The URL can be used to link to this page

Home My WebLink AboutResolutions - No. 2012-34RESOLUTION NO. 2012-34 A RESOLUTION OF THE LODI CITY COUNCIL RESCINDING RESOLUTION NO. 2011-06, AND FURTHERAPPROVING THE CITY OF LODI RISK MANAGEMENTAND COMPLIANCE PROGRAM NOW, THEREFORE, BE IT RESOLVED that the Lodi City Council does hereby rescind Resolution No. 2011-06, and further approves the City of Lodi Risk Management and Compliance Program, as shown on Exhibit A attached hereto and made a part of this Resolution. Dated: April 4, 2012 hereby certify that Resolution No. 2012-34 was passed and adopted by the City Council of the City of Lodi in a regular meeting held April 4, 2012, by the following vote: AYES: COUNCIL MEMBERS — Hansen, Johnson, and Mayor Mounce NOES: COUNCIL MEMBERS— None ABSENT: COUNCIL MEMBERS — Katzakian and Nakanishi ABSTAIN: COUNCIL MEMBERS — None 1 RANDI JOHL City Clerk 2012-34 Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 1 " 11 -11 F A,. F 1r i City of Lodi Risk Managemen Compliance Program Qcmnt_ I Annual Approval: Purpose.......................................................................................................................... 4 Scope............................................................................................................................. 4 Mission Statement/Statement of Commitment............................................................... 4 Goal................................................................................................................................ 5 OrganizationalStructure and Chart................................................................................. 5 LeadershipSupport......................................................................................................... 6 Energy Risk Management Policies("ERMP").................................................................... 6 7.1 Scope of the Risk Management Policies........................................................................ 6 7.2 Program Objectives....................................................................................................... 6 7.3 Program Strategies........................................................................................................ 6 7.4 Risk Inventory ................................................................................................................ 6 TransactionLimits and Controls...................................................................................... 6 8.1 Regulatory Compliance.................................................................................................. 6 8.2 Indirect Purchases(NCPA)............................................................................................. 6 8.3 Direct Purchases............................................................................................................ 6 8.4 All Purchases: ................................................................................................................. 6 8.5 Prohibited and Authorized Transaction Types.............................................................. 6 8.5.1 Prohibited Transaction Types: .................................................................................... 6 8.5.2 Authorized Transaction Types: ................................................................................... 6 Resources....................................................................................................................... 6 EmployeeIncentives....................................................................................................... 6 ComplianceEnforcement................................................................................................ 6 Reporting....................................................................................................................... 6 ComplianceCommunications.......................................................................................... 6 LessonsLearned............................................................................................................. 6 14.1 Compliance Communications Protection for Whistlebiowers...................................... 6 Program Review/Evaluation/Modification/Distribution.................................................. 6 RiskOversight Committee............................................................................................... 6 Electric Utility Director (NERC Compliance Officer)......................................................... 6 City of Lodi Risk Management and Compliance Program Page 1 of 42 19 �• City of Lodi Risk Management and 19 Compliance Program Version Rev. Date: I bocumentc Annual Approval: � 1.0 3/22/2012 23 NERC/WECC Compliance Program Structure.................................................................... 6 18 Electric Operations Superintendent (NERCCompliance Director) ..................................... 6 19 As assigned or contracted (NERC Compliance Administrator) .......................................... 6 20 Subject Matter Experts(SMEs)........................................................................................ 6 21 All Employees................................................................................................................. 6 22 Background.................................................................................................................... 6 23 NERC/WECC Compliance Program Structure.................................................................... 6 24 NERC/WECC Compliance Program Oversight................................................................... 6 25 Independent Access to Executives................................................................................... 6 26 Independent Management............................................................................................. 6 27 Resources....................................................................................................................... 6 28 Performance Targets....................................................................................................... 6 29 Outreach........................................................................................................................ 6 30 Requirements Identification........................................................................................... 6 31 NERC/WECC Standards Requirements tracked and current ............................................ 6 32 Proceduresand Other Documents................................................................................... 6 33 Compliance Training....................................................................................................... 6 34 Risk Assessment............................................................................................................. 6 35 Controlsand Program Monitoring................................................................................... 6 35.1 Compliance Monitoring................................................................................................. 6 35.2 Self-Audit....................................................................................................................... 6 35.3 Hard Controls................................................................................................................. 6 36 Self-Reporting................................................................................................................. 6 36.1 Discoveryof Potential RegulatoryViolations —Review Process ................................... 6 36.2 Respondingto and Reporting Potential Violations....................................................... 6 37 Remediating and Preventing Repeat Violations............................................................... 6 38 Self-Certification............................................................................................................. 6 39 Document Retention Policy............................................................................................. 6 40 Storage........................................................................................................................... 6 41 Compliance System......................................................................................................... 6 42 References...................................................................................................................... 6 43 Revision History .............................................................................................................. 6 44 Responsible Senior Manager or Delegate........................................................................ 6 City ofLodi Risk Management and Compliance Program Page 2 of 42 Version Rev. Date: 1.0 3/22/2012 City of Lodi Risk Management and Compliance Program Document: Annual Approval: City of Lodi Risk Management and Compliance Program Page 3 of 42 t �• City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 1 Purpose The purpose of this Risk Management and Compliance Program ("Program") is to foster a culture of compliance and control for the City of Lodi ("City") Electric Utility Department ("EUD"). The Program expects a high level of compliance to regulations, laws, and the City's agreements, policies and procedure while managing risks on a routine basis. The Program is laid out to control the organization's activities so that controlling risk and compliance are part of the City's infrastructure. 2 Scope This Program outlines the City's internal control foundation, providing discipline and structure to guide compliance with regulations, laws, and the City's agreements, procedures and policies. it includes a cross—section of knowledgeable and skilled employees who are responsible to oversee, communicate, track, document, and monitor compliance and risk management and share the results with management and the City Council. The Program applies to all the City's employees, contractors, and vendor personnel responsiblefor complying with regulations and the City's policies and procedures. It is made readily availableto all employees. 