Laura WilesFMSB has published its Spotlight Review and Risk Register on the “3 Lines” Model. Previously known as the “3 Lines of Defence”, the model envisages the 1st line of risk management frameworks being comprised of management and business generators, the 2nd line being comprised of risk and compliance teams, and the 3rd line being comprised of internal audit.
The review calls for the model to be seen less as an organisational structure, and more a lens through which to examine key aspects of risk management frameworks:
- Effective process design
- Checks and balances
- Efficiency and effectiveness for outcomes and staff behaviour
It warns that poor application of the 3 Lines model can lead to siloed knowledge, disputed accountability, excessive duplication and protracted technical issues. Using it as a lens, FMSB contends, enables a more holistic evaluation of risk and the activities that people perform, regardless of where they sit in an organisation.