Three Lines of Defence Briefing Paper

Governing bodies need to have the time and freedom to think about new ways to make services sustainable both within their own organisations and through greater integration, rather than becoming too involved in the day-to-day operation of controls. At the same time, they should be considering how they use their assurance providers to give them confidence around the operation of key controls.
The Three Lines of Defence Model is seen as a simple and effective way to clarify roles and responsibilities in an organisation in relation to risk management and outlines the role Internal Audit plays in providing assurance on the effectiveness of governance, risk management arrangements and internal controls.
We have produced two briefing papers on the Three Lines of Defence Model. The first (click here to view) is a shorter, summarised version which focuses on explaining what the model is. It is primarily aimed at Board and Governing Body members, particularly those who are Audit Committee members, as well as being for general circulation to staff.
The second (click here to view) version goes in to more detail about the relationship between risk management and the three lines of defence. This version is aimed more at risk management staff.