Setting up a second line of defense and the art of challenge
Bridging the controls gap between management and audit
WHITE PAPER |
Regulators and financial institutions alike are recognizing the strength of a control model that includes three lines of defense. In the first line, management of a line of business analyzes its operations and establishes management controls and internal control measures. The third line entails the financial institution’s audit function.
Bridging those two lines of defense is the second line, which plays the vital role of:
- Challenging the design effectiveness of the first line’s mitigation and management of risk-taking activities
- Testing how effectively the first line’s risk mitigation and management activities are implemented
Setting up a second line of defense and the art of challenge shows how financial institutions can set up an effective second line of defense. It also explores the challenges of effectively challenging the first line’s control activities, while still maintaining a cooperative and cohesive relationship across all functions.
Implemented effectively, your second line of defense can protect against the risk that management involved in first-line activities can be too close to risks to be completely objective. It can also provide real-time feedback to identify and correct issues before they have to be caught and corrected after the fact by your third-line audit function.