We continue our exploration of the recently released COSO Corporate Governance Framework (the Framework) as a Public Exposure Draft. Today, we begin a deep dive into the six individual components with a discussion of Component 1: Oversight. It is a pillar that every compliance professional should study with the care of a board director preparing for their first 10-K briefing. The Framework is a clarion call for compliance professionals to rethink how we engage with governance, board structure, and accountability. Today, we will break it down and then dive into five lessons we must take back to our programs.
What Is Oversight in the COSO Framework?
The CGF defines oversight as the foundation of effective governance and long-term value creation. It begins with a board that is informed, independent, and proactive in directing strategy, supervising executive leadership, and maintaining organizational integrity.
But COSO doesn’t stop at roles and titles. The Oversight Component is made up of six principles:
Principle 1: Establish Board Structure and Exercise Oversight
This principle emphasizes that the board must create a well-defined governance structure with clearly assigned roles, responsibilities, and committees. It must actively exercise its oversight duties to support management’s execution of strategy while maintaining accountability to shareholders and stakeholders. Compliance professionals should engage early to ensure that governance structures also include strong compliance and ethics coverage, whether as standalone committees or integrated into audit or risk structures.
Principle 2: Appoint Board Leadership and Members
Boards must appoint competent, diverse, and independent leaders who possess integrity, objectivity, and a range of skills necessary to guide the organization effectively. Board leadership, whether a chair or lead independent director, must also foster effective decision-making and conflict resolution within the boardroom. Compliance teams should be prepared to assess and brief leadership on whether the board’s independence and composition are suited to today’s complex risk environment.
Principle 3: Select CEO and Delegate Authority
The board is responsible for selecting the CEO and formally delegating authority for strategic execution and operational decision-making. This includes maintaining clarity over which powers the board retains and which are delegated to management, ensuring accountability and effectiveness. Compliance should help define these boundaries, ensuring they include escalation protocols for compliance violations, investigations, and significant legal risks.
Principle 4: Establish Executive Structure and Effectively Manage
Executive management, with board oversight, must implement a governance structure that clearly outlines roles and responsibilities while enabling strategic execution, risk management, and ethical conduct. It requires maintaining effective internal communication and accountability mechanisms across business units. This principle affirms the compliance officer’s role in building the scaffolding for transparency and internal integrity in decision-making.
Principle 5: Operate the Board Effectively
Boards must regularly evaluate and refine their processes, calendars, and communication practices to optimize their oversight role. This includes utilizing executive sessions, clear meeting agendas, providing director access to management, and maintaining structured documentation to promote effectiveness and accountability. Compliance can support this effort by briefing directors on best practices for board effectiveness and helping to integrate compliance topics into existing agendas.
Principle 6: Uphold Shareholder Rights and Accountability
Boards and executive leadership must ensure that shareholder rights are protected and that disclosures enable informed decision-making and active engagement. This includes facilitating transparent communication, majority voting, and responding to shareholder concerns with respect and accountability. Compliance should assist in evaluating disclosure risks, supporting governance transparency, and managing the evolving expectations of institutional and activist investors.
Why It Matters to Compliance
Here’s the bottom line: Oversight defines the altitude from which the board governs—and the depth to which management is held accountable. It is where compliance either has a voice or is left scrambling to clean up messes.
As COSO puts it, oversight is shaped by:
- Legal and regulatory obligations
- Listing exchange standards
- Shareholder and stakeholder expectations
- Evolving risks and strategic complexity
Crucially, effective oversight depends on trust, transparency, and the willingness of directors to challenge management when necessary. If you are a compliance officer, you are the steward of that trust every time you walk into the boardroom or brief an audit committee.
Five Key Lessons for Compliance Professionals
Lesson 1: Structure Drives Behavior—Support the Right Board Composition
COSO reminds us that structure is not simply about paperwork; rather, it is about performance in waiting. Boards must have the right mix of committees, including audit, compensation, and nominating/governance, as well as tailored structures for emerging risks such as cybersecurity, ethics, and compliance.
Compliance Tip:
Be proactive in suggesting committee enhancements. If you see ESG risks mounting, propose a joint compliance-risk-ESG working group. If your board lacks a compliance-specific charter, now is the time to offer a draft. Offer benchmarking from peer organizations or industry regulators. Bring data to the table when proposing changes to board governance.
Lesson 2: Director Independence and Expertise Matter—Help Evaluate It
The CGF emphasizes that a supermajority of the board should be independent and that independence extends beyond a lack of financial ties; it also encompasses freedom from undue influence, appropriate tenure, and cognitive diversity.
Compliance Tip:
Your compliance and risk reports can shape how directors perceive their effectiveness. Provide clear, factual, and nuanced briefings, especially around risk appetite, incident investigations, and policy gaps. Encourage your board to adopt a skills matrix and evaluate directors on competencies related to ethics, compliance, and oversight, in addition to finance and operations.
Lesson 3: Board–Executive Relationships Are a Two-Way Street—Support the Feedback Loop
COSO emphasizes that executive management and the board need a trust-based, collaborative relationship. This means access to information, clarity of delegation, and open channels of communication, especially in a crisis.
Compliance Tip:
Use your role as a bridge, not a barrier, between management and the board. Ensure the board has access to accurate, real-time insights into investigations, emerging compliance issues, and root cause analyses. Help define and document escalation protocols. In times of crisis, ambiguity kills. Clear lines of escalation protect both the board and the business.
Lesson 4: Oversight Extends to Culture—Not Just Numbers
One of the most progressive moves COSO makes in this component is tying board oversight to organizational culture and behavior modeling. Directors must demonstrate ethics, respect, and transparency, just like the CEO.
Compliance Tip:
Start including culture indicators in your regular reporting, such as hotline trends, employee engagement results, training completion rates, and code of conduct violations. Do not simply report metrics; instead, contextualize them to make them more meaningful for your audience. Invite board members to participate in listening sessions or ethics town halls. Direct exposure to employee sentiment builds empathy and accountability.
Lesson 5: Shareholders Are Oversight Partners—Prepare for Transparency
The CGF challenges entities to uphold shareholder rights and engagement through transparent disclosures, majority voting for directors, and stewardship activities.
Compliance Tip:
Work closely with investor relations and legal to ensure your compliance-related disclosures are accurate, meaningful, and aligned with shareholder expectations. Don’t wait until an activist investor demands it. Conduct a pre-mortem with your team and board: If an activist investor were to challenge our compliance program, where would they strike first? Fix that area today.
What’s New and Noteworthy?
There are several leading-edge considerations embedded in the Oversight section that every compliance officer should note:
- Expanding compensation committee roles to include culture, diversity, and talent oversight
- Increased use of executive sessions for confidential discussions without management
- Policies to prevent overboard, especially for sitting executives and CEOs
- Structured onboarding and offboarding for directors to maintain freshness and avoid stagnation
These are not just governance best practices. They are compliance enablers. A stagnant board is a blind board. A distracted director is a dangerous one.
Final Thoughts: Oversight Is a Team Sport
Too often, compliance professionals think of board oversight as something that happens to us; we prepare the decks, present our updates, and answer tough questions. But COSO’s Oversight Component invites us to flip the narrative. We are not bystanders in governance; we are builders of it. Tell the story.
When we engage with the board with clarity, courage, and consistency, we not only raise the profile of compliance but also enhance our credibility. We help shape an oversight model that can weather disruption, lead through crisis, and deliver long-term value. Let your voice be heard in the boardroom. Do not just brief on the risks; build the systems that make risk manageable. This is our moment. Let’s own it.
To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes on July 11, 2025.
