ployee or long-term contractor ening rec suppo Sabotage who does not receive this training ognition and Inc espon cedure. shall be made aware of who to contact, who has received the training, to report a potential sabotage event. Event A SMEs responsible for maintenance This trainin ibes alysis, actions, and and incident reporting. reporting requi all events. The training describes lectric System Disturbances, Protection System Misoperations, and Vegetation interruptions. Communication and Emergency Response SMEs responsible for receiving This training describes required protocol for verbal communications from the verbal communications when receiving directives Transmission Operator, Balancing Attachment B Page 33 of 42 s 111. !.. Electric Utility Department- NERC/WECC A NERC/WECC risk assessment is con ually or as n 2. Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 3. The NERC Compli irector an NER liance Administrator conduct or when providing emergency assistance. Authority, or Reliability Coordinator. 34 Risk Assessment A risk assessment is conducted annually to identify and quantify internal and external risks of non-compliance to the Regulatory Standards. The risk inventory is identified through employee surveys, past experience within the EUD, industry announcements and forums, and other agencies shared experiences. Resource decis' s for dressing risks are determined based on the score. High risk ite ad y's overall risk inventory. The following describes the organizations m fore t sk assessment. 4 -. 111. !.. 1. A NERC/WECC risk assessment is con ually or as n 2. The electric department surve taff each identify areas for improvement in the proced cesses. In on, staff is encouraged to make suggestions to all cies, p res and p es at any time during the year. 3. The NERC Compli irector an NER liance Administrator conduct risk assessme Ings as nece y and the minutes/agendas. 4. Ilowing a tified as part ssessment: for vi s • iolati factors • Vio Severit els • Perio erformance related Requirements that have a higher proba of occurrence. We ses where additional self -audits or controls should be 5. The CompMWe Administrator calculates a risk score after applying the assessment and utilizes it to evaluate areas for additional controls. Several high risk processes have automated controls in place to ensure completeness, accuracy and timeliness. 35 Controls and Program Monitoring Attachment B Page 34 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 The electric department continuously manages regulatory compliance risk through (1) monitoring programs and continuously updating policies, procedures, (2) annual self - assessments and audits, and (3) hard coded controls. Hard controls include automated due date calendared reminders, forms with mandatory fields for collecting evidence. These hard and soft controls are part of a control environment that will help prevent the occurrence and, especially, the reoccurrence of violations. 35.1 Compliance Monitoring 35.2 The Compliance Administrator, who may be changes that impact the Program. The EUD regulatory requirement. The process state are regularly modified when impacted by indust opportunities for efficiency and effectiveness. G each regulatory standard in the online complian In addition the City encourages its opportunities. Each NERC and WECC Reliability Staiwrd appli monitored on an ongoing ba 'his monito knowledge of standard requ 'this perfo performing an annual in udit (self -au instance tial non liance. The on r hat co t of this mon nt, will monitor industry �sses that address each , and on-line forms nd educational e City wlWe continually ludes maintaining a thorough 7ing iews to confirm compliance, management of any der or implement changes based audit is conducted for compliance with all ng areas of concern are addressed in the self - Attachment B Page 35 of 42 s A self -audit allows you to find potential red -flag issues and allows time to Electric Utility Department- NERC/WECC understand the issue prior to review with the regulator. 5. Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Submittals mai ance staff and escalation messages to management. 4. A self -audit allows you to find potential red -flag issues and allows time to M nce understand the issue prior to review with the regulator. 5. The self -audit provides a focus on areas of high risk. 6. Prompt self -reporting is initiated. Self -reporting may result in lower fines and indicate a mature compliance program that could mitigate future penalties. All audits are shared with the applicable City sta 35.3 Hard Controls Hard control include mandatory fields used to reminders, automatic escalation reminders, se Administrator reviews. Automated controls are in place to ens have required fields to ensure compl deadlines and deliverables are met pro; reminders also, associated wit Mic oft ft and related deadlines are cr for specifi party. The Compliance trator is ablo needed. Examples of ha d controls in uesting it. tion, automatic eliness. SharePoint logs ompliance-related t es automated ie u of this system, tasks assigned to a responsible atus and take action, if Prot To en ompleteness, Maintenance system forms have M nce that do not allow the maintenance personnel to ing Systeme ntil complete. time11W, workflows send reminder messages to \maince staff and escalation messages to management. Model D To e timeliness, workflows send reminder messages to Submittals mai ance staff and escalation messages to management. Event Analysis nts are logged. ensure proper reporting, controls are in place to ensure identify when under frequency load shedding (UFLS) event occurred, equipment miss -operation, or a Bulk Electric System Disturbance occurred. The controls provide instructions for proper reporting. Automatic email reporting is sent. Attachment B Page 36 of 42 s To ensure timely reporting, controls are in place to send reminders Electric Utility Department- NERC/WECC for timely investigation and reporting of UFLS Events, miss - Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Training To ensure timely repo con ace to monitor training 36 Self -Reporting 36.1 Discovery of Potentia The City's is committed to compliance activities from potentialvioI t' re det impleme .. Detecting and is Complia • C y Personnel • Annu nal Au 36.2 Responding to a ng Potential Violations n the ICP to prevent non- nediately. To ensure that manner, the City has Once potential non-compITIMce is discovered, the issue is reviewed and investigated with the assistance of applicable parties, a final determination as to whether a violation or not exists is made by the ROC. Once determined appropriate action is taken, including self -reporting or other remedial actions. The City's process for responding to, investigating and reporting potential violations includes the following steps. Attachment B Page 37 of 42 To ensure timely reporting, controls are in place to send reminders for timely investigation and reporting of UFLS Events, miss - operations, and Bulk Electric System Disturbances. Procedure Approvals To ensure timely review and approval, controls are in place to ensure reminders are sent to review and escalated if review and approval is not timely. Training To ensure timely repo con ace to monitor training and retraining dates send remi nd escalation reminders. Critical To ensure timely revi ntr i to send automatic Infrastructure reminders when the re City's a assets is due. Protection Review 36 Self -Reporting 36.1 Discovery of Potentia The City's is committed to compliance activities from potentialvioI t' re det impleme .. Detecting and is Complia • C y Personnel • Annu nal Au 36.2 Responding to a ng Potential Violations n the ICP to prevent non- nediately. To ensure that manner, the City has Once potential non-compITIMce is discovered, the issue is reviewed and investigated with the assistance of applicable parties, a final determination as to whether a violation or not exists is made by the ROC. Once determined appropriate action is taken, including self -reporting or other remedial actions. The City's process for responding to, investigating and reporting potential violations includes the following steps. Attachment B Page 37 of 42 II Electric Utility Department- NERC/WECC 1. Internal Compliance Program discussed with the Compliance Officer and the NERC Compliance Director. Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 recommendations. 4 Step Description 1. Potential violations of regulatory requirements are communicated and discussed with the Compliance Officer and the NERC Compliance Director. 2. The NERC Compliance Director and the NERC Compliance Administrator leads an investigation with the SMEs and owners. The NERC Compliance Administrator will provide a report to the Co iance fficer with recommendations. 3. The Compliance Officer will subm a report t C for determining if a violation has occurred and require rep o plicable regulatory agencies. 4. For instances where the NERC Compli inistrator an pliance Director believes a potential violations exist ere process ents are needed, the office leads t tigation t ocument a description of the potential violation (2) d root caus determine steps being taken to prevent similar i nts fro curring ( ment a mitigation plan. AdL 5. The NERC Compli ministra itiates orting of the potential violation to th able regulat genci ecessary. -Report an be found Compliance Web Portal at: l.wec . d is reporte ugh WebCDMS. The submi If -Rep d mitigation plan is also stored on the compliance system for in trackin It is the WECC co nce s atTbligation to submit all alleged non-compliance rmation to NE accordance with the NERC Compliance Monitoring and ement Pro (CMEP) and WECC internal enforcement guidelines. 37 Remediating and Repeat Violations To ensure that violations are remediated and prevented from recurring, the City EUD is implementing the following measures: 1. 1 The risk assessment is updated and reviewed to determine any other potential risks associated with the identified activity. Attachment B Page 38 of 42 s All related processes, procedures, controls, and training programs are reviewed to ensure clarity. Updates are provided where necessary. Electric Utility Department- NERC/WECC The mitigation plan is logged, tracked and verified to ensure remediation items Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 2. FERC). 2. All related processes, procedures, controls, and training programs are reviewed to ensure clarity. Updates are provided where necessary. 3. The mitigation plan is logged, tracked and verified to ensure remediation items are completed timely. 4. The NERC Compliance Administrator will provide additional data or information requested by the regulatory authority and wi rovide 'mely updates on the status of the remediation plan to tbAMKulat8jjhktjj& (WECC, NERC, or 2. FERC). 38 Self -Certification 4 -. 1- 1. WECC will post Self-Certificatio eriodic da ection forms on the OATI WECC webCDMS at least sixty (60 the sub eriod, but the City cannot submit forms until the su al per begun. 6 of the WECC Web Portal User Guide provid formati ning the -Certification submittal process. 2. The NERC Co i Administra ill per formal review of all actively monitored Sta prior to eac I ertification to ensure compliance. A ort wi ovided to the ce Officer for review and approval. During al se ication time line and after receiving approval from the Compliance r, the ompliance Administrator will self -certify compliance with the Relia tandar 4. ECC will accept Certification forms only during the submittal period. Failure to it the forms to the end of the submittal period will result in non - c nce. The C Compliance Staff are to review Self -Certification submittals to 'ne a bility, and may request additional information if necessary. 