Question 40
Domain 1 — Governance and Risk Management FrameworksWhich component of the COSO ERM framework focuses on the integrity and ethical values of the organization?
Correct answer: C
Explanation
Governance and Culture is the COSO ERM component that sets the organization’s tone, emphasizing "integrity and ethical values" in how risk is managed. It establishes oversight, accountability, and the cultural foundation that supports effective enterprise risk management.
Why each option is right or wrong
A. Risk Assessment
B. Control Activities
C. Governance and Culture
COSO’s Enterprise Risk Management framework identifies the first component as Governance and Culture, which is the part that establishes the board’s oversight, management’s accountability, and the organization’s desired conduct. It is the component that expressly addresses integrity and ethical values, because COSO ERM 2017 places tone at the top and culture under this domain rather than under strategy, performance, review, or information/communication.
D. Information and Communication