1. Audit Committee Presentation Annual Audit Plan
March 7, 2000
Audit Committee Presentation Annual Audit Plan
Manufacturing Company
March 200X
© 2000 Arthur Andersen All rights reserved.
© 2000 Arthur Andersen All rights reserved.

2. Corporate Audit - Business Risk Assessment
Risk Assessment Interviews with Management
Validate:
Process
Universe
Risk Assessment Survey of Management
Approval By
Controller and
CFO
Prioritize
Audit Areas &
Draft Plan
FY0X
Audit
Plan
Risk
Universe
Integrated Audit
Team Risk
Assessment
Location
Universe
Audit
Committee
Approval
Prior Internal
Audit Results
INPUT
Planning Process
OUTPUT

3. Business Risk Assessment
EMPOWERMENT RISK
Accountability
Leadership
Authority/Limit
Outsourcing
Performance Incentives
Change Readiness
Communications
INFORMATION PROCESSING/
TECHNOLOGY RISK
Relevance
Integrity
Access
Availability
Infrastructure
INTEGRITY RISK
Management Fraud
Employee Fraud
Illegal Acts
Unauthorized Use
Reputation
OPERATIONS RISK
Customer Satisfaction
Efficiency/Productivity
Capacity
Inventory
Cycle Time
Obsolescence
Compliance
Labor/Employee
Product Acceptance
Product/Service Quality
Environmental
Health and Safety
Resource Availability
Resource Price Volatility
Trademark/Brand Name Erosion
OPERATIONAL
Product Pricing
Product Costing
Contract Commitment
Performance Measurement
Process Alignment
Regulatory Reporting
FINANCIAL
Budget and Planning
Accounting Information
Financial Reporting Evaluation
Taxation
Compensation and Benefits
Investment Evaluation
STRATEGIC
Environmental Monitoring
Business Portfolio
Valuation
Organization Design
Resource Allocation
Planning
Product Life Cycle
E N V I R O N M E N T R I S K
I N F O R M A T I O N F O R D E C I S I O N M A K I N G R I S K
P R O C E S S R I S K
Competitor Sovereign/Political Social/Cultural Technological Innovation
Shareholder Relations Financial Markets Labor Availability Sensitivity
Capital Availability Legal Catastrophic Events Regulatory Globalization
FINANCIAL RISK
Price
Interest Rate
Currency
Equity
Cash Flow
Opportunity Cost
Concentration
Default
Market
Settlement
Liquidity
Credit
In performing the risk assessment process, internal audit utilized the Business Risk ModelTM, to create a common risk language for discussions with management.
We also linked the risks identified to the corresponding processes.

4. Business Risk Assessment - Interviews & Surveys
World Wide Headquarters
General Counsel
CFO
Controller
Internal audit conducted interviews with
the following members of management to discuss:
objectives and goals for their areas of responsibility
strategy
risks that would threaten achievement of this strategy
processes where the risks
would manifest themselves
In addition, we surveyed 25 members of management.
Operations
Supply Chain
Environmental Health & Safety
Europe
Finance

5. Business Risk Assessment - Risk Data Gathering
Internal audit also gathered information from the following sources:
Integrated Audit Team
Identified potential audit areas based on understanding gathered from the External Audit team
Reviewed the process, risk and control analysis performed by the External Audit team
Prior Internal Audit Results
Reviewed prior two year’s Internal Audit Reports
Included prior Audit Universe risk ratings and General Risk Assessments
Analyzed the trends of audit issues and risks

6. Business Risk Assessment - Process and Location Universe
Categorized locations by customer group, product and geographic location
Identified where key processes were being performed throughout the company
Created a matrix of processes and locations, including the last time these processes and locations were subject to audits

7. Business Risk Map Significance (to assets, strategy, reputation, etc.)
March 7, 2000
Business Risk Map
Likelihood (considering controls and inherent risks)
Significance (to assets, strategy, reputation, etc.)
Liquidity - Cash Flow
Inventory and Obsolescence
Information Systems Access
Product/Service Quality
Regulatory Reporting
Financial Reporting Evaluation
Strategic Performance Measurement
Price - Currency
Globalization
Competitor
Operational Performance Measurement
Customer Satisfaction
Organization Design
Low
High
Outsourcing
Information Systems Integrity
Authority/Limit
Product Costing
Accountability
Communications
Resource Allocation
Employee Fraud/Illegal Acts
Contract Commitment
Labor Availability
Capacity
Compliance - Policies
Health and Safety
Budget and Planning
Compliance/Legal
Efficiency/Productivity
Performance Incentives
Credit - Default
Information Technology Infrastructure
Shareholder Relations
Management Fraud/Illegal Acts
Technological Innovation
Trademark/Brand Name Erosion
Leadership
Reputation
Business Portfolio
Labor/Employee
Catastrophic Event
Cycle Times
Resource Availability
Resource Price Volatility
Sensitivity
Information Availability
Liquidity - Opportunity Cost
Environmental
© 2000 Arthur Andersen All rights reserved.

8. Audit Plan Highlights
Integration with External Audit team on financial processes
Increased focus on corporate-wide processes
Identified cash flow and working capital improvement opportunities
Significant level of information technology auditing
Joint risk assessment by Internal Audit, External Audit, and Management
Location reviews will focus on several key processes identified during 200X risk assessment to leverage resources and share best practices; such processes include inventory management, warranty, forecasting and close the books
Use of process specialists

9. 200X Audit Plan Categories Scope Timing Comments Process Reviews - 6%
Payroll Operations Q3 Recently outsourced processes and new
T&E Administration Q HR/Payroll software implemented
Information Technology Reviews - 20%
Oracle Access Controls Q2
Network Security Q2 Decentralized process and prior audit issues
Network Security Q2 Outsourced service and prior audit issues
Centralized IT Function Q1
E-Commerce Security Worldwide Q3 Emerging risks as e-commerce develops
Interfaces Q1 Data integrity, delay in modules implementation
Business Process Reviews - 23%
Direct Materials Purchasing Q4 Critical component of supply chain
Deductions & Credit Memos Q3 Accuracy and efficiency of processing
Import/Export Process Q2
Consolidation Q Non-integrated systems
Cash Management Q2
Currency Management Q Currency hedging group
Credit and Collections Q1 Key area for process improvement

10. 200X Audit Plan Categories Scope Timing Comments
Location Reviews - 35%
Canada North America Q2 General controls review
Canada North America Q1 Follow up on significant control issues
from prior year
Other - 16%
Corporate Compliance Program Worldwide Q1 Review of monitoring process
Records Retention Worldwide Q1 High level review of policies and practices
Access Controls Design North America Q1 Participate in redesign of security structure
Minority Interest Calculation Europe Q2
Risk Assessment 200X Worldwide Q4
Follow-up on Prior Audit Issues Worldwide
Discretionary Projects Worldwide

11. Key Business Risks and Audit Plan Linkage
The risks stated above are risks at the company level. Each process audit will include a process level risk assessment.