IIA Position Paper: The Three Lines of Defense in Effecti..
IIA Position Paper: The Three Lines of Defense in Effective Risk Management and Controls
You must be logged in to view this document. Click here to login
In the Three Lines of Defense model, management control is the fi rst line of
defense in risk management, the various risk control and compliance oversight
functions established by management are the second line of defense,
and independent assurance is the third. Each of these three “lines” plays a
distinct role within the organization’s wider governance framework.