Internal auditors are buffing up their longstanding Three Lines of Defense model for how to provide organizations with optimal coverage of risk and control functions.
The Institute of Internal Auditors has issued an exposure document to propose updates to the three lines model intended to modernize and strengthen the model to extend its utility. The proposed updates are meant to address some of the criticisms of the model that have surfaced over the years, mainly that it is too restrictive or too limiting.
