SlideShare une entreprise Scribd logo

Three lines model updated, IIA update model tiga lapis pertahanan risiko

Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP

UPDATE The Three Lines Model membantu organisasi mengidentifikasi struktur dan proses yang terbaik membantu mencapai tujuan dan memudahkan pemerintahan kuat dan manajemen risiko. • Mengadopsi pendekatan berdasarkan prinsip dan menyesuaikan model untuk sesuai dengan tujuan organisasi dan keadaan. • Fokus pada konsekuensi manajemen risiko membuat untuk mencapai tujuan dan menciptakan nilai, serta pada masalah "pertahanan" dan melindungi nilai. • Memahami dengan jelas peran dan tanggung jawab yang diwakili dalam model dan hubungan antara mereka. • Tindakan implementasi untuk memastikan aktivitas dan tujuan disesuaikan dengan kepentingan prioritas dari stakeholders.

Gouvernement et associations à but non lucratif
1  sur  13
THE IIA’S THREE LINES MODEL An update of the Three Lines of Defense
Table of Contents Introduction................................................................................................................................................... 1 Principles of the Three Lines Model............................................................................................................ 2 Principle 1: Governance ...................................................................................................................... 2 Principle 2: Governing body roles ...................................................................................................... 2 Principle 3: Management and first and second line roles................................................................. 3 Principle 4: Third line roles ................................................................................................................. 3 Principle 5: Third line independence.................................................................................................. 3 Principle 6: Creating and protecting value......................................................................................... 3 Key roles in the Three Lines Model............................................................................................................. 5 The governing body............................................................................................................................. 5 Management ......................................................................................................................................... 5 Internal audit......................................................................................................................................... 6 External assurance providers ............................................................................................................. 6 Relationships among core roles.................................................................................................................. 7 Between the governing body and management (both first and second line roles)........................ 7 Between management (both first and second line roles) and internal audit .................................. 7 Between internal audit and the governing body................................................................................ 8 Among all roles .................................................................................................................................... 8 Applying the model....................................................................................................................................... 9 Structure, roles, and responsibilities ................................................................................................. 9 Oversight and assurance....................................................................................................................10 Coordination and alignment...............................................................................................................10
1 INTRODUCTION Organizations are human undertakings, operating in an increasingly uncertain, complex, interconnected, and volatile world. They often have multiple stakeholders with diverse, changeable, and sometimes competing interests. Stake- holders entrust organizational oversight to a governing body, which in turn delegates resources and authority to manage- ment to take appropriate actions, including managing risk. For these reasons and more, organizations need effective structures and processes to enable the achievement of objectives, while supporting strong governance and risk management. As the governing body receives reports from management on activities, outcomes, and forecasts, both the governing body and management rely on internal audit to provide independent, objective assurance and advice on all matters and to promote and facilitate innovation and improvement. The governing body is ultimately accountable for governance, which is achieved through the actions and behaviors of the governing body as well as management and internal audit. The Three Lines Model helps organizations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management. The model applies to all organizations and is optimized by:  Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances.  Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value.  Clearly understanding the roles and responsibilities represented in the model and the relationships among them.  Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders. Key terms Organization - An organized group of activities, resources, and people working toward shared goals. Stakeholders - Those groups and individuals whose interests are served or impacted by the organization. Governing body - Those individuals who are accountable to stakeholders for the success of the organization. Management - Those individuals, teams, and support functions assigned to provide products and/or services to the organization’s clients. Internal audit - Those individuals operating independently from manage- ment to provide assurance and insight on the adequacy and effectiveness of governance and the management of risk (including internal control). The Three Lines Model - The model previously known as the Three Lines of Defense. Internal control - Processes designed to provide reasonable confidence over the achievement of objectives.
