Risk Management and the Lines
of Defense
By Ashwani Verma and Shannon Conner
Risk management is an integral component of an effective
corporate governance. The Lines of Defense model is one
of the most simple and effective approaches to enhance
risk and controls communication and improve the
effectiveness of a risk management program. Each of
the three lines plays a unique and important role within
the organization’s overall corporate governance and risk
management framework as described below:
• The First Line of Defense—As the first line of
defense, operational management is responsible
for maintaining the risk and controls environment
on a day-to-day basis. This involves identifying
and assessing risks, and implementing controls to
mitigate those risks.
• The Second Line of Defense—The second line
of defense is the organization’s compliance and
risk management functions. These functions
are designed to provide oversight of the risk and
control activities of the first line of defense. They
also provide support and guidance to operational
management related to risk management activities.
• The Third Line of Defense—The organization’s
Internal Audit function plays an integral role as
the third line of defense to provide independent
assurance on the effectiveness of governance, risk
management and internal controls, including
evaluating the effectiveness of activities of first and
second lines of defense pertaining to managing
risks.
That's when we accidentally shredded our
strategic plan.
Reprinted with permission of the publisher. From Executive
Smart Charts, copyright 1993 by Herbert Stansbury, Barrett-
Koehler Publishers, Inc., San Francisco, CA. All rights reserved.
bkconnection.com
12
BPM Real Estate Insights
(continued on next page)