The three lines of defence in effective risk management and control

The three lines of defence model provides a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties. It provides a fresh look at operations, helping to assure the ongoing success of risk management initiatives, and it is appropriate for any organisation - regardless of size or complexity. Even in organisations where a formal risk management framework or system does not exist, the three lines of defence model can enhance clarity regarding risks and controls and help improve the effectiveness of risk management systems.