 *connectedthinking Managing Risk and Performance Enterprise Risk Management Trends, Opportunities, and Challenges

PricewaterhouseCoopers Page 2 Why Enterprise Risk and Performance Management? Enterprise risk management provides enhanced capabilities to align risk appetite and strategy; link growth, risk, and return; enhance risk- response decisions; minimize operational surprises and losses; identify and manage cross-enterprise risks; provide integrated responses to multiple risks; seize opportunities; and rationalize capital. Investors reward Corporations that continue to seek ways to deliver shareholder value growth. Enterprise Risk Management is an integral and essential component of a risk and value based management framework. Incorporating Enterprise Risk Management is transforming the goals, planning, decision making and performance measurement processes of major companies.

PricewaterhouseCoopers Page 3 Foundational Methodology: COSO ERM Framework The Risk Management Framework Three Foundational Aspects: 1. Achieving Entity Objectives: Strategic Operations Reporting Compliance 2. Applies to activities at all levels of the organization 3. Has eight interrelated components

PricewaterhouseCoopers Page 4 An effective ERM program begins with an inventory of an entity’s strategies, goals and objectives… Company Goal: Grow the business at a steady rate Maximize shareholder wealth Expand profitable venture capital investments Develop a family of diversified businesses Goal: Reduced earnings volatility Improve decision making process Increase risk awareness Goal: Safe work place and no damage to the environment Reduce injury rates Reduce emissions Customer Goal: Be the preferred supplier Improve quality of service and variety of product offerings People Goal: Motivated, productive employees Encourage and reward performance that supports strategy and vision Social Goal: Add value to the communities in which we operate Improve the socio-economic well being of our communities

PricewaterhouseCoopers Page 5 …along with target metrics or KPIs for these objectives and acceptable tolerance levels. Company Goal: Grow the business at a steady rate Maximize shareholder wealth Expand profitable venture capital investments Develop a family of diversified businesses Goal: Reduced earnings volatility Improve decision making process Increase risk awareness Customer Goal: Be the preferred supplier Improve quality of service and variety of product offerings People Goal: Motivated, productive employees Encourage and reward performance that supports strategy and vision Goal: Safe work place and no damage to the environment Reduce injury rates Reduce emissions Social Goal: Add value to the communities in which we operate Improve the socio-economic well being of our communities MetricTarget Return on venture capital provided Revenue and operating income by business Change in operating income Complaints by type (sales, T&D, service) Customer retention rate Employee turnover Cost per employee (wages and benefits) Lost time and recordable injury rates Emissions compared to industry average Tone of media coverage (red/yellow/green) Rate of return> WACC > 25% > Sales <> Op Inc Reduce 5% 90-95% TBD Reduce 5% Reduce 8% Green # of hours volunteered by employeesTBD

PricewaterhouseCoopers Page 6 The goals, objectives and associated metrics are set by treating the entity as a portfolio of businesses… Sub Units/Processes - Risks - Risk management actions - Estimates of residual risk and performance Sub Units/Processes - Risks - Risk management actions - Estimates of residual risk and performance Sub Units/Processes - Risks - Risk management actions - Estimates of residual risk and performance Information Systems Goal 2 Metric 2 Aerospace Goal 3 Metric 3 Marine Systems Goal 4 Metric 4 Corporate Goal 1 Metric 1 Sub Units/Processes - Risks - Risk management actions - Estimates of residual risk and performance Land Systems Goal 5 Metric 5

PricewaterhouseCoopers Page 7 Business Processes Corporate risk profiles …beginning first at the corporate level, then to the business level, to the process level, and back again. Corporate objectives, metrics & target, enterprise uncertainty scenarios Process-level objectives, metrics & targets Process risks, risk management plans, residual risks Business unit objectives, metrics & targets; business unit uncertainty scenarios Business unit risk profiles Corporate Operating Companies / Business Units

PricewaterhouseCoopers Page 8 Event Identification – Illustrative Output

PricewaterhouseCoopers Page 9 Risk Assessment High LIKELIHOOD Moderate Low Moderate High SIGNIFICANCE High Priority Moderate Priority Low Priority Risk assessment can also be used to assess and rank the likelihood and significance of risks. A sample criteria could consider the following: Likelihood: Degree of Change - The degree of change the business process has experienced recently, internal management changes or entrance into new business areas. Results of Previous Audits - The relative level of control as indicated in past internal audit activities related to the business process. Human Resources - The stability of the group and the quality of service provided. Process Complexity - The maturity of the business process and any known inherent risks, such as, the number of hand-offs between business units/departments, the complexity of related systems and the inter-relatedness of the process to other aspects of the business. Significance: Materiality - The relative value or importance of the objectives and risks related to the business process or activities, considering potential for fraud. Management Concerns - Level of concern expressed by management.

PricewaterhouseCoopers Page 10 $10 $40 $30 $20 Low >3 years Medium 1 to 3 years High Once or more per year Frequency of Occurrence $50 $60 A B F C D E G H I J K L Event Category A – Access to capital: Insufficient funds available to business unit. B – Suppliers: Ability to develop & maintain quality supply chain. C – Technology: Impact of technological changes on the product life D – Competition: Change in the competitive landscape resulting from industry consolidation, legislative change, regulatory change, etc. E – Litigation: Adverse resolution of material litigation F – Credit: Counterparty’s financial ability to perform under its existing agreements G – Funding: Impact of interest rate changes on cost of capital H – Labor: Ability to attract and retain skilled labor at competitive rates. I – Leadership: Right people to drive business and efficient decisions J – Governance: Ethics & government compliance K – Systems: Upgrades, enhancements L – Market Prices: Impact on value of trading positions due to changes in market prices M – Environmental: Remedial actions required by EPA Risk Assessment – Illustrative Output M

PricewaterhouseCoopers Page 11 The risks to achieving these objectives and corresponding risk responses are then analyzed using relevant quantitative/qualitative techniques. Objectives Map Risk Map Control Map Risk Management Response High Eliminate Risk Transfer Risk Accept Risk Reduce Risk HazardUncertaintyOpportunity Action Planning and Reporting of Residual Risk Determine Risk Strategy State and Prioritize Objectives Identify and Analyze Risks Assess and Design Control High Most Critical Objectives Low Critical Control Improvement Areas Excessive Control Areas Most Critical Risks Business Impact Business Impact of Risk Business Impact Timing Probability of Occurrence Level of Control Long-Term Immediate Over Under

PricewaterhouseCoopers Page 12 Information and Communication, Monitoring – Illustrative Output Risk Report Summary Rank Risk Profile Risk Description Performance Measure Actions to Manage RiskOwner Target Date Action Status 1 Variability of earnings due to uncertainty of supply chain prices Deviation from budget Hedging; Enhanced risk management 2 Incorrect pricing of end-user risk management products offered by trading Variance between realized and projected earnings Formal procedure for development of pricing models; Back-testing of model results; Independent Model Review 3 Reduced efficiency and employee output due to workplace accidents Total lost time Training of employees for required safety standards; Review for compliance with the standards 4 Human Resource RiskEmployee turnover and surveys Improved hiring and training; Competitive compensation 5 Information Technology and Systems Total time systems were unavailable Identify and develop action plans for critical systems; Business continuity and disaster recovery planning

PricewaterhouseCoopers Page 13 How to Implement ERM

 *connectedthinking © 2007 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as the context requires, other member firms of PricewaterhouseCoopers International Ltd., each of which is a separate and independent legal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP.