Three Lines of Defence Model: Difference between revisions

From ACT Wiki
Jump to navigationJump to search
imported>Doug Williamson
(Create the page. Source: CIIA https://www.iia.org.uk/threelines)
 
imported>Doug Williamson
(Mend link.)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
__NOTOC__''Financial services - risk management''
__NOTOC__''Risk management''.


The Three Lines of Defence Model is designed to assure the effective management of risk.
The Three Lines of Defence Model is designed to assure the effective and transparent management of risk by making accountabilities clear.


=====First line of defence=====
*Under the first line of defence, customer facing operational management has ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.


Under the first line of defence, operational management has ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.
*The second line of defence consists of independent risk management, compliance and operational risk functions, including oversight and challenge to the first line of defence. This line of defence monitors and facilitates the implementation of effective risk management practices by operational management and assists the risk owners in reporting adequate risk related information.


=====Second line of defence=====
*The third line of defence is internal audit, reporting directly to the board. Internal audit reviews and reports on both the first and the second lines of defence.


The second line of defence consists of activities covered by several components of internal governance including compliance, risk management, and other control departments.


This line of defence monitors and facilitates the implementation of effective risk management practices by operational management and assists the risk owners in reporting adequate risk related information.
The Three Lines of Defence Model is widely used in banks.


=====Third line of defence=====
It is also very relevant for - and widely used by - other organisations.
 
Internal audit forms the organisation’s third line of defence.  




==See also==
==See also==
*[[Audit]]
*[[Compliance]]
*[[Compliance]]
*[[Conduct]]
*[[Financial Conduct Authority]]
*[[Financial Conduct Authority]]
*[[First line of defence]]
*[[Four eyes ]]
*[[Governance]]
*[[Governance]]
*[[Internal audit]]
*[[Line]]
*[[Model]]
*[[Regulation]]
*[[Risk management]]
*[[Risk management]]
*[[Risk policy]]
*[[Risk policy]]
*[[Second line of defence]]
*[[Senior Managers Regime]]
*[[Third line of defence]]
[[Category:Financial_risk_management]]

Latest revision as of 09:41, 22 June 2023

Risk management.

The Three Lines of Defence Model is designed to assure the effective and transparent management of risk by making accountabilities clear.

  • Under the first line of defence, customer facing operational management has ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.
  • The second line of defence consists of independent risk management, compliance and operational risk functions, including oversight and challenge to the first line of defence. This line of defence monitors and facilitates the implementation of effective risk management practices by operational management and assists the risk owners in reporting adequate risk related information.
  • The third line of defence is internal audit, reporting directly to the board. Internal audit reviews and reports on both the first and the second lines of defence.


The Three Lines of Defence Model is widely used in banks.

It is also very relevant for - and widely used by - other organisations.


See also