FR | NL | EN
   About us     Contact     Glossary index     Sitemap   
 
   HOME     AUDIT     ADVISORY     REFERENCES     NEWS     KNOWLEDGE   





   Home > Three lines of defence (TLD)

Three lines of defence (TLD)     Print

A set of common control, risk and compliance activities are executed across business units and control functions, and are organised as defence lines. The primary goal is to organise these functions within the organisation to strengthen its defence.

1. Management Oversight

Within the inner circle, the staff applies the policies and the procedures issued by the management, to ensure the regularity, the security and the validity of the operations. The internal control mechanisms are an essential component of the successful direction and control of the organisation. The senior executive management should focus on creating organisational transparency by defining the mechanisms an organisation uses to ensure that its constituents follow established processes and policies.

Three lines of defence

2. Control functions

The second line of defence is composed of those functions responsible for an area of control expertise.

Internal control is a process, performed to provide reasonable assurance regarding the achievement of objectives in the following areas: 

  • Effectiveness of operations and efficient use of the resources; 
  • Reliability of financial and operational reporting; 
  • Compliance with applicable laws, regulations and internal policies.

Risk management brings a comprehensive, systematic approach for helping the organisation identify events and respond to the risks challenging its most critical objectives and related projects, initiatives, and day-to-day operating practices. Risk management deals with determining the organisation’s risk appetite, and then identifying and mitigating risks to appropriately balance the risk portfolio.

Compliance is the set of practices that deals with adhering to mandated requirements such as laws, regulations, and voluntary requirements resulting from standards, policies, procedures and contractual arrangements. The legal and compliance departments play a major role to protect the organisation against the risk of non compliance.

Resilience ensures the ongoing business continuity, while security ensures the confidentiality, the integrity and the availability of the operations, the systems and the information.

Quality management has the responsibility to establish a Quality Management System (QMS) based on an operational framework, composed of processes and procedures, compliant with the ISO standards. Quality management has the responsibility to establish a Quality Management System (QMS) based on an operational framework, composed of processes and procedures, compliant with the ISO standards.

3. Assurance functions

The third line of defence consists of audit and assurance functions, which are performed by internal audit, the external audit and the regulators. Internal audit provides reasonable assurance that the required controls to mitigate risks are effectively designed and operated.  Internal audit should report to the highest level within the organisation to strengthen its objectivity and confirm its independence. A close and continuous link should be established with the Audit Committee.

<<<
QAP © 2010 | advice[at]qap.eu | audit[at]qap.eu
   Audit     Advisory     Training     Change     Disclaimer     Copyright   
pen4web