Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Setting Objectives for Risk Avoidance, Value Creation

Jose Tabuena | March 31, 2015

One criticism of the Three Lines of Defense model for risk oversight is that it focuses unduly (or even solely) on risk avoidance—that is, keeping business unit managers from taking too much risk. The fear is that by having clear-cut responsibilities of risk oversight, somehow important conversations about risk may be stifled.

That criticism may be more about semantics than the actual value of the Three Lines of Defense. (Maybe replacing “defense” with a more positive term would help.) A well-designed structure to mitigate risk doesn’t necessarily preclude addressing the concept of “risk” in a comprehensive manner, nor...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.