The concept of the three lines of defense in risk management is a familiar one in the financial services industry, but it is not clear whether it is useful in non-financial companies. The three lines of defense are: the first line of defense, which is the business units, the second line of defense, which is finance, legal, security, health and safety, and risk management, and the third line of defense, which is oversight structures, committees, board of directors, and internal and external audit. Alex Sidorenko argues that this concept is not useful because it ignores the nature of how decisions are made in the organization and the tools that risk management personnel have at their disposal. He also argues that risk management should be independent from business units and that it should act as a facilitator, methodology expert, and not get involved directly in making decisions. He suggests that the line between the first and second lines of defense is blended and that risk managers should sit closer to the first line of defense while still having the ethical and professional competencies.
Join this channel as a member for new videos, RAW workshops or online courses [ Ссылка ]
Read more risk management articles at [ Ссылка ]
Watch the best practical workshops and case studies from RISK AWARENESS WEEK [ Ссылка ]
DOWNLOAD our risk management book for free. Number 1 in Google search globally with 200000+ downloads [ Ссылка ]
Or check out online short courses on Udemy [ Ссылка ]
Check out awesome risk management quantitative software [ Ссылка ]
Enhance your company's risk management practices and improve the quality of your board's decision making with our advanced risk governance course, which covers everything from traditional risk management elements to advanced risk oversight and includes practical case studies and additional resources to strengthen your board's oversight. [ Ссылка ]
14. Are 3 lines of defense useful? - Alex Sidorenko
Теги
alex sidorenkodefinition of riskenterprise riskenterprise risk managemententerprise risk servicesenterprise-wide risk managementermerm frameworkerm fundamentalserm implementationerm trainingerm videoinformed risk takingiso 31000iso31000iso31000:2018iso31010iso73riskrisk academyrisk assessmentrisk based thinkingrisk managementrisk management frameworkrisk management processesrisk mitigationrisk-academystrategic risk