Michele K. Abraham Corporate Attorney-Ethics & Compliance The Timken Company

1. Assessing and Monitoring Risks Michele K. Abraham Corporate Attorney-Ethics & Compliance The Timken Company

2. Timken • Leading global manufacturer of highly engineered bearings, alloy steels, and related components and assemblies. • 20,000 employees • 28 countries • 2010 sales = $4.1 Billion

3. Risk Management Functions

4. Compliance Committees

5. Annual Compliance Process • Identify compliance risks • Rate “Significance” and “Likelihood” of compliance failure to establish “Priority Rating” • Identify business processes • Evaluate controls • Implement and enhance controls Risk Assessment Audit and Monitoring Training and Education Report to Chairman • Brief Chairman and CEO on processes undertaken by compliance committees • For “Moderate” or more “Severe” risks, identify audiences, topics, methods

6. Standard Legal Risk Areas

7. -7- “Significance” Rating Guide

8. -8- “Likelihood” Rating Guide

9. -9- “Priority” Rating Guide

10. Sample Business Unit Risk Assessment Heat Map

11. Annual Compliance Process • Identify compliance risks • Rate “Significance” and “Likelihood” of compliance failure to establish “Priority Rating” • Identify business processes • Evaluate controls • Implement and enhance controls Risk Assessment Audit and Monitoring Training and Education Report to Chairman • Brief Chairman and CEO on processes undertaken by compliance committees • For “Moderate” or more “Severe” risks, identify audiences, topics, methods

12. Audit and Monitoring

13. Section 2. Risk Control Summary

14. Annual Compliance Process • Identify compliance risks • Rate “Significance” and “Likelihood” of compliance failure to establish “Priority Rating” • Identify business processes • Evaluate controls • Implement and enhance controls Risk Assessment Audit and Monitoring Training and Education Report to Chairman • Brief Chairman and CEO on processes undertaken by compliance committees • For “Moderate” or more “Severe” risks, identify audiences, topics, methods

15. Global Risk Rating Bribery, Gifts and Entertainment Moderate Training Focus • Bribery of foreign officials • Facilitating payment exceptions • Accounting transparency • Acceptance or offering of gifts and entertainment • Audiences: Sales and Marketing, Purchasing, Supply Chain • Topics: Antibribery, Foreign Corrupt Practices Act, Gifts and Entertainment Risk Creating Business Processes • Hiring of third party intermediaries • Approval of expenses • Selling to or doing business with the government Compliance Landscape: By any calculation, international anti-bribery enforcement is increasing worldwide, as more countries move from enacting anti-bribery laws to initiating actions to identify and prosecute the individuals and companies who break them. The largest number of enforcement actions involves alleged bribe payments to officials in Iraq, Nigeria and China. The United States continues to dominate enforcement, undertaking three times more foreign bribery enforcement actions than all other countries combined. At the end of 2009, the DOJ and SEC combined were pursuing more than 120 FCPA investigations. The penalties can sometimes be dramatic, such as the US$1.6 billion in fines, penalties, and profit disgorgement that Siemens paid in 2008 for FCPA and bribery violations. Impact: We must scrutinize the third parties with whom we do business, including distributors and sales agents, especially where we are doing business with the government. Managers must be aware of red flags in approving expenses related to gifts and entertainment. Associates must understand our expectations for compliance through tone at the top communications and training.

16. Michele K. Abrahammichele.abraham@timken.com 330-471-7025 @mkabraham @timken