2 PRINCIPLES OF THE THREE LINES MODEL Principle 1: Governance Governance of an organization requires appropriate structures and processes that enable:  Accountability by a governing body to stake- holders for organizational oversight through integrity, leadership, and transparency.  Actions (including managing risk) by manage- ment to achieve the objectives of the organiza- tion through risk-based decision-making and application of resources.  Assurance and advice by an independent internal audit function to provide clarity and confidence and to promote and facilitate continuous improvement through rigorous inquiry and insightful communication. Principle 2: Governing body roles The governing body ensures:  Appropriate structures and processes are in place for effective governance.  Organizational objectives and activities are aligned with the prioritized interests of stakeholders. The governing body:  Delegates responsibility and provides resources to management to achieve the objectives of the organization while ensuring legal, regulatory, and ethical expectations are met.  Establishes and oversees an independent, objective, and competent internal audit function to provide clarity and confidence on progress toward the achievement of objectives. Key terms Risk-based decision-making - A considered process that includes analysis, planning, action, monitoring, and review, and takes account of potential impacts of uncertainty on objectives. Assurance - Independent confirmation and confidence.
3 Principle 3: Management and first and second line roles Management’s responsibility to achieve organizational objectives comprises both first and second line roles.1 First line roles are most directly aligned with the delivery of products and/or services to clients of the organiza- tion, and include the roles of support functions2 . Second line roles provide assistance with managing risk. First and second line roles may be blended or separated. Some second line roles may be assigned to specialists to provide complementary expertise, support, monitoring, and challenge to those with first line roles. Second line roles can focus on specific objectives of risk management, such as: compliance with laws, regulations, and acceptable ethical behavior; internal control; information and technology security; sustainability; and quality assurance. Alternatively, second line roles may span a broader responsibility for risk management, such as enterprise risk management (ERM). However, responsibility for managing risk remains a part of first line roles and within the scope of management. Principle 4: Third line roles Internal audit provides independent and objective assurance and advice on the adequacy and effectiveness of governance and risk management.3 It achieves this through the competent application of systematic and disciplined processes, expertise, and insight. It reports its findings to management and the governing body to promote and facilitate continuous improvement. In doing so, it may consider assurance from other internal and external providers. Principle 5: Third line independence Internal audit’s independence from the responsibilities of management is critical to its objectivity, authority, and credibility. It is established through: accountability to the governing body; unfettered access to people, resources, and data needed to complete its work; and freedom from bias or interference in the planning and delivery of audit services. Principle 6: Creating and protecting value All roles working together collectively contribute to the creation and protection of value when they are aligned with each other and with the prioritized interests of stakeholders. Alignment of activities is achieved through communication, cooperation, and collaboration. This ensures the reliability, coherence, and transparency of information needed for risk-based decision making. 1. The language of “first line,” “second line,” and “third line” is retained from the original model in the interests of familiarity. However, the “lines” are not intended to denote structural elements but a useful differentiation in roles. Logically, governing body roles also constitute a “line” but this convention has not been adopted to avoid confusion. The numbering (first, second, third) should not be taken to imply sequential operations. Instead, all roles operate concurrently. 2. Some consider the roles of support functions (such as HR, administration, and building services) to be second line roles. For clarity, the Three Lines Model regards first line roles to include both “front of house” and “back office” activities, and second line roles to comprise those complementary activities focused on risk-related matters. 3. In some organizations, other third line roles are identified, such as oversight, inspection, investigation, evaluation, and remediation, which may be part of the internal audit function or operate separately.
4 The IIA’s Three Lines Model KEY: Accountability, reporting Delegation, direction, resources, oversight Alignment, communication coordination, collaboration EXTERNALASSURANCEPROVIDERS GOVERNING BODY Accountability to stakeholders for organizational oversight MANAGEMENT Actions (including managing risk) to achieve organizational objectives INTERNAL AUDIT Independent assurance First line roles: Provision of products/services to clients; managing risk Second line roles: Expertise, support, monitoring and challenge on risk-related matters Third line roles: Independent and objective assurance and advice on all matters related to the achievement of objectives Governing body roles: integrity, leadership, and transparency
