Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

Applying the Three Lines of Defense Model

Jose Tabuena | January 21, 2015

The Three Lines of Defense model for compliance and risk management, where internal audit is positioned as an independent function in the third line of defense, is considered a good practice to enhance oversight over a company’s control environment. It describes the interaction among operating units that manage risks (the first line), departments that provide oversight (the second line), and groups that provide independent assurance (third line). Internal audit not only provides independent assurance that risks are managed at acceptable levels; it also provides assurance that second-line oversight functions work as desired.

Each... To get the full story, subscribe now.