ABSTRACT

The Three Lines of Defense Model provides a framework to clarify the involvement and alignment of multiple assurance providers within organizations. The first line of defense consists of management controls. These are the controls embedded in everyday programs and processes, and are typically performed during the normal course of business. The second line of defense consists of the various risk, control, and compliance functions set up by management. These are functions that help build and monitor risks and controls at the first line of defense level within the organization. The third line of defense consists of the internal audit function as an independent and objective assurance provider. The Three Lines of Defense Model is a very useful framework to raise awareness among management and employees, who sometimes misunderstand the roles and responsibilities of the various parties involved.