Cypress Creek Renewables (CCR) recently passed an Operations & Planning (O&P) Reliability Standards audit conducted by SERC. GridSME sat down with CCR to discuss the experience, the results of the audit, lessons learned, and key takeaways. Here is the Q&A:

1. Can you provide a high-level summary of the audit?
   We were first notified by SERC in July 2019 that Cypress Creek was on the audit schedule for 2020 with a proposed audit date in May 2020. The official audit engagement began when we received the Audit Notification Letter (ANL) in January 2020. The ANL identified the specific Reliability Standards and Requirements included in the scope, as well as data requests related to organizational information and internal controls. Our audit scope included Operations and Planning (O&P) standards specific to the Generator Operator (GOP) registration and was conducted remotely by SERC. There were five audit team members, including a Point of Contact (POC) and an Audit Team Lead. Audit documentation was delivered via the SERC portal and the audit team reviewed our compliance evidence in a timely fashion and were very communicative throughout the process. SERC issued just one follow-up data request and finished their review ahead of schedule with zero findings. Overall, the audit went smoothly and was a great learning experience for our entity as one of the first solar specific GOPs to be audited in the SERC region.
   
   
2. What was the audit process like? Was there anything that took Cypress Creek by surprise? Was the process clear?
   The audit process was straightforward with deliverables, due dates, additional information requests, and responses communicated to us in a timely manner. We saw this process divided into 5 basic steps following Appendix 4C of the NERC Rules of Procedure:
   
   First, Cypress Creek was notified by SERC of our inclusion in the 2020 annual audit plan in July 2019 and was requested to confirm the proposed dates.
   
   Second, the Audit Notification Letter (ANL) was received about 4 months before the scheduled audit dates. Along with the ANL, there was also a Request for Information, and Certification Letter. The ANL identified the specific Reliability Standards and Requirements for evaluation and the regional entity’s preferred formatting on the Reliability Standard Audit Worksheets (RSAWs). The Request for Information (RFI) included a questionnaire on the organization’s internal control practices, and the Certification Letter requested general company information such as business organizational charts. The audit team scheduled an introductory call soon after delivery of the ANL to introduce themselves and to discuss the process.
   
   Third, the requested audit material was provided to SERC within 30 days. This upload included the completed RSAWs, associated evidence files, and responses to the RFI and Certification Letter.
   
   Fourth, the audit team reviewed the submitted information for compliance with the Reliability Standards. Following this review, SERC provided Cypress Creek with an audit update which included a preliminary determination status for the in-scope Reliability Standards. All standards had been assessed a status of “No Finding” except one, for which additional information was required and a corresponding data request was issued. Cypress Creek had approximately a week and a half to respond to the data request and upload additional evidence for their review of that Requirement. Cypress Creek received a second audit update in late March that confirmed all requirements were moved to a “No Finding” status.
   
   Fifth, SERC conducted an exit presentation, provided the draft audit report for Cypress Creek’s review, and delivered the final signed report to Cypress Creek. As communicated by the audit team during our opening presentation, if a potential non-compliance had been identified, the SERC audit team would have turned the proceedings over to the enforcement team following the exit presentation.
   
   We were pleased with how communicative the auditors were and how the audit was concluded ahead of schedule. Our Exit Presentation was held the last week of March, almost 2 months before our originally scheduled audit date in May. Our audit was also largely uninterrupted by COVID-19 as the audit had already been determined as off site and the initial evidence gathering had already been completed prior to travel restrictions being implemented.
   
   
3. What would Cypress Creek recommend to entities prior to an audit to prepare?
   We have a couple recommendations based on our experience and which worked well for us. (1) Conduct a mock audit. We recommend inclusion of all the applicable Reliability Standards to your registration and for your Subject Matter Experts to sit for mock interviews. This exercise is helpful to fine tune organization and presentation, RSAW narratives and citations, and most importantly, to confirm and obtain feedback on evidence. The objective is to prepare the RSAWs and evidence in advance as close to final form as possible. A mock audit will help confirm that your organization is ready for the audit or identify any areas of concern ahead of time. (2) Involve your management team early and often. Cypress Creek’s senior leadership was very supportive and prioritized being present and available to the compliance team throughout the audit. For example, the senior leadership team was present on the Opening and Exit Presentations and asked questions to the audit team, demonstrating engagement. The Regional Entities may notice touchpoints like this since there is a section in the Audit Report about Compliance Culture. (3) Review your Regional Entity’s audit resources. At Cypress Creek, we placed a priority on attending Open Forums and Compliance Seminars, and we were able to refer to internal notes and published recordings and presentations which helped us identify how the Regional Entity conducts their audits. This included identifying how SERC prefers evidence to be organized, including citation format and folder structure, which led to positive feedback from the audit team on our organization and presentation. 
   
   
4. During the audit, what were Cypress Creek’s interactions with the audit team like? How many of your team members interacted with SERC during the audit? Was the entire audit conducted remotely and did that introduce any unique challenges? What form of interaction and communication was most effective? 
   
   Our interactions with the audit team were positive and professional. The audit team members were responsive and, since the audit was designated as offsite from the initial notice, we went into the audit with a communication philosophy of “early and often” and did not face any unexpected challenges. While it is always a best practice to have designated Point of Contacts from each team, this was especially important for an off-site audit. Written communication was most effective and appropriate for correspondence related to material content while verbal conversations were most effective to establish a rapport with the auditors. For example, the introductory call and opening presentation were key opportunities for senior management to meet the auditors and demonstrate active engagement and for the compliance team to ask questions.
   
   
5. Did the audit result in any material changes to Cypress Creek’s compliance program, policies, or procedures going forward?
   Since our audit results included no recommendations and no potential non-compliances, there were no material changes made to Cypress Creek’s compliance program. The results and audit experience confirmed that our program and focus areas for development align with NERC’s risk-based approach and encouraged Cypress Creek to continuously improve elements of our program, such as internal controls. We were pleased to hear that the auditors had positive feedback for an entity of our size regarding our program structure and about the material contents of our documentation.