5 KEY ROLES IN THE THREE LINES MODEL Organizations differ considerably in their distribution of responsibilities. However, the following high-level roles serve to amplify the Principles of the Three Lines Model. The governing body  Accepts accountability to stakeholders for oversight of the organization.  Engages with stakeholders to monitor their interests and communicate transparently on the achieve- ment of objectives.  Nurtures a culture promoting ethical behavior and accountability.  Establishes structures and processes for governance, including auxiliary committees as required.  Delegates responsibility and provides resources to management for achieving the objectives of the organization.  Determines organizational appetite for risk and exercises oversight of risk management (including internal control).  Maintains oversight of compliance with legal, regulatory, and ethical expectations.  Establishes and oversees an independent, objective, and competent internal audit function. Management First line roles  Leads and directs actions (including managing risk) and application of resources to achieve the objectives of the organization.  Maintains a continuous dialogue with the governing body, and reports on: planned, actual, and expected outcomes linked to the objectives of the organization; and risk.  Establishes and maintains appropriate structures and processes for the management of operations and risk (including internal control).  Ensures compliance with legal, regulatory, and ethical expectations.
6 Second line roles  Provides complementary expertise, support, monitoring, and challenge related to the management of risk, including: o The development, implementation, and continuous improvement of risk management practices (including internal control) at a process, systems, and entity level. o The achievement of risk management objectives, such as: compliance with laws, regulations, and acceptable ethical behavior; internal control; information and technology security; sustainability; and quality assurance.  Provides analysis and reports on the adequacy and effectiveness of risk management (including internal control). Internal audit  Maintains primary accountability to the governing body and independence from the responsibilities of management.  Communicates independent and objective assurance and advice to management and the governing body on the adequacy and effectiveness of governance and risk management (including internal control) to support the achievement of organizational objectives and to promote and facilitate continuous improvement.  Reports impairments to independence and objectivity to the governing body and implements safeguards as required. External assurance providers  Provide additional assurance to: o Satisfy legislative and regulatory expectations that serve to protect the interests of stakeholders. o Satisfy requests by management and the governing body to complement internal sources of assurance.
7 RELATIONSHIPS AMONG CORE ROLES Between the governing body and management (both first and second line roles) The governing body typically sets the direction of the organization by defining the vision, mission, values, and organizational appetite for risk. It then delegates responsibility for the achievement of the organization’s objectives to management, along with the necessary resources. The governing body receives reports from management on planned, actual, and expected outcomes, as well as reports on risk and the management of risk. Organizations vary as to the degree of overlap and separation between the roles of the governing body and management. The governing body can be more or less “hands on” with respect to strategic and operational matters. Either the governing body or management may take the lead in developing the strategic plan, or it may be a shared undertaking. In some jurisdictions, the Chief Executive Officer (CEO) may be a member of the governing body and may even be its chair. In all cases, there needs to be strong communication between management and the governing body. The CEO is typically the focal point for this communication, but other senior managers may have frequent interactions with the governing body. Organizations may wish, and their regulators may require, leaders of second line roles such as a Chief Risk Officer (CRO) and a Chief Compliance Officer (CCO) to have a direct reporting line to the governing body. This is fully consistent with the Principles of the Three Lines Model. Between management (both first and second line roles) and internal audit Internal audit’s independence from management ensures it is free from hindrance and bias in its planning and in the carrying out of its work, enjoying unfettered access to the people, resources, and information it requires. It is accountable to the governing body. However, independence does not imply isolation. There must be regular interaction between internal audit and management to ensure the work of internal audit is relevant and aligned with the strategic and operational needs of the organization. Through all of its activities, internal audit builds its knowledge and understanding of the organization, which contributes to the assurance and advice it delivers as a trusted advisor and strategic partner. There is a need for collaboration and communication across both the first and second line roles of management and internal audit to ensure there is no unnecessary duplication, overlap, or gaps. Key term Chief Executive Officer (CEO) - The most senior individual in the organiza- tion with responsibility over operations.