5. Semi -an -Certifications are required for the CIP-002 through CIP-009 NERC Reliability dards, and are not part of the annual Self -Certification process for all other Reliability Standards. Semi-annual Self -Certification forms will be posted on the WECC Compliance Web Portal at least thirty (30) days prior to the submittal period. Semi-annual Self -Certifications must be received by WECC from the City on January 15th and July 15th according to the CIP implementation schedule. The "Guidance for Enforcement of CIP Standards" document can be found on the NERC Website at: Attachment B Page 39 of 42 II Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 http://www.nerc.com/files/Guidance on CIP Standards.pdf. The "Implementation Plan for Cyber Security Standards for CIP-002 — CIP-009" can also be found on the NERC Website at: http://www.nerc.com/fileUploads/File/Standards/Revised Implementation Plan Cl P-002-009.pdf. Adft� _ 'A& 39 Document Retention Policy , Unless otherwise specified hear on, all major rE demonstrating implementation of the ICP shou after a NERC/WECC off-site audit, whichever is retention period is 7 years. Provide docu < within 30 calendar days. 40 Storage All documents are stored in 41 Compliance System 1 The is u� tr he ICP an ni ation are as fo 1. g on to the co compliarn Co he ElaJ on to this ICPidence %tained for or L ximum r maximum NERC upon tl year eir request '/compliance.lodielectric.com. itor and traZlMe NERC Compliance Program and for ,implemented. Instructions to access this nce system at: Fdielectric.comEnter your user name and password. Operations Superintendent if you do not have access. Attachment B Page 40 of 42 • Electric Utility Department- NERC/WECC 2. Internal Compliance Program NERC Cornpiance Program r Intemal Compiance Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Staltnn DFaW&tgs -. Action 2. Select Internal Compliance Program NERC Cornpiance Program r Intemal Compiance rb,nne Prooedwes 0 Type Name Staltnn DFaW&tgs cill Compliance Assess Risk Farms Ed Compliance Communication Cad Log 12 Compliance Metric lid Compliance Organization Dawrtents &lists Ed ICP Assessment C'.alandar Contacts ca Implement, Promote, and Enforce Evid_ hre Ed Leadership and Corporate Culture FERC Approved 12 out Reach Standards f Add document Pnoc RequireFFKz t to Process lfisopera6on Quarterly Report l3errtal comPianCe Add additional i ation to a ICP evidence files by clicking the "Add c cumbutt Attachment B Page 41 of 42 • Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 42 References FERC Revised Policy Statement on Enforcement, (May 15, 2008) NERC Compliance Monitoring and Enforcement Program , WECC, (2010) WECC CMEP — Self -Reporting Form, (April 13, 2009, Version 1) 43 Revision History 44 Responsible Senior Manager or Delegate An authorized individual must sign and date this Program. By doing so, this individual, on information submitted herein is accur 1 This certifies that I am the Compl 2 1 am an officer authorized n 3 1 have read and am famiIi h submitted herein. _ 4 1 u (Feb. 9, 2011) i, certifies that the the City of Lodi. id any related documents may request more information rmation provided in this document is correct. Approval Page Page 42 of 42 RESOLUTION NO. 2012-34 A RESOLUTION OF THE LODI CITY COUNCIL RESCINDING RESOLUTION NO. 2011-06, AND FURTHERAPPROVING THE CITY OF LODI RISK MANAGEMENTAND COMPLIANCE PROGRAM NOW, THEREFORE, BE IT RESOLVED that the Lodi City Council does hereby rescind Resolution No. 2011-06, and further approves the City of Lodi Risk Management and Compliance Program, as shown on Exhibit A attached hereto and made a part of this Resolution. Dated: April 4, 2012 hereby certify that Resolution No. 2012-34 was passed and adopted by the City Council of the City of Lodi in a regular meeting held April 4, 2012, by the following vote: AYES: COUNCIL MEMBERS — Hansen, Johnson, and Mayor Mounce NOES: COUNCIL MEMBERS — None ABSENT: COUNCIL MEMBERS — Katzakian and Nakanishi ABSTAIN: COUNCIL MEMBERS — None Vf )� RANDI JOHL City Clerk 2012-34 il F City of Lodi Risk Compliance Program Version Rev. Date:- t �, � Dacurnn Annual Approval: 1.0 3/22/2012 4 Goal................................................................................................................................ 5 Table of Contents 1 Purpose.......................................................................................................................... 4 2 Scope............................................................................................................................. 4 3 Mission Statement/Statement of Commitment............................................................... 4 4 Goal................................................................................................................................ 5 5 Organizational Structure and Chart ................................................................................. 5 6 Leadership Support......................................................................................................... 6 7 Energy Risk Management Policies("ERMP").................................................................... 6 7.1 Scope of the Risk Management Policies........................................................................ 6 7.2 Program Objectives....................................................................................................... 6 7.3 Program Strategies........................................................................................................ 6 7.4 Risk Inventory ................................................................................................................ 6 8 Transaction Limits and Controls...................................................................................... 6 8.1 Regulatory Compliance.................................................................................................. 6 8.2 Indirect Purchases(NCPA)............................................................................................. 6 8.3 Direct Purchases............................................................................................................ 6 8.4 All Purchases: ................................................................................................................. 6 8.5 Prohibited and Authorized Transaction Types.............................................................. 6 8.5.1 Prohibited Transaction Types: .................................................................................... 6 8.5.2 Authorized Transaction Types: ................................................................................... 6 9 Resources....................................................................................................................... 6 10 Employee Incentives....................................................................................................... 6 11 Compliance Enforcement................................................................................................ 6 12 Reporting....................................................................................................................... 6 13 Compliance Communications.......................................................................................... 6 14 Lessons Learned............................................................................................................. 6 14.1 Compliance Communications Protection for Whistleblowers ...................................... 6 15 Program Review/Evaluation/Modification/Distribution.................................................. 6 16 Risk Oversight Committee............................................................................................... 6 17 Electric Utility Director (NERC Compliance Officer)......................................................... 6 City of Lodi Risk Management and Compliance Program Page 1 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: 1.0 3/22/2012 Un t r err{ Anwal Approval: 18 Electric Operations Superintendent (NERC Compliance Director) ..................................... 19 As assigned or contracted (NERC Compliance Administrator) .......................................... 20 Subject Matter Experts (SMEs) ........................................................................................ 21 All Employees................................................................................................................. 22 Background.................................................................................................................... 23 NERC/WECC Compliance Program Structure.................................................................... 24 NERC/WECC Compliance Program Oversight................................................................... 25 IndependentAeoessto Executives................................................................................... 26 Independent Management............................................................................................. 27 Resources....................................................................................................................... 28 PerformanceTargets....................................................................................................... 29 Outreach........................................................................................................................ 30 Requirements Identification........................................................................................... 31 NERC/WECC Standards Requirements tracked and current ............................................ 32 Proceduresand Other Documents................................................................................... 33 Compliance Training....................................................................................................... 34 Risk Assessment............................................................................................................. 35 Controlsand Program Monitoring................................................................................... 35.1 Compliance Monitoring................................................................................................. 35.2 Self-Audit....................................................................................................................... 35.3 Hard Controls................................................................................................................. 36 Self-Reporting................................................................................................................. 36.1 Discoveryof Potential RegulatoryViolations — Review Process ................................... 36.2 Respondingto and Reporting Potential Violations....................................................... 37 Remediating and Preventing Repeat Violations............................................................... 38 Self-Certification............................................................................................................. 39 Document Retention Policy............................................................................................. 40 Storage........................................................................................................................... 41 Compliance System......................................................................................................... 42 References...................................................................................................................... 43 Revision History .............................................................................................................. 44 Responsible Senior Manager or Delegate........................................................................ City of Lodi Risk Management and Compliance Program Page 2 of 42 C 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 `- City of Lodi Risk Management and ' Compliance Program Version Rev. Date: Document; Annual Approval: 1.0 3/22/2012 City ofLodi Risk Management and Compliance Program Page 3 of 42 1 2 3 Version 1.0 Purpose Rev. Date: 3/22/2012 City of Lodi Risk Management and Docurneht° Compliance Program Annual Approval: The purpose of this Risk Management and Compliance Program ("Program") is to foster a culture of compliance and control for the City of Lodi ("City") Electric Utility Department ("EUD"). The Program expects a high level of complianceto regulations, laws, and the City's agreements, policies and procedure while managing risks on a routine basis. The Program is laid out to control the organization's activities so that controlling risk and compliance are part of the City's infrastructure. This Program outlines the City's internal control foundation, providing discipline and structure to guide compliance with regulations, laws, and the City's agreements, procedures and policies. It includes a cross—section of knowledgeable and skilled employees who are responsible to oversee, communicate, track, document, and monitor compliance and risk management and share the resultswith management and the City Council. The Program applies to all the City's employees, contractors, and vendor personnel responsiblefor complying with regulations and the City's policies and procedures. It i s made readily available to all employees. Mission Statement/Statement of Commitment The City's compliance mission is to create a superior and effective program to manage risk and compliance which implements best electric utility practices and encourages a culture of compliance and control throughout the EUD. The City implementsall opportunities to build compliance and controls into every business practice and to continuously improve its program to be robust, rigorous and transparent. The City is committed to complying with all applicable laws and regulations. In addition, the City is committed to prudent risk management and compliance awareness and continuous improvement of processes and procedures. This commitment allows the City to develop and maintain an organizational culture that supports staff in meetingthese concerns through education/training, ethical conduct, decision making, and a culture of transparency. City of Lodi Risk Management and Compliance Program Page 4 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: Doc 1.0 3/22/2012 ume'nfi; Annual Approval: 4 Goal The goal of this Program is to create a culture of compliance and control within the daily activities that is characterized by clear communication, consistent documentation and implementation of the following practices: 5 Organizational Structure and Chart City of Lodi Risk Management and Compliance Program Page 5 of 42 Description Step 1. Creating a culture of accountability. 2. Adopting reporting procedures to party's manager, the Risk Oversight Committee (ROC) and the City Council. 3. Identifying and communicating specific concerns and opportunities for improvement. 4,. Reviewing and developing goals that ensure a strong corporate commitment to compliance and control. 5. Conducting regulartraining and awareness programs. 6. Assessing the Programs for adequacy and providing recommendationsto address planning, auditing and budget issues. 7.. Using appropriate communication among all parties involved with the Program. 8.. Identifying and assigning responsibilities to the key individuals who are accountablefor applicable portions of the Program. 9. Providing a documentation framework that supports compliance, and includes clear processes; policies, and procedures. 10. Creating a culture of continuous improvement through regular assessments and corrections. These assessments may be self—assessments, internal audits, and independent third—party assessments. 11. Adhering to approved regulatory requirements. 12. Cooperatingwith regulatory agencies. 13. Promptly assessing and reportingof potential violations to regulatory agencies, if required. 5 Organizational Structure and Chart City of Lodi Risk Management and Compliance Program Page 5 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: Version Rev. Date: Document:; Annual Approval: The Program is overseen by the ROC which is comprised of the City Council member who serves as a Northern California PowerAgency ("NCPA") commissioner or alternate, the City Manager, Deputy City Manager, City Attorney and the Electric Utility Director; or in the case of their absence, their designees. The City Managershall appointthe chair of the ROC. Additional non-voting members may be invited to participate on the ROC based on supporting expertise required by the ROC. The ROC shall meet three to six months, or as otherwise called to order by the City Manageror City Council. The ROC shall keep minutesof all meetings and business transacted and shall appoint one of its members, or that member's designee, to perform thistask. A quorum for the ROCto do business shall consist of all members or their designees. The ROC shall request attendance at its meetings by, and/or reports from, other persons as appropriate. Risfc�vers"igfif Cbmmiitee City Council The City Council is responsiblefor making high-level, broad policy and strategy statements as contained in this document. The City Council sets the policy, and adopts the Program as developed and recommended by the ROC and delegates the City Managerto execute it. The City Council will review the Program every year. Additionally, the City Council will receive reports every three to six months from the City Manager regarding risk management activities. . The City Council reviews the Program updates on a regular basis and provides direction and additional support, as needed. City of Lodi Risk Management and Compliance Program Page 6 o f42 I k b t I F I I; I I t L'• I I I: I 4 h I: a I t Risfc�vers"igfif Cbmmiitee City Council The City Council is responsiblefor making high-level, broad policy and strategy statements as contained in this document. The City Council sets the policy, and adopts the Program as developed and recommended by the ROC and delegates the City Managerto execute it. The City Council will review the Program every year. Additionally, the City Council will receive reports every three to six months from the City Manager regarding risk management activities. . The City Council reviews the Program updates on a regular basis and provides direction and additional support, as needed. City of Lodi Risk Management and Compliance Program Page 6 o f42 • City of Lodi Risk Management and Compliance Program Version Rev. Date: 1.0 3/22/2012 pocument,' Annua I Approval: Risk Oversight Committee The ROC shall have the responsibility for ensuringthat business is conducted in accordance with the Energy Risk Management Policies in Section 7. The ROC shall adopt and bring current risk management business practices, defining in detail the internal controls, strategies and processes for managing risks associated with the adoption of those business practices; including but not limited to a Laddering Strategy. As used hereinthe term Laddering Strategy shall mean an objective and graduated program to secure varying percentages of the City's projected future power needs at any given point in time. Determinationof regulatory non-compliance and direction to self-report such non- compliant activities shall be made by the ROC. The ROC shall recommend to the City Council the categories of transactions permitted and set risk limits for those transactions. City Manager The City Manager has overall responsibility for executing and ensuring compliance with policy adopted by the City Council. The City Manager shall make regular reports to the City Council regarding business transacted by the ROC at such intervals and/or upon such occasions as the City Council shall direct. Reports shall be provided every three to six months to the City Council regarding energy risk management activities. Electric Utility Director- Compliance Officer The Electric Utility Director is the utility's Executive Officer. acts as the Compliance Officer for the EUD, and is a voting member of the ROC. The Electric Utility Director has access to the City Council through the City Manager, This ensures communication of compliance concerns to the highest levels within the organization. Records of communication and reporting between the City Council and the City Manager are stored for at least 48 months. Electric Utility Department The EUD shall participate on the ROC through the Electric Utility Director. The Electric Utility Director shall provide load forecast information and coordinatethe receipt and dissemination of relevant market and transactional information undertaken on the City's behalf through NCPA Finance Department The Finance Department shall participate on the RCC through the Deputy City Manager and provide accounting and cash flow information to the ROC. Legal Department City of Lodi Risk Management and Compliance Program Page 7 of 42 City of Lodi Risk Managementand Compliance Program Version Rev. Date: 1.( 3/22/2012 Annual Aooroval: The Legal Departmentshall participate on the FCC through the City Attorney and provide legal advice and representation and ensure that business is carried out in compliancewith a I I applicable laws, regulations executive orders and court orders. Specific responsibilitiesfor some positions are further described in Attachment A 6 Leadership Support This Program, as approved by the City Council, has the support and participation of all senior management. Senior management reviews related reports, participatesin meetings, and communicatesto employees about their commitment to compliance formally and informally. During ROC meetings, status updates are provided, any instances of potential non-com plianceare discussed and support is provided. ROC meeting minutes and agendas are stored for at least 48 months. 7 Energy Risk Management Policies ("ERMP") The purpose of the Program and EMAP is to ensure that risks associated with the City's bulk power procurement is properly identified, measured and controlled. The ROC manages the Program. The ROC meets everythree to six months, or as otherwise called to order bythe City Manager or City Council. The ROC keeps minutes of all meetings and transacted business and appoints one of its members, or that member's designee, to perform this task. A quorum for the ROC to do business consists of all members or their designees. The ROC requests attendance at its meetingsby, and/or reportsfrom, other personsas appropriate. The City Manager makes regular reports to the City Council regarding business transacted by the ROC at such intervals and/or upon such occasions as the City Council directs. 7.1 Scope of the Risk Management Policies The risk management policies are applied to all aspects of the City's wholesale procurementand sales activities, long-term contracting associated with energysupplies, includinggenerator fuel, capital projectsand associated financing related to generation, transmission, transportation, storage, Renewable Energy Credits ("REC"), Green House Gas ("GHG") offsets, Resource Adequacy ("RA") capacity, ancillary services and participation in Joint Powers Agencies ("JPA") and regulatory compliance as set forth in exhibit B to this policy. This Program does not address the following types of general business risk, which are treated separately in other official policies, ordinances, and regulations ofthe City: fire, City of Lodi Risk Management and Compliance Program Page 8 of 42 accident and casualty, health, safety; workers compensation and other such typically insurable perils. 7.2 Program Objectives 1_ Maintain a regularly updated inventory of risks that could impact rates and security of the City's bulk power procurement program. 2. Establish risk metrics and reporting mechanismsthat provide both quantitative and qualitative assessments of potential impacts to rate stability. 3. Adopt business practices that encourage compliance, development of appropriate levels of operating reserve funds, contribute to retail rate stability and maintain appropriate securityfor established funds. 4. Minimizethe City's electric utility rates. 7.3 Program Strategies 1_ Identify, measure, and control risks that could have an adverse effect on retail rate stability. 2. Assign risk management responsibilities to appropriately qualified individuals and committees for each of these risks. 