United States

Setting up a second line of defense and the art of challenge

Bridging the controls gap between management and audit


Download white paper

Regulators and financial institutions alike are recognizing the strength of a control model that includes three lines of defense. In the first line, management of a line of business analyzes its operations and establishes management controls and internal control measures. The third line entails the financial institution’s audit function.

Bridging those two lines of defense is the second line, which plays the vital role of:

  • Challenging the design effectiveness of the first line’s mitigation and management of risk-taking activities
  • Testing how effectively the first line’s risk mitigation and management activities are implemented

Setting up a second line of defense and the art of challenge shows how financial institutions can set up an effective second line of defense. It also explores the challenges of effectively challenging the first line’s control activities, while still maintaining a cooperative and cohesive relationship across all functions.

Implemented effectively, your second line of defense can protect against the risk that management involved in first-line activities can be too close to risks to be completely objective. It can also provide real-time feedback to identify and correct issues before they have to be caught and corrected after the fact by your third-line audit function.



Financial Institution Insights
delivers news and information critical to community banking professionals. The bi-monthly newsletter tackles issues ranging from IT security to regulatory compliance to operational improvement.

Compliance News
Compliance news for the banking and investment industry. Gain insights about the latest compliance news and how it will affect your business.