3 Mission Statement/Statement of Commitment The City's compliance mission is to create a superior and effective program to manage risk and compliance which implements best electric utility practices and encourages a culture of compliance and control throughout the EUD. The City implements all opportunities to build compliance and controls into every business practice and to continuously improve its program to be robust, rigorous and transparent. The City is committed to complying with all applicable laws and regulations. In addition, the City is committed to prudent risk management and compliance awareness and continuous improvement of processes and procedures. This commitment allows the City to develop and maintain an organizational culture that supports staff in meeting these concernsthrough education/training, ethical conduct, decision making, and a culture of transparency. City of Lodi Risk Management and Compliance Program Page 4 of 42 4 Goal The goal of this Program is to create a culture of compliance and control within the daily activities that is characterized by clear communication, consistent documentation and implementation of the following practices: City of Lodi Risk Management and -. 1. Compliance Program Adopting reporting procedures to party's manager, the Risk Oversight Committee (ROC) and the City Council. 3. Version Rev. Date: Docu ment: Annual Approval: 1.0 3/22/2012 Assessing the Programsfor adequacy and providing recommendationsto address planning, auditing and budget issues. 7. 4 Goal The goal of this Program is to create a culture of compliance and control within the daily activities that is characterized by clear communication, consistent documentation and implementation of the following practices: 5 Organizational Structure and Chart City of Lodi Risk Management and Compliance Program Page 5 of 42 Description Creating culture of accountability. -. 1. 2. Adopting reporting procedures to party's manager, the Risk Oversight Committee (ROC) and the City Council. 3. Identifying and communicating specific concerns and opportunities for improvement. 4. Reviewing and developing goals that ensure a strong corporate commitment to compliance and control. 5. Conducting regular training and awareness programs. 6.. Assessing the Programsfor adequacy and providing recommendationsto address planning, auditing and budget issues. 7. Using appropriate communication among all parties involved with the Program. 8. Identifying and assigning responsibilities to the key individuals who are accountable for applicable portions of the Program. 9. Providing a documentation framework that supports compliance, and includes clear processes, policies, and procedures. 10. Creating a culture of continuous improvement through regular assessments and corrections. These assessments may be self—assessments, internal audits, and independent third—party assessments. 11. Adhering to approved regulatory requirements. 12. Cooperatingwith regulatory agencies. 13. Promptly assessing and reporting of potential violations to regulatory agencies, if required. 5 Organizational Structure and Chart City of Lodi Risk Management and Compliance Program Page 5 of 42 Version Rev. Date: 1, 1 3/22/2012 City of Lodi Risk Management and Compliance Program Document Annual Approval: The Program is overseen by the FCC which is comprised of the City Council member who serves as a Northern California PowerAgency ("NCPA") commissioner or alternate, the City Manager, Deputy City Manager, City Attorney and the Electric Utility Director; or in the case of their absence, their designees. The City Manager shall appoint the chair of the ROC. Additional non-voting members maybe invited to participate on the ROC based on supporting expertise required bythe ROC. The ROC shall meet three to six months, or as otherwise called to order bythe City Manager or City Council. The FOC shall keep minutes of all meetings and business transacted and shall appoint one of its members, or that member's designee, to perform this task. A quorum for the ROCto do business shall consist of all members or their designees. The ROC shall request attendance at its meetings by, and/or reports from, other persons as appropriate. City Council The City Council is responsible for making high-level, broad policy and strategy statements as contained in this document. The City Council sets the policy, and adopts the Program as developed and recommended bythe ROC and delegatesthe City Managerto execute it. The City Council will review the Program every year. Additionally, the City Council will receive reports every three to six months from the City Manager regarding risk management activities. , The City Council reviews the Program updates on a regular basis and provides direction and additional support, as needed. City of Lodi Risk Management and Compliance Program Page 6 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: Docuri�ent 1.0 1 3/22/2012 Annual Approval: Risk Oversight Committee The ROCshalI have the responsibility for ensuring that business is conducted in accordance with the Energy Risk Management Policies in Section 7. The ROC shall adopt and bring current risk management business practices, defining in detail the internal controls, strategies and processesfor managing risks associated with the adoption of those business practices; including but not limited to a Ladd e ring Strategy. As used herein the term Laddering Strategy shall mean an objective and graduated program to secure varying percentages ofthe City's projected future power needs at any given point in time. Determination of regulatory non-compliance and direction to self-report such non- compliant activities shall be made bythe ROC. The ROC shall recommend to the City Council the categories of transactions permitted and set risk limits for those transactions. City Manager The City Manager has overall responsibility for executing and ensuring compliance with policy adopted by the City Council. The City Manager shall make regular reports to the City Council regarding business transacted by the ROC at such intervals and/or upon such occasions as the City Council shall direct. Reports shall be provided every three to six months to the City Council regarding energy risk management activities. Electric Utility Director- Compliance Officer The Electric Utility Director is the utility's Executive Officer. acts as the Compliance Officer for the EUD, and is a voting member of the ROC. The Electric Utility Director has access to the City Council through the City Manager. This ensures communication of compliance concerns to the highest levels within the organization. Records of communication and reporting between the City Council and the City Manager are stored for at least 48 months. Electric Utility Department The EUD shall participate on the ROCthrough the Electric Utility Director. The Electric Utility Director shall provide load forecast information and coordinate the receipt and dissemination of relevant market and transactional information undertaken on the City's behalf through NCPA Finance Department The Finance Department shall participate on the ROCthrough the Deputy City Manager and provide accounting and cash flow information to the ROC. Legal Department City of Lodi Risk Management and Compliance Program Page 7 of 42 6 7 7.1 Version 1.0 Rev. Date: 3/22/2012 City of Lodi Risk Managementand Docur" Compliance Program Annual Approval: The Legal Department shall participate on the ROCthrough the City Attorney and provide legal advice and representation and ensure that business is carried out in compliancewith all applicable laws, regulations executive orders and court orders. Specific responsibilities for some positions are further described in Attachment A. Leadership Support This Program, as approved bythe City Council, hasthe support and participation of all senior management. Senior management reviews related reports, participates in meetings, and communicatesto employees about their commitment to compliance formally and informally. During ROC meetings, status updates are provided, any instances of potential non-compliance are discussed and support is provided. ROC meeting minutes and agendas are stored for at least 48 months. Energy Risk Management Policies ("ERMP") The purpose of the Program and ERMP is to ensure that risks associated with the City's bulk power procurement is properly identified, measured and controlled. The ROC managesthe Program. The ROC meets every three to six months, or as otherwise called to order bythe City Manager or City Council. The ROC keeps minutes of all meetings and transacted business and appoints one of its members, or that member's designee, to perform this task. A quorum for the ROCto do business consists of all members or their designees. The ROC requests attendance at its meetings by, and/or reports from, other persons as appropriate. The City Manager makes regular reports to the City Council regarding business transacted bythe FCC at such intervals and/or upon such occasions as the City Council directs. Scope of the Risk Management Policies The risk management policies are applied to all aspects of the City's wholesale procurement and sales activities, long-term contracting associated with energy supplies, including generatorfuel, capital projects and associated financing related to generation, transmission, transportation, storage, Renewable Energy Credits ("REC"), Green House Gas ("GHG") offsets, Resource Adequacy ("RA") capacity, ancillary services and participation in Joint Powers Agencies ("JPA") and regulatory compliance as set forth in exhibit Btothis policy. This Program does not addressthe following types of general business risk, which are treated separately in other official policies, ordinances, and regulations of the City: fire, City of Lodi Risk Management and Compliance Program Page 8 of 42 7.2 7.3 7.4 Version 1.