Citigroup (C)

Risk and Control Self-Assessment

        A formal governance structure has been established through the Risk and Control Self-Assessment (RCSA) Policy to provide direction, oversight, and monitoring of Citigroup's RCSA programs. The RCSA Policy incorporates standards for risk and control self-assessment that are applicable to all businesses and establishes RCSA as the process whereby risks that are inherent in a business' strategy, objectives, and activities are identified and the effectiveness of the controls over those risks are evaluated and monitored. RCSA is based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission) principles, which have been adopted as the minimum standards for all internal control reviews that comply with Sarbanes-Oxley, FDICIA or operational risk requirements. The policy requires, on a quarterly basis, businesses and staff functions to perform a RCSA that includes documentation of the control environment and policies, assessing the risks and controls, testing commensurate with risk level, corrective action tracking for control breakdowns or deficiencies and periodic reporting, including reporting to Senior Management and the Audit and Risk Management Committee. The entire process is subject to audit by Citigroup's Audit and Risk Review with reporting to the Audit and Risk Management Committee of the Board.

Risk and Control Self-Assessment

        A formal governance structure has been established through the Risk and Control Self-Assessment (RCSA) Policy to provide direction, oversight, and monitoring of Citigroup's RCSA programs. The RCSA Policy incorporates standards for risk and control self-assessment that are applicable to all businesses and establishes RCSA as the process whereby risks that are inherent in a business' strategy, objectives, and activities are identified and the effectiveness of the controls over those risks are evaluated and monitored. RCSA is based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission) principles, which have been adopted as the minimum standards for all internal control reviews that comply with Sarbanes-Oxley, FDICIA or operational risk requirements. The policy requires, on a quarterly basis, businesses and staff functions to perform a RCSA that includes documentation of the control environment and policies, assessing the risks and controls, testing commensurate with risk level, corrective action tracking for control breakdowns or deficiencies and periodic reporting, including reporting to Senior Management and the Audit and Risk Management Committee. The entire process is subject to audit by Citigroup's Audit and Risk Review with reporting to the Audit and Risk Management Committee of the Board.

Risk and Control Self-Assessment

        A formal governance structure has been established through the Risk and Control Self-Assessment (RCSA) Policy to provide direction, oversight, and monitoring of Citigroup's RCSA programs. The RCSA Policy incorporates standards for risk and control self-assessment that are applicable to all businesses and establishes RCSA as the process whereby risks that are inherent in a business' strategy, objectives, and activities are identified and the effectiveness of the controls over those risks are evaluated and monitored. RCSA is based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission) principles, which have been adopted as the minimum standards for all internal control reviews that comply with Sarbanes-Oxley, FDICIA or operational risk requirements. The policy requires, on a quarterly basis, businesses and staff functions to perform a RCSA that includes documentation of the control environment and policies, assessing the risks and controls, testing commensurate with risk level, corrective action tracking for control breakdowns or deficiencies and periodic reporting, including reporting to Senior Management and the Audit and Risk Management Committee. The entire process is subject to audit by Citigroup's Audit and Risk Review with reporting to the Audit and Risk Management Committee of the Board.

Risk and Control Self-Assessment

        A formal governance structure has been established through the Risk and Control Self-Assessment Policy (RCSA Policy) to provide direction, oversight, and monitoring of Citigroup's RCSA programs. The RCSA Policy incorporates standards for risk and control self-assessment that are applicable to all businesses and establishes RCSA as the process whereby risks that are inherent in a business' strategy, objectives, and activities are identified and the effectiveness of the controls over those risks are evaluated and monitored. RCSA is based on COSO (The Committee of Sponsoring Organizations of the Treadway Commission) principles, which have been adopted as the minimum standards for all internal control reviews that comply with Sarbanes-Oxley, FDICIA or operational risk requirements. The policy requires, on a quarterly basis, businesses and staff functions to perform an RCSA that includes documentation of the control environment and policies, assessing the risks and controls, testing commensurate with risk level, corrective action tracking for control breakdowns or deficiencies and periodic reporting, including reporting to Senior Management and the Audit Committee. The entire process is subject to audit by Citigroup's Audit and Risk Review with reporting to the Audit and Risk Management Committee of the Board.