NERC Ids: Registered Entity Names NCR01319 Southern Company Services, Inc. – Gen NCR01320 Southern Company Services, Inc

NERC IDs: Registered Entity Names

NCR01319 Southern Company Services, Inc. – Gen

NCR01320 Southern Company Services, Inc. - Trans

Reliability Standards Compliance Operations (FERC Order 693) Audit Audit Scope: Report

Compliance Compliance Audit Monitoring Process:

Distribution: Public Version. Confidential Information Has Been Removed, Including Privileged and Critical Energy Infrastructure Information.

Lead Region: SERC Reliability Corporation (SERC)

Dates of Audit: From July 21, 2015 through October 22, 2015

Date of Report: December 16, 2015

Possible Violations None (zero) Identified:

Jurisdiction: United States

Table of Contents I. Executive Summary ...... 3

II. Audit Process ...... 4

Objectives ...... 4

Scope ...... 4

Confidentiality and Conflict of Interest ...... 5

Methodology ...... 6

Company Profile ...... 6

Audit Participants ...... 6

III. Audit Findings ...... 10

IV. Areas of Concern and Recommendations ...... 11

V. Compliance Culture ...... 12

I. Executive Summary SERC Reliability Corporation (SERC) conducted an Operations and Planning Compliance Audit of Southern Company Services, Inc. – Gen (NCR01319) and Southern Company Services, Inc. – Trans (NCR01320), collectively referred to as Southern Company from July 21, 2015 through October 22, 2015.

At the time of the Audit, Southern Company was registered for the functions of Balancing Authority (BA), Generator Operator (GOP), Planning Authority (PA), Reliability Coordinator (RC), Resource Planner (RP), Transmission Operator (TOP), Transmission Planner (TP), and Transmission Service Provider (TSP).

Southern Company was also registered for a Coordinated Function Registration (CFR) JRO ID JRO00047 for the PA function and JRO00048 for the TP function.

Southern Company performs the functions of Planning Authority (PA), Transmission Planner (TP), and Resource Planner (RP) for the following registered entities, respectively Alabama Power Company, Georgia Power Company, Gulf Power Company, Mississippi Power Company, Southern Power Company, Southern Company Services, Inc. – Trans and Southern Company Services, Inc. – Gen

The Audit team evaluated Southern Company for compliance with 73 requirements in the 2015 NERC Compliance Monitoring and Enforcement Program (CMEP) and the SERC CMEP Implementation Plan. The team assessed compliance with the NERC Reliability Standards (and Regional Reliability Standards if applicable) for the period of June 13, 2012 through October 22, 2015. Southern Company submitted evidence for the team’s evaluation of compliance with requirements. The team reviewed and evaluated all evidence provided to assess compliance with reliability Standards applicable to Southern Company at this time. Based on the evidence provided, no findings were noted for the Standards and applicable requirements in scope for this engagement.

The SERC Audit Team Lead certifies the Audit team adhered to all applicable requirements of the NERC Rules of Procedure (ROP) and CMEP.1

1 This statement replaces the Regional Entity Self-Certification process.

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 3

II. Audit Process The Compliance Audit process steps are detailed in the NERC ROP, the NERC CMEP, and the SERC CMEP Implementation Plan. The CMEP generally conforms to the United States Government Auditing Standards.

Objectives All registered entities are subject to compliance assessments with all Reliability Standards applicable to the functions for which the registered entity is registered2 in the Region(s) performing the assessment. The Audit objectives are as follows:  Review compliance with the requirements of Reliability Standards that are applicable to Southern Company, based on the functions that Southern Company is registered to perform  Validate compliance with applicable Reliability Standards from the NERC 2015 Implementation Plan list of actively monitored standards, and additional NERC Reliability Standards selected by SERC  Validate compliance with applicable Regional Reliability Standards from the SERC 2015 Implementation Plan list of actively monitored Standards, if applicable  Validate evidence of self-reported violations and previous self-certifications  Observe and document Southern Company’s compliance program and culture  Review the status of open Mitigation Plans

Scope The scope of the Compliance Audit included the NERC Reliability Standards from the SERC 2015 CMEP Implementation Plan. The Standards and requirements in-scope for this Audit are illustrated in Table 1 below:

2 NERC Rules of Procedure, Appendix 4C, Section 3.1, Compliance Spot Checks.

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 4

Table 1. Audit Scope Standards Requirement(s) BAL-001-1 R1, R2 BAL-002-1 R1 BAL-005-0.2b R7 COM-002-2 R1, R2 EOP-001-2.1b R2, R3, R4 EOP-002-3.1 R6, R7, R8 EOP-003-2 R8 EOP-004-2 R2 EOP-005-2 R1, R6, R9, R10, R11, R17 EOP-006-2 R1, R9, R10 EOP-008-1 R1, R3, R4, R7 EOP-010-1 R1, R2, R3 FAC-011-2 R1, R2, R3 FAC-014-2 R1, R2, R3, R4, R5, R6 IRO-002-2 R6, R7, R8 IRO-003-2 R1, R2 IRO-004-2 R1 IRO-005-3.1a R1 IRO-008-1 R1, R2 IRO-014-1 R1 MOD-001-1a R6 PER-005-1 R3 PRC-001-1.1 R3, R4, R5, R6 PRC-006-SERC-01 R1, R2, R3 TOP-002-2.1b R4, R11, R19 TOP-004-2 R6 TOP-006-2 R2 TOP-008-1 R4 TPL-001-0.1 R1 TPL-002-0b R1 TPL-003-0b R1 TPL-004-0a R1 VAR-001-4 R1, R2 VAR-002-3 R1, R2, R3

Confidentiality and Conflict of Interest Confidentiality and conflict of interest of the Audit team are governed under the SERC Delegation Agreement with NERC, and Section 1500 of the NERC ROP. Southern Company was informed of SERC’s obligations and responsibilities under the agreement and procedures. The work history for each team member was provided to Southern Company, which was given an opportunity to object to a team member’s participation on the basis of a possible conflict of interest or the existence of other circumstances that could interfere with a team member’s impartial performance of duties. Southern Company had not submitted any objections by the stated 15-day objection due date and accepted the team member participants without objection. There were no denials or access limitations placed upon this team by Southern Company.

