The following points of focus highlight important characteristics relating to this principle:

The board of directors or equivalent oversight body (the "board") understands the business and expectations of stakeholders, including customers, employees, investors, and the general public, as well as legal and regulatory requirements and related risks. These expectations and requirements help shape the objectives of the organization, oversight responsibilities of the board, and resource requirements.

The board has the authority to hire as well as terminate, as necessary, and establish succession planning for the chief executive officer or equivalent, who is then charged with overall execution of the entity's strategy, achievement of its objectives, and effectiveness of the system of internal control. The board is responsible for providing oversight and constructive challenge to management.

Depending on the jurisdiction, oversight structures are developed voluntarily or as mandated by law, regulation, or standards, such as stock exchange listing standards. While requirements for privately owned, not-for-profit, or other entities may vary, publicly listed companies in many jurisdictions require committees at the board level to focus on specialized topics, such as:

Board oversight is supported by structures and processes that management establishes at a business-execution level. For instance, management committees may focus on topics such as information technology, products/services, process, or other aspects of the business requiring dedicated focus. Management continually assesses risks posed by the changes in the operating environment (e.g., emergence of new technology, heightened regulatory requirements, and business model evolution) and addresses the implications for the internal control system.

While the board retains oversight responsibility, the chief executive officer and senior management bear direct responsibility for developing and implementing the internal control system. Depending on the type of organization and its strategy, structure, and objectives, operating units may have more or less autonomy designing the processes and structures to enable internal control. For example, while one organization may implement an enterprise resource planning system that standardizes all major processes and controls, another organization may leave it to each division to determine and implement those most suitable to its business activities.

The board of directors is independent from management and demonstrates relevant skills and expertise in carrying out its oversight responsibilities. Independence is demonstrated in the board member's objectivity of mind, action, appearance, and fact. A publicly listed company is typically required to have a majority of its directors be independent and with no current or recent personal or professional relationship with the entity. (In some jurisdictions, this is also a requirement for all members of some committees of the board, such as audit committees.) The factor of independence and relevant expertise also considers the various board seats held by each of the board members to limit any bias or conflict of interest that could result from board members sitting on other company boards.

Because a board must be actively engaged at all times and be prepared to question and scrutinize management's activities, present alternative views, and have the courage to act in the face of obvious or suspected wrongdoing, it is necessary that the board include independent directors. Certainly, officers and employees bring deep knowledge of the entity to the table, but independent directors with relevant expertise provide value through their impartiality, healthy skepticism, and unbiased evaluation.

Privately owned, not-for-profit, or other entities may find it costly or otherwise difficult to attract competent independent directors. Depending on applicable requirements (some may not be required to have a board of directors), it may be incumbent on these organizations to identify professional and personal qualities of the candidate important to the entity (e.g., understanding of stakeholder perspectives, internal control mindset) and establish a board with members who demonstrate these qualities. In such rare cases where entities are unable to have an independent board, they recognize this factor and evidence different processes and controls that result in adequate oversight.

Board composition is determined considering the mission, values, and various objectives of the entity as well as the skills and expertise needed to oversee, probe, and evaluate the senior management team most appropriately. The size of the board is determined by considering the appropriate number of members to adequately facilitate constructive criticisms, discussions, and decision making. Capabilities expected of all board members include integrity and ethical standards, leadership, critical thinking, and problem-solving. Further, the board is expected to include more specialized skills and expertise, with sufficient overlap to enable discussion and deliberation, such as:

The expertise and independence of the board of directors are evaluated regularly in relation to the evolving needs of the entity. Board members participate in training as appropriate to keep their skills and expertise current and relevant.

The board of directors is involved in exercising oversight for the development and performance of internal control through each of the five components of the Framework, as illustrated in the table below:

Transparency obligations reinforce accountability of both senior management and the board of directors. While disclosure requirements and expectations may differ by jurisdiction, industry, or otherwise, the board of directors oversees that such needs are understood and met over time. Reporting to the board of directors occurs both on a regular and ad hoc basis, as needed, to help the board oversee the issues relating to the system of internal control.