8 Between internal audit and the governing body Internal audit is accountable to, and sometimes described as being the “eyes and ears” of, the governing body. The governing body is responsible for oversight of internal audit, which requires: ensuring an independent internal audit function is established, including the hiring and firing of the Chief Audit Executive (CAE); serving as the primary report- ing line for the CAE4 ; approving and resourcing the audit plan; receiving and considering reports from the CAE; and enabling free access by the CAE to the governing body, including private sessions without the presence of management. Among all roles The governing body, management, and internal audit have their distinct responsibilities, but all activities need to be aligned with the objectives of the organization. The basis for successful coherence is regular and effective coordination, collaboration, and communication. 4. For administrative purposes, the CAE may also report to an appropriately senior level of management. Key term Chief Audit Executive (CAE) - The most senior individual in the organization with responsibility for internal audit services, often known as the Head of Internal Audit or similar title.
9 APPLYING THE MODEL Structure, roles, and responsibilities The Three Lines Model is most effective when it is adapted to align with the objectives and circumstances of the organization. How an organization is structured and how roles are assigned are matters for management and the governing body to determine. The governing body may establish committees to provide additional oversight for particular aspects of its responsibility, such as audit, risk, finance, planning, and compensation. Within management, there are likely to be functional and hierarchical arrangements and an increasing tendency toward specialization as organizations grow in size and complexity. Functions, teams, and even individuals may have responsibilities that include both first and second line roles. However, direction and oversight of second line roles may be designed to secure a degree of independence from those with first line roles — and even from the most senior levels of management — by establishing primary accountability and reporting lines to the governing body. The Three Lines Model allows for as many reporting lines between management and the governing body as required. In some organizations, most notably regulated financial institutions, there is a statutory requirement for such arrangements to ensure sufficient independence. Even in these situations, those in management with first line roles remain responsible for managing risk. Second line roles may include monitoring, advice, guidance, testing, analyzing, and reporting on matters related to the management of risk. Insofar as these provide support and challenge to those with first line roles and are integral to management decisions and actions, second line roles are part of management’s responsi- bilities and are never fully independent from management, regardless of reporting lines and accountabilities. A defining characteristic of third line roles is independence from management. The Principles of the Three Lines Model describe the importance and nature of internal audit independence, setting internal audit apart from other functions and enabling the distinctive value of its assurance and advice. Internal audit’s independence is safeguarded by not making decisions or taking actions that are part of management’s responsibilities (including risk management) and by declining to provide assurance on activities for which internal audit has current, or has had recent, responsibility. For example, in some organizations, the CAE is asked to assume additional decision-making responsibilities over activities utilizing similar competencies, such as aspects of statutory compliance or ERM. In such circumstances, internal audit is not independent of these activities or of their results, and therefore, when the governing body seeks independent and objective assurance and advice relating to those areas, it is necessary for its provision to be undertaken by a qualified third party.
10 Oversight and assurance The governing body relies on reports from management (comprising those with first and second line roles), internal audit, and others in order to exercise oversight and achievement of its objectives, for which it is accountable to stakeholders. Management provides valuable assurance (also referred to as attestations) on planned, actual, and forecast outcomes, on risk, and on risk management by drawing upon direct experience and expertise. Those with second line roles provide additional assurance on risk-related matters. Because of internal audit’s independence from management, the assurance it provides carries the highest degree of objectivity and confidence beyond that which those with first and second line roles can provide to the governing body, irrespective of reporting lines. Further assurance may also be drawn from external providers. Coordination and alignment Effective governance requires appropriate assignment of responsibilities as well as strong alignment of activities through cooperation, collaboration, and communication. The governing body seeks confirmation through internal audit that governance structures and processes are appropriately designed and operating as intended.
About The IIA The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The association’s global headquarters is in Lake Mary, Fla., USA. For more information, visit www.globaliia.org. Disclaimer The IIA publishes this document for informational and educational purposes. This material is not intended to provide definitive answers to specific individual circumstances and as such is only intended to be used as a guide. The IIA recommends seeking independent expert advice relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material. Copyright Copyright © 2020 The Institute of Internal Auditors, Inc. All rights reserved. For permission to reproduce, please contact copyright@theiia.org. July 2020 Global Headquarters The Institute of Internal Auditors 1035 Greenwood Blvd., Suite 149 Lake Mary, FL 32746, USA Phone: +1-407-937-1111 Fax: +1-407-937-1101 www.globaliia.org