( Rev. Date: 3/22/2012 City of Lodi Risk Management and Document= Compliance Program Ann ua I Ap prova I: accident and casualty, health, safety; workers compensation and other such typically insurable perils. Program Objectives 1. Maintain a regularly updated inventory of risks that could impact rates and security of the City's bulk power procurement program. 2. Establish risk metrics and reporting mechanismsthat provide both quantitative and qualitative assessments of potential impacts to rate stability. 3. Adopt business practicesthat encourage compliance, development of appropriate levels of operating reserve funds, contribute to retail rate stability and maintain appropriate security for established funds. 4. Minimize the City's electric utility rates. Program Strategies 1. identify, measure, and control risks that could have an adverse effect on retail rate stability. 2. Assign risk management responsibilities to appropriately qualified individuals and committees for each of these risks. Risk inventory The EUD must inventory and address the following categories of risk as a component of the monitoring and reporting underthe risk management program: • Price Risk • Volume Risk • Credit Risk • Operational Risk • Contingent Liabilities Price Risk— Price risk is the risk associated with the change of power costs and can be segmented into two categories: 1. Wholesale prices may increase while positions are still open. 2. Wholesale prices may decrease after positions are closed. Volume Risk —Volume risk is the risk that demand for power will either fall below or exceed then existing contracted power supplies. City of Lodi Risk Management and Compliance Program Page 9 of 42 Version Rev. Date: 1.0 3/22/2012 City of Lodi Risk Management and Document: Compliance Program Annual Approval: Credit Risk— Credit risk is the risk associated with entering into any type of transaction with a counterparty, and can be segmented into the following five categories: 1_ Counterparties fail to take delivery of, or, payfor, energy sold to them. 2. Counterparties f a i I to deliver contracted for energy. 3. Counterparties, refuse to extend credit or charge a premium for credit risks. 4. Counterparty transactions are too concentrated among a limited number of suppliers. 5. inability to finance capital projects or meet financial obligations incurred in the course of wholesale operations. Operational Risk—Operational risk consists of the risk to effectively planned, executed or controlled business activities. Operational risk includes the potential for: 1. Inadequate organizational infrastructure, i.e., the lack of sufficient authority to make and execute decisions, inadequate supervision, absence of internal checks and balances, incomplete and untimely planning, incomplete and untimely reporting, failure to separate incompatible functions, etc. 2. Absence, shortage or loss of key personnel. 3. Lack or failure of facilities, equipment, systems and tools such as computers, software, communications links and data services. 4. Exposureto litigation, fines, or sanctions as a result of violating laws and regulations, not meeting contractual obligations, failure to address legal issues and/or receive competent legal advice, not drafting contracts effectively, etc. Exposure includes the fines and litigation associated with the North American Electric Reliability Corporation ("NERC') and/or Western Electricity Coordinating Council("WECC") and environmenta I compliance violations. 5. Errors or omissions in the conduct of business, including failure to execute transactions, violations of guidelines and directives, etc. Contingent Liabilities — Contingent liabilities consist of liabilities that the City could incur in the event of the failure of other parties to discharge their obligations. At present, these consist of three principle categories: 1. Guarantees and step up provisions in the enabling agreements for the 1PAs of which the City is a member. City of Lodi Risk Management and Compliance Program Page 10 of 42 City of Lodi Risk Management and Version Rev. Date: - 1.( 3/22/2012 Document; Compliance Program Annual Approval: 2. Project closure, decommissioning, environmental remediation and other obligations which resultfrom the City's own activities and from JPA projects and activities. 3. Provisionsfor take or pay, termination paymentsand/or margin calls in the City's long-term electric power supply agreements. 8 Transaction Limits and Controls The EUD uti I izes transaction limits and controlsto mitigate or prevent exposure to identified risks. 8.1 Regulatory Compliance Regulatory compliance controls includes both soft and hard controls. Soft controls includes self -audits, policies and procedures. Hard controls include automated due date calendared reminders, forms with mandatoryfields for collecting evidence, and self - assessments. 8.2 Indirect Purchases (NCPA) The City Manager and the Electric Utility Director are severally authorized to enter contracts for the purchase through NCPA of electric energy, capacity, and generator fuel, transmission, transportation, storage, RECs, GHG offsets, RA capacity and ancillary services to meet the City's service obligations in amounts and for such quantities as are: 1) necessaryto meet the minimum amounts called for in ROC's LadderingStrategy; 2) consistent with this ERMP; and 3) approved by the ROC. Purchases outside the authority granted above may be authorized by specific City Council resolution. The resolution may specifythe limits of the authority delegated, includingthe maximum dollar amount of the authority and the duration of the contracts and/or transactions that may be executed. In addition, for purchases through NCPA counterparty credit limits and minimum counterparty rating criteria shall be described in NCPA's then current "Energy Risk Management Policy", which are made a part of this document, and the most recent is attached hereto and may also be found at http://www.ncpa.com/financial- information/5.html. Moreover, the City Manager and Electric Utility Director are authorized to purchase electric energy, capacity and fuel to meet the City's share of amounts called for under NCPXs then current Energy Risk Management Policy upon approval of the ROC. Material changesto NCPAs Energy Risk Management Policy are reported to the City Council as part of the quarterly reporting under the City's ERMP. 8.3 Direct Purchases City of Lodi Risk Management and Compliance Program Page 11 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 3/22/2012 The City Manager and the Electric Utility Director are severally authorized to enter contracts for the direct purchase of electric energy, capacity generator fuel, transmission, transportation, storage, RECs, GHG offsets, RA capacity and Ancillary Services to meet the City's service obligations in amounts and for such quantities as are: 1)necessaryto meet the minimum amounts called for in ROC's LadderingStrategy; 2) consistent with this ERMP; and 3) approved by the ROC. Purchases outside the authority granted above maybe authorized by specific City Council resolution. The resolution may specifythe limits of the authority delegated, including the maximum dollar amount of the authority and the duration of the contracts and/or transactions that may be executed. For contracts executed directly by the City, the City uses standardized form contractsfor the such procurement, including, but not'limitedto form contracts created and copyrighted by the Edison Electric institute, the Western States Power Pool, the California Department of General Services, and the North American Energy Standards Board, unless waived by resolution of the City Council. Counterparties shall obtain and maintain during the terms of the contract, the minimum credit rating established as of the date of award of the contract of not lessthan a BBB -credit rating established by Standard and Poor's and a Baa3 credit rating established by Moody's Investors Services, unless waived by resolution of the City Council. 8.4 All Purchases: Any City Council resolution or ROC recommendation authorizing the City Manageror Electric Utility Director to contract for electricity shall specify generally at least the following terms and conditions and the description of energy and energy servicesto be procured, including, but not limited to, a fixed or formula price, energy and ancillary services to be included; term, specifying a not -to -exceed period of time; period of delivery denoted in years or months and whether deliveries are on -peak or off-peak; and the point of delivery on the locus on the interstate transmission system on which the delivery is made. Any City Council resolution or ROC recommendation authorizing the City Manager or Electric Utility Director to contract for generator fuel shall specify generally at leastthe following terms and conditions; quantity and the description of fuel services to be procured, including but not limited to scheduled fuel and fuel transportation services, specifying a not -to -exceed period of time; period of delivery denoted in years or months or years and months; and point of delivery of the locus on the interstate transportation system at which the transfer of title is made. All procurement of electricity and generator fuel by contract shall conform to the requirements of the ERMP. City of Lodi Risk Management and Compliance Program Page 12 of 42 City of Lodi Risk Management and Compliance Program Version Rev. Date: 1.0 3/22/2012 Docutrierit; Annual Approval: 8.5 Prohibited and Authorized Transaction Types 8.5.1 Prohibited Transaction Types: Speculative buying and selling of energy products is prohibited. Speculation is defined as buying energy products that are not needed for meeting forecasted obligations, selling energy products that are not owned and/or selling energy products that are not surplus without simultaneously replacing that energy product at a lower cost. In no event shall transactions be entered into to speculate on the changes in market prices. 8.5.2 Authorized Transaction Types: 1. Purchase capacity, RECs or RECtypes, or energyto meetthe City's obligations above what is expected to be generated or purchased from owned generating facilities or contracts. 2. Sell existing capacity, RECs or RECtypes, or energythat is expected to be in excess of the City's obligations. 3. Purchase generator fuel that is expected to be needed to run owned generating facilities. 4. Sell surplus generator fuel if more economic energy is availablefor purchase, becomes surplus due to load being lowerthan previously forecasted, or due to increased energy due to hydrological conditions. 5. Execute financial transactions to fix the price of variable commodity purchasesor sales. 6. Purchase simple call options or collars to limit price exposure on short generator fuel or electricity positions. 7. Sell simple call options or tolling agreements on owned generating facilities that are expected to be in excess of the City's obligations. 8. Purchase or sell emission allowances, including GHG offsets, deemed necessaryto comply with regulations for owned generating facilities. 9. Purchase or sell, firm transmission rights or congestion revenue rights to manage congestion price risk. 10. A purchase/sale of energy at the California Oregon Border and an offsetting sale/purchase of energy at North Path 15 ("NP15") to take advantage of City -owned transmission capacity rights. 11. A purchase of generator fuel and a sale of energy to take advantage of excess owned generating facilities. City of Lodi Risk Management and Compliance Program Page 13 of 42 s �• City of Lodi Risk Management and Compliance Program Version 1.0 Rev. Date: 3/22/2012 Dcurr� Annual Approval: 12. A sale of generator fuel and a purchase of electricityto take advantage of market heat rate. 13. Exercise costless collars. 9 Resources The City is dedicated to makingthe best use of all appropriate resources from all applicable entities as part of the Program. The City is committed to addressingall areas of high risk through the use of its own resourcesto improve its robust, rigorous and transparent Program. The City Council has approved sufficient funding for the administration of the Program. The requirements of this Program are budgeted and fully staffed on a year-round basis. 10 Employee Incentives Personal Performance Regulatory compliance is incorporated into applicable employee personal performance assessments. Employees are recognized by their management and among their peers for identifying opportunities for improving the Program. 11 Compliance Enforcement Compliance exceptions are actions, which violate the authority limits, requirements or directives set forth in the ERMP. All exceptions shall be reported immediatelyto the City Manager and quarterlyto the City Council in the quarterly exception report. Willful violations of the ERMP will be subject to review and may be cause for discipline or dismissal. Such disciplinary action may includewritten noticesto the individual involvedthat a violation has been determined, demotion or re-assignmentof the individual involved and suspension with or without pay or benefits. Violations may also constitute violations of law and may result in criminal penalties and civil liabilities for the offending covered party and the City. 12 Reporting Reports are provided by the City Managerto the City Council, every three to six months, regarding risk management activities, such as the City's forward purchases, market exposure, credit exposure, transaction compliance and other relevant data. Management and Council Reports include but are not limited to: 1. Load and resource balances as forecast and adopted in the current operatingyear's City of Lodi Risk Management and Compliance Program Page 14 of 42 Version I Rev. Date: I 1.( 1 3/22/2012 City of Lodi Risk Management and Compliance Program Document: Annual Approval: budget (including regulatory, state and federally mandated resource balances). 2. Load and resource balances as adjusted due to operating conditions or purchases occurring during the quarter. 3. An assessment of market exposure. 4. An assessment of the quarterly change in power supply cost from budget. 5. Credit exposure by counterparty. 6. A summary of any purchases made during the quarter. 7. An assessment of any cou nterparty credit problems. 8. NERC/WECC Compliance program status. Other reports are provided to the City Council on request. 13 Compliance Communications Company employees have various means in which to report business conduct issues including potential violations of regulatory requirements. Break room posters provide contact information. 14 Lessons Learned Any lessons learned from audits, violations, other similar entity violations, or near misses are encouraged to be shared with all staff. Lessons learned are shared regularly with staff and in employee training programs. This includes lessons learned provided by regulatory authorities, other industry members, and discovered within the City's business practices. 14.1 Compliance Communications Protection for Whistleblowers The City staff is encouraged to come forward with evidence to their managerthat the City may be violating a law or regulation. Communication of potential violations plays a pivotal role in the detection, investigation, and prevention of violations. No employee will receive any type of retribution for speaking out on compliance issues of any type. The City staff, contractors, and the public are encouraged to report evidence of possible compliance violations, unethical business conduct, questionable operations, problemswith compliance controls, reporting or auditing concerns, and violations of laws or regulations. The City will promptly investigate all complaints and attempt to maintainthe whistleblowers anonymity. Complaints maybe made through the suggestion box, to the employee's supervisor, to the employee's manager or director. The City employs a hotline that allows for anonymous reporting. 15 Program Review/Evaluation/Modification/Distribution City of Lodi Risk Management and Compliance Program Page 15 of 42 Version Rev. Date: 1.0 1 3/22/2012 City of Lodi Risk Management and Compliance Program Dacurnent Annual Approval: The Program is designed to ensure that reporting parties report to their supervisors, the Electric Utility Directorto promote, maintain, and monitor compliance; 2) to discuss the effectiveness of the Program; and 3) evaluate alignment of the Program and the Citys organization. Interim to the annual review, the Program will be reviewed and modified as necessary i f • An event analysis determines that a modification to this program would be beneficial. • The City experiences a regulation violation. • Lessons learned or changes have been identified in best practices. • Any significant changes to the Program are approved by the City Council. Minor changes are approved by the ROC. New revisions of the Program are distributed to all parties involved and comments are solicited from the ROC. The City employees are informed of new significant revisions, including contractors and vendors as applicable, and they will all have access to the current Program. City of Lodi Risk Management and Compliance Program Page 16 of 42 Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 1 12/1/2011 Attachment A Risk Management and Compliance Program Attachment A Page 17 of 42 Risk Management and Compliance Program - Responsibilities Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 16 RiskOversight Committee The ROC hasthe responsibility for following: 1. Ensurethat business is conducted in accordance with the Program and the ERMP. 2. Adopt and bring current risk management business practices, defining in detail the internal controls, strategies and processes for managing risks associated with the 4 . adoption of those business practices; i ncW[djng but r16t, Ji rmyt ' to a Ladd e ring Strategy. As used herein the term Laddering Strategy shall mean an4bjective and graduated method to secure varying percentages(Me City'spr+ece ower needs at least three years into the future at any given p6th% tare Recorri ad to the City Council the categories of transactions permitted andsetkrsk limits for thatranstlons. i,..w w ��'4+;.45 �, w,. w�ti� ;, s'rw •ww�x,• 3. Regularly assess risk and monitor exposures k 4. Evaluate effectiveness of controls ws 4 4 w, 5. Determine if non-compliance has oetctirred and tike proper 4ctJ, ns. 6. Review and provide input to the NERC/WECCtit-I.... ance Program. w: 7. Address cross—functional p(araning, auditing and bud' Ag issues. 8. Notify the City HumanN�t 0brces departrrviertt;and the Elect ric Utility Director of perforxpancenissuesanc,�(_ ,,(Jvidual actions pe4rtompliance with applicable la►is..a�d,t"uxations. unicate Projoiti ypd 1pti;>Vlanagecompuance+i staesrep 11 Revietnr status reportse gesto all parties involved. I`through the Internal Hotline. 12. Provi'C( rstatus updates 'Abe City Council. l 13. nciI apf% axial of Program modifications. 17 Electric Utility Dirator: (1E1 C Compliance Officer) 1. Oversee the execufisi of the NERC Internal Compliance Program (ICP). 2. Approve all required procedures and assessments (Le. critical infrastructure assessment, etc.). 3. Review status reports, industry updates, and compliance meeting notes (NERC, WEOC, environmental). Attachment A Page 18 of 42 Risk Management and Compliance Program - Responsibilities Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: I 4. Provide input to and approve the risk assessment and control plan. 5. Continually assess the effectiveness of the ICP. 6. Communicate operational and regulatory compliance issuesto the ROC. 7. Prioritize and oversee corrective actions. 8. Make recommendations on any disciplinary action. 