HR-20 Board Oversight

Estimated reading: 2 minutes 225 views

What is HR-20 Board Oversight Control?

The HR-20 Board of Directors Oversight control is about demonstrating that your organization has established an oversight committee. The BoD provides oversight and guidance to the head of the organization (CEO). The oversight responsibilities include:

  • Awareness of the organization’s internal performance in order to give constructive feedback.
  • Independent BoD to ensure that decision-making is free from conflict-of-interest issues.
  • The BoD is qualified to provide guidance to ensure sound decision-making.
  • Regular meetings are held to discuss the organization’s progress.

However, some companies may not have a BoD. In those cases, the executive team will serve in lieu of the BoD.

You can customize the BoD controls to fit your unique nature.

Available tools in the marketplace

 Disciplinary Tools
No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

Control implementation

To implement this control,

  • You need to document a charter or overview of procedures establishing the BoD’s composition and responsibilities. Ensure the document includes the following components:
  • BoD member details that demonstrate that the majority of the Board members are independent (i.e., outside an organization)
  • BoD member’s details that demonstrate that the Board members are qualified with industry experience
  • The BoD meeting schedule frequency and general agenda topics demonstrate that senior management meets frequently and discusses the organization’s goals and performance.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide a BoD charter or page on the website or internal document that includes:
    1. The BoD structure and its responsibilities
    2. A list of BoD members and their backgrounds and experiences
  2. Provide a recurring meeting calendar and evidence of the agenda and meeting notes.

Evidence example

For the suggested action, an example is provided below:

  1. Provide a BoD charter, page on the website, or internal document.
    The following screenshot shows the BoD charter, which describes the roles and responsibilities and the structure.
    Google search
    HR 20 Board Oversight 01
    HR 20 Board Oversight 02
  2. Provide a recurring meeting calendar and evidence of the agenda and meeting notes.
    The following screenshot shows an example of a BoD meeting calendar.
    Google search
    HR 20 Board Oversight 03
    The following screenshot shows a TrustCloud example of BoD meeting notes.
    HR 20 Board Oversight 04

Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Data Backup Plan Template

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...