7.4 Risk Inventory The EUD must inventory and address the following categories of risk as a component of the monitoring and reporting underthe risk management program: • Price Risk • Volume Risk • Credit Risk • Operational Risk • Contingent Liabilities Price Risk— Price risk is the risk associated with the change of power costs and can be segmented into two categories: 1_ Wholesale prices may increase while positions are still open. 2. Wholesale prices may decrease after positions are closed. Volume Risk—Volume risk is the risk that demand for power will either fall below or exceed then existing contracted power supplies. City of Lodi Risk Management and Compliance Program Page 9 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 accident and casualty, health, safety; workers compensation and other such typically insurable perils. 7.2 Program Objectives 1_ Maintain a regularly updated inventory of risks that could impact rates and security of the City's bulk power procurement program. 2. Establish risk metrics and reporting mechanismsthat provide both quantitative and qualitative assessments of potential impacts to rate stability. 3. Adopt business practices that encourage compliance, development of appropriate levels of operating reserve funds, contribute to retail rate stability and maintain appropriate securityfor established funds. 4. Minimizethe City's electric utility rates. 7.3 Program Strategies 1_ Identify, measure, and control risks that could have an adverse effect on retail rate stability. 2. Assign risk management responsibilities to appropriately qualified individuals and committees for each of these risks. 7.4 Risk Inventory The EUD must inventory and address the following categories of risk as a component of the monitoring and reporting underthe risk management program: • Price Risk • Volume Risk • Credit Risk • Operational Risk • Contingent Liabilities Price Risk— Price risk is the risk associated with the change of power costs and can be segmented into two categories: 1_ Wholesale prices may increase while positions are still open. 2. Wholesale prices may decrease after positions are closed. Volume Risk—Volume risk is the risk that demand for power will either fall below or exceed then existing contracted power supplies. City of Lodi Risk Management and Compliance Program Page 9 of 42 Version Rev. Date: 1.( 3/22/2012 City of Lodi Risk Management and Document: Compliance Program Ann ua I Ap prova I: Credit Risk— Credit risk is the risk associated with entering into any type of transaction with a counterparty, and can be segmented into the following five categories: 1_ Counterpartiesfail to take delivery of, or pay for, energy sold to them. 2. CounterpartiesfaiIto deliver contracted for energy. 3. Counterparties, refuse to extend creditor charge a premium for credit risks. 4. Counterparty transactions are too concentrated among a limited number of suppliers. 5. inability to finance capital projects or meet financial obligations incurred in the course of wholesale operations. Operational Risk — Operational risk consists of the risk to effectively planned, executed or controlled business activities. Operational risk includesthe potential for: 1. inadequate organizational infrastructure, i.e., the lack of sufficient authority to make and execute decisions, inadequate supervision, absence of internal checks and balances, incompleteand untimely planning, incomplete and untimely reporting, failure to separate incompatible functions, etc. 2. Absence, shortage or loss of key personnel. 3. Lack or failure of facilities, equipment, systems and tools such as computers, software, communications links and data services. 4. Exposureto litigation, fines, or sanctions as a result of violating laws and regulations, not meeting contractual obligations, failure to address legal issues and/or receive competent legal advice, not drafting contracts effectively, etc. Exposure includesthe fines and litigation associated with the North American Electric Reliability Corporation ("NERC") and/or `Western Electricity Coordinating Council ("WECC") and environmenta I compl iance violations. 5. Errors or omissions in the conduct of business, includingfailure to execute transactions, violations of guidelines and directives, etc. Contingent Liabilities—Contingent liabilities consist of liabilities that the City could incur in the event of the failure of other partiesto discharge their obligations. At present, these consist of three principle categories: 1. Guarantees and step up provisions in the enabling agreements for the JPAs of which the City is a member. City of Lodi Risk Management and Compliance Program Page 10 of 42 City of Lodi Risk Management and Version } .k R v. D te: ©oCtrrnnt 1.0 3p22/2�12 Compliance Program Annual Approval: 2. Project closure, decommissioning, environmental remediation and other obligations which resultfrom the City's own activities and from JPA projects and activities. 3. Provisions for take or pay, termination payments and/or margin calls in the City's long-term electric powersupply agreements. 8 Transaction Limits and Controls The EUD utilizes transaction limits and controlsto mitigate or prevent exposureto identified risks. 8.1 Regulatory Compliance Regulatory compliance controls includes both soft and hard controls. Soft controls includes self -audits, policies and procedures. Hard controls include automated due date calendared reminders, forms with mandatoryfields for collecting evidence, and self - assessments. 8.2 Indirect Purchases (NCPA) The City Managerand the Electric Utility Director are severally authorized to enter contracts for the purchase through NC:PA of electric energy, capacity, and generator fuel, transmission, transportation, storage, RECs, GHG offsets, RA capacity and ancillary services to meet the City's service obligations in amounts and for such quantities as are: 1) necessaryto meet the minimum amounts called for in ROC's Laddering Strategy; 2) consistent with this ERMP, and 3) approved by the ROC. Purchases outside the authority granted above may be authorized by specific City Council resolution. The resolution may specifythe limits of the authority delegated, includingthe maximum dollar amount of the authority and the duration of the contracts and/or transactions that may be executed. in addition, for purchases through NC PA, counterparty credit limits and minimum counterparty rating criteria shall be described in NCPAs then current "Energy Risk Management Policy', which are made a part of this document, and the most recent is attached hereto and may also be found at http://www.ncpa.com/financial- information/5.html. Moreover, the City Manager and Electric Utility Director are authorized to purchase electric energy, capacity and fuel to meet the City's share of amounts called for under NCPAs then current Energy Risk Management Policy upon approval of the ROC. Material changes to NCPAs Energy Risk Management Policy are reported to the City Council as part of the quarterly reporting underthe City's ERMP. 8.3 Direct Purchases City ofLodi Risk Management and Compliance Program Page 11 of 42 City of Lodi Risk Managementand Compliance Program t Version Rev. Date: Docament Annual Approval. - 1.0 3/22/2012 The City Manager and the Electric Utility Director are severally authorized to enter contracts for the direct purchase of electric energy, capacity generator fuel, transmission, transportation, storage, RECs, GHG offsets, RA capacity and Ancillary Services to meet the City's service obligations in amounts and for such quantities as are: 1)necessaryto meet the minimum amounts called for in ROC's LadderingStrategy; 2) consistent with this ERMP; and 3) approved by the ROC. Purchases outside the authority granted above may be authorized by specific City Council resolution. The resolution may specifythe limits of the authority delegated, includingthe maximum dollar amount of the authority and the duration of the contracts and/or transactions that may be executed. For contracts executed directly by the City, the City uses standardized form contracts for the such procurement, including, but not'limited to form contracts created and copyrighted by the Edison Electric Institute, the Western States Power Pool, the California Department of General Services, and the North American Energy Standards Board, unless waived by resolution of the City Council. Counterparties shall obtain and maintain during the terms of the contract, the minimum credit rating established as of the date of award of the contract of not less than a BBB -credit rating established by Standard and Poor's and a Baa3 credit rating established by Moody's investors Services, unless waived by resolution of the City Council. 8.4 All Purchases: Any City Council resolution or ROC recommendation authorizing the City Manageror Electric Utility Director to contract for electricity shall specify generally at least the following terms and conditions and the description of energy and energy servicesto be procured, including, but not limited to, a fixed or formula price, energy and ancillary services to be included; term, specifying a not -to -exceed period of time; period of delivery denoted in years or months and whether deliveries are on -peak or off-peak; and the point of delivery on the locus on the interstate transmission system on which the delivery is made. Any City Council resolution or ROC recommendation authorizing the City Manager or Electric Utility Director to contract for generator fuel shall specify generally at least the following terms and conditions; quantity and the description of fuel services to be procured, including but not limited to scheduledfuel and fuel transportation services, specifying a not -to -exceed period of time; period of delivery denoted in years or months or years and months; and point of delivery of the locus on the interstate transportation system at which the transfer of title is made. All procurement of electricity and generator fuel by contract shall conform to the requirements of the ERMP. Citv of Lodi Risk Management and Compliance Program Page 12 of 42 Version Rev. Date: 1.0 1 3/22/2012 City of Lodi Risk Management and Compliance Program Documen# Annual Approval: 8.5 Prohibited and Authorized Transaction Types 8.5.1 Prohibited Transaction Types: Speculative buying and selling of energy products is prohibited. Speculation is defined as buying energy products that are not needed for meeting forecasted obligations, selling energy products that are not owned and/or selling energy products that are not surplus without simultaneously replacing that energy product at a lower cost. In no event shall transactions be entered into to speculate on the changes in market prices. 8.5.2 Authorized Transaction Types: 1. Purchase capacity, RECs or REC types, or energy to meet the City's obligations above what is expected to be generated or purchased from owned generating facilities or contracts. 2. Sell existing capacity, RECs or REC types, or energy that is expected to be in excess of the City's obligations. 3. Purchase generator fuel that is expectedto be neededto run owned generating facilities. 4. Sell surplus generator fuel if more economic energy is availablefor purchase, becomes surplus due to load being lower than previously forecasted, or due to increased energy due to hydrological conditions. 5. Execute financial transactions to fix the price of variable commodity purchases or sales. 6. Purchase simple call options or collars to limit price exposure on short generator fuel or electricity positions. 7. Sell simple call optionsor tolling agreements on owned generating facilities that are expected to be in excess of the City's obligations. 8. Purchase or sell emission allowances, including GHG offsets, deemed necessaryto comply with regulations for owned generating facilities. 9. Purchase or sell, firm transmission rights or congestion revenue rights to manage congestion price risk. 10. A purchase/sale of energy at the California Oregon Border and an offsetting sale/purchase of energy at North Path 15 ("NP15") to take advantage of City -owned transmission capacity rights. 11. A purchase of generator fuel and a sale of energy to take advantage of excess owned generating facilities. City of Lodi Risk Management and Compliance Program Page 13 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: Annual Approval: 1.0 3/22/2012 DocrSmerit 12. A sale of generator fuel and a purchase of electricity to take advantage of market heat rate. 13. Exercise costless collars. 