RISK, COMPLIANCE AND INTERNAL AUDIT MANAGEMENT

Risk Management

CSN operates in a globalized and increasingly complex market and is therefore exposed to a number of risks that may affect its strategies and performance. Aiming to improve the monitoring of the risks inherent to this exposure, the Company assesses its strategic, operating, financial and regulatory risks. This process is conducted in accordance with the methodologies defined by ISO 31000 and the framework of the Committee of Sponsoring Organizations of the Treadway Commission ("COSO"). CSN consolidates the major risk factors and assesses the likelihood of their occurrence, as well as their potential impacts on the organization. Based on this mapping, the areas and business units are responsible for implementing action plans to mitigate the risks or reduce them to acceptable levels, thereby avoiding significant impacts.

Internal Controls

The Company’s shares are traded on the São Paulo Securities, Commodities and Futures Exchange ("BM&FBOVESPA") and on the New York Stock Exchange ("NYSE") through American Depositary Receipts ("ADRs"), and are subject to the capital market rules established by the Brazilian Securities and Exchange Commission ("CVM") and the Securities and Exchange Commission ("SEC") in the United States.

In order to assess and mitigate risks that may impact its financial statements, the Company maintains a framework of internal controls, which are reviewed and reported to the Audit Committee in accordance with the principles established by COSO and certified annually by the external auditors, in compliance with the Sarbanes Oxley Act ("SOx").

Compliance

The CSN Group has developed a Compliance Program to regulate the activities of its employees or third parties, based on the prevailing legislation and the Company’s own internal policies and regulations, seeking to ensure that its businesses are governed by corporate integrity, transparency and the highest ethical standards.

The Compliance area, which reports to the Board of Directors and the Audit Committee, is responsible for ensuring that the Group’s activities comply with its internal rules and those issued by the regulatory authorities. The idea is to identify those points in need of attention and ensure proper compliance with market requirements.

This process also includes continuous training of employees and the monitoring of conformity with the Compliance Program.

The Company maintains a confidential complaints channel so that employees and other stakeholders can report or seek support regarding ethical and behavioral issues related to possible violations of laws, regulations and internal rules,. Confidentiality, anonymity and non-retaliation are guaranteed. This channel is available by phone, e-mail or conventional mail:

Telephone: 0800-884-2006
External email: canal_denuncia@csn.com.br
Internal email: CANAL DENUNCIA
Conventional mail:
c/o Risk and Compliance Office
Av. Brig. Faria Lima, 3400 - 20º. Andar - Itaim Bibi - São Paulo - SP - CEP 04538-132

We also provide a channel for questions and additional information on compliance:

Email: compliance@csn.com.br

Internal Audit

CSN maintains an independent Internal Audit Department, which advises on and reports material facts to the Board of Directors, the Audit Committee and the Board of Executive Officers. It is responsible for analyzing the correct application of resources and the prevention of risks to the assets of the companies comprising the CSN Group, providing support for the achievement of planned results, and improving processes and internal controls, whether to enhance financial and operating performance or to prevent risks of loss and fraud, and consequently, any damage to CSN’s corporate image.