9. Identify Subject Matter Experts ("SME") f ;� us r responsibility and authority supported a approp Monitors compliance status by reviewin . -asses i activities. 10. Manage and sign -off on audits and the annual self -assessments. 11.Track, approve and oversee imple completion. 12. Create and manage NERC/WECq14 13. Assign staff responsible f Ici revision of NERC/WECC ility 14. Direct and review in `�k dits, an� �. reports. 18 EI peratio`` inten " I w� port to the Electri :, y Dire 2. %business partner RC/W an .tti rate reporting. of compl ility S s g i in J rojects, and assign tmental level. ?ther reporting NERC se itigation plans to as required. the development and th ird party assessments/audits ERC Compliance Director) Administrator to ensure compliance 3. Provide ° r complian �' ` dates to the Electric Utility Director. 4. Along with ` ianc s inistrator, act as the liaison between the California Independent rator ("CAISO") and PG&E for NERC and WECC regulatory compliance repo requirements. Ensurethat no reliability obligation is missed or overlooked, identify the responsible entity and assign the SMEs for each requirement of the NERC and WECC reliability standards. 5. Along with the Compliance Administrator consolidates documentation to ensure that the reliability obligation is met. Attachment A Page 19 of 42 Risk Management and Compliance Program - Responsibilities Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: 6. Review and monitor progress and status of action plans, milestones, and deadlines provided bythe NERC/WECC Compliance Administrator or responsible department managers. 7. Implements compliance mitigation plansto completion and reports the status to the Electric Utility Director. 8. Assess adequacy and make recommendations to the Electric Utility Director to address IN ."w cross- unctonal planning, aWiting and bing i 9. Review compliance meeting notes, statu orts, and i updates. 10. Manages City actions and documentsfor ; cipnan encingthe development and revision of NERC WECC a�wM1``` p / al-i�,� � (, °Standards: 19 As assigned or contracted (NERC 1. Assigned by the Compliance Officer z" z w1..,�.ti}w, 2. Serve as the NERC/WECC Reliabilit��Es. " °r�"'v.*.'i*,M1`eM 3. Attend, as determined by the Ele >` it OperatipTti'' `"U enntendd'ei%1� Federal Energy Regulatory Commission (" C") �1ERC aC�. `.�; erences and workshops .4. associated with Reliablit" f dards and-°°�;pare m.;a� notes for City review. "w4 , X4w, w 4. Share best practices M Electric Op ns Su ntendent and Electric Utility w.{ z M1.'w r 4:k' Direct!o improve pr' efficiencres an:ness. M1 ""'w "ww " w, :•.a';,,.'•e',*`w ^ti. �° 5. f'ic(ir%3d�' .approvanges to the NERC/WECC Reliability Standards and rt those c,,t the µ ",C perations Superintendent. y. °�o.rdinate NERC/WECC' ndards� '`t , rizafion Request comments and seek the sElectric Operation` perinten . t, and Electric Utility Director reviews and a p' `46,00 I,s prior to submi x� p p .;nwww . p y.. . 7, Notify tfh . Es of chanr additional information related to Standards in their areas of respo s' `rtw ;Aw� M1 8. Develop and ma "onsistent framework for compliance to NERC/WECC Standards and ensure comp a processes are maintained. 9. Provide NERC/WECC compliance related internal training and awareness programs throughout the organization and notifications of external training opportunities related to Reliability Standards. Develop and provide notes to the Electric Operations Superintendent. 10. Develop and provide SMEs training for NERC/WECC standard compliance. Attachment A Page 20 of 42 Version Rev. Date: 1.0 12/1/2011 Risk Management and Compliance Program - Responsibilities Document: Annual Approval: 11.Assist with the evaluation of NERC Compliance risks and recommend controls. 12. Verify sufficient processes are in place to ensure NERC/WECC compliancewith applicable Reliability Standards. 13. Coordinate and assist with the development and revisions to NERC/WECC compliance policies, processes, and procedures. 14 rot Recommendofd assist Io cooperation RC anc(`regdion.ZNE, oYmpli rice Working Groups where 15. Monitorto assure NERC/WECC related 'es, proc c i -d procedures for all applicable Reliability Standards are revie� nd A.u a d i ely manner. 16. Preparethe City for NERC/WECC audits and a�sie lead cont all NERC/W uw audits. 17. Monitorthe status of SMEs, c checks, audits and action plan Operations Superintendent. 18. Immediately report NE or events approaching the Risk Oversight Com 19. Assist the Electric ses ing up to`Nki/WECC self-cefti"fication, spo Wates and . the results to the Electri, dard it NERC/W, those causes. ies, potdiffiial non—compliance, Operations Superintendent and Risk Oversight Committee to ompliance activities and provide 4. w rovide NERC/WEN,;>5 1 Report,: '4"formation to the EiaotdcO,parations 1 'Sys `ww. aerintendent, Risk O;yight Co %tee, and WECC. 21.DWOU"h and maintain a IRC/WECC incident response and reporting process. 22. Assist`tctric Opera Superintendent with implementing the NERC/WECC lxk incident i'+se and rr`ting process. °''' 4.-, an actions related to mitigation plans submitted to 23. Perform or cat, .;elerformed Y 9 WECC and provide Wficient documentation of mitigation actions to the Electric Operations Superintendent. 24. Track NERC/WECC compliance mitigation plansto completion. 25. Regularly report NERC/WECC compliance status to the Electric Operations Superintendent. 26. Monitor and administer the NERCAIert program. Attachment A Page 21 of 42 Risk Management and Compliance Program - Responsibilities version Rev. Date: Document: Annual Approval: 1.0 12/11/2011 27. Prepare quarterly NERC/WECC compliance status reports for the City Council that includes updates on compliance and Standards development activities. 28. Monitorthe implementation of the NERC/WECC Internal Compliance Program and report progressto the Electric Operations Superintendent. 29. Administers the centralized compliance management system for maintaining NERC/WECC compliance related information. 20 Subject Matter Experts(SMEs) 1_ Understand NERC/WECC Reliability 2. Assist the NERC/WECC ComplianceAdm policies, processes, and procedures. 3. Attend all required compliance training. 4. Follow compliance policies, processes- 5. Perform duties in a manner that ci If �RX1 �`x,��:; 6. Monitorcontrols and perform anipor ie 7. Fully document all comp 8. Meet deadlines leadir�t audits,, co pHance aWi ctio 9. �.:i ,11 mediately notiWA a:t 1, ,fit ticipate in work 1"rds relative to ori 12. C000W .with the Com complia ` ,b;n.d docump evidence_ `"��`'�. tip•• �, 21 All Employees`. w. ivities. I dating compliance icable rfs�uf' tions. compliAN activities. internal audif-self—cer - ica`tions, spot checks, regulator and action pl ffl �sg compliance recorc s and documentation. �ei;gf:,ny potential non-compliant events. at re"if. nd comment on regulations or NERC/WECC !chnical expertise. ice Administrators and any authorized entities reviewinE ion, including providing access to documentation and 1_ Everyemployee at the City hasan obligation and responsibility to help ensure that the City is complying with all applicable regulatory requirements. If any employee becomes aware of a potential compliance issue, the employee must notify a member of management immediately for further review. 2. Attend any annual (or more frequent) required training which includes regulatory compliance updates. Attachment A Page 22 of 42 r Electric Utility Department- NERC/WECC internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 Attachment B Electric Utility AttachmentB Page 23 of 42 Version Rev. Date: 1. 1 12/1/2011 22 Background Electric Utility Department-NERC/WECC Internal Compliance Program Document: Annuai Approval: The Federal Energy Policy Act of 2005 providesthe FERC authority to approve and enforce rules and regulationsto protect and improve the reliability of the nation's bulk power system. Through this Act all electric power entities that impact the Bulk Electric System must comply with FERC approved Regulatory Standards, and public utilities that sell electricity at market-based rates must comply ' h ma cute conduct and ongoing „, r~,,, �,��x� reporting and compliance .requirements, Th...'..' RC State.:'`` :� s�x�ompliance Registry criteria describe which entities are required egister wit , ; C, and comply with the Reg u I atory Standards. Forthose entities, mal t' ory bf an - ulatory Standards with the first set of standards approved by FFa SMo effect a 18 2007. �,. pp w 4� � .�.��q , TheStatement of ComplianceRegistry requires,;; ) ..- •.other things;..." ,ti e r;,gegister into the program if they are a participant of the rdgiot ' er Frequenc °'. . m. The City is registered as a Distribution PrwAide. (�hA; and Loa r x g Entity (LSE) based on th, this sole criteria and does not meet ane% r registry `' iteria. KIM, '0% Under this statutory framework, stag*ds are ptti`~q d by ele x liability organizations and approved by..,,RnT- he NE :a ';°``` r"plelegated authority as the eJertr'ic reJiat4ty Organizali ,Ethe four i onne �n North America that includ( Quebec, Electric ReliabiliCo�cii of Texas { COT"), " tern, and Western interconnections. Within "" ` ` ,,„,' ERC InterConCi`; �Orl � hac fiirthpr r4piprratwi rprrinnai ll n func aty to eight re�+l�ties. The City is located within the WEwgion. x'1„.0.. , w R” w4`+.�•'. 