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 5

Methodology The Audit team reviewed the evidence submitted by Southern Company and assessed compliance with the requirements of the applicable Reliability Standards. SERC provided Southern Company with a Request for Information (RFI) prior to commencement of the Audit. Southern Company provided Pre-Audit evidence at the time requested, or as agreed upon, by SERC. Additional evidence could be submitted until the agreed-upon deadline prior to the exit briefing. After that date, only data or information that was relevant to the content of the report or its finding could be submitted with the agreement of the Audit Team Lead.

The Audit team reviewed documentation provided by Southern Company and requested additional evidence and sought clarification from subject matter experts during the Audit. The evidence submitted in the form of policies, procedures, emails, logs, studies, data sheets, etc. were validated, substantiated, and cross-checked for accuracy as appropriate. Where sampling is applicable to a requirement, the sample set was determined by a statistical methodology, along with professional judgment.

The findings were based on the facts and documentation reviewed, the team’s knowledge of the Bulk Electric System (BES), the NERC Reliability Standards, and professional judgment. All findings were developed based upon the consensus of the team.

Company Profile Southern Company is the parent company of Southern Company Services, Inc., Alabama Power Company, Georgia Power Company, Mississippi Power Company, Gulf Power Company, Southern Power Company, Southern Nuclear, Southern Renewable Energy, Inc. and Southern Wholesale Energy. All companies operate independently and the President and CEO of each company ultimately reports to the Chairman, President, and CEO of Southern Company.

Southern Company provides electric service to more than 4 million homes, businesses and industries across the Southeastern US. Specifically, the Southern Company Services, Inc. footprint includes the states of Alabama, Georgia, Florida and Mississippi. The company has a vertically integrated system that contains 19,904 miles of transmission lines at five different voltage levels. The voltage levels are 46kV, 115 kV, 161 kV, 230 kV and 500kV. Historically, SCS system is a summer peaking system. During the summer of 2007, Southern Company Services, Inc. system load hit an all-time peak of 48,008 MWs. The summer peak load for 2011 was 45,754 MWs.

Audit Participants Following is a list of all personnel from the SERC Audit team and Southern Company who were directly involved during the meetings and interviews.

SERC Team Role Title Entity Audit Team Lead Compliance Auditor SERC

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 6

Team Member Sr. Compliance SERC Auditor Team Member Sr. Compliance SERC Auditor Team Member Program Support SERC Assistant Team Member Compliance Auditor SERC Team Member Compliance Auditor SERC Team Member ISME LG&E/KU Observer Supervisor of O&P SERC Audits

Southern Company Participants Title Entity Reliability Standards Southern Company Services Compliance Assurance Manager Ops Compliance Director Southern Company Services Project Coordinator Southern Company Services Ops Compliance Manager Southern Company Services System Ops Manager Southern Company Services Southeastern RC Southern Company Services Compliance Coordinator Southern Company Services TCC Ops Manager Alabama Power Company Manager Generation Data and Southern Company Services‐FOT Compliance Planning Manager Southern Company Services‐T Project Coordinator Southern Company Services‐BPO Principal Engineer Southern Company Services‐T Ops Compliance Manager Southern Company Services Compliance Coordinator Southern Company Services‐OPS Compliance

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 7

Fleet Operations Project Southern Company Services‐FOT Manager Operations Training Manager Southern Company Services ACC Support Manager Alabama Power Company Supervisor Training GPC Georgia Power Company General Manager, Bulk Power Southern Company Services Operations Transmission Compliance Southern Company Services Manager PCC System Operations Southern Company Services Manager BPO System Operations Southern Company Services Manager Planning Manager Southern Company Services Project Manager Southern Company Services System Operation Manager Alabama Power Company Engineering Manager Southern Company Services Generation Compliance Coordinator Southern Company Services Department General Counsel Southern Company Services Project Coordinator Southern Company Services Power System Coordinator Georgia Power Company Power System Coordinator Georgia Power Company Project Manager Georgia Power Company Training Southern Company Services PCC Operator Southern Company Services EMS Supervisor Southern Company Services PCC Operator Southern Company Services PCC System Operator Southern Company Services Sr. Power System Operator Alabama Power Company

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 8

Supervisor Alabama Power Company Sr. Power System Operator Alabama Power Company Sr. Power System Operator Alabama Power Company TCC Supervisor Alabama Power Company Power System Coordinator Alabama Power Company

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 9

III. Audit Findings

Based on the results of this Audit, no findings were noted for the Standards and applicable requirements in scope for this engagement.

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 10

IV. Areas of Concern and Recommendations

There were no areas of concern or recommendations noted by the Audit team during the engagement.

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 11

V. Compliance Culture

The SERC Audit team observed Southern Company’s compliance culture in conjunction with the Audit process. This observation was accomplished through a review of responses to the Internal Compliance Survey questionnaire, and additional information that was gathered during the Audit engagement and interviews. This included an observation of factors that characterize vigorous and effective compliance programs including: • Active engagement and leadership by senior management • Effective, in-practice preventive measures appropriate to the circumstances of the company • Prompt detection of problems, remediation of deficiencies, and reporting of violations

Date of Southern Company Audit: July 21, 2015 through October 22, 2015 Date of Report: December 16, 2015 12