COSO Corporate Governance Framework

State Corporate Law: Governs formation, operation, and dissolution of corporations, defining legal frameworks, shareholder rights, and fiduciary responsibilities.

Federal Statutory and Regulatory Requirements: Laws like the Sarbanes-Oxley Act and Dodd-Frank Act, often developed in response to corporate failures, focus on specific aspects of governance and financial markets, such as disclosure and compliance obligations for public companies.

Stock Exchange Listing Requirements: Pre-eminent exchanges like NYSE and Nasdaq impose listing standards covering aspects such as "board independence, committee structure, audit and other committee composition, and the adoption of governance guidelines and a code of ethics and conduct."

Market-Based Solutions or Rules: Shareholders, market intermediaries, and proxy advisors can influence the adoption of new governance standards, often led by large-cap corporations.

Boards: Can use the CGF to align governance with "entity’s values, strategy, and long-term objectives," establish tone, reinforce cultural expectations, and assess their effectiveness.

Executive Management: Supported in balancing authority with accountability and transparency, using the CGF to strengthen governance practices and enhance decision-making.

Shareholders: Gain increased visibility into governance practices, enabling them to "develop engagement strategies to determine whether an entity’s approach to corporate governance is aligned with how shareholders expect it to deliver value."

Board Structure and Oversight (Principle 1): Emphasizes defined roles, responsibilities, and committees, with active oversight to support management and maintain accountability. Directors' responsibilities are largely determined by fiduciary duties (care and loyalty), protected by the business judgment rule.

Audit, overseeing financial reporting, internal control, and internal audit (IA) independence;

Compensation, developing executive compensation policies aligned with strategic objectives; and

Nominating/Governance, shaping governance guidelines and board composition.

Board and Director Attributes (Principles 1 & 2): Highlights the importance of directors engaging in "thoughtful inquiry," demonstrating "professional skepticism," and committing to "continuous learning." A "super-majority of the board is independent," a leading practice promoting objective oversight. Board composition should reflect "a range of experience and expertise aligned with the key opportunities and risks derived from the entity’s strategy," including "cognitive diversity."

CEO Selection and Delegation (Principle 3): The board delegates significant authority to the CEO and executive management, formalizing matters reserved for the board versus those delegated.

Executive Management Structure (Principle 4): The CEO assembles an executive team with necessary skills to execute strategy ethically. Management-level committees support cross-functional collaboration and decision-making.

Board Effectiveness (Principle 5): Emphasizes effective board meetings, timely and accurate board minutes (maintained by a corporate secretary), and adherence to a clear Delegation-of-Authority Policy. Key governance documents include Articles of Incorporation, Bylaws, Corporate Governance Guidelines, and Board and Committee Charters.

Shareholder Rights and Accountability (Principle 6): Upholding shareholder rights through "clear, transparent disclosures," facilitating "meaningful dialogue," and enabling informed voting. Shareholders can influence through proxy voting and direct engagement, with a strong preference for director election by majority vote.

Purpose and Core Values (Principle 7): The board and executive management define a clear, enduring purpose as the "fundamental reason for being," aligning core values to guide decision-making and shape behaviors.

Strategy Development and Communication (Principle 8): Understanding competitive value, assessing the validity of the business model, and communicating relevant parts of the strategic plan internally and externally, tailored to different audiences.

Strategy Execution (Principle 9): Establishing an operating model to support strategy execution, allocating capital and resources, and creating operating plans and budgets aligned with strategic plans. The board approves capital allocation and monitors its implementation.

Performance Measurement and Adjustment (Principle 10): Tracking progress against strategic goals using financial and non-financial KPIs, with board oversight, and adjusting the strategy as necessary.

People Strategy and Planning (Principle 14): Executive management establishes a people strategy aligned with business strategy, including talent planning, diversity, equity, and inclusion, with board oversight. The board also reviews board succession plans (multi-year horizon, 3-5 years).

Managing People and Compensation (Principle 15): Establishing effective compensation structures (including for directors and executives) that align with strategic objectives and shareholder interests, and managing performance effectively.

Driving Performance and Development (Principle 16): The board annually assesses its own performance and, periodically, individual directors. The CEO sets clear goals for executive management, and the entity has established processes for employee performance assessment and development programs, including upskilling/reskilling.

Information Quality (Principle 17): Committing to the quality, accuracy, and timeliness of information for decision-making and external disclosures, emphasizing consistent terminology and effective document retention policies.

Strategic Stakeholder Engagement (Principle 18): Identifying key internal and external stakeholders and establishing channels for information sharing, feedback, and addressing concerns. This includes shareholder engagement (e.g., through CFO, corporate secretary, IR) and board engagement with other key stakeholders (employees, regulators).

Effective Internal Communication (Principle 19): Ensuring consistent, transparent, and timely internal communication to align employees with purpose and strategy.

Transparency (Principle 20): Maintaining transparent disclosures, forming a Disclosure Committee for external reporting oversight, and safeguarding material non-public information. Entities increasingly face pressure to take public policy stances, which the board oversees.

Risk and Opportunity Management (Principle 21): Executive management establishes a risk management approach aligned with the entity’s strategic plan and risk appetite. The CGF references the Three Lines Model (First Line: risk and control ownership; Second Line: risk oversight; Third Line: IA providing objective assurance).

Risk Culture and Monitoring (Principle 22): Promoting a risk-aware culture and establishing monitoring processes to identify and assess risks.

Internal Control (Principle 23): Board oversight of internal control development and performance, with executive management designing and monitoring a recognized system (e.g., COSO’s Internal Control Integrated Framework). IA plays a vital role in providing assurance and insights, including assessing corporate governance effectiveness.

Monitoring Governance Effectiveness (Principle 24): Routinely monitoring governance effectiveness, evaluating internal and external changes, and refining processes for continuous improvement and long-term value creation.