The Three Lines of Defense in Effective Risk Management and Control: Is Your Organization Positioned for Success?
The IIA’s Position Paper, The Three Lines of Defense in Effective Risk Management and Control, addresses how organizations can holistically mitigate risks in a business environment that is continuously growing in complexity. The paper is designed to provide guidance to organizations regardless of their size or the level of formality to their risk management approach. It discusses the uses for risk management frameworks, but more importantly it highlights a critical component that most frameworks do not adequately address; how specific duties should be assigned and coordinated within the organization. By walking readers through the Three Lines of Defense model, the paper provides a straightforward and effective way to enhance communications on risk management and control by clarifying essential roles and duties.
Position Papers assist a wide range of interested parties, including those not in the internal audit profession, in understanding significant governance, risk, or control issues, and delineating the related roles and responsibilities of internal auditing. They are available to the public for free and may be downloaded from The IIA's website.