Three Lines of Defence

Cathy Hampson, Gus Ortega


Success for managing operational risk is dependent on an effective risk-governance model that suits the maturity level of the organisation. The risk-governance model, however, depends on the profound support of the board of directors and senior management of the organisation. The most traditional governance model for risk management is the concept of three lines of defence. This model is increasingly being used by various organisations in order to effectively manage risk. The three-lines-of-defence model takes into account diverse teams such as fraud investigators, risk specialists, quality inspectors, internal control analysts, compliance officers, internal auditors and frontline staff, all together forming part of the risk-and-control governance structure.

In this chapter, we will explore the three-lines-of-defence model and offer a framework that aims to provide comfort to the board of directors and business executives that risks and controls can be well managed through a collaborated effort by all functions within the organisation. We will review the three-lines-of-defence model in the context of an integrated control framework in addition to exploring each of

To continue reading...

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: