ACCA welcomes the opportunity to contribute to the Corporate Governance Framework (CGF) - Public Exposure issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and National Association of Corporate Directors (NACD). We acknowledge and support efforts to produce a framework that complements COSO’s Internal Control (IC) and Enterprise Risk Management (ERM) frameworks. As a starting point, the CGF sets out a solid structure and core set of principles.
ACCA views boards of directors, governance professionals, risk leaders, and internal auditors in U.S.-based public companies as the primary users of the CGF. We recommend refinements to enhance the framework’s practical value for a wider range of organisations, including small to medium-sized enterprises (SMEs) and not-for-profits.
Central to those enhancements is strengthening the integration of ethical leadership, behavioural accountability, and forward-looking governance practices. Improving integration of dynamic risk oversight, in line with COSO’s ERM and ISO 31000, is equally as important. Such changes will bolster the CGF’s credibility as a reference point globally. ACCA offers five overarching suggestions, as set out below. These are followed by detailed observations and proposed amendments in response to the survey questions.
- Risk should function both as a constraint and as an enabler of long-term value. The principles would benefit from a stronger focus on ethical leadership, board–management delineation, and decision-useful risk integration. We recommend incorporating risk culture as a board oversight domain and expanding board responsibilities to include setting and reviewing risk appetite.
- The CGF reimagines corporate governance as a dynamic and adaptable system, rather than a checklist of policies and requirements. However, Principle 21 describes the board’s role in reviewing risk profiles as an output not integrated with strategy. To address this gap, ACCA proposes amendments that infuse risk in operational and strategic workflows.
- ACCA suggests including a standards mapping table, comparing CGF principles to key regulations in the US (such as SEC Regulations and The Sarbanes-Oxley Act of 2002), along with COSO’s IC and ERM frameworks. We recommend doing the same for international standards, such as ISO 31000 and G20/OECD Principles of Corporate Governance. A standards mapping table will support both interoperability and clarity.
- The CGF draft lacks the value language found in the ISO 31000 Risk Management framework. Explicit principles on continuous risk assurance would facilitate alignment with ISO’s ‘continual improvement’ ethos. Guidance on using governance for strategic decision-making (and opportunity creation) would be of use too.
- Based off feedback from ACCA members, consideration should be given to the ‘four lines of sight model for risk management.’1 The model contains four distinct elements: Insight, Foresight, Hindsight, and Oversight. We see it as offering a nuanced template for aligning RM with organisational objectives and risk appetite.
To read our response in full, please download the consultation document found on this page.