We continue our exploration of the recently released COSO Corporate Governance Framework (the Framework) as a Public Exposure Draft. Today, we begin a deep dive into the six individual components with a discussion of Component 4—People. It was allegedly Warren Buffett who coined the phrase Culture eats strategy for breakfast. But let me tell you something else that’s equally true: people make or break both. In Component 4, the focus is squarely on people: how we attract, develop, compensate, and ultimately hold them accountable for creating long-term value.
This is a vital message for compliance professionals. Why? Because the most sophisticated compliance program on paper won’t protect your organization if the wrong people are making the wrong decisions for the wrong reasons. Compliance is not about abstract rules; it is about human behavior. And COSO’s People Component brings that reality home.
The framework outlines how boards and executive leadership must take responsibility for aligning people, systems, hiring, training, leadership development, compensation, and succession planning with the entity’s purpose, culture, and strategy. In other words, governance doesn’t end at the boardroom door; it extends to the front line.
Today, we break down COSO’s guidance and explore five key lessons for compliance professionals ready to lead on the people side of governance.
What Is the People Component?
COSO’s CGF defines the People Component as the foundational element that ensures the right individuals are in the right roles, with the proper support, and aligned to the right objectives. This component contains three key principles:
- Deploy People Strategy and Succession Planning
- Manage People and Compensation
- Drive Performance and Development
From the board to the front line, these principles focus on accountability, integrity, ethical leadership, and performance through the lens of talent governance.
Why This Matters to Compliance
This component affirms what we in compliance have always known: talent decisions are, in fact, ethical decisions. Incentives shape behavior. Leadership shapes tone. And people’s strategy shapes resilience.
For compliance professionals, the People Component is a golden opportunity to build bridges with HR, executive management, and the board. It empowers us to bring our risk lens to hiring, our ethics lens to incentives, and our accountability lens to performance management.
Five Key Lessons for Compliance Professionals
Lesson 1: People Strategy Is a Governance Issue—Be Part of the Planning Table
Principle 14: Deploy People Strategy and Succession Planning
Executive management must align people strategy with business goals, assessing future workforce needs, talent gaps, and leadership succession. The board provides oversight to ensure that the right talent is in place to deliver strategic objectives in an ethical and effective manner.
Compliance Tip: Partner with HR to understand how workforce planning encompasses compliance-critical roles, including data privacy, risk management, internal audit, and ESG. Ask how your company identifies future leaders who can model ethical conduct and resilience. Propose a compliance risk overlay in succession planning. Ask: “If this person moves into a high-impact role, do they have a track record of integrity and sound judgment under pressure? ”Build that into leadership assessments.
Lesson 2: Compensation Drives Behavior—So Monitor It Carefully
Principle 15: Manage People and Compensation
The board and executive management must ensure that compensation structures reward long-term value creation and ethical behavior, not just short-term results. This includes executive compensation, employee incentives, and total rewards strategies that align with core values.
Compliance Tip: Request visibility into compensation metrics, especially for sales, finance, and procurement teams. If employees are being rewarded solely based on volume or cost savings, that could signal a misalignment with ethical standards. Collaborate with HR and the compensation committee to include compliance and ethics indicators in bonus calculations. Consider investigation outcomes, training compliance, audit results, and peer feedback on values-based behavior.
Lesson 3: Onboarding and Offboarding Are Compliance Moments of Truth
The People Component makes it clear: onboarding and offboarding are governance checkpoints. Onboarding is your chance to set expectations. Offboarding is your last opportunity to capture lessons and protect integrity.
Compliance Tip: Work with HR to ensure onboarding includes live ethics training, culture orientation, and clear escalation procedures. Offboarding should include structured exit interviews with questions on pressure, misconduct, and retaliation risks. Review offboarding data for red flags. If high-performing employees are leaving due to ethical concerns or if leaders with compliance histories are going quietly, you need to escalate those patterns to leadership and the board.
Lesson 4: Performance Reviews Must Reflect How Results Are Achieved—Not Just What Is Achieved
Principle 16: Drive Performance and Development
The board and executive management are responsible for performance systems that reflect both outcomes and behaviors. Reviews must consider how goals were achieved in an ethical, collaborative, and aligned manner with core values.
Compliance Tip: Request that HR include ethics-based questions in performance reviews. For example: “Does this employee act as a role model for integrity? ” or “Does this person raise concerns appropriately? Pilot a 360-degree review process for leaders that includes peer, subordinate, and compliance input on tone, transparency, and trustworthiness. Utilize these results in succession planning and leadership development initiatives.
Lesson 5: Development Programs Must Include Ethics, Governance, and Risk Awareness
Too often, leadership development focuses on financial acumen and strategy but remains silent on ethics, oversight, and compliance. COSO advocates for executive and board education that enhances governance throughout the organization.
Compliance Tip: Offer to design or co-lead development sessions on ethical decision-making, speak-up culture, conflicts of interest, and stakeholder trust. Focus not just on what leaders should do, but on how they should think. Ask the board to adopt a continuing education policy that includes topics related to compliance and ethics. Bring in external experts, regulators, or thought leaders in ethics to refresh perspectives and address emerging risks.
Compliance’s Role in Talent Governance
Compliance professionals are not necessarily HR specialists, but they are the stewards of ethical risk, organizational culture, and accountability. COSO’s People Component gives us a clear lane to add value in three ways:
- Risk insight: Help assess where people-related risks are most concentrated, such as in high-pressure sales, international expansion, and acquisitions.
- Behavioral analytics: Use data to flag misaligned incentives, weak training completion, or trends in misconduct.
- Governance alignment: Support the board in aligning people, systems, and ethics with strategy and long-term value creation.
By engaging early and often in talent conversations, compliance can prevent misconduct, protect stakeholders, and promote resilience.
Educating the Board on People Governance
Bring these insights to your next board or audit committee session:
- Governance includes oversight of people, not just policies.
- Talent gaps in ethics, risk, or leadership can derail strategy execution.
- The board must understand how people systems align with values.
- Compliance can help assess whether compensation, performance, and succession planning are risk-aligned.
When boards connect people’s decisions to governance outcomes, compliance moves from operational support to strategic leadership.
Final Thoughts: People Are Governance in Action
Compliance is no longer just about controls. It is about character at every level of the organization. COSO’s People Component recognizes that the fundamental drivers of governance are people: directors who ask the hard questions, managers who model ethical behavior, and employees who speak up when something doesn’t feel right.
In the spirit of the Compliance Evangelist: Use this component to engage deeply with the human side of your organization. Help your company build a workforce that not only follows the rules but also embodies its values. That should be your legacy.
To read or comment on the full CGF Public Exposure Draft, click here. The comment period closes July 11, 2025.