9 Resources The City is dedicated to makingthe best use of all appropriate resourcesfrom all applicable entities as part of the Program. The City is committed to addressing all areas of high risk through the use of its own resourcesto improve its robust, rigorous and transparent Program. The City Council has approved sufficient funding for the administration of the Program. The requirements of this Program are budgeted and fully staffed on a year-round basis. 10 Employee Incentives Personal Performance Regulatory compliance is incorporated into applicable employee personal performance assessments. Employees are recognized by their management and among their peers for identifying opportunities for improving the Program. 11 Compliance Enforcement Compliance exceptions are actions, which violate the authority limits, requirements or directives set forth in the ERMP. All exceptions shall be reported immediately to the City Manager and quarterly to the City Council in the quarterly exception report. Willful violations of the ERMP will be subject to review and may be cause for discipline or dismissal. Such disciplinary action may inciude written noticesto the individual involved that a violation has been determined, demotion or re -assignment of the individual involved and suspension with or without pay or benefits. Violations may also constitute violations of law and may result in criminal penalties and civil liabilities for the offending covered party and the City. 12 Reporting Reports are provided by the City Manager to the City Council, every three to six months, regarding risk management activities, such as the City's forward purchases, market exposure, credit exposure, transaction compliance and other relevant data. Management and Council Reports include but are not limited to: 1. Load and resource balances as forecast and adopted in the current operating year's City of Lodi Risk Management and Compliance Program Page 14 of 42 �• City of Loci Risk Management and Compliance Program version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 budget (including regulatory, state and federally mandated resource balances). 2. Load and resource balances as adjusted due to operating conditions or purchases occurring during the quarter. 3. An assessment of market exposure. 4. An assessment of the quarterly change in power supply cost from budget. 5. Credit exposure by counterparty. 6. A summary of any purchases made during the quarter. 7. An assessment of any counterparty credit problems. 8. NERC/WECC Compliance program status. Other reports are provided to the City Council on request. 13 Compliance Communications Company employees have various means in which to report business conduct issues including potential violations of regulatory requirements. Break room posters provide contact information. 14 Lessons Learned Any lessons learned from audits, violations, other similar entity violations, or near misses are encouraged to be shared with all staff. Lessons learned are shared regularly with staff and in employee training programs. This includes lessons learned provided by regulatory authorities, other industry members, and discovered within the City's business practices. 14.1 Compliance Communications Protection for Whistleblowers The City staff is encouraged to come forward with evidenceto their managerthat the City may be violating a law or regulation. Communication of potential violations piays a pivotai role in the detection, investigation, and prevention of violations. No employee will receive any type of retribution for speaking out on compliance issues of any type. The City staff, contractors, and the public are encouraged to report evidence of possible compliance violations, unethical business conduct, questionable operations, problems with compliance controls, reporting or auditing concerns, and violations of laws or regulations. The Citywill promptly investigate all complaints and attempt to maintainthe whistleblowers anonymity. Complaints maybe made through the suggestion box, to the employee's supervisor, to the employee's manageror director. The City employs a hotline that allows for anonymous reporting. 15 Program Review/Evaluation/Modification/Distribution City of Lodi Risk Management and Compliance Program Page 15 of 42 -in i City of Lodi Risk Management and Compliance Program Version Rev. Date: Document? Annual Approval: 1.0 3/22/2012 The Program is designed to ensure that reporting parties report to their supervisors, the Electric Utility Directorto promote, maintain, and monitor compliance; 2)to discuss the effectiveness of the Program; and 3) evaluate alignment of the Program and the City's organization. Interim to the annual review, the Program will be reviewed and modified as necessary i f • An event analysis determines that a modification to this program would be beneficial. • The City experiences a regulation violation. • Lessons learned or changes have been identified in best practices. • Any significant changes to the Program are approved by the City Council. Minor changes are approved bythe ROC. New revisionsof the Program are distributed to all parties involved and comments are solicited from the ROC. The City employees are informed of new significant revisions, including contractors and vendors as applicable, and they will all have access to the current Program. City of Lodi Risk Management and Compliance Program Page 16 of 42 Risk Management and Compliance Pragrarih - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 1 12/1/2011 Attachment A Risk Management and Compliance Program Attachment A Page 17 of 42 Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 16 Risk Oversight Committee The ROC has the responsibility for following: 1. Ensurethat business is conducted in accordance with the Program and the ERMP. 2. Adopt and bring current risk management business practices, defining in detail the internal controls, strategies and processes for man, agl , g risks. ssociated with the adoption of those business practices; iMCIQ�.fKg but rtJMJ,,,f" to a Ladd e ring Strategy. As used herein the term Ladderin Straie"V shall mea �`"'°�'�+�`b'ective and graduated 9 � g� ��� 5.??,'�i5ti J method to secure varying percentagesof aFe City's pry 66We.�&power needs at least three years into the future at any given potnt�,�t►5 Recomrxj to the City Counci the categories of transactions permitted and sot I'll 11 limits for t bO'ktrans", ns. 3. Regularlyassess risk and monitor exposures. 4. Evaluate effectivenessof controls. 5. Determine if non-compliance has 6. Review and provide input to the NfC/WECC;Compy'�ce Program. 7. Addresscross-function�lpCataiSing, auditint,'nd bucfgtt issues. 8. Notify the City Humarl Aj�•so S.rces departrnent;and tFt Llect ric Utility Director of performance issues ant4nwiduai actions p%ertat�iira to compliance with applicable lauu sa d re.,guiations. hti ti N %'x-,Cgmmunicate Pr,0Wird,,,updates/,*krgesto all parties involved. 1t , iV;lanage compliancel�$"sues report tough the internal Hotline. 11. Rbvitw status reports. 1:titi;:rw,.,yw, 12. Provd;��itatus updates 13. Obtain CvCauncil ape. e City Council. I of Program modifications. 17 Electric Utility Directokr & EAC Compliance Officer) ,. �. 4Y Xi .. 1. Overseethe execufl& cf the NERC Internal Compliance Program (ICP). 2. Approve all required procedures and assessments (i.e. critical infrastructure assessment, etc.). 3. Reviewstatus reports, industry updates, and compliance meeting notes (NERC, WECC, environmental). Attachment A Page 18 of 42 Version Rev. Date: 11 12/l/2011 Risk Management and Compliance Program - Responsibilities Document: Annual Approval: 4. Provide input to and approve the risk assessment and control plan. 5. Continually assess the effectiveness of the ICP. 6. Communicate operational and regulatory compliance issuesto the ROC. 7. Prioritize and oversee corrective actions. 8. Make recommendations on any disciplinary action. z Wro ects and as s i n f9. Identif Sub1ect Matter Experts ("SMEfiVous '' '�responsibilityand authoritysupported a " appro ria�.artmental level. assMonitors compliance status by reviewiin �r reporting , activities.; w 10. Manage and sign -off on audits and the auditNERC self—c figatio,rkand annual sett assecmertits. w °• , Y 4. 11. Track, approve and oversee impleme�r7at; n -n of complta ,ern igation plans to completion. 12. Create and manage NERC WE kw� , i x'N � � g / CC liability S 4s working ms, as required. .,,V }„}4t� � '' w vx; war{ •y .: rx; 13. Assign staff responsabJe rticipating ii� l inf' t the development and rQvision of NERCIWECC ` V`'bility Stand ` .w y : yw w �' 34. dir��E enui IEVIEW i I } rdits, self a� � n � d thi d party assessments/audits q ww ,�5��i M 1 t� I reports an w �w�l 4 p w S .ww i M1''i.•4''.., S,�wK.�.'',+;w„•",y, 18 Iti �44i `rtv peratiott rintenwcw ERC Compliance Director ,port to the Elect 11 port Direr ;,... 2. i`s',business partnere RC/WEC ompliance Administrator to ensure compliancy an�irate reporting.' 3. ProvWW"' Jar complian pdates to the Electric Utility Director. 4. Along with irt�ia;nc 1sS w`inistrator, act as the liaison between the California compliance repow requirements. Ensurethat no reliability obligation is missed or overlooked, identifythe responsible entity and assign the SMEs for each requirement of the NERC and WECC reliability standards. 5. Along with the Compliance Administrator consolidates documentation to ensurethat the reliability obligation is met. Attachment A Page 19 of 42 Risk Managementand Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 6. Review and monitor progress and status of action plans, milestones, and deadlines provided by the NERC/WECC Compliance Administrator or responsible department managers. 7. Implements compliance mitigation plans to completion and reportsthe status to the Electric Utility Director. 8. Assess adequacy and make recommendations to the Electric Utility Director to address cross—functional planning, auditing and bud&,,ting itae° 9. Review compliance meeting notes, statueports, and ,irisry updates. Manages City actions and 10. development and esvion of NERC/WECC ReiayiS nda dsue ung the g0. 19 As assigned or contracted (NERC Compliance 1. Assigned by the Compliance Officer 2. Serve as the NERC/WECC Reliabilty,���`ardrtiS;MEs. 3. Attend, as determined by the Elects6 Operatioo�nvtiperintend`e;sFederal Energy Regulatory Commission("EERC");,�NERC ani'' ECC Eerences and workshops associated with Reliability' '.,7-xendards and�p°� � are m" notes for Cit review. k: _.tkp ww ,g Y 4. Share best practices with`' Electric OpdWf ons Su fR"ntendent and Electric Utility Direc#o�"io mprove prac s ,,efficiencies an gr ,r,tieness. 5. Monrtor p�en'drng arid. approv :report those chahiks oto the 6, oordinate NERC/WECC Electric Operatic appt%vls prior to subr 7. Notify thx1VIEs of chan of responsrfi,r nges to the NERC/WECC Reliability Standards and �,'Operations Superintendent. dardslt� 'orization Request comments and seek the iperintendent, and Electric Utility Director reviews and additional information related to Standards in their areas 8. Develop and ma %t , ,,,tonsistent framework for compliance to NERC/WECC Standards and ensure compin"ce processes are maintained. 9. Provide NERC/WECC compliance related internal training and awareness programs throughout the organization and notifications of external training opportunities related to Reliability Standards. Develop and provide notes to the Electric Operations Superintendent. 10. Develop and provideSMEs training for NERC/WECC standard compliance. Attachment A Page 20 of 42 Risk Managementand Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 , 11.Assist with the evaluation of NERC Compliance risks and recommend controls. 12. Verify sufficient processesare in placeto ensure NERC/WECC compliancewith applicable Reliability Standards, 13. Coordinate and assist with the development and revisions to NERC/WECC compliance policies, processes, and procedures. 14. Recommend and assist to oversee NERC and•regio .