Your Ask Joey ™ Answer

What is the governance and culture principle of ERM?

Governance and culture is one of the key components of the COSO ERM framework. Governance sets the organization’s tone, reinforcing the importance of, and establishing oversight responsibilities for, enterprise risk management. Culture pertains to ethical values, desired behaviors, and understanding of risk in the entity. The 5 principles related to governance and culture consist of:

Exercises Board Risk Oversight – The board of directors provides oversight of the strategy and carries out governance responsibilities to support management in achieving strategy and business objectives.

Establishes Operating Structures -The organization establishes operating structures in the pursuit of strategy and business objectives.

Defines Desired Culture – The organization defines the desired behaviors that characterize the entity’s desired culture.

Demonstrates Commitment to Core Values – The organization demonstrates a commitment to the entity’s core values.

Attracts, Develops, and Retains Capable Individuals – The organization is committed to building human capital in alignment with the strategy and business objectives.


Back To All Questions

You might also be interested in...

  • What are the components of the COSO ERM framework?

    The COSO Enterprise Risk Management (ERM) framework applies a risk-based approach as opposed to a control-based approach. The overall objective of the ERM framework is to attain reasonable assurance that the company objectives and goals are achieved, and that the company meets performance expectations. The main components of ERM include governance and culture, review and revision, information and communication, strategy and objective-setting, and performance:

  • What are the key components of the COSO internal control framework?

    Just remember it would be a CRIME to forget the 5 components. The 5 components of the COSO internal control framework include control environment, risk assessment, information & communication, monitoring, and existing control activities.