4 1w�City s EUD is requir4do complj�h all FERC approved Reliability Standards �a i gble to its registere`1. ctions as ad Serving Entity ("LSE"), and Distribution Pro vi,: "DP The EU011 rInternal CorY'ance Program (ICP) is supported by the City's Risk SK ManagemCompliac gram referred to as the Program. The ICP suppoi4' �. u : of compliance framework presented in the FERC's October 2008 PolicyStaterri`"'•"sCom liance. `�. , p • Role of senior management in fostering compliance; • Effective preventive measures to ensure compliance; • Prompt detection, cessation, and reporting of violations; and • Remediation efforts Attachment B Page 24 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 This ICP provides the framework to support compliance with the FERC reporting requirements and NERC and WECC Reliability Standards. Attachment B Page 25 of 42 s Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: 23 NERC/WECC Compliance Program Structure 24 The EUD'sICP is a rigorous, established and formal program. The EUD strives to achieve a high level of business and personal ethical standards, as well as compliance with the laws and regulations that apply to its business. . The EUD ICP is managed at a high level and continuously monitor, evaluate, update, ar To effectively and efficiently manage the cod centralized compliance management systemic system the EUD has identified and docurno requirement. In order to continuously be audit and supporting documentation have been iderr are used in the compliance system that inwco*r` c accuracy and timeliness. The NERC Cari;�a and WECC for updates and guidance uding Application Notices, and best practiguidance The ICP is continuously evalt�pl Compliance Administrator,, 'n the NE Oversight =rams ap�;systeRs- are in place to m ent<e?�:�;a m. fiance progl=myEUD has implemented a Aing4Ncro'softiarePoint. Within the ol®r usedSx�xnply with each e`d I1, processes, p�r�ac�e�du e��.vidence, :i is continuous �. e`ti' Forms rates conttoikto ensure completeness, ministratar Ontinuously monitors NERC t:Builetins IRgCompliance ctor and the NERC I City Risk Mriagement and Compliance Program, cted by the Compliance Officer. Attachment B Page 26 of 42 s Electric Utility Department-NERC/WECC Internal Compliance Program Version 1.0 Rev. Date: 12/1/2011 Document: Annual Approval: NERC/WECC Compliance Program Oversight Structure. The NERC Compliance Operatior,k5� rmtender� 44 w w4 functhA T c mpijance m and assigns re`Sft . cess to addre55 tp ��;e Administrator utn�ty � I 0m,ifee e ICP3"#�i works directly with the Electric .1 K has the direW��,,�'1iility for performing reliability J trator also re*6%4 s to the Compliance Officer. sible for performance of the NERC compliance iiity tess compliance concerns as well as monitoring nrarnc "Iri1 y act as a business partner to the NERC i,�r also attend annual cross departmental team meetings to provide`is on compliatnd standards developmental activities. The NERC Cc's""s ance Offi&supported by the NERC Compliance Director and Subject Matter Experts ), the effort to ensure that all Reliability Standards, 1 j.'StL.i1 h._ requirements, sub4nents and the appropriate controls are clearly reflected in operational and busin`�`ds� processes. SMEs work directlywith the NERC Compliance Directorand havedirect responsibilities for performing reliability functions. The NERCCompliance Administrator assists directly with the SMEs to provide compliance expertise. 25 Independent Access to Executives Attachment B Page 27 of 42 Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 12/1/2011 Document: AnnualApproval: The NRC Compliance Administrator monitors and reportsthe department's compliance status with the NERC and WECC Reliability Standards to the Compliance Officer and the ROC. The NERC Compliance Administrator has access to the Compliance Officerto provide input and ask questions regarding any concerns with the compliance program. 26 Independent Management It k mirial that the Compliance Administrate of interest exist nor any other impairment � —,to p Compliance Administrator is not responsible`t e responsible for compliance. 27 Resources The EUD is dedicatedto makingthe WECC, NERC, FERC and others as pa Officer is committed to use any and transparent IAC complianceO., ogr The City Council has apl requirements of this oo basisy� v. 28 PeKforrrfa�ttice Target; FUD promotes coni Yrnance indicators and 'c%bj cpves. The foil compli`'": Dais: Reeulate k t ouirpn perfo re5JIS and rag c9nfJicit findings. The [the work groups from PG&E, The Compliance List, rigorous, and istration of the ICP. The d fully staffed on a year-round ing measurable performance targets. Key :stand performance in relation to strategic goals lance indicators are the 2012 year's NERC/WECC and current. The EUD ma`lra`-' ffiff applicable regulatory requirements that are applicable to the Cit an City p ` Jisl as the reg.Jatl4ns change. Any significant changes to the d u " list are forwarde i� the aonlicable sunervisor for inclusion in annual trainine and/or email notifications if necessary. Recommended improvements are acted on. Followinga mock audit or through other means, the EUD considers and acts on recommendations for improvementwithin 90 days of any accepted recommendations. Attachment B Page 28 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.( 12/1/2011 Mitigation plans are timely. The EUD determines appropriate mitigation plans for applicable violations. • Operates with no NERC regulatory violations. The EUD strives for ful I compliancewith no violations occurring. • Respond to all NERC Alerts timely. The EUD reviews, determines response timely action on alerts that are determi Provide timely training. 29 Outreach The EUD's outreach focuses on a con good relationship with PG&E, WECC, promoting meaningful training/edur4 assistance. The following describes i Communications - in order to promo regulatory requi e 4 c provides perive%c`C` +"4Training and Educat • tiAlerts NERC • PaA06'ation in the The EUD will tak( se by the City. The City maintains a munications, ig compliance reach program: 4bns staff ay traineda �; t ly on NERC related activities nual aware,*' '' of the.,y partance of compliance with the Electric 4 or , Electric Operations (,FARC Comalian istrator sends out compliance lat es, compliance clarifications, compliance notices and rovided as described in section 33. are communicated to all appropriate staff. ards, Policy, and WECC Criteria Development Drafting The City is`'� to improving reliability of the electric system. We participate in the draftinocess of Standards, policies and WECC Criteria by providing comments, assisting drafting teams, and voting. • Users Groups/Conferences/Webinars -The NERC Compliance Administrator and other City staff attend and participate in regional and national events, conferences, and trainings to help ensure the company maintains awareness of emerging or changing regulations and to learn and share best -compliance practices. The City is Attachment B Page 29 of 42 ' Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 able to stay up-to-date on new and pending developments as they relate to the Reliability Standards by attending industry related seminars, as well as regional sponsored training. Meeting topics are summarized and reviewed by the Electric Utility Director, Electric Operations Superintendent, Departmental Management, SMEs and other key individuals. Examples of such conferences, meetings, and trainings include: o WECC compliance user g o WECC monthly call o Critical Infrastructure Protectia `C(P"),§tah�darcl s r groups o Western Interconnection Compliaii, a R�orum (WICF)" o NERC and FERC Sponsored Con raining P r kv o Rule Making Proceedings ti�,w;•.�;••> . o Committees and Work The City employs the NERC Compliaie Admm�sttoxmonitor `:WECC, NERC, an FERC committee activities as well as4',Arious standThe City assigns SMEs to provide input to var'ibVg standards c�#ting com es through the NERC Compliance Administrator Aly personnel m`bved me activities provide information to the aMrooriate NERC Corgi iMance Adminis�tKatQr a .the NERC Compliance Director. r cha ates with the a ments are under compliance with ed ;n :regulatory req uireient, the NERC Compliance Director pe 4i'A to ensure that: 1) the new regulatory and jx ,� ,cesses and procedures are developed to help auiremei ts: : Attachment B Page 30 of 42 s. • ` Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 30 Requirementsidentification The City is registered with NERC as an LSE, and DP. it is interconnectedto the PG&E transmission system, who is the Transmission Owner and Transmission Planner. The City is within the CAISO Balancing Authority and Planning Authority. PG&E and the CAISO share responsibilities through a Coordinated Function Registra iron Agreement as the Transmission Operator of the facilities that KAI n CWN The Regional Reliability Organization over MWity is the S, Organization. The City develops its processes to comply with these organizations as it relatesto compliance vett s s The NERC Standards Requirements that are applicable r compliance website underthe "FERC A ' id'Standan http1/ ompliance.lodielectriC.com 31 NERC/WECC Standards s egional Reliability cements ted procedures of ERC Standa . City are liste a City >er: The City maintains a list . Icable NERC/ ' C Sotad requirements that are applicable b .City and this list as t' s change. New updates to the list are t.'`itat all` es to the list ar c ompliance within 30 days of the r anent becor-ective. �, ignificant changes are automatically forwarded to 'pplicable supervis ��.:. inclusi `a a nnual training and/or email notifications if 1 y. 4 `Vs '•' n :ry. k' . The Ci' ERC Complianc inistrator performs the process of updating all versions of the FER Qved Reliabilit ndards as new Standards are revised. The procedure for this proces ��' :intained b NERC Compliance Administrator and is called "Updating the FERC Appr .elia tandards List." 32 Procedures and OfIMM00Uments The City maintainsthe'following compliance related proceduresthat are availableto all staff at http://compilance.lod!electric.com • Communication and Emergency Response • Event Analysis • Facility Coordination Attachment B Page 31 of 42 s Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 • Model Data Submittal • Protection System Testing Maintenance and Validation • Risk Based Assessment Methodology • Sabotage Recognition and Incident Reporting • IAC Alert Response ". etiyw•�.�F Updatingthe FERC Approved Reliabilj k1"ndarcl� • wti w4 �ww„a ,xhdw w, The following compliance related reporting list lists, wttiw �•x on hft .