The second line of defence is composed of those functions responsible for an area of control expertise.
Internal control is a process, performed to provide reasonable assurance regarding the achievement of objectives in the following areas:
- Effectiveness of operations and efficient use of the resources;
- Reliability of financial and operational reporting;
- Compliance with applicable laws, regulations and internal policies.
Risk management brings a comprehensive, systematic approach for helping the organisation identify events and respond to the risks challenging its most critical objectives and related projects, initiatives, and day-to-day operating practices. Risk management deals with determining the organisation’s risk appetite, and then identifying and mitigating risks to appropriately balance the risk portfolio.
Compliance is the set of practices that deals with adhering to mandated requirements such as laws, regulations, and voluntary requirements resulting from standards, policies, procedures and contractual arrangements. The legal and compliance departments play a major role to protect the organisation against the risk of non compliance.
Resilience ensures the ongoing business continuity, while security ensures the confidentiality, the integrity and the availability of the operations, the systems and the information.
Quality management has the responsibility to establish a Quality Management System (QMS) based on an operational framework, composed of processes and procedures, compliant with the ISO standards. Quality management has the responsibility to establish a Quality Management System (QMS) based on an operational framework, composed of processes and procedures, compliant with the ISO standards.