Compliance and Internal Controls

Risk Management

CSN operates in a globalized and increasingly complex market and is therefore exposed to a number of risks that may affect its strategies and performance. Aiming to improve the monitoring of the risks inherent to this exposure, the Company assesses its strategic, operating, financial and regulatory risks. This process is conducted in accordance with the methodologies defined by ISO 31000 and the framework of the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). CSN consolidates the major risk factors and assesses the likelihood of their occurrence, as well as their potential impacts on the organization. Based on this mapping, the areas and business units are responsible for implementing action plans to mitigate the risks or reduce them to acceptable levels, thereby avoiding significant impacts.

Internal Controls

The Company’s shares are traded on the São Paulo Securities, Commodities and Futures Exchange (“B3”) and on the New York Stock Exchange (“NYSE”) through American Depositary Receipts (“ADRs”), and are subject to the capital market rules established by the Brazilian Securities and Exchange Commission (“CVM”) and the Securities and Exchange Commission (“SEC”) in the United States.

In order to assess and mitigate risks that may impact its financial statements, the Company maintains a framework of internal controls, which are reviewed and reported to the Audit Committee in accordance with the principles established by COSO and certified annually by the external auditors, in compliance with the Sarbanes Oxley Act (“SOx”).

Internal Audit

CSN maintains an independent Internal Audit Department, which advises on and reports material facts to the Board of Directors, the Audit Committee and the Board of Executive Officers. It is responsible for analyzing the correct application of resources and the prevention of risks to the assets of the companies comprising the CSN Group, providing support for the achievement of planned results, and improving processes and internal controls, whether to enhance financial and operating performance or to prevent risks of loss and fraud, and consequently, any damage to CSN’s corporate image.