*omplice Working Groups where cross —functional cooperation is r,;ed. ��' ` ' ,., o ; . 15. Monitorto assure NERC/WECC related p , es, proce { rocedurasfor all applicable Reliability Standards are revie� nd ted iii ely manner. 16. Prepare the City for NERC/WECC audits and a.. the lead conta.,� all N C/WECC audits. �.4 �., •;�,. .���ti�:.ti»��ti. 17. Monitor the status of SMEs, deadljAes IWo ading up to' checks, audits and action plan mil `i `Kdates a Operations Superintendent. ww�*'� w � 18. Immediately report NERC/WECC ndardsm w w.ti. Vit; or events approaching n i�,mpliance to Elect the Risk Oversight Cows e. c.c sect-certitication, spo- the results to the Electric potAftial non—compliance, rations Superintendent and 19. Assist the Electric Op"', Superintentl, 't F Risk Oversight Committee to as causes ti ntial NERC/ n -compliance activities and provide �"�e,6dMMe,6&htpj,�Q�`"wr addr ►,ta'g tt ose causes. ww ., rovide NERC WE' `1; —Re r / p�'�formation to the Electric Operations aperintendent, Risk:rre ight C0'ttee, and WECC. 21. D'si and maintain aii`�'1N. F C/WECC incident response and reporting process. `z'w ti^k" 22. Assist`i4Elppctric OperaCt Superintendent with implementing the NERC/WECC incident `r'� jse and ing process. 23. Perform or ca`' %h •ry�"``#performed any actions related to mitigation plans submitted to WECC and prove �y � ..icie nt documentation of mitigation actions to the Electric Operations Superintendent. 24. Track NERC/WECC compliance mitigation plansto completion. 25. Regularly report NERC/WECC compliance status to the Electric Operations Superintendent. 26. Monitor and administerthe NERCAlert program. Attachment A Page 21 of 42 Version Rev. Date: 1.1 1 12/1/2011 Risk Management and Compliance Prggram - Responsibilities Document: Annual Approval: 27. Prepare quarterly NERC/WECC compliance status reports for the City Council that includes updates on compliance and Standards development activities. 28. Monitor the implementation of the NERC/WECC Internal Compliance Program and report progress to the Electric Operations Superintendent. 29. Administers the centralized compliance management system for maintaining NERC/WECC compliance related information. l 20 Subject Matter Experts (SMEs) 1_ Understand NERC/WECC Reliability 2. Assist the NERC/WECC Compliance Admin! policies, processes, and procedures. 3. Attend all required compliance training. 4. Follow compliance policies, processe"- 5. Perform duties in a mannerthat cx> 6. Monitor controls and perform an,,,, po 7. Fully document all comp li ctivities 8. Meet deadlines leadi l&�''��, internal ai auditsliance acfiaXf and actio ls 9.rtvtiesr 1 p � media te) nota a eme f m yY < R y� �`",,xhe'v}. NEI Aicipate in work gr c p .that rev sfti rds relative to ori echnical e' complianc ions, spot checks, regulator rds and documentation. potential non—compliant events. comment on regulations or NERC/WECC 12. C000 tiII ;,with the Com a ce Administrators and any authorized entities reviewing compliaY�'''r�d docum .tion, including providing access to documentation and evidence_ *G ...` 21 All Employees 1_ Every employee at the City has an obligation and responsibility to help ensure that the City is complying with all applicable regulatory requirements. Ifany employee becomes aware of a potential compliance issue, the employee must notify a member of management immediately for further review. 2. Attend any annual (or more frequent) required training which includes regulatory compliance updates. AttachmentA Page 22 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Annual Approval: 1.0 12/1/2011 ' �w..._.._. Attachment B Electric Utility D Attachment B Page 23 of 42 Version Rev. Date: 1.0 12/1/2011 22 Background Electric Utility Department-NERC/WECC Internal Compliance Program Document: Annual Approval: The Federal Energy Policy Act of 2005 providesthe FERC authority to approve and enforce rules and regulationsto protect and improve the reliability of the nation's bulk power system. Through this Act all electric power entities that impact the Bulk ElectricSystem must comply with FERC approved Regulatory Standards, and public utilitiesthat sell electricity at market-based rates must comply h ma 4' ule ,conduct and ongoing reporting and compliance requirements. Th : izR Statd``" °t &mpliance Registry rritoria riacrriho uihirh antitiac ara rpnuirPd,ti" ,w,egister wi, s ; .w; C and comply with the Regulatory Standards. Forthose entities, mory and, ulatory Standards with the first set of standards approved b FER y effect" , _ Ipe 18, 2007. The Statement of Compliance Registry requires,<,,,x", into the program if they are a participant of the regi City is registered as a Distribution Proved - -(, ti and this sole criteria and does not meet an, Under this statutory framework, sta�`rds are organizations and approved b*RC:'fhe NEf3 electric reliability organizati*".. the four iro ti�k.�wM.k:• ". Quebec, Electric Reliabii�4�pcil of Texas ': interconnections. Within°'ERC interconr,, reliabi(i�n fundis Sty to eight re hy`'.hy,r'4�'4;:c w ,vhb'"",'i`:1. 4v`h'J`". WE�i"on. City's EUD is requfi , a` r ,Me to its registers Pro" "DP"). The EU D " C Internal Managera� "" Compl `•��y'y S •bti The ICP suppo out 2008 Policy Stateriti�i t ?r things;~ ¢ �e�; ,register r Frequenc w ;°"gym. The 4i .,g Entity (LSE) based on th, d by elec * , liability i �>.delegate authority as the w 'p North America that include and Western NX; 'R.,C has further deleeated reeional ities. The City is located within the com s" tIa all FERC approved ReliabilityStandards coons aad Serving Entity "LSE" and Distribution era Prnaram (ICP1 is sunnorted by the Citv's Risk gram referred to as the Program. s of compliance framework presented in the FERC's October ipliance. • Role of senior management in fostering compliance; • Effective preventive measuresto ensure compliance; • Prompt detection, cessation, and reporting of violations; and • Remediation efforts Attachment B Page 24 of 42 s Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 This ICP providesthe framework to support compliance with the FERC reporting requirements and NERC and WECC Reliability Standards. Attachment B Page 25 of 42 23 NERC/WECC Compliance Program Structure The EUD'sICP is a rigorous, established and formal program. The E),JD strives to achieve high level of business and personal ethical standards, as well as compliancewith the laws and regulationsthat applyto its business. . The EUD ICP is managed at a high level and continuously monitor, evaluate, update, ar To effectively and efficiently manage the co vy centralized compliance management system system the EUD has identified and documentex requirement. In order to continuously be audi- and supporting documentation have been iden are used in the compliance system that inwc<arlpc accuracy and timeliness. The NHRCE, xaa; and V1EM for updates and guidancei�j;ra uding Application Notices, and best practi:ekuidancE ams a , systerr��;,are in place to S Sex.,xa'�`1,a �emenfi'o am. ,O " " nce proga%�E UD has implemented a �ing,Iuct6soft'rePoint. Within the ;sasses usedotnply with each -,processes, prrVa�ureik viaence, ied ah*Rla���`ee continuousfK111,4 g f: Forms w titi�x��' . tes con MMao ensure completeness, cdd„ministrator gntinuouslymonitorsNERC .Bulletins ( C.tiCompliance The ICP is continuously evala ,by the NERCx6mplidh�,P'Pirector and the NERC Compliance Administrator, w 4�tih '• -S4-i.S'•x'v 4xxx M''y "MN 24 *,. y i. 24 NERC/WECC Compliance 6&qm Oversight`s "MIN x4 •x S � "x The ,EUD f f `dper%te�s unde`ii'%§ ?verall City Risk` Management and Compliance Program, whwtchis overseen kiyler SOC ani directed by the Compliance Officer. Attachment B Page 26 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 23 NERC/WECC Compliance Program Structure The EUD'sICP is a rigorous, established and formal program. The E),JD strives to achieve high level of business and personal ethical standards, as well as compliancewith the laws and regulationsthat applyto its business. . The EUD ICP is managed at a high level and continuously monitor, evaluate, update, ar To effectively and efficiently manage the co vy centralized compliance management system system the EUD has identified and documentex requirement. In order to continuously be audi- and supporting documentation have been iden are used in the compliance system that inwc<arlpc accuracy and timeliness. The NHRCE, xaa; and V1EM for updates and guidancei�j;ra uding Application Notices, and best practi:ekuidancE ams a , systerr��;,are in place to S Sex.,xa'�`1,a �emenfi'o am. ,O " " nce proga%�E UD has implemented a �ing,Iuct6soft'rePoint. Within the ;sasses usedotnply with each -,processes, prrVa�ureik viaence, ied ah*Rla���`ee continuousfK111,4 g f: Forms w titi�x��' . tes con MMao ensure completeness, cdd„ministrator gntinuouslymonitorsNERC .Bulletins ( C.tiCompliance The ICP is continuously evala ,by the NERCx6mplidh�,P'Pirector and the NERC Compliance Administrator, w 4�tih '• -S4-i.S'•x'v 4xxx M''y "MN 24 *,. y i. 24 NERC/WECC Compliance 6&qm Oversight`s "MIN x4 •x S � "x The ,EUD f f `dper%te�s unde`ii'%§ ?verall City Risk` Management and Compliance Program, whwtchis overseen kiyler SOC ani directed by the Compliance Officer. Attachment B Page 26 of 42 s Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 NERC/WECC Compliance Program Oversight Structure. I, I� li I I r I 4 S�Sr".R `S`r"°a riy'riS�ti^X. S hy`vrr .'yyi '1`!.'�.'�.• `• 1�II L rr ry,'tr 4r'r°v'4 "e'4h `;rte �rr 1 Compliance Off%s[� � i� It Utfl� j It ��.;Elect�c ti: Diredo�z_ ,tet I; —` — Riskk"over i_gfi CaAft AffiTe" The NERC Compliance A ',,,,J !Strator oversee§&he ICP aid works directly with the Electric Operations, uperintenden#, # has the direc' r ±bilityfor performing reliability funco, ons,,,The.,G'otnp;�iance AdMWt+also reps `s`tothe Compliance Officer. TW",NERC Complianc4 A'rr ctor is ionsible for performance of the NERC compliance x, vrr `F.b15,b'x, L' 4 \ prooram and assigns responsibility to a &ess compliance concerns as well as monitoring th` wrocess to address thos .,pncerns Ar y act as a business partner to the NERC i 44 *.S �. •'q. Complii�ce`Administrator-ey also attend annual cross departmental team meetings to provide `'i: dates on compliai and standards developmental activities. The NERC Corn��1ance Offic e; upported by the NERC Compliance Director and Subject Matter Experts"t-SWE,$), ��fa ", the effort to ensure that all Reliability Standards, 4wt4•v41ii„r ' 4 '1 ' •• requirements, sub`4tq%x�Sments and the appropriate controls are clearly reflected in operational and business processes. SMEs work directly with the NERC Compliance Directorand have direct responsibilities for performing reliability functions. The NERC Compliance Administrator assists directly with the SMEs to provide compliance expertise. 25 independent Access to Executives Attachment B Page 27 of 42 Electric Uti I ity Department- NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: The IAC Compliance Administrator monitors and reports the department's compliance status with the IAC and VVBCC Reliability Standards to the Compliance Officer and the ROC. The IAC Compliance Administrator has access to the Compliance Officerto provide input and ask questions regarding any concerns with the compliance program. 26 Independent Management It is crucial that the Compliance Administrat �`isbvide`p4'�"�' i s-' results and no conflict of interest exist nor any other impairment to provid ed findings. The Compliance Administrator is not responsibiek ;the m�� "Al the work groups responsible for compliance., 27 Resources The EUD is dedicated to making the b?tiK. :,appropn ws�ources from PG&E, 4 •w WEQ(,' SCh FERC and others as par the co Y •nce pro gr ort. The Compliance Officer is committed to use any andw ;of its resp o improv obust, rigorous, and rograwx supp�Ctransparent NERC com liancei w byNCI). N:11 The City Council has approy�ifficient fun fort Ic istration of the ICP. The ti w requirementsof this corYiite program ar ww�wdgete�,w;. d fully staffed on a year-round basis 1.'.Sww'w4 wr'�i �4 w w 1�t��'•v s+.`*w'wixw•a: 4 �ww•+'wn".*..SS4.w ww,`w'kti R s�• 28 Pe{#rraance Ta`rgfs �"wwwww.