The latest enterprise risk management news from around the world

IIA issues important update to Three Lines risk management model

Amid rapid change, new risks, and the growing complexity of organizations, The Institute of Internal Auditors (IIA) has announced a major update to the widely accepted Three Lines Model. Originally the ‘Three Lines of Defense’, the model has gained popularity for organizing governance and risk management in organizations. However, acknowledging that risk-based decision-making is as much about seizing opportunities as it is about defensive moves, the new Three Lines Model helps organizations better identify and structure interactions and responsibilities of key players toward achieving more effective alignment, collaboration, accountability and, ultimately, objectives.

The updated model clearly outlines the roles of various leaders within an organization, including oversight by the board or governing body; management and operational leaders including risk and compliance (first- and second-line roles); and independent assurance through internal audit (third line). And it addresses the position of external assurance providers. The model applies to all organizations, regardless of size or complexity.

“The Three Lines Model has largely been viewed as the basis for sound risk management,” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “For implementation by organizations on both a reactive and proactive basis, these updates help modernize and strengthen application of the model to ensure its sustained usefulness and value.”

More details (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.