Which framework focuses on corporate governance at the enterprise level?

This question tests recognition of frameworks that govern an organization at the highest level. COSO is designed to guide governance and internal controls across the entire enterprise, providing a framework that integrates governance, risk management, and internal control environments throughout the organization. It’s not just about IT or security in isolation; it covers the broader processes that ensure reliable operations, accurate financial reporting, and compliance with laws and regulations. COBIT is primarily focused on IT governance and management, helping align IT processes with business goals. ISO 27001 centers on establishing and maintaining an information security management system, emphasizing information security controls rather than overall enterprise governance. NIST 800-53 provides a catalog of security and privacy controls for federal systems, concentrating on protecting information assets rather than offering a comprehensive enterprise-level governance framework. Therefore, COSO best fits the aim of governance at the enterprise level.