Recommandé

Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...
Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...
Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...Kanaidi ken
 
REVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARA
REVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARAREVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARA
REVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARAMas CR
 
Audit Kepatuhan pada Perguruan Tinggi Negeri
Audit Kepatuhan pada Perguruan Tinggi NegeriAudit Kepatuhan pada Perguruan Tinggi Negeri
Audit Kepatuhan pada Perguruan Tinggi NegeriSujatmiko Wibowo
 
Audit berbasis resiko
Audit berbasis resikoAudit berbasis resiko
Audit berbasis resikoBelqis Oraya
 
Manajemen Resiko Operasional Perbankan
Manajemen Resiko Operasional PerbankanManajemen Resiko Operasional Perbankan
Manajemen Resiko Operasional PerbankanSyafril Djaelani,SE, MM
 
Penerapan manajemen resiko dan spip
Penerapan manajemen resiko dan spipPenerapan manajemen resiko dan spip
Penerapan manajemen resiko dan spipDoktorGurning
 
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Muhammad Bahrudin
 
Sistem pengendalian manajemen sektor publik
Sistem pengendalian manajemen sektor publikSistem pengendalian manajemen sektor publik
Sistem pengendalian manajemen sektor publikOcta Libriyanti
 

Recommandé

Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...
Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...
Model Tiga Lini (Three Lines Model) Tata Kelola RISIKO _Training "RISK MANAGE...Kanaidi ken
 
REVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARA
REVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARAREVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARA
REVIEW EKONOMI PUBLIK DAN KEUANGAN NEGARAMas CR
 
Audit Kepatuhan pada Perguruan Tinggi Negeri
Audit Kepatuhan pada Perguruan Tinggi NegeriAudit Kepatuhan pada Perguruan Tinggi Negeri
Audit Kepatuhan pada Perguruan Tinggi NegeriSujatmiko Wibowo
 
Audit berbasis resiko
Audit berbasis resikoAudit berbasis resiko
Audit berbasis resikoBelqis Oraya
 
Manajemen Resiko Operasional Perbankan
Manajemen Resiko Operasional PerbankanManajemen Resiko Operasional Perbankan
Manajemen Resiko Operasional PerbankanSyafril Djaelani,SE, MM
 
Penerapan manajemen resiko dan spip
Penerapan manajemen resiko dan spipPenerapan manajemen resiko dan spip
Penerapan manajemen resiko dan spipDoktorGurning
 
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...
Manajemen Risiko Berbasis Standar di Lembaga Informasi: Pengenalan SNI ISO 31...Muhammad Bahrudin
 
Sistem pengendalian manajemen sektor publik
Sistem pengendalian manajemen sektor publikSistem pengendalian manajemen sektor publik
Sistem pengendalian manajemen sektor publikOcta Libriyanti
 
Pengendalian Fraud & Strategi Anti Fraud Multifinance
Pengendalian Fraud & Strategi Anti Fraud MultifinancePengendalian Fraud & Strategi Anti Fraud Multifinance
Pengendalian Fraud & Strategi Anti Fraud MultifinanceDemson Nathanael Sihaloho
 
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)Selviana SelfVie
 
Manajemen Strategi Sektor Publik 1
Manajemen Strategi Sektor Publik 1Manajemen Strategi Sektor Publik 1
Manajemen Strategi Sektor Publik 1nurul khaiva
 
