​​​A Closer Look at Governance

Comments Views

In my last blog post, I promised a look at the elements of governance — a logical next step. Back in December 2007, in the "Governance Perspectives" column of Internal Auditor magazine, I wrote about auditing governance. The article included a sidebar that showed where I see the primary governance activities occurring. Today, I want to review that and go a little deeper. I will use a definition of governance as including the activities of the board and its committees, plus those of the internal audit function and an ethics/compliance officer.

First, here is a functional view of responsibilities:

Full Board

  • Board structure, objectives, and dynamics.
  • Hiring of top executives.
  • Assessment of CEO performance.
  • Oversight of organizational strategy, budgets, risk management, operational performance, acquisition success.
  • Delegation of authority.
  • Tone at the top.

Governance Committee

  • Board committee structure, charters, memberships.
  • Board and committee self-assessment.
  • Board education and training.
  • Awareness of governance best practices.

Nominating Committee

  • Hiring process for new directors.

Compensation Committee

  • Executive assessment and compensation.
  • Incentive programs.

Audit Committee

  • Ethics policies.
  • Whistleblower process and investigations.
  • Awareness and understanding of ethics policies and whistleblower process.
  • Oversight of external and internal auditors.
  • Oversight of financial reporting.
  • Oversight of financial forecasting.

Internal Auditing

  • Assurance over the adequacy of governance and risk management processes, and related controls.
  • Consulting services to add value and improve governance and risk management processes, and related internal controls.

Ethics/Compliance Officer

  • Ethics policies.
  • Whistleblower process and investigations.
  • Awareness and understanding of ethics policies and whistleblower process.
  • Compliance audits.
  • Reporting to the board and executive management.


  • Shareholder meetings.
  • Shareholder communications.

A second view is by COSO layer:

Control Environment

Board of Directors

  • Corporate organization, strategy, tone, delegation of authority

Audit Committee

  • Oversight of external auditing and internal auditing, reviews of financial reporting, etc; ethics program oversight.

Compensation Committee

  • Executive compensation.

Governance Committee

  • Board structure, etc.

Risk Assessment

Board of Directors

  • Oversight of risk management.

Audit Committee

  • Reviews of financial reporting and financial management risks.

Control Activities

  • Annual ethics certifications.
  • Budget approvals.
  • Preparation of materials for board or committee review (by extension).
  • Recruiting of C-level executives and directors.

Information and Communications

  • Shareholder meetings.


Board of Directors

  • Reviews of operating performance and executive performance.

Audit Committee

  • Oversight of external reporting, external auditors, internal auditors, etc.

Governance Committee

External Auditors

Internal Auditors​

Is this consistent with your view of the elements of governance?



Comment on this article

comments powered by Disqus
  • Idea-September-2020-Blog-1
  • Galvanize-September-2020-Blog-2
  • CIA-September-2020-Blog-3