1. Slide 1 Internal Controls 101 June 23, 2011

2. Slide 2 Introductions Tim Waterman – General Dynamics Advanced Information Systems (GDAIS) Keith Rivers – United Technologies (UTC) Sam Onwuanaibe - Harris Corporation Benjamin Lindorf - Institute for Defense Analyses

3. Slide 3 Over 7,200 employees o 75% hold security clearances Headquarters in Fairfax, VA Many locations including customer sites Delivering end-to-end intelligence and cyber mission integration and solutions to defense, intelligence and homeland security communities General Dynamics Advanced Information Systems

4. Slide 4 Internal Controls Internal controls are designed to provide reasonable assurance that objectives are achieved in the following categories: o Effectiveness and efficiency of operations o Compliance with laws and regulations o Reliability of financial reporting = Sarbanes Oxley Internal controls are evaluated at two levels: o Entity-level (contains control environment) o Activity-level (transaction-level) o Examples of each on the following slide

5. Slide 5 Internal Controls (cont.) Internal controls are evaluated at two levels: o Entity-level Example  The company has policies and procedures for all major business processes, they are reviewed on a regular basis and updated, if necessary. All policies and procedures are located on the Company's intranet and are accessible by all employees. o Activity-level (transaction-level) Example  Each timecard is approved by the employee’s supervisor, or designated alternate in the event of supervisor absence.

6. Slide 6 Life Cycle of an Internal Control Risk Assessment Define & Document Operate / Perform Validate / Test Effectiveness Report

7. Slide 7 Life Cycle of an Internal Control (cont.) Example of Vendor Management Controls o Risk = Fictitious vendors are input to the system, allowing for fictitious cash disbursements o Control #1 = New vendors are added in Oracle by the Purchasing department and the accounts payable department has inquiry only access to this vendor information o Control #2 = Oracle only allows the user (accounts payable department) to pay an established vendor Risk Assessment Define & Document Operate / Perform Validate / Test Effectiveness Report

8. Slide 8 Examples of GD Controls Ethics Controls: o There is an Ethics Officer at CHQ and at each business unit o There is an Ethics Helpline to facilitate anonymous reports o The organization publicizes the existence and importance of the GD Standards of Business Ethics and Conduct to employees on an annual basis o All new hires complete an Ethics Acknowledgement Form, which acknowledges that the employee has received and read the GD Standards of Business Ethics and Conduct o Employees are required to participate in ethics training every other year o Corporate Internal Audit performs implementation and follow-up reviews of each of the Ethics Programs

9. Slide 9 Examples of GD Controls Other Controls: o Each business unit and Corporate Internal Audit conducts a detailed annual Risk Assessment that is updated periodically throughout the year o All finance new hires have a background and credit check completed prior to start date (background check for all new hires) o Each business unit has created its own Delegation of Authority (DOA) subject to the CHQ DOA, and is used to scrutinize transactions in the conduct of its business o The company has policies and procedures for all major business processes  Policies and procedures are reviewed on a regular basis and updated, if necessary  All policies and procedures are located on the Company’s intranet, or equivalent, and are accessible by employees