The three lines of defence


In this model, the first line consists of your business' frontline staff. They are charged with understanding their roles and responsibilities and carrying them out correctly and completely.

The second line is created by the oversight function(s) made up of compliance and risk management. These functions set and police policies, define work practices and oversee the business frontlines with regard to risk and compliance.

The third and final line of defence is that of auditors and directors. Both internal and external auditors regularly review both the business frontlines and the oversight functions to ensure that they are carrying out their tasks to the required level of competency. Directors receive reports from audit, oversight and the business, and will act on any items of concern from any party; they will also ensure that the three lines of defence are operating effectively and according to best practice.

Threats to the three lines

As businesses increase in size and regulatory and risk environments become more complex, the three lines can become disjointed with regard to what it is they are defending and from what threats. The result is that either they are no longer providing proper defence or, at the very least, they are not as efficient as they might be. To overcome this challenge, modern institutions need to provide a solid foundation for the three lines of defence so that they are all working from the same set of definitions (what we are defending and from what threats). They also must ensure that the three lines work together effectively and efficiently, while maintaining their discrete duties so as to not compromise the defence model.

The three lines reinforced

CCH solutions succeed because they provide a common foundation for an organisation's three lines, thus limiting overlaps and gaps. The company's best-of-breed solutions offer a clear roadmap for a global, integrated audit, risk and compliance platform, thereby providing institutions with common functions that work across the lines. In addition to ensuring efficiencies, CCH products promote data sharing between the three lines, limiting disruptions to the business frontline.

CCH, a Wolters Kluwer Business

State-of-the-art common risk and control assurance platform

Provide consistency, efficiency, and transparency across processes with comprehensive GRC offerings from CCH. As a leading provider across multiple sectors, CCH is poised to promote collaboration among your organisation and its functional departments. Add in our elite content expertise and superior ability for tracking and reporting on regulatory changes, and there has never been a better time to be a CCH customer.

CCH offers a wide range of GRC products designed to reduce the cost of audits, streamline reporting, increase efficiency and improve your organisation's ability to strategically manage business risk. Business leaders rely on CCH to:

- Deliver a state-of-the-art enterprise risk information platform that is scalable across verticals and geographies

- Leverage world-class regulatory and compliance content to target key verticals

- Provide tools that support risk, compliance and audit management processes and are tightly integrated where necessary

- Offer best-of-breed solutions targeted to the specific user communities (verticals and roles)

- Provide enterprise risk management (ERM) and governance tools to senior management.

By choosing CCH to help deliver a state-of-the-art common risk and control assurance platform, institutions gain access to:

- Market-leading solutions for audit, ERM, Sarbanes-Oxley Act and compliance

- A supplier committed to invest in delivery of an integrated governance solution and services offering

- A large, stable and committed partner

- A partner who has already proven delivery capabilities within large blue-chip global organisations

- A partner who deeply understands risk management, compliance and audit, and is committed to driving efficiencies within the three lines of defence.

CCH(R) Sword

CCH(R) Sword is a leading ERM solution that provides a configurable system for measuring, monitoring and managing operational risk and compliance. You can rely on Sword to limit risk within operations and provide assurance to shareholders, customers and regulators.

Sword's flexible framework allows you to identify individual risks and includes integrated tools for the measurement and monitoring of risk levels. It also provides easy-to-use reporting and workflow functions that assist in the management of risk across an entire company.

CCH(R) Sword Enterprise

Sword Enterprise offers a structured, flexible approach to setting up and maintaining standing data within the system. Its easy-to-use, fully configurable tree structures allow risk managers to define their own organisational structure and geographic locations and assign permission roles to users based on their internal responsibilities.

The Sword platform also includes fully functional issue and actions management that is used by business frontline staff, audit staff, compliance staff and risk management staff as a consolidated issues log, as well as an embedded reporting engine that enables all users to produce reports in a simple and secure manner.

CCH(R) Sword Essential

Based on award-winning Sword Enterprise, Sword Essential is packaged software that enables risk managers to take the risk out of the process of managing risk. The fixed-price ERM solution helps improve the productivity, control and efficiency of the risk management process. In addition to software, the Sword Essential package includes services, content and support to help you build a risk framework, implement a risk system and train users.

CCH(R) TeamMate Audit Management System

CCH(R) TeamMate is the powerful, award-winning audit management system that has revolutionised the audit process. TeamMate is used by more than 62,000 auditors from 1,700 organisations and is the industry standard in audit management systems.