Continuous auditing dan continuous monitoring (cacm)
Continuous auditing dan continuous monitoring (cacm)Continuous auditing dan continuous monitoring (cacm)
Continuous auditing dan continuous monitoring (cacm)Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Metode Pelaksanaan FRAUD RISK ASSESSMENT
Metode Pelaksanaan FRAUD RISK ASSESSMENTMetode Pelaksanaan FRAUD RISK ASSESSMENT
Metode Pelaksanaan FRAUD RISK ASSESSMENTKanaidi ken
 
Pert 02 lingkungan akuntansi pemerintahan
Pert 02 lingkungan akuntansi pemerintahanPert 02 lingkungan akuntansi pemerintahan
Pert 02 lingkungan akuntansi pemerintahanRhezayustian13
 
1.05 pendelegasian wewenang
1.05 pendelegasian wewenang1.05 pendelegasian wewenang
1.05 pendelegasian wewenangMikhail Rasyid
 
Fasilitasi dan Implementasi Manajemen Risiko
Fasilitasi dan Implementasi Manajemen RisikoFasilitasi dan Implementasi Manajemen Risiko
Fasilitasi dan Implementasi Manajemen RisikoSujatmiko Wibowo
 
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik Dadang Solihin
 
Proses Fraud RISK ASSESSMENT pada Entitas & Transaksional
Proses Fraud RISK ASSESSMENT pada Entitas & TransaksionalProses Fraud RISK ASSESSMENT pada Entitas & Transaksional
Proses Fraud RISK ASSESSMENT pada Entitas & TransaksionalKanaidi ken
 
Fraud Risk Management
Fraud Risk ManagementFraud Risk Management
Fraud Risk ManagementSujatmiko Wibowo
 
Peranan auditor internal dalam tata kelola organisasi iia
Peranan auditor internal dalam tata kelola organisasi iiaPeranan auditor internal dalam tata kelola organisasi iia
Peranan auditor internal dalam tata kelola organisasi iiaDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Faktor faktor yang mempengaruhi opini dislclaimer BPK-RI
Faktor faktor yang mempengaruhi opini dislclaimer BPK-RIFaktor faktor yang mempengaruhi opini dislclaimer BPK-RI
Faktor faktor yang mempengaruhi opini dislclaimer BPK-RIDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Fraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiFraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiEMAC Consulting Group
 
Value based internal auditing - Nilai Dasar Internal Audit
Value based internal auditing - Nilai Dasar Internal AuditValue based internal auditing - Nilai Dasar Internal Audit
Value based internal auditing - Nilai Dasar Internal AuditDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Fraud Dan Korupsi
Fraud Dan KorupsiFraud Dan Korupsi
Fraud Dan KorupsiLinda Grace Loupatty, FEB Universitas Pattimura
 
Aspek hukum
Aspek hukumAspek hukum
Aspek hukumIndra Abdam Muwakhid
 
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptxMANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptxirban3apiptuba
 
Proses Pencatatan Transaksi
Proses Pencatatan TransaksiProses Pencatatan Transaksi
Proses Pencatatan TransaksiFair Nurfachrizi
 
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxIIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxwilcockiris
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 

Contenu connexe

Tendances

Pengendalian Fraud & Strategi Anti Fraud Multifinance
Pengendalian Fraud & Strategi Anti Fraud MultifinancePengendalian Fraud & Strategi Anti Fraud Multifinance
Pengendalian Fraud & Strategi Anti Fraud MultifinanceDemson Nathanael Sihaloho
 
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)Selviana SelfVie
 
Manajemen Strategi Sektor Publik 1
Manajemen Strategi Sektor Publik 1Manajemen Strategi Sektor Publik 1
Manajemen Strategi Sektor Publik 1nurul khaiva
 
