All Three Lines of Defense articles

  • Shield
    Article

    Five tips when moving from the second line of defense to the first

    2020-04-29T13:13:00Z

    The Three Lines of Defense model is an important one for managing risks within a business. For someone working in the second line to find themselves moving on to the first line can be a daunting experience.

  • Defense
    Article

    IIA seeks comments on update to ‘three lines’ model

    2019-07-16T12:59:00Z

    Internal auditors are buffing up their longstanding Three Lines of Defense model for how to provide organizations with optimal coverage of risk and control functions.

  • Blog post

    IIA reviews ‘three lines’ model, plans new paper

    2018-12-05T11:00:00Z

    The Institute of Internal Auditors is performing a new review of the “three lines of defense” model it has long embraced as a basis for sound risk management.

  • Blog post

    The auditor as behavioral scientist

    2016-03-29T11:30:00Z

    Image: Inside, CW columnist Jose Tabuena examines the power of data analytics and predictive models to assess compliance effectiveness and encourage employees toward acting responsibly, thereby ensuring an ethical workplace. But, Tabuena advises, keep in mind that predictive models only yield benefits if used appropriately.

  • Blog post

    Compliance Versus ERM

    2015-11-24T10:15:00Z

    Compliance programs need to be part of comprehensive enterprise risk management, yes, but ERM does not displace the roles of internal audit and the compliance program. This week, columnist Jose Tabuena discusses risk management as a distinct discipline that auditors and compliance officers can work with. He describes the resources ...

  • Blog post

    Monitoring and Auditing Performance-Enhancing Risks

    2015-05-27T08:45:00Z

    Every executive knows that what gets measured gets done; the trick for compliance and audit executives is to assure that the metrics you use don’t lead employees to do something reckless. This week, columnist Jose Tabuena looks at the risks of incentives: where they can go wrong, how to help ...

  • Blog post

    Compliance Leaders Like Three Lines of Defense

    2015-05-18T16:30:00Z

    Image: At Compliance Week’s annual conference this week, Jose Tabuena, chief compliance officer for NextHealth, advocated for the three lines of defense model. “I’ve worked with the accounting firms and those working with the COSO framework, and I find three lines of defense easier to explain,” he said. “The board ...

  • Blog post

    Applying the Three Lines to Cyber-Security

    2015-04-28T13:45:00Z

    Managing cyber-security risks is one of the most pressing problems facing businesses today. Absent some technological magic bullet (which won’t be found any time soon), that leaves companies forced to protect cyber-security through better process. What does that mean? How can privacy, compliance, and internal audit band together to lead ...

  • Article

    What Critics Say on Three Lines of Defense

    2015-02-10T13:15:00Z

    The Three Lines of Defense model for risk oversight—business units in the first line, compliance in the second, internal auditors in the third—has been hugely popular in recent years. Proponents love it, and regulators have come to expect it. Critics, however, say the Three Lines model is too simplistic a ...