The Marine Corps must establish and maintain an RMIC Program, in accordance with the requirements set forth in references (a) through (d), along with a framework for its governance and oversight. Stakeholders across the Marine Corps must design, implement, execute, and document key internal controls to mitigate those risks that may prevent the Marine Corps from meeting organizational goals and objectives. This requires leadership to establish an ERM framework that will serve to inform the larger Marine Corps enterprise of RMIC priorities utilizing a "top down" and "bottoms up" approach. Risk assessments and internal control validation testing must be performed to arrive at an evidence-based conclusion as to whether stated key risks have been mitigated. Results of risk and internal control assessments are summarized and reported to the Commandant of the Marine Corps (CMC) and the Secretary of the Navy (SECNAV) via a Statement of Assurance (SOA) memorandum in accordance with reference (e).