All Three Lines of Defense articles
-
PremiumTPRM panel: Underscoring need for first line of defense to own risk
Panelists discussing risk ownership at CW’s virtual TPRM and Oversight Summit share their experiences educating first-line leaders on their roles and responsibilities in the TPRM process.
-
WebcastCPE Webcast: Working across your three lines of defense to manage risk
How do you encourage your line of business to own risk today? Having a clear understanding of risk to evaluate probability and impact has been a common barrier to developing risk programs beyond traditional second-line professionals.
-
ArticleQ&A: IIA president Chambers on Three Lines update, COVID-19, more
In the wake of drastic updates to the “Three Lines Model” for managing risk, IIA President and CEO Richard Chambers catches up with Compliance Week to discuss the changes, how COVID-19 has impacted the internal audit profession, and more.
-
ArticleAnalysis: Comparing the IIA’s new ‘Three Lines Model’ to the old one
The biggest improvement in the IIA’s new “Three Lines Model” of risk management is it allows for greater flexibility between “lines” and is less likely to be interpreted so literally.
-
ArticleIIA’s ‘Three Lines of Defense’ updated to stress collaboration
The Institute of Internal Auditors’ updated “Three Lines Model” ditches the focus on defense of its predecessor to encourage more effective collaboration between key players within an organization.
-
ArticleFive tips when moving from the second line of defense to the first
The Three Lines of Defense model is an important one for managing risks within a business. For someone working in the second line to find themselves moving on to the first line can be a daunting experience.
-
ArticleIIA seeks comments on update to ‘three lines’ model
Internal auditors are buffing up their longstanding Three Lines of Defense model for how to provide organizations with optimal coverage of risk and control functions.
-
Blog
IIA reviews ‘three lines’ model, plans new paper
The Institute of Internal Auditors is performing a new review of the “three lines of defense” model it has long embraced as a basis for sound risk management.
-
Blog
The auditor as behavioral scientist
Image: Inside, CW columnist Jose Tabuena examines the power of data analytics and predictive models to assess compliance effectiveness and encourage employees toward acting responsibly, thereby ensuring an ethical workplace. But, Tabuena advises, keep in mind that predictive models only yield benefits if used appropriately.
-
Blog
Compliance Versus ERM
Compliance programs need to be part of comprehensive enterprise risk management, yes, but ERM does not displace the roles of internal audit and the compliance program. This week, columnist Jose Tabuena discusses risk management as a distinct discipline that auditors and compliance officers can work with. He describes the resources ...
-
Blog
Monitoring and Auditing Performance-Enhancing Risks
Every executive knows that what gets measured gets done; the trick for compliance and audit executives is to assure that the metrics you use don’t lead employees to do something reckless. This week, columnist Jose Tabuena looks at the risks of incentives: where they can go wrong, how to help ...
-
Blog
Compliance Leaders Like Three Lines of Defense
Image: At Compliance Week’s annual conference this week, Jose Tabuena, chief compliance officer for NextHealth, advocated for the three lines of defense model. “I’ve worked with the accounting firms and those working with the COSO framework, and I find three lines of defense easier to explain,” he said. “The board ...
-
Blog
Applying the Three Lines to Cyber-Security
Managing cyber-security risks is one of the most pressing problems facing businesses today. Absent some technological magic bullet (which won’t be found any time soon), that leaves companies forced to protect cyber-security through better process. What does that mean? How can privacy, compliance, and internal audit band together to lead ...
-
Article
What Critics Say on Three Lines of Defense
The Three Lines of Defense model for risk oversight—business units in the first line, compliance in the second, internal auditors in the third—has been hugely popular in recent years. Proponents love it, and regulators have come to expect it. Critics, however, say the Three Lines model is too simplistic a ...
-
Article
Effective governance and the Three Lines of Defense
Compliance officers, internal auditors, fraud investigators, controllers—all of them might work at one company together to assist the business in managing risk. The trick to effective governance is to assign all those professionals (and more) to their proper places in the Three Lines of Defense model.