Please enable JavaScript.
Coggle requires JavaScript to display documents.
THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL (The…
THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL
Before the Three Lines: Risk Management Oversight and Strategy-Setting
the senior manager and governing bodies collectively have responsibility and accountability for setting the organization's objectives, defining strategies to achieve those objectives, and establishing governance structures and processes to best manage the risks in accomplishing those objectives.
The First Line of Defense: Operational Management
Functions that own and manage risks
Functions that oversee risks
Functions that provide independent assurance
The Second Line : Risk Management and Compliance Functions
a risk management function that facilitates and monitors the implementation of effective risk management practices by operational management and assists risk owners
a controllership function that monitors financial risks and financial reporting issues
The responsibilities of these functions :
Identifying known and emerging issues
identifying shifts in the organization's implicit risk appetite
Providing risk management frameworks
Assisting management in developing processes and controls to manage risk and issue
Providing guidance and training on risk management processes
Alerting operational management to emerging issue and changing regulatory and risk scenarios
The Third Line of Defense: Internal Audit
Best practices is to establish and maintain an independent, adequately, and competently staffed internal audit function
having an active and effective reporting line to the governing body
reporting to a sufficiently high level in the organization to be able to perform its duties independently
acting in accordance with recognized international standard for the practice of internal auditing