Corporate governance consists of the set of policies and internal controls by which organizations, irrespective of size or form, are directed and managed. The task force report provides a subset of governance policies and controls that include identifying cybersecurity roles and responsibilities within executive management structures, establishing risk management and quality assurance benchmarks, creating institutionalized testing and training, and outlining best practices and industry metrics. In addition, flexible assessment tools were developed to bring accountability to three key elements of corporate governance: people, process and technology.