Governance, Risk and Compliance Software Implementation on the Rise Among Utility Firms
FREMONT, CA: Utility firms are catching up with their compliance issues with many of them acquiring governance, risk and compliance softwares. The ever increasing pressure on stricter regulatory standards for greater grid reliability and cyber security is driving rapid adoption of compliance tools, enterprise risk management (ERM) softwares in the industry.
Observing this trend, Alexander Osipovich reports for Risk,net, how power companies like Xcel Energy is managing risks of accidents, financial accounting errors and complying with the rules issued by the US Federal Energy Regulatory Commission (FERC). Richard Flodin, Manager of IT risk and compliance at Xcel says that things got better after the firm invested in RSA Archer, GRC tool from EMC Corporation. "The big benefit of that is that we can have a process where we can predict risks that are coming, and then proactively set up defences against those risks to mitigate them."
Vendors selling GRC tools confirm that utilities and power companies are investing in the technology to improve the effectiveness of their ERM programs while addressing the challenge of regulatory compliance."We're seeing a lot of interest from energy companies," says Brenda Boultwood, Senior Vice-President of industry solutions at MetricStream, a California-based GRC software vendor.
The compliance tools basically facilitate the firms to create a ‘customizable framework that allows various teams and individuals within a company to keep track of operational risk and compliance issues,’ reports Osipovich. When it comes to the US utility companies, the most primary function is to fulfill the terms and conditions for power grid reliability and cyber security rules enforced by FERC and the North American Electric Reliability Corporation (NERC). To protect against the increasing instances of cyber attacks the NERC has implemented stricter regulations which details how sensitive electronic assets should be secured.
With GRC tools all this can be attained quite easily. "Compliance people don't really have a way to keep their finger on the pulse of what's happening in the organization, in a lot of cases, to make sure that the compliance posture is sustainable. GRC is a tool that allows them to do that," says Michael Tibbs, Senior Vice-President and Chief Operating Officer of Corporate Risk Solutions.
