In Malta, this question has particular relevance at a time when governance quality is receiving increasing attention across organisations and sectors. Governance affects not only the organisation itself, but also confidence in the broader business environment. Where oversight is weak, the consequences may extend beyond a single entity and raise wider concerns around trust, accountability, and resilience.
Against this backdrop, COSO’s 2026 publication ‘Corporate Governance: Guiding Principles for Board Oversight’, developed with PwC, provides a practical framework for how boards can discharge their oversight responsibilities across interconnected governance themes. Although the publication is directed primarily at boards, its themes are also relevant to the functions that support, monitor, and assess governance in practice, including internal audit and other oversight functions.
The twelve principles are:
Taken together, these principles present governance as a connected model of oversight, in which board structure, leadership, behaviour, strategic focus, information flows, incentives, and control all influence the quality of decision-making.
Global principles, local resonance
In Malta, governance requirements and expectations vary across entity types, each operating within its own legal, regulatory, or best-practice context. In that setting, the COSO guiding principles provide a helpful common lens through which organisations can assess whether board oversight is sufficiently robust, coherent, and forward-looking.
For MFSA-authorised entities, the relevance is particularly clear. The MFSA Corporate Governance Code gives prominence to effective boards, internal controls, stakeholder engagement, and organisational culture, themes that are also central to the COSO principles. What the COSO publication adds is greater clarity on what effective oversight requires in practice.
One practical example is board structure, leadership, and accountability. COSO’s principles on Board Governance Structure, Board Accountability, Board Composition and Leadership, and Board Effectiveness emphasise the need for clear responsibilities, balanced leadership roles, appropriate independence, and periodic review of how the board is functioning. The MFSA Code speaks to many of the same concerns and does so more explicitly in some respects, including by stating that the Chairperson should not also act as Chief Executive Officer, in order to avoid concentration of authority and distinguish board leadership from the running of the business. In Malta, this means boards need to think not only about formal composition, but also about whether leadership arrangements genuinely support independent challenge, effective decision-making, and credible oversight.
This is also where the two frameworks complement each other. The MFSA Code gives clear attention to board composition and leadership structure, while the COSO principles go further in highlighting the quality of boardroom discussion, challenge, and oversight needed for effective decision-making in practice.
Another important point is the relationship between purpose, culture, strategy, incentives, and control. COSO’s principles on purpose, mission, and values; culture, conduct, and tone at the top; strategy, objectives, and performance; executive performance and compensation; and risk management and internal control highlight how governance can weaken when these areas drift apart. A board may approve a strategy, for example, but if behaviour, incentives, or escalation practices point in a different direction, oversight may be undermined. This complements the MFSA Code’s emphasis on ethical standards, stakeholder interests, internal reporting, and sound internal control frameworks. In Malta, the practical implication is that boards are increasingly expected to look beyond policy approval and focus on whether governance is shaping behaviour, decision-making, and risk awareness in a consistent way.
Why this matters now
Governance expectations in Malta continue to evolve, and many organisations are facing closer attention on how they are directed, overseen, and held accountable. Questions around board composition, effectiveness, culture, and oversight are becoming harder to ignore.
Boards today are expected to oversee not only strategy and performance but also resilience, conduct, technology-related risks, leadership continuity, and stakeholder confidence. This wider context is also reflected in the PwC 2026 CEO Survey, which polled 4,450 CEOs globally and highlights the pressure leaders face around resilience, reinvention, trust, and long-term value creation. It also frames trust as a boardroom topic and highlights the need for decisions on reinvention to be considered jointly by management teams and boards. Resilience, reinvention, and long-term value creation connect particularly clearly with strategy, objectives, and performance, given the board’s role in overseeing strategic direction and execution in a changing environment.
The COSO principles are not a substitute for local requirements. Instead, they offer a broader benchmark that organisations can use to reflect on whether their governance arrangements remain coherent and aligned with their purpose, strategy, and risk environment.
Why this matters beyond the boardroom
Ultimately, the value of the COSO principles lies in the way they encourage boards to think about governance as a connected system rather than a series of separate obligations. For internal audit, that provides a useful benchmark for assessing whether governance is working as intended across the organisation.
Internal audit can be particularly valuable here. With its organisation-wide view and relative independence, it is well placed to assess whether governance arrangements are operating as intended, whether reporting supports effective oversight, whether culture is consistent with stated values, and whether risk and control information reaches the board in a way that supports decision-making.
This does not mean internal audit owns governance; it means it can give boards a clearer picture of whether governance is functioning in substance rather than simply in form. In regulated sectors especially, internal audit may do this by reviewing board and committee processes against principles such as board governance structure, board accountability, and risk management and internal control, and assessing whether those arrangements are working as intended in practice.
Contact us