Metode Pelaksanaan FRAUD RISK ASSESSMENT
Metode Pelaksanaan FRAUD RISK ASSESSMENTMetode Pelaksanaan FRAUD RISK ASSESSMENT
Metode Pelaksanaan FRAUD RISK ASSESSMENTKanaidi ken
 
Pert 02 lingkungan akuntansi pemerintahan
Pert 02 lingkungan akuntansi pemerintahanPert 02 lingkungan akuntansi pemerintahan
Pert 02 lingkungan akuntansi pemerintahanRhezayustian13
 
1.05 pendelegasian wewenang
1.05 pendelegasian wewenang1.05 pendelegasian wewenang
1.05 pendelegasian wewenangMikhail Rasyid
 
Fasilitasi dan Implementasi Manajemen Risiko
Fasilitasi dan Implementasi Manajemen RisikoFasilitasi dan Implementasi Manajemen Risiko
Fasilitasi dan Implementasi Manajemen RisikoSujatmiko Wibowo
 
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik Dadang Solihin
 
Proses Fraud RISK ASSESSMENT pada Entitas & Transaksional
Proses Fraud RISK ASSESSMENT pada Entitas & TransaksionalProses Fraud RISK ASSESSMENT pada Entitas & Transaksional
Proses Fraud RISK ASSESSMENT pada Entitas & TransaksionalKanaidi ken
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Fraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiFraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiEMAC Consulting Group
 
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptxMANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptxirban3apiptuba
 
Proses Pencatatan Transaksi
Proses Pencatatan TransaksiProses Pencatatan Transaksi
Proses Pencatatan TransaksiFair Nurfachrizi
 

Tendances (20)

Pengendalian Fraud & Strategi Anti Fraud Multifinance
Pengendalian Fraud & Strategi Anti Fraud MultifinancePengendalian Fraud & Strategi Anti Fraud Multifinance
Pengendalian Fraud & Strategi Anti Fraud Multifinance
 
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
Audit Bank Standart Pelaksanaan Fungsi Audit Intern Bank (SPFAIB)
 
Manajemen Strategi Sektor Publik 1
Manajemen Strategi Sektor Publik 1Manajemen Strategi Sektor Publik 1
Manajemen Strategi Sektor Publik 1
 
Continuous auditing dan continuous monitoring (cacm)
Continuous auditing dan continuous monitoring (cacm)Continuous auditing dan continuous monitoring (cacm)
Continuous auditing dan continuous monitoring (cacm)
 
Metode Pelaksanaan FRAUD RISK ASSESSMENT
Metode Pelaksanaan FRAUD RISK ASSESSMENTMetode Pelaksanaan FRAUD RISK ASSESSMENT
Metode Pelaksanaan FRAUD RISK ASSESSMENT
 
Pert 02 lingkungan akuntansi pemerintahan
Pert 02 lingkungan akuntansi pemerintahanPert 02 lingkungan akuntansi pemerintahan
Pert 02 lingkungan akuntansi pemerintahan
 
1.05 pendelegasian wewenang
1.05 pendelegasian wewenang1.05 pendelegasian wewenang
1.05 pendelegasian wewenang
 
Fasilitasi dan Implementasi Manajemen Risiko
Fasilitasi dan Implementasi Manajemen RisikoFasilitasi dan Implementasi Manajemen Risiko
Fasilitasi dan Implementasi Manajemen Risiko
 
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
Perencanaan Strategik dan Akuntabilitas Kinerja pada Sektor Publik
 
Proses Fraud RISK ASSESSMENT pada Entitas & Transaksional
Proses Fraud RISK ASSESSMENT pada Entitas & TransaksionalProses Fraud RISK ASSESSMENT pada Entitas & Transaksional
Proses Fraud RISK ASSESSMENT pada Entitas & Transaksional
 
Fraud Risk Management
Fraud Risk ManagementFraud Risk Management
Fraud Risk Management
 
Peranan auditor internal dalam tata kelola organisasi iia
Peranan auditor internal dalam tata kelola organisasi iiaPeranan auditor internal dalam tata kelola organisasi iia
Peranan auditor internal dalam tata kelola organisasi iia
 
