APPA - Enterprise Risk Management LCRA’s ERM Journey Presented by JoEllen Peterman, ERM Program Manager March 29, 2007

2 –How & Why We Chose ERM –LCRA’s ERM Structure and Scope –LCRA’s ERM Process, Reporting & Tracking –What’s On the Horizon? LCRA’S ERM Journey

3 –Top Down Guidance ○General Auditor ○Chief Financial Officer –Driven by COSO & Best Practices ○Internal Control Policy Adopted ○Business Units (BU) Directed to Address Risk Analysis to Fit Their Needs (2 year period) ○Critique of BU Specific Risk Management Activities & Recommendations on How to Proceed  Executive Sponsor and Project Manager  Interdisciplinary Team  External Consultant How & Why We Chose ERM

4 LCRA’s ERM Structure General Manager Community Services Risk Control Manager Transmission Services Corp. Risk Control Manager Water Services Risk Control Manager Corporate Services Risk Control Manager Wholesale Power Services Risk Control Manager ERM Oversight Committee CRO, CFO, COO, CAO Internal Advisors Treasurer Controller Internal Audit Legal Meets Qrtly or more frequently Chief Risk Officer Chair, ERM Oversight Committee Board of Directors Audit Committee ERM Program Manager Manages and Coordinates ERM Activities Key evangelists of ERM Program Embedded in BU with dual reporting

5 –Includes Risk Management Process NOT Content –Does Not include Middle Office Functions for Fuels & Energy Risk Management –Includes Political, Operational, Employee and Staffing, Regulatory, Financial, Environmental, Technological, and Security Risks LCRA’s ERM Scope

6 *Risk owners are responsible for maintaining and reporting status of risk mitigation activities at ERM Oversight Committee Meetings and at the BU level. Transmission Community Water BU Level Risk Registry* Wholesale Enterprise Level Risk Registry* Quarterly ERM Oversight Committee Meetings Risk Watch List Emerging Issues Risk Analysis Annual Business Plan Risk Analysis Corporate LCRA’s ERM Process

7 LCRA’s ERM Process - continued ○Initially Very Simple  Defined Impact & Probability  No Differentiation Between Nominal and Residual Risk ○Process Has Evolved and Matured Over 2 Years  Beginning to Differentiate Between Nominal and Residual Risk (aids in deciding on best form of mitigation)  Assigning Risk Ownership with Accountability and Measures of Success  Better Integration with the Annual Business Plan Process  Expanding to include Integration with Special Interest Groups ●Engineering Peer Review Team ●Project Management ●Internal Controls Self Assessment ●IT Standards Group ●Capital Funding Project Oversight & Management ●Emergency Preparedness Team

8 –After Effects of Hurricane Katrina and Rita ○Tool Created Focus for Staff Across LCRA ○Nine Days to Produce Aggregated Report of Risks & Prepare Report to Management & Board ○Critiqued and Improved Process –Drought Management ○Facilitated Risk Work Session ○Refining Process – Gaining Efficiencies in Process ○Two or Three Day Turnaround for Initial Risks Registry LCRA’s ERM Process - continued Highlights of Growth in Emerging Risk Process

9 –FY2006 Business Plan Risk Evaluation ○Semi-integrated (no metrics) ○Some Push-back From BUs  Critiqued and Improved Process Again –FY2007 Business Plan Risk Evaluation ○Integrated & Top-Down Driven (including metrics)  Still Developing Reporting ○Less Push-back / More Support From BUs LCRA’s ERM Process - continued Highlights of Growth in Annual Business Planning Risk Evaluation Process

10 –Continue Concurrent Critique and Process Improvement –Refine Risk Metrics & Integrate with BU Scorecards –Develop and Implement Training Module for New Supervisors and Managers What’s On the Horizon