//com iiance.lodielectric.com: � w M ww • Risk Managementand Compliance Prog ARK tikw o Attachment B: ICP • FERC Approved Standardswwrwti� wwy K ww ` • Risk Based Assessment Metho' fogy Fd4&"& ti ww'' ` O t' • Processes ,,yww w`}w:�"^•w",vyw;%�w,,`" 'R w ti ,"w'wy • Evidence Documents,"w;. • wK l% Compliance TasI6,w x•`. �. w;, w . ,� : ' p `�:w:wtia.w'.�•:nra ..w�. waw._ ,_ � • �� 'Call Lo •;`� ww a Substation Maine dotage Reportin Ma alidation Fo y,�xx w°w• w and logs are available MISo0g1t, Log A ``fix titiw ��:;x • Data Subrr .� t C , 'tnunications �tiwa"^:.w"w.a • Facility Modifib ions Documents 33 Compliance Training The City continually develops processes, procedures, and controls to help prevent the occurrence of regulatoryviolations. in addition, they encourage staff to participate in compliance related training and educational opportunities. Attachment B Page 32 of 42 • New Orientation All new employees are sufficiently trained to perform compliance related activity, including affected contractors and vendors, prior to them performing any compliance related duties. • Annual Training Annual training will be provided to all aptiplicabletftployees as described in the table below. Documentation of the tr ::rr n°g (sign" rtSshee: s training materials, completion certificates, and other refgence mater�sru�l.! be maintained in the Training log by employee. Controls ar` abpiace;to a;tttorte;reminders for upcoming training refreshers by employee;.,'`'. AttachmentB Page 33 of 42 Overview Awareness EUtmployees an`d"In`tig term h y contractors that are responsible for This training provides general informafi0nnks= NERC, FERC, WECC NERC Co�rliance or could be an and requiremeri��tecent'an,�,., q � 5° :,interface ,64 RC or WECC.. expected changes, and internal co4moliancek;. program changes. •�tirys, ry.4v`� ave`SY �rv'�ir lvry rvvl�vb". Sabotage Recognition an&.i"M ident ResporisN`e A ECtl7 employees and long-term ticotractors. Note: Any EUD This training describes riaet(iodologies for q 4�F,, idertttfyrn`gsab�U*ge, resp6b41r��gsabotage,"and�n ' employee or long-term contractor ,to q q� rrt attaining records'.a It supports tae Sabotage who does not receivethis training `,b b b, shall be made aware of who to Rd'eognition and lncrcieht,�Respon'se rocedure. contact who has receivedthe wv training, to report a potential YV ; sabotage event. Event AAAM!s q;, SMEs responsible for maintenance 4rO 4 .ti, h. tFr hF 4� ti This training 16wscribes t jk'Walysis, actions, and and incident reporting. reporting requii'&-f pts #Y all events. The training describes`I '41!tiectric System Disturbances, Protection System Misoperations, and Vegetation interruptions. Communication and Emergencu Resnonce SMEs responsiblefor receiving verbal communications from the This training describes required protocol for Transmission Operator, Balancing verbal communications when receiving directives AttachmentB Page 33 of 42 ' Electric Utility Department-NERC/WECC Internal Compliance Program 2. The electric department surves,,'t�s. staff each ""�'"' if'�'t.• identify areas for p X4w�wwr�r„,�w; tiw y Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 or when providing emergency assistance. Authority, or Rellabilky Coordinator. determined based on the score. High risk item&, rp ad " ', ., ty's overall risk inventory. The following describes the organizations megi for cQ`ici�isk assessment. 1. A NERC/WECC risk assessment is con' a ally or as nV*!`0w ti r rw4.kw:4 wyww 2. The electric department surves,,'t�s. staff each ""�'"' if'�'t.• identify areas for p X4w�wwr�r„,�w; tiw y improvement in the proced�i.?c�cesses. Irµlion, staff is encouraged w wwtiw to make suggestions to all �t 1` ies, pig ores and r ses at any time during ky yr www the wwwr www vww,4wwr:••, y?ww! year. 3. The NERC Compliail rector an,( "� NERi✓ b ., liance Administrator conduct risk assessmen 4rri " ings as necek, . and rr1 ,` the minutes/agendas. 4. wr w;, w w , w "w ww w rw.. ` ,www ``r . T following a 4�` "1l "htified as part' "5i, wri" kw'ssessment: "?4w wkwgti4 4,w \ r 0.ww''rtiy w `lw"+5''S q`w wg4v h e4`4+`4"v"w` 4 www viC�Ri 001, ns Yur w w' ,rior �w wh`Swi``y.RY yti4 '`:k;`.w'4w '.„r'.r`:w•?`?:;4 tiff r, • i%violatiolrr factors � .: • V1 % n SeverifVIO els w ;;;;,;r • Period; erformance related Requirements that have a higher proba'1y of occurrence. � Www +r We lel where additional self -audits or controls should be '?.;�•:ww�r:.•''w�."M4�w'w'w'�` 4yV 5. The Comp!*, 'e Administrator calculates a risk score after applying the assessment and utilizes itto evaluate areas for additional controls. Several high risk processes have automated controls in place to ensure completeness, accuracy and timeliness. Attachment B Page 34 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: I Document: Annual Approval: 1.0 12/1/2011 The electric department continuously manages regulatory compliance risk through (1) monitoring programs and continuously updating policies, procedures, (2)annual self - assessments and audits, and (3) hard coded controls. Hard controls include automated due date calendared reminders, forms with mandatory fields for collecting evidence. These hard and soft controls are part of a control environmentthat will help preventthe occurrence and, especially, the reoccurrence of violations. 35.1 Compliance Monitoring 35.2 The Compliance Administrator, who may bekAtit w '} changes that impact the Program. The EUD regulatory requirement. The process statemer are regularly modified when impacted by indu: opportunities for efficiency and effectiveness. each regulatory standard in the online complia In addition the City encourages its opportunities. Each NERC and WECC Reliability Stah'$9rd applic monitored on an ongoing bas�s��T�his monitorf S�`."nS4o r?q""•%K wq°rwxw.'. knowledge of sfandard requlrw�t�tents, perfor't4rr 4w.w<w performing an annual intent 611,budit (self-audjt) `w, instances of potential non``c�`itliance. The Citi+ w Www w w� w �`t;;�,"�:, on recotuien:clattors:,that cor�ieut of this mon A A.nual formal internal wnpliam appl'i64ble Reliability Standard;- The 4", audit:` ; <.,::. 4<•.s� •. tracted consultant, will monitor industry �cumente4;potes ses that address each �polii��'s, proce ares, and on-line forms w� ww � �c a liges or ident N internal 'wa ,. www , atr' tore identified ark dot nted for tool U -ed.to control th"e program. ate in traitlaz.and educational lett vthe City vATV,> a continually roc& ', r"n.cludes maintaining a thorough perioWOO iewsto confirm compliance, nd inf rxnmg managementof any Mw k �v #Oconstder or implement changes based process. dit is conducted for compliance with al I areas of concern are addressed in the self - Step Description 1. The Ni.�oe Administrator takes the role of the enforcement official and tori"ae` level of investigation that is anticipated from the regulator. 2. The self -au t is conducted at least annually. Audit results are reported and reviewed internally after each self -audit. Reports are retained in accordance with page 6. 3. Spot checks are performed prior to each self -certification. A self-report is provided to the Compliance Officer with a recommendation for approval. Attachment B Page 35 of 42 Fill Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 4. A self -audit allows you to find potential red -flag issues and allows time to Maj�ten`ance understand the issue prior to review with the regulator. 5. The self -audit provides a focus on areas of high risk. 6. Prompt self -reporting is initiated. Self -reporting may result in lower fines and .;sus indicate a mature compliance program that could mitigate future penalties. All audits are shared with the applicable City 35.3 Hard Controls Hard control include mandatory fields used to reminders, automatic escalation reminders, si Administrator reviews. Automated controls are in placeto have required fields to ensure com deadlines and deliverables are met reminders also, associated with, Mi and related deadlines are cretetif party. The Compliance Ad:mtti,.tral needed. Examples of hat4;°died c n, automatic "timeliness. SharePoint logs kk aatKcompliance-related 'ges automated the us' e of this system, tasks d assigned to a responsible status and take action, if " Protecticih stein► s :,,�; �eN "4 To eri�'ur� completeness, th��'`"arntenance system forms have Maj�ten`ance �rquired fefs that do not allow the maintenance personnel to Traciting System ti submit the orris until complete. .;sus To enure timelme"is, workflows send reminder messages to "h mamen:�nce staff and escalation messages to management. µ:. S Model Dat 4 44 To erj`�9�ne timeliness, workflows send reminder messages to Submittals `° ; :;w:;, mairtance staff and escalation messages to management. Event Analysis A014nts are logged. o ensure proper reporting, controls are in place to ensure identify when under frequency load shedding (UFLS) event occurred, equipment miss -operation, or a Bulk ElectricSystem Disturbance occurred. The controls provide instructions for proper reporting. Automatic email reporting is sent. Attachment B Page 36 of 42 To ensuretimely reporting, controls are in placeto send reminders for timely investigation and reporting of UFLS Events, miss - operations, and Bulk Electric System Disturbances. Procedure Approvals To ensure timely review and approval, controls are in place to ensure reminders are sent to review and escalated if review and approval is not timely. Training To ensure time) re i' coni` s� ' glace to monitor trainint g Y p 1M11 and retraining dates send rem ....and escalation reminders. Critical Infrastructure Protection Review 36 Self -Reporting To ensure timely revi "'i ntr 5�,� Qw`i6 to send automatic reminders when there �t;e City's a ..,:assets is due. 36.1 Discovery of Potential The City's is committed to contin`i'mprovems�in orde'pc. ign the ICP to prevent non- e "'.i' nr to i•Intn�•t_ " compliance activities from or^ 4. mmediately. To ensure that potential violati