�,w�,w�: w "•- �w`ww,www Tka 'BUD promotes comb'' by i ing measurable performance targets. Key M1" p ,""taaance indicators h , e EUD% stand performance in relation to strategicgoals and objectives. The follow r 'Kk, performance indicators are the 2012 year's NERC/WECC w, w compliia Dais: 4w° .` • • Regulato+ .µRequirement' acked and current. The EUD ma`ih I s a• applicable regulatory requirements that are applicable to the City and upc%s list as the regulations change. Any significant changes to the w.ww�w, list are forwarded" ©`the anolicable supervisor for inclusion in annual training and/or email notifications if necessary. • Recommended improvementsare acted on. Following mock audit or through other means, the EUD considers and acts on recommendations for improvement within 90 days of any accepted recommendations. Attachment B Page 28 of 42 Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: • Mitigation plans are timely. The EUD determines appropriate mitigation plansfor applicable violations. • Operates with no NERC regulatory violations. The EUD strives for full compliance with no violations occurring. • Respond to all NERC Alerts timely. The EUD reviews, determines response timely action on alerts that are determi • Provide timely training. 29 Outreach The EUD's outreach focuses on a comm good relationship with PG&E, WECC, promoting meaningful training/educi assistance. The following describes "101, • Communications - ( in order to prompt4 �ww�• regulatory require'i y4y.w.k4� ;:dant and ; ,em`ails, wt cow ?.`p1i; `. provides peri iC*jraining and Educa3 • R;C Alerts — NERC • Partcption in the RIs.. ww Proce,�*:,;,, EUD wi I I take the City. yMgpuo improv&. ility "'mow:• C to imp • oppo`s, and pra :. ethor� t ting the o . The City maintains a ommunications, g compliance each program: 011,`ainedon NERC related activities NAMAY of the�i'tan ce of compliancewith w or EI ` " ' �� , ectric Operations Www �� IianC istrator sends out compliance mpliance clarifications, compliance notices and S. rovided as described in section 33. are communicated to all appropriate staff. ards, Policy, and WECC Criteria Development Drafting The City W'dd �x,MM to improving reliability of the electric system. We participate in the draft n"p~cess of Standards, policies and WECC Criteria by providing comments, assisting drafting teams, and voting. • Users Groups/Conferences/Webinars -The NERC Compliance Administrator and other City staff attend and participate in regional and national events, conferences, and trainingsto help ensure the company maintains awareness of emerging or changing regulations and to learn and share best -compliance practices. The City is Attachment B Page 29 of 42 M41 Electric Utility Department. NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 1 12/1/2011 Document: Annual Approval: able to stay up-to-date on new and pending developments as they relate to the Reliability Standards by attending industry related seminars, as well as regional sponsored training. Meetingtopics are summarized and reviewed by the Electric Utility Director, Electric Operations Superintendent, Departmental Management, SMEs and other key individuals. Examples of such conferences, meetings, and trainings include: WECC compliance user groups WECC monthly call Critical infrastructure Western Interconnection Complia NERC and FERC Sponsored Confe Rule Making Proceedi Committees and The City employs the NERC Compl committee activities as well as,V% SMEsto provide inputtovaripu's Compliance Administrators Airy p to the app.rgpKiate NERC Cotxi-pear Oncesaware of a;:n�eair:or chan�riti: Administer Xmonitor W ]CC, NERC, and FERC 4, Y ,. . 4`ry`4 " tanda�t s-tlrafftr g�eAmm ittees. The City assigns rd dra ting core n'k es through the NERC iel i4yed in se activities provide information minisfk4 "Kand he NERC Compliance Director. story requ'frwent, the NERC Compliance Director I to ensure that: 1)the new regulatory Kesses and procedures are developed to help Attachment B Page 30 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: i 1.0 121/2011 Document: Annual Approval: 30 Requirements Identification The City is registered with NERC as an LSE, and DP. It is interconnected to the PG&E transmission system, who is the Transmission Owner and Transmission Planner. The City is within the CAISO Balancing Authority and Plan ningAuthority. PG&E and the CAISO share responsibilities through a Coordinated Function Registra, ,on Agreement as the Transmission Operator of the facilities that in4t lapnec 5 _, Cj� � The Regional Reliability Organization over Organization. The City develops its processesto comply with these organizationsas it relates to compliance The NERC Standards Requirements that are applicable compliance website under the "FERC A9,0 andard http:l/compliance.lodielectric.com 31 NERC/WECC Standards The City maintains a list , alicable-. `'" pp k . City and u`7 are, at all re §Knt beco Rle fec ;r thpplicable superf.for `'LLY t The Gt�j `N,ERC Complian, the FER"N""" liab this processtip:intained . ,. �;.. the FERC Appri-d Reliab 32 Proceduresand its - track -,and cu onal Reliability cedures of City cable NERC/ti C Star Yds reauirements that are J R . his list as tli w "' t '� change. New updates to the list k ti to the list ar tn ompliance within 30 days of the 5 S ive ry , s1 nificant changes are automatically forwarded to inclnnual training and/or email notifications if A. inistrator performs the process of updating all versions oll ndards as new Standards are revised. The procedure for NERC Compliance Administrator and is called "Updating ndards List." The City maintains the following compliance related procedures that are available to all staff at http://compiiance.lodielectric.com • Communication and Emergency Response • Event Analysis • Facility Coordination Attachment B Page 31 of 42 Electric Utility Department-NERC/WECC internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 • Model Data Submittal • Protection SystemTesting Maintenance and Validation • Risk Based Assessment Methodology • Sabotage Recognitionand incident Reporting • NERCAlert Response � • Updatingthe FERCApproved Reliabilj�ndar'sl�t'�; The following compliance related reporting Ii lists, d. - on http://compliance.lodielectric.com: • Risk Management and Compliance Prr o Attachment B: ICP .....` .: • FERC Approved Standards • Risk Based Assessment Met Processes Evidence Docume ti ComplianceTask: Call Log Substation Maine: ',yS.�otage Reportin • lialidation Fo • Mln Log and logs are avails able • Data Sub rrrl`fiiunications • Facility Modifcions, Documents 33 Compliance Training The City continually develops processes, procedures, and controls to help prevent the occurrence of regulatory violations. In addition, they encourage staff to participate in compliance related training and educational opportunities. Attachment B Page 32 of 42 Version Rev. Date: 12/1/2011 Electric Utility Department- N ERC/WECC Internal Compliance Program Document: Annual Approval: • New Orientation All new employees are sufficiently trained to perform compliance related activity, including affected contractors and vendors, prior to them performing any compliance related duties. • Annual Training Annual training will be provided to all table below. Documentation of the tJ completion certificates, and other ref Training log by employee. Controls a upcoming training refreshers by ernp icable;:einploygps as described in the rg (sigrihurwshefi, training materials, :e materia<ill be maintained in the remindersfor w:wwwaww ww w; S y'++,�°`r4"S � �W .Sy:4•. 4 4 4 kwS sh.,F"rw,rw,`. ww4;'7 tbl employees and""' -term Guerumew w R4 R con kr`,. , � s that are responsible for This training provides general informafroi4x�r3 NERC, FERC, and WECC requirem ertt,?recent NERC C,'�w>nce or could be an ;, ° w expected changes, and internal co`nliance ..;,,._;.. . interface ,,NXRC or WECC.. ° program changes. ss 'g Sabotage Recognition anci 'f cident Respori a A1p�E>M employees and long-term w t, iPtractors. Note: Any EUD This traiq��gg describes rriertlodologies for 4} �4 s '.,� 4, �k ;�� � ti �ti4 � ideritifyrng sabo#oge, respondt>g to sabotage,`and� r �.:empioyee or long-term contractor rnaint inin record 4ftksuppor t�'the Sabotage g `� who does not receivethis training �4.• 4 s li •4`4k shall be made aware of who to Rognition and Inci"dent Response4procedure. s44 ,ti contact, who has received the w 5 training, to report a potential sabotage event. Event A1t�aaVsis • SMEs responsiblefor maintenance and incident reporting. This training caekribes thj&,,halysis, actions, and R reporting requ'ir%iCtai''all events. The training describes°B k EI ctric System I Disturbances, Protection System Misoperations, and Vegetation interruptions. Communication and Emereencv Response :SK/F=s responsible for receiving verbal communications from the This training describes required protocol for 'Transmission Operator, Balancing verbal communications when receiving directives Attachment B Page 33 of 42 Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: 1. A NERC/WECC risk assessment is condrft11111,11 �ually or as ries�'�`sxYk?rWe ey `-.r.4�wyv`' YS 4i n. 1. h. Document: Annual Approval: 1.0 12/1/2011 to make suggestions to all;,ai"cies, pr`ii~ res and p" sses at any time during •wr 34 Risk Assessment A risk assessment is conducted annuallyto identify and quantify internal and external risks of non-compliance to the Regulatory Standards. The risk inventory is identified through employee surveys, past experience with in the EUD, industry announcements and forums, and other agencies shared experiences. Resource decisions for addressing risks are determined based on the score. High risk iteRA"Rikke adrty's overall risl inventory. `4;v,.,•µ,; �, The following describes the organizations rn_+ fir ��n r sk assessment. 4 _k -• Method for Applying 1. A NERC/WECC risk assessment is condrft11111,11 �ually or as ries�'�`sxYk?rWe ey `-.r.4�wyv`' YS 4i n. 1. h. 2. The electric department surve tall each 4 k` �• p�iawo identify areas for improvement in the proced`-ocesses. Irk tion, staff is encouraged to make suggestions to all;,ai"cies, pr`ii~ res and p" sses at any time during •wr the year. 3. The NERC Compliaffiftirector an NO NER �* ,: }?liance Administrator conduct m dings as necey and mti the minutes/agendas. risk assessmen&Ms +i r.� rr4. �,�� ri` ;`•° "v�`•vM. � rvu "4 4. `4 STIP !lowing a- `atified as part; `ssessment: '`{,S`i"'r''r`'Y"r i`''•:'�..'`. `r`�r S;4". S'..•i.gy'k'' `rti:•`nv4i ." 1y 4 *r`1'4 'i`. r',� 3 w V �i Arior vidla -O,ns `' �4�•r ti4 �``y ti.. F':. '�v`rl'•i1`v,'4,r • iolaticffactors • Viol Severin els ` yl • Peno-pTiE rformance related Requirements that have a higher proba of occurrence. sse, K. ",tiwr Wea s where additional self -audits or controls should be �,.. .5. The Compit,a a Administrator calculates a risk score after applying the assessment and utilizes itto evaluate areas for additional controls. Several high risk processes have automated controls in place to ensure completeness, accuracy and timeliness. 35 Controls and Program Monitoring Attachment B Page 34 of 42 Electric Utility Department. NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: I The electric department continuously manages regulatory compliance risk through (1) monitoring programs and continuously updating policies, procedures, (2) annual self - assessments and audits, and (3) hard coded controls. Hard controls include automated due date calendared reminders, forms with mandatory fields for collecting evidence. These hard and soft controls are part of a control environment that will help preventthe occurrence and, especially, the reoccurrence of violations. 35.1 Compliance Monitoring The Compliance Administrator, who may bei changes that impact the Program. The EUD regulatory requirement. The process statem( are regularly modified when impacted by indi opportunities for efficiency and effectiveness each regulatory standard in the online compli In addition the City encourages its staff ` 4 fi opportunities. � �.,, Each NERC and WECC Reliability Staii-\[d ap monitored on an ongoing bas*!-���his `monito knowledge of standard requents, perfor. performing an annual ink it (self-auc instancesf�,o�tential none` liance. The i on recz�rait�oxs:that coa<rut of this n 35.2 S" = Wit A;f nual formal int 4.1� app1, Reliability audit. Step Descript. • Y 1. The and cone The :ted` ..�Tt`ant, will monitor industry men s ;esses that address each pro ce .sem and on-line forms 4 es or iden = • 'nternal. . ,4. 4 s age identified` ` - nted for of d.to control tham. "+.'vim. Y'. 5y 1ti . in trait .;,and educational F =the City Wi continually sF ,3'&1% roludes maintaining a thorough perioy s iews to confirm compliance, id in : ` W ening management of any s ider or implement changes based process. it is conducted for compliance with all areas of concern are addressed in the self - Administrator takes the role of the enforcement official of investigation that is anticipated from the regulator. 2. 1 The self -audit is conducted at least annuallv. Audit results are reported and reviewed internally after each self -audit. Reports are retained in accordance I with page 6. 3. Spot checks are performed prior to. each self -certification. A self-report is provided to the Compliance Officer with a recommendation for approval. Attachment B Page 35 of 42 Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 4. A self -audit allows you to find potential red -flag issues and allows time to M nce '�w.• understandthe issue priorto reviewwith the regulator. 5. The self -audit provides a focus on areas of high risk. 6. Prompt self -reporting is initiated. Self-reportingmay result in lower fines and Toy re time , workflows send reminder messages to indicate a mature compliance program that could mitigate future penalties. All audits are shared with the applicable City s 35.3 Hard Controls Hard control include mandatory fields used to reminders, automatic escalation reminders, SE Administrator reviews. Automated controls are in place to have required fields to ensure com deadlines and deliverables are met reminders also, associated with Mii and related deadlines are cr f party. The Compliance rat needed. Examples of ha " d a uesting it. automatic eliness. SharePoint logs ompliance-related es automated ie u of this system, tasks assigned to a responsible atus and take action, if Prot To ompleteness, intenance system forms have M nce '�w.• quire y` "° that do not allow the maintenance personnel to ng System it the until complete. `5•: Toy re time , workflows send reminder messages to mai' nce staff and escalation messages to management. Model D To e timeliness, workflows send reminder messages to Submittals mai nce staff and escalation messagesto management. Event Analysis :, nts are logged. z� ensure proper reporting, controls are in place to ensure identify when underfrequency load shedding (UFLS)event occurred, equipment miss -operation, or a Bulk Electric System Disturbance occurred. The controls provide instructions for proper reporting. Automatic email reporting is sent. Attachment B Page 36 of 42 Version Rev, Date: 1.0 12/1/2011 Electric Uti I ity Department-NERC/WECC Internal Compliance Program Document: Ann ua I Ap provaI; To ensure timely reporting, controls are in placeto send reminders for timely investigation and reporting of UFLS Events, miss - operations, and Bulk Electric System Disturbances. Procedure Approvals To ensure timely review and approval, controls are in place to ensure reminders are sent to review and escalated if review and approval is not timely. Training To ensure timely repot�,con �ti.rs,' lace to monitor trainir and retraining dates W: send remi ; • nd escalation reminder! ,. Critical To ensure timely revi "` ontroae i� to send automatic Infrastructure !! %m..m.der_%\mhera.th&rr(w, yy�IM, i¢i City s e Bassets is due. Protection Review IYV~w,. 36 Self -Reporting Y w '`; s;.• ` 36.1 Discovery of Potential Regulaory Iations ti rocess The City's is committed to contin Amprovem,' f yin orde �, ,igp.the ICP to prevent non - compliance activities from 004p, or to detects -cotely. To ensure that potential violatias. are detect ` igated, and r`r�,a imel manner, the City has `"w � `w k�.w '... �w�.+w:*�::ti ti�i`w�•r ' Y `Y implemen�wr�fa`�g me as w, w w w•'•', I%riodic rev " the ICP z, �wtivw ` : 'fir Detecting and Mii`ng Potelviolations •w 'Mgt Complianc'. views • Cb py Personnelw • Annua 60rnal Au_ 36.2 Responding to aA ing Potential Violations Once potential non-compl�wce is discovered, the issue is reviewed and in estigated with the assistance of applicable parties, a final determination as to whether a violation or not exists is made by the ROC Once determined appropriate action is taken, including self -reporting or other remedial actions. The City's process for respondingto, investigating and reporting potential violations includes the following steps. Attachment B Page 37 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 4+ w w* 37 Remediating and lir VUe' . Repeat Violations 751 fie,• To ensure that violations are remediated and prevented from recurring, the City EUD is implementingthe following measures: 1. 1The risk assessment is updated and reviewed to determine any other potential risks associated with the identified activity. Attachment B Page 38 of 42 71. Potential violations of regulatory requirements are communicated and discussed with the Compliance Officer and the NERC Compliance Director. 2. The NERC Compliance Director and the NERC Compliance Administrator leads an investigation with the SMEs and owners. The NERC Compliance Administrator will provide a report to the ComRliance Officer with recommendations. 4 w4Aw4;� 4 4%s 3. The Compliance Officer will submitI.,he report t ,OC for determining if a �,, .� wY violation has occurred and requiresk.4�l`f,reparno''th.pplicable regulatory agencies. 4stir. _,YYr 4. For instances where the NERC Compliance ,, imstrator anti f C Cor pliance '444'nwL"y? ww 4 w44 N4 Director believes a potential violations exist"c,r4 Where process en�a�ncements are needed, the office leads th.eginyestigation to4`(1> kdxocument a description of the potential violation (2) deertnihe�heroot taus LO determine steps being taken to prevent similar ir1o' nts from feaccurnent a mitigation plan.4,�vrt `'w. ti4:`v1'v'i. r"w.;.•.'Y ny. ,. 5. The NERC Corn plidQWz,.Ad min istrat&�tnitiates "'W" reporting of the potential violation to the app gable regulator tiagencies�e4.89,'flecessary. 4 4 w'Fw4 w .www w 4'r.�rw..• The Self Reportor%can be foundon tfii54UUC Compliance Web Portal at: } Fitts %ll�ortal.wecc b` ,, and is reported though WebCDMS. wa, w, N.N. � h `r w 4 The su bmitt6�,5e lf-Repe�ar d mitigation plan is also stored on the compliance w�k4 ww s system for iriei'wrral trackirr ti 6 It is the WECC cor�p�ance sta#obligation to submit all alleged non-compliance w4 k , 4:;:�;�wth;formation ,`. to NERCtii"n accordance with the NERC Compliance Monitoring and "rlocement Prog4 (CMEP) and WECC internal enforcement guidelines. 4+ w w* 37 Remediating and lir VUe' . Repeat Violations 751 fie,• To ensure that violations are remediated and prevented from recurring, the City EUD is implementingthe following measures: 1. 1The risk assessment is updated and reviewed to determine any other potential risks associated with the identified activity. Attachment B Page 38 of 42 Version Rev. Date: 1.0 12/1/2011 Electric Utility Department-NERC/WECC Internal Compliance Program Document: Annual Approval: 2. All related processes, procedures, controls, and training programs are reviewed to ensure clarity. Updates are provided where necessary. 3. The mitigation plan is logged, tracked and verified to ensure remediation items are completed timely. 4. The IAC Compliance Administrator will provide additional data or information requested by the regulatory authority and wi((�..rovide tii;imely updates on the �`ut status of the remediation plan to tt�g ulata �_ (WECC, NERC, or FERC). 4���`�5.�',�N`�,�� 38 Self -Certification `Mr lok `� -. Descripion 1. WECC will post Self-Certificationr ,eriodic datRM,�tJection forms on the OATI WECC webCDMS at least sixty (60 '' q the subrN _ period, but the City cannot submit forms until the sub' al penio begun. 6 of the WECC Web Portal User Guide provide formati Hing the? Certification submittal process."'' MOOK 2. The NERC ComWia. Administra vill per {r formal review of all actively monitored Sta prior to each'a .`dual s ertification to ensure compliance. A `� `�`,;' ort wl r_ovided to theince Officer for review and approval. s During t # Baal setf4000fication time line and after receiving approval from the ` .• rys's• Compliance� _, er, thE;�,Goru�plia�A�lxr�ista'ator'will �eGf-certify compliance with the Reliab� tandar; 4. s. WECC will accept���-�-Certification forms only during the submittal period. Failure to s mit the forms to the end of the submittal period will result in non - cr4 i.:: t'a� •. S "; fiance. The,, .�C compliance Staff are to review Self -Certification submittals to cl °mine ac�� bility, and may request additional information if necessary. 5. Semi -iris . y `Certifications are required for the CIP-002 through CIP-009 NERC Reliabilittvy S Mards, and are not part of the annual Self -Certification process for all other Reliability Standards. Semi-annual Self -Certification forms will be posted on the WE -M Compliance Web Portal a t least thirty (30) days prior to the submittal period. Semi-annual Self -Certifications must be received by WECC from the City on January 15th and July 15th according to the (IP implementation schedule. The "Guidance for Enforcementof CIP Standards" document can be found on the NERC Website at: Attachment B Page 39 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: 1.( I 12/1/2011 Document: Annual Approval: httpJ/.www.rierc-com/files/guidance on CIP Standards.odf. The "Implementation Plan for Cyber Security Standards for CIP-002 — CIP-009" cart also befound on the NERCWebsite at: htti)://www.nerc.com/fileUr)loads/File/Standards/Revised Implementation Plan CI P -002-009.0f. 4 SS tS,.y�,. S 39 Document Retention Policy Unless otherwise specified hear on, all major rds demonstrating implementation of the ICP shou after a NERC/WECC off-site audit, whichever is gre to retention period is 7 years. Provide docu tation to SS vS within 30 calendar days. 4 40 Storage s All documents are stored in the com�ance s � a -4i '4.kyS:'i 41 ComplianceS1.ystem The e I is use tra�ia�he ICP aid nce `rmation are as fol. Step Action 1.E on to the co' Jig o/complianc is ICP' idence ined for t ' nor o1 year maximum re' . ata 4� § end NERC upon teir request yx4'�, `N ti 4� w (/compliance.lodielectric.com. itor and OffWe NERC Compliance Program and for implemented. Instructions to access this system at: ctric.comEnter your user name and password. itions Superintendent if you do not have access. Attachment B Page 40 of 42 Version 1.0 2. Rev. Date: 12/1/2011 Electric Utility Department- NERC/WECC Internal Compliance Program Document: Select Internal Compliance Program Annual Approval: 1 Type Mame Compliance Assess Risk Compliance Communication Compliance Metric . ,A: %i`�{�`v4.i Gil Compliance Organization MR ICP Assessmentmil ~ Implement, Promote, and Enforce CA Leadership and Corporate. Culture ................................... ..................._ . Out Reach . ............................ . 0 Add document 4I 3 , 4 Add additional i4,6ifnation to`f e ICP evidence files by clicking the ocument" butt -6 Attachment B Page 41 of 42 • ' Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 42 References FERC Revised Policy Statement on Enforcement, (May 15,2008) NERC Compliance Monitoring and Enforcement Program , WECC, (2010) WECC CMEP —Self -Reporting Form, (April 13, 2009, Version 1) 43 Revision History 44 Responsible Senior Manager or Delegate An authorized individual must sign and date this Program. By doing so, this individual, ='M'.cinformation submitted herein is accur 1 This rPrtifiiPs that I am the 2 1 am an officer authorized 3 I have read and am familia submitted herein. 4A 4 l (Feb. 9,2011) certifies that the City of O #zof the City of Lodi. d any related documents m ay request more information rmation provided in this document is correct. Approval Page Page 42 of 42