TeamMate will help increase the efficiency and productivity of your entire audit process - including risk assessment, scheduling, planning, execution, review, report generation, trend analysis, committee reporting and storage.

The CCH TeamMate Suite consists of five key components that are all part of an integrated tool set:

- TeamRisk - A Committee of Sponsoring Organizations-compatible risk assessment tool that allows you to generate audit plans as well as graphical representations of risk across your organisation

- TeamMate EWP - A powerful documentation system that enables auditors to spend less time documenting and reviewing and more time providing value-added services

- TeamMate TEC - Time and expense capture and reporting tool, the power of which is accelerated when used with TeamSchedule

- TeamCentral - A powerful, web-based issues-tracking database of every audit finding and key statistic for all projects undertaken; facilitates issue follow-up, trend analysis, prior audit review and committee reporting

- TeamSchedule - A comprehensive tool for scheduling your staff and audits, displaying your schedule by department member or by project.

ComplyTrack(R) Suite

The ComplyTrack Suite is a complete solution for compliance programme management. It delivers the most comprehensive, cost-effective and practical set of compliance management solutions through a deep understanding of how compliance teams operate and conduct their work.

The ComplyTrack Suite helps you and your compliance focus your efforts, standardise and eliminate manual and redundant processes as well as quantitatively demonstrate your processes' impact to management and your board. It can even leverage and support other systems via interfaces and data integration. As part of the overall suite of WK solutions, ComplyTrack can be part of a total ERM and GRC solution set.

ComplyTrack Suite comprises several modules:

- The Risk Assessment Manager(TM), which identifies areas of risk within an organisation, proposes remedial actions and creates surveys.

- The risk assessment allows the team to deliver easy-to-understand assessments throughout the organisation using prebuilt questionnaires and action plans.

- The surveys range from attestation and testing on conflicts of interest and codes of conduct to assessing the culture to auditing and monitoring.

- Activity and Event Manager(TM), manages and stores all communications, investigations, audits and interactions in one location for projects, incidents, matters, compliance audits and corporate integrity agreement or similar government situations.

- Policy and Document Manager, handles the creation, reviewing and management of policies, procedures, letters/correspondence, contracts.

- The Audit Detail Manager is used to manage line item billing-based audits such as health care claims for recovery audit contractors or zone program integrity contractors.

- Contract and Relationship Manager(TM), offers a central storage point for all contractor and contract-related data, including conflicts of interest, vendor credentials, compensation and vendor-specific compliance matters.

- Content portals are industry-specific, real-time databases of the rules, regulations and laws natively integrated into ComplyTrack for citations and research.

With ComplyTrack Suite ...

Compliance professionals can execute electronic interviews, conduct investigations and audits, integrate hotline calls, manage education and track non-monetary compensation and gifts.

Security can manage allegations of abuse and theft, and assess emergency preparedness and safety.

Risk managers can assess risk across the organisation, test policy awareness, collect data using survey templates, manage incidents, track vendors' employees' tuberculosis tests and integrate with hotline reporting systems.

Human resources departments can track and manage communications, exit interviews and investigations.

Audit and finance can assess controls, sustain continuous monitoring and perform assessments and audits. Most importantly, ComplyTrack Suite offers tangible returns on investment for your organisation, including increasing the effectiveness of your ERM while reducing the cost, integrating end-to-end management, reducing and consolidating subscription costs, supplying a solution that can be implemented in a matter of hours and much more.

CCH delivers

ERM governance tools that empower customers to manage corporate risk intelligence and improve risk governance

Driven with data from best-of-breed solutions targeted at professionals from the three lines of defence (business, risk and compliance, audit)

Integrated with a state-of-the-art enterprise risk information platform

Supported by high-quality actionable content that enables organisations to identify risk across the entire enterprise

Supplied by a stable company with the resources and expertise required to deliver market-leading global risk solutions

CCH(R) Sword

To learn more about CCH Sword, please visit

email: [email protected]

telephone: +353 1 6624 233

CCH(R) TeamMate

For additional information on CCH TeamMate, please visit

telephone: +1 888 830 5559

MediRegs ComplyTrack(R) Suite

For additional information on MediRegs ComplyTrack(R) Suite, visit

telephone: +1 888 224 7377.

See full article

  • LinkedIn  
  • Save this article
  • Print this page