are detectal", igated, and r ". "� 4 'timely manner, the City has implement d l s i measM& k.. ,W -periodic revWi ,` ICP~ +: Detecting and Mif i�i.ng Pots , t; N,INV, ;. • ,,;,, .iodic Complianc tt iews • Cdtftftv Personnel w • Annual ,ft, ations 36.2 Responding to a I#AN ., . potential Violations Once potential non-compliance is discovered, the issue is reviewed and investigated with the assistance of applicable parties, a final determination as to whether a violation or not exists is made by the ROC. Once determined appropriate action is taken, including self -reporting or other remedial actions. The City's process for responding to, investigating and reporting potential violations includes the following steps. Attachment B Page 37 of 42 Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 To ensuretimely reporting, controls are in placeto send reminders for timely investigation and reporting of UFLS Events, miss - operations, and Bulk Electric System Disturbances. Procedure Approvals To ensure timely review and approval, controls are in place to ensure reminders are sent to review and escalated if review and approval is not timely. Training To ensure time) re i' coni` s� ' glace to monitor trainint g Y p 1M11 and retraining dates send rem ....and escalation reminders. Critical Infrastructure Protection Review 36 Self -Reporting To ensure timely revi "'i ntr 5�,� Qw`i6 to send automatic reminders when there �t;e City's a ..,:assets is due. 36.1 Discovery of Potential The City's is committed to contin`i'mprovems�in orde'pc. ign the ICP to prevent non- e "'.i' nr to i•Intn�•t_ " compliance activities from or^ 4. mmediately. To ensure that potential violati are detectal", igated, and r ". "� 4 'timely manner, the City has implement d l s i measM& k.. ,W -periodic revWi ,` ICP~ +: Detecting and Mif i�i.ng Pots , t; N,INV, ;. • ,,;,, .iodic Complianc tt iews • Cdtftftv Personnel w • Annual ,ft, ations 36.2 Responding to a I#AN ., . potential Violations Once potential non-compliance is discovered, the issue is reviewed and investigated with the assistance of applicable parties, a final determination as to whether a violation or not exists is made by the ROC. Once determined appropriate action is taken, including self -reporting or other remedial actions. The City's process for responding to, investigating and reporting potential violations includes the following steps. Attachment B Page 37 of 42 Electric Uti I ity Department-NERC/WECC Internal Compliance Program Version Rev. Date: I Document: Annual Approval: 1.0 1 12/1/2011 I "tir4r t 4 37 Remediating and Repeat Violations .•, �i e`r `` . To ensure that violations are remed iated and prevented from recurring, the City RD is implementingthe following measures: Attachment B Page 38 of 42 1. Potential violations of regulatory requirements are communicated and discussed with the Compliance Officer and the IAC Compliance Director. 2. The NERC Compliance Director and the NB;C Compliance Administrator leads an investigation with the SMEs and owners. The NERC Compliance Administrator will provide a report to the Corri-gliance Officer with recommendations. 4 "rr4r+•..` . y`.`4r�r%yti., 45 k. `4.. "rk'..'r`i. i'a w;'.^:*e.s `F ;Svy `"4.°"'44x`.`,"• 3. �`. e v. The Compliance Officer will submit.h.report tq,`S,�t C for determining if a violation has occurred and requirl reportrng�o twpplicable regulatory e•:`a,<,`'r. •, z y�'"x"w'4'sy's` 'F'y"�`w3r a encies. g '' ��;w•w;,;rwrr° .�r��%fix., 4. 55 iM1"rl5 ti: For instances where the NERC Compliance§A r,inistrator ands."'. � C C pliance 5'{5"xkk• 5 5�+55 �' � i 1, s"S rq`r. Director believes a potential violations exist aa45, ,,q ere process enla rcements 5tigation to<;:x<.ocument a description of are needed, the office leads the;:inyes Oil the potential violation (2)defer�in"i4e�th ,root cause (JiLyd.etermine steps being taken to prevent similar in,64"dnts froOdaccurring ($f'#$� a ment a mitigation `• r ,y ;,t, .+,".'"r.." ` tib'*:°x. r."<°d '.•'i,;, plan. 4.tiy , ""',fili 5. The NERC Com li c ASdministratra5rtnitiatesR 4+ p anw `' aeporting of the potential violation to thegppltable regulat&y,,,agenciegy4oNecessary. The,,Se.lf Report boa r3 be found o 5the�5 Ot Compliance Web Portal at: �can Ipoatal wecc ba Wand is reported`tffrobgh WebCDMS. Y rr° The subm�ttd Self -Repot Arad mitigation plan is also stored on the compliance 5 system for interriai tracking�4' w� 6: 5x5 It is the WECC cor ance stat bligation to submit all alleged non-compliance 5 r, z ,ti rmation to NES, accordance with the IAC Compliance Monitoring and A'4"y R `f Tcement Pro& (CMEP) and V1lKC internal enforcement guidelines. a5 r "tir4r t 4 37 Remediating and Repeat Violations .•, �i e`r `` . To ensure that violations are remed iated and prevented from recurring, the City RD is implementingthe following measures: Attachment B Page 38 of 42 t • ' Electric Utility Department- NERC/WECC Internal Compliance Program Version Rev. Date: Document: Annual Approval: 1.0 12/1/2011 2. All related processes, procedures, controls, and training programs are reviewed to ensure clarity. Updates are provided where necessary. 3. The mitigation plan is logged, tracked and verified to ensure remediation items are completed timely. 4. The IAC Compliance Administrator will provide additional data or information requested by the regulatory authority and willp�rovidemely updates on the status of the remediation plan to ti�01 gulata t "`3% (WECC, NERC, or S FERC). 38 $elf -fir iw igq 1. WECC will post Self-Certificatio-;orperiodic data' lection forms on the OAT! WECC webCDMS at least sixty (60 =�' m the subs 1period, but the City cannot submit forms u ntil the sub'rt " al perio . s begun. ,' 6 of the VAM Web Portal User Guide provide aformat! '` `' ning the' Certification submittal process. , 5 is �S"s'i: 'tiwr:;;°:ti 2. The NERC Co f iae Administra will per��rn forma! review of all actively � k k rior to each oal $ artifirntinn to nnrmra rmm�linnrp oreStan r s:p c A monitd ,^�ati ort wi"`,"" r"ovided to they` r�l+ic a Officer for review and approval. a no .� During `i r�jai se-�A,ification time line and after receiving approval from the ;` Compliances sr, the v Compliance Administrator will self -certify compliance with the Relial,°a',tandar .0,11.. 4. NECC will accept`ff #s Certification forms only during the submittal period. Failure to emit the forms h�'j to the end of the submittal period will result in non - co, �I ance. The �C Compliance Staff are to review Self -Certification submittals ine ac ability, and may request additional information if necessary. a Semi -an " Certifications are required for the CIP-002 through CIP-009 NERC Reliabilitv dards, and are not part of the annual Self -Certification process for all other Reliability Standards. Semi-annual Self -Certification forms will be posted on the WECC Compliance Web Portal at leastthirty (30)days priorto the submittal period. Semi-annual Self -Certifications must be received by WEOC from the City on January J.51h and Uy J.51h a=rsiingto the CJP impJamardalion schedule. The "Guidance for Enforcement of CIP Standards" document can be found on the NERC Website at: Attachment B Page 39 of 42 htto://www.nerc.com/files/Guidance on CIP Standards.pdf. The "Implementation Plan for Cyber Security Standardsfor CIP-002—CIP-009" can also be found on the NERC Website at: http://www.nerc.com/fileUploads/File/Standards/Revised Implementation Plan CI P-002-009.pdf. 4ti. 39 Document Retention Policy Unless otherwise specified hear on, al I major r demonstrating implementation of the ICP shot after a NERC/WECC off-site audit, whichever is retention period is 7 years. Providedocurne:,nt within 30 calendar da s. Y zN : 40 Storage All documents are stored inth comOtance sy! h ;ws �ronthis ICP ark .� i ence l stained for 61,a$hor,fid.1 year fey..`, Y`�"x"r`'.: ^, ;•<,y. ^.,. eater%ITN maximum re O it data w on toV1nd Npupon�eir request '/compliance.lodielectric.com. 41 Compliance System 4 ; 1 14<•r r The cvoto atn e sy tqm is use4d o Knonitor and trek the NERC Compliance Program and for '.4 S ; `+ ." Sym" : •.:1 r., v4 'e. tra,l�nthe ICP and e%rtfe4nce thatis implemented. Instructions to access this i%`forrnation are as foll6v!��w:; -•Action 1. 4r ,,Og on to the core lance system at: `l f mpIianet I;adielectric.comEnter your user name and password. Co�he El.. --*,",,.-Operations Superintendent if you do not have access. Attachment B Page 40 of 42 Electric Utility Department- NERC/WECC Internal Compliance Program Version -Rev. Dafte: Vq&L#jkent; Annual Approval: 1.0 .12/I./2= I 1 2. 1 Select Jnternal Co. V-jance Progra Type Name Compliance Assess Risk Compliance Communication Compliance Metric Compliance Organization all ICP Assessment Implement, Promote, and Enforce Leadership and Corporate Culture Mill Out Reach 4 Add document Add additional W;enation tot e ICP evidence files by clicking the "Add document" butt . Attachment B Page 41 of 42 Electric Utility Department-NERC/WECC Internal Compliance Program Version Rev. Date: 1.0 12/1/2011 Document: Annual Approval: 42 References FERC Revised Policy Statement on Enforcement, (May 15,2008) NERCCompliance Monitoring and Enforcement Program,WECC, (2010) WECC CMEP —Self -Reporting Form, (April 13,2009, Version 1) WECC Internal Compliance Program Self-Assessmentan&,—su_rv_ey.Update, (Feb. 9,2011) 43 Revision History�k 1.0 1 MJCooper ( First version 44 Responsible Senior Manager or Delegate 5 An authorized individual must sign and date this Program. By doing so, this individual, on information submitted herein is accu``r M- 1 ANN 1 This certifies that I am the Compl e Officer 2 1 am an officer authorized gn is EUD� 3 1 have read and am famili` th the cont submitted herein.t` 4 1 underst-anAlhat base d° a answers he 1 SERMternal Cori�t��the4di, certifies that the City of 1-611 'Ilnl bf.of the City of Lodi. � 111610 d any related documents may request more information rmation provided in this document is correct. Approval Page Page 42 of 42