RISK MANAGEMENT
Are Your Lines Of Defense Holding Firm ?
By Reuben Kisigwa
Organizational Awareness
A business organization should have a defensive system , just as an army has a defense line of troops and armament fortified and set up to protect a highvalue area or defend territory . Therefore , it is anticipated of organizations to make sure that their three functional business development , controls , and assurance lines live up to this goal of safeguarding the painstakingly developed value . Being unprepared for threats that were either not seen as a possibility or underestimated in terms of impact is a scenario that no organization wants to face . The question is - are these three defence lines defined in your organizational risk management framework holding firm ?
The effectiveness of an organization as a whole in managing risks is influenced by the interactions between its many levels and parts , each of which has a different function to play in risk management . Risks are interrelated , unlike day and night , and the impacts of one risk has effects on the other . A good illustration is when market and operational risk result in increased liquidity risk .
To guarantee proper risk management , a thorough risk management framework requires awareness and input from all sections of a company . It is crucial to develop a structured approach for determining roles and duties associated to the process because numerous parties will be cooperating and bringing different skill sets to the table . The absence of this approach could lead to a never-ending argument over who is in charge of carrying out particular tasks .
The Three Lines of Defense Model ( 3LoD )
More than only risk management is involved in risk mitigation ; it is a collaborative effort across a number of controlling and managing functions . Three Lines Defense model is a regulated framework created to offer a standardized , all-inclusive approach to governance and risk management . The risk management Three Lines of Defense concept has three distinct layers of defense , as the name implies . These are made to support redundant risk management and make sure that risks are recognized and dealt with before they have a negative impact on operations .
At the same time , the 3LoD model emphasizes collaborative alignment , responsibility , and a focus on objectives , making it a vital framework not only for defense but also for spotting and taking advantage of opportunities as they present themselves .
The Three Lines of Defense Model ’ s primary goal is to identify who owns and manages risk , who oversees risk , and who provides independent assurance across three functional areas within an organization . It also encourages risk ownership and a stronger risk management culture . In essence , this Model provides a standardized and comprehensive risk management process that clarifies roles , reduces cost and reduces effort . The Model can take many different forms in practice , but generally speaking , each of the three lines has a specific role in managing risk .
The First line of defence , operational management
This first line of defence owns and manages risk . It consists of managers and employees who are in charge of detecting and managing risk . These people are also referred to as “ doers .” The unit , component , or business function that conducts regular business operations is in charge of this layer of defense .
The team in this line of defense is expected to implement risk management policies relating to their roles and responsibilities . They are expected to be fully aware of the risk factors that should be considered in every decision and action of business development and growth . This team should also be able to execute effective monitoring and internal control in their business units .
The group ’ s members should be equipped with the appropriate expertise , information , and power to carry out the necessary risk control policies and procedures . Understanding the organization ’ s goals , risk factors , and operating environment is necessary for this .
Second line of defence , risk management and compliance
The second line of defense supports and oversights the doers . This line is mainly responsible for developing the systems for an effective process of risk management and control . The second line is mainly concerned with designing and structuring frameworks for risk management and integrated accountability . The duties of the second line also include facilitating and challenging ( looking critically at procedures , techniques , and solutions ) of the first line .
The second line is mainly managed by risk management and compliance functions . It also often houses many other different risk functions , including legal , finance , internal control , safety and quality .
Third line of defence , internal audit
In order to achieve its overall goal , a company must have the capacity to give assurance to the board and senior management while maintaining independence and objectivity .
The Third Line of Defence has functions that provide independent assurance . This line of defense comprises of the internal auditors who independently assess and report on the work of the other two lines of defence . They are sometimes referred to as “ the investigators ”.
Positioned outside the risk management processes of the first two lines of defence , the Third Line ’ s primary responsibilities are to ensure that the first two lines of defense
60 MAL52 / 23 ISSUE