top of page
Search

COSO releases new Corporate Governance guidance

  • Writer: Katarzyna Celińska
    Katarzyna Celińska
  • 10 hours ago
  • 1 min read

Some time ago I mentioned that COSO (Committee of Sponsoring Organizations of the Treadway Commission) was working on new guidance for corporate governance. Now it’s here, officially released yesterday: “Corporate Governance: Guiding Principles for Board Oversight.”

 

Photo: Freepik


For anyone working in GRC, internal control, risk management, audit, compliance, and cybersecurity, this publication is a natural next step in the COSO “family”:

➡️ Internal Control—Integrated Framework

➡️ Enterprise Risk Management—Integrating with Strategy and Performance

➡️ and now Corporate Governance guiding principles for boards.

 

COSO explicitly positions this guidance as a board-level reference point to bring coherence where governance expectations can be fragmented. It provides a structured lens for board dialogue and oversight.

It is designed to be applicable across public, private, and not-for-profit entities, and across geographies.

The guidance follows a consistent COSO-style structure and is organized into 12 interrelated principles.

 

The principles cover:

➡️ Board Governance Structure

➡️ Board Accountability

➡️ Board Composition and Leadership

➡️ Board Effectiveness

➡️ Purpose, Mission, and Values

➡️ Culture, Conduct, and Tone at the Top

➡️ Strategy, Objectives, and Performance

➡️ Technology and Data

➡️ Stakeholder Engagement

➡️ Executive Leadership and Succession

➡️ Executive Performance and Compensation

➡️ Risk Management and Internal Control

 

For practitioners in IT and cybersecurity, Guiding Principle 8: Technology and Data is an important signal: COSO places technology oversight explicitly on the governance agenda. The principle states that boards should oversee technology and data practices and opportunities to ensure they align with strategy and risk appetite and enhance performance and resilience.  COSO also directly links technology and data to key board-relevant risk areas: cybersecurity threats, data privacy, outages, third-party failures, and unintended consequences of advanced technologies such as AI.



 
 
 

Comments

Stay in touch

office@itgrcadvisory.com

ITGRC ADVISORY LTD. 

590 Kingston Road, London, 

United Kingdom, SW20 8DN

​company  number: 12435469

Privacy policy

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
bottom of page