What is the three lines model and what is its purpose?
The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense.
Defined by the Institute of Internal Auditors (IIA), the model is based on the idea that these three lines of defense work together to provide structure around risk management and internal governance.
The model clearly defines roles including oversight by a governing body, senior management and independent assurance.
This model applies to all organizations and can do the following:
- Adapt to meet organizational objectives.
- Focus on risk management to meet and achieve objectives.
- Understand the roles and responsibilities of all positions in the model and their relationship with one another.
- Execute measures to align activities and objectives to the stakeholders’ interests.
Explaining the three lines of defense
The three line model uses a comprehensive approach to manage risk. Business units, compliance, audit and other risk management employees are among the groups that make up the three lines of defense and each has a specific function. Here is a…
