Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Risk management

2.2 Risk and assurance – three lines of defence

To ensure the effectiveness of an organisation’s risk management framework, the board and senior management need to be able to rely on adequate line functions – including monitoring and assurance functions within the organisation. The Institute of Internal Auditors (IIA) and the Institute of Directors (IoD) endorse the ‘three lines of defence’ model as a way of explaining the relationship between these functions and as a guide to how responsibilities should be divided. This model is broken down as follows.

  • The first line of defence – functions that own and manage risk. Under the first line of defence, operational management has ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.
  • The second line of defence – functions that oversee or specialise in risk management and compliance. The second line of defence consists of activities covered by several components of internal governance (compliance, risk management, quality, IT and other control departments). This line of defence monitors and facilitates the implementation of effective risk management practices by operational management and assists the risk owners in reporting adequate risk-related information up and down the organisation.
  • The third line of defence – functions that provide independent assurance. An independent internal audit function will, through a risk-based approach to its work, provide assurance to the organisation’s board of directors and senior management. This assurance will cover how effectively the organisation assesses and manages its risks and will include assurance on the effectiveness of the first and second lines of defence. It encompasses the entire framework, the operation of the framework and the coverage and all categories of organisational objectives.
Described image
Figure 1 Three lines of defence model

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371