Global Review of 'Three Lines of Defence' of Institute of Internal Auditors Launched
Organisations around the world have used the "Three Lines of Defence" model in Risk Management for two decades. The model was initially developed in financial services but is now effective in governance and risk management in a wide range of industries. The current Three Lines of Defence are defined as:
- First line: Operational management
- Second line: Risk management and compliance functions
- Third Line: Internal audit, which provides an organisation’s governing body and senior management with comprehensive assurance based on its enterprise-wide independence and objectivity
In response to changing stakeholder expectations and increasing complexity in the business environment, the Institute of Internal Auditors (IIA), has launched a review of the Three Lines of Defence, to ensure its continued relevance. The IIA intends to release a position paper in 2019, outlining how the Three Lines of Defence model may be adapted and tailored to organisations of all sizes and sectors.
IIA Global Chairman Naohiro Mouri, said that "Our aim is not to replace Three Lines of Defence or invent a new model, but to ensure it can accommodate the nuances and dynamics we see across different organisations, so that they may leverage and learn from each other more effectively and strategically."
"The model must be flexible to allow for a diversity of users, and it must take into account the ever-changing nature of organizations and organizational environments," said Jenitha John, Vice Chairman of Professional Certifications and leader of the Three Lines of Defence task force said. "Those charged with governance must be able to engage the Three Lines of Defence model and concept so that they may decide the most appropriate way to establish structure and resources within their organizations. Three Lines is fully capable of serving this need, but it also must address situations that exist where the three distinct lines are not in place."
For further information on review, see IIA President and CEO Richard Chambers' latest blog post.