CEO REPORT Thomas F. Schrader ERCOT Board of Directors December 14, 2004

CEO Report  Fee Settlement  Audit Response Action Plan  Security Work Plan  Chander Ahuja, Director of Security

December 14, 2004 Fee Settlement  Challenge  Effective use of resources  Aggressive effort  Cost savings  Activities & projects  Documentation & Justification

December 14, 2004 Management Action Plan (MAP) Internal Control Environment Management Activities Specific ProjectsProcess Redesign Audit Response  Internal control mgmt. program  Cultural change  Roles & responsibilities  Internal Audit  Fixed asset inventory  Lawson  Policies & procedures  Security initiatives  HR projects  Fixed asset management  Contracting & procurement  Hiring  Other TBD  Mission/vision/goals  Org. structure  Budget -- review of activities/expenses  Cost tracking  Risk assessment  Mgmt. reporting Audits Fee Settlement Roadmaps Mgmt. Planning & Practices Management Action Plan

December 14, 2004 Preliminary Programs Schedule

December 14, 2004 Audit Tracking System  Provides comprehensive and consistent method to track all recommendations  Improves accountability for management’s action plans  Helps ensure completion dates are met

December 14, 2004 Security Work Plan 2005 Chander M. Ahuja Director of Security

December 14, 2004 Strategic Security Vision  Crown Jewels  People, Information, Physical assets  Responsibility  Security is a part of every job at ERCOT  Security lifecycle  Requirements, Communicate, Integrate, Measure, Report  Remediation process features  High risk first, Business ownership for execution, Verify  2005 Goals  Accountability  Establish comprehensive, integrated ERCOT Security Practice  Remediation with a concentrated effort

December 14, Security Plan Audits EY Roadmap Best Security Practices ERCOT 2005 Security Plan Tasks to address Audit findings (Responses) Tasks to Establish strong practices (Practices) Tasks to close large gaps (Projects) Accountability Establish practices Remediation GOAL:

December 14, 2004 Strategic Initiatives  Asset Classification Initiative  Secure Information Initiative  Access Control Initiative  Physical Security initiative  Security Vision initiative