The Three Lines of Defense Model is no more

0
348

Today, the IIA released what I would call a replacement for its Three Lines of Defense Model. The old model was released in a Position Paper in 2003, The Three Lines Of Defense in Effective Risk Management and Control.

One of the more significant things to note is the change in name to The Three Lines Model.

Before you read and digest the new model, I suggest you read an excellent introduction by Richard Chambers, New IIA Three Lines Model Offers Timely Evolution of a Trusted Tool.

I disagree with Richard’s piece in one respect, when he says the new model (and it is almost entirely a new piece of work) will change the way many organizations look at risk and controls. I think that is hyperbolic optimism.

Before going further, I should reveal that I am one of the 30 members of the advisory group. But having said that I can also tell you that I was highly critical of each of the previous drafts I received for review and comment. I even made calls to Richard and others pleading for dramatic change, if not destruction of those drafts.

I am thrilled to tell you that I wholeheartedly endorse the new model. It’s not perfect, nothing can be, but it comes close. It has a great deal of value and merits a close read with careful attention to each phrase.

The only change I would have required to the final product would…

Подробнее…