Faktor faktor yang mempengaruhi opini dislclaimer BPK-RI
Faktor faktor yang mempengaruhi opini dislclaimer BPK-RIFaktor faktor yang mempengaruhi opini dislclaimer BPK-RI
Faktor faktor yang mempengaruhi opini dislclaimer BPK-RI
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Fraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part iiFraud risk management and interrogation techniques part ii
Fraud risk management and interrogation techniques part ii
 
Value based internal auditing - Nilai Dasar Internal Audit
Value based internal auditing - Nilai Dasar Internal AuditValue based internal auditing - Nilai Dasar Internal Audit
Value based internal auditing - Nilai Dasar Internal Audit
 
Fraud Dan Korupsi
Fraud Dan KorupsiFraud Dan Korupsi
Fraud Dan Korupsi
 
Aspek hukum
Aspek hukumAspek hukum
Aspek hukum
 
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptxMANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
MANAJEMEN RISIKO PEMBANGUNAN NASIONAL-ANGGI.pptx
 
Proses Pencatatan Transaksi
Proses Pencatatan TransaksiProses Pencatatan Transaksi
Proses Pencatatan Transaksi
 

Similaire à Three lines model updated, IIA update model tiga lapis pertahanan risiko

IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxIIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxwilcockiris
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.pptyahyamuthamia
 
Management control
Management controlManagement control
Management controlMohsin Aslam
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Understanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxUnderstanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxINTERCERT
 
Risk management
Risk managementRisk management
Risk managementLepipi
 
Safety management report of electrical engineering
Safety management report of electrical engineeringSafety management report of electrical engineering
Safety management report of electrical engineeringManeAbhijeet1
 
Risk management
Risk managementRisk management
Risk managementSpringer
 
Organization planning, design and development
Organization planning, design and developmentOrganization planning, design and development
Organization planning, design and developmentKishor Tayade
 
Valasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperValasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperJoe Valasquez
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk AuditJacob Kosoff
 
Organization planning, design and development
Organization planning, design and developmentOrganization planning, design and development
Organization planning, design and developmentKishor Tayade
 
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptxCELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptxDandzaPraditya
 
Second line of defense - value and set up
Second line of defense - value and set upSecond line of defense - value and set up
Second line of defense - value and set upJim McClanahan
 
Thesis paper on value and risk management
Thesis paper on value and risk managementThesis paper on value and risk management
Thesis paper on value and risk managementAli Akbar Mazumder
 
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Richard Brooks
 

Similaire à Three lines model updated, IIA update model tiga lapis pertahanan risiko (20)

IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docxIIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
IIA Position Paper THE THREE LINES OF DEFENSE IN EFFECT.docx
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.ppt
 
Management control
Management controlManagement control
Management control
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Understanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxUnderstanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docx
 
Lean Auditing
Lean AuditingLean Auditing
Lean Auditing
 
Risk management
Risk managementRisk management
Risk management
 
Safety management report of electrical engineering
Safety management report of electrical engineeringSafety management report of electrical engineering
Safety management report of electrical engineering
 
Risk management
Risk managementRisk management
Risk management
 
Organization planning, design and development
Organization planning, design and developmentOrganization planning, design and development
Organization planning, design and development
 
Valasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperValasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaper
 
Lecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the AuditorLecture slide ,chapter 2, Governance and the Auditor
Lecture slide ,chapter 2, Governance and the Auditor
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk Audit
 
Organization planning, design and development
Organization planning, design and developmentOrganization planning, design and development
Organization planning, design and development
 
Three Lines of Defense
Three Lines of DefenseThree Lines of Defense
Three Lines of Defense
 
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptxCELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
 
Second line of defense - value and set up
Second line of defense - value and set upSecond line of defense - value and set up
Second line of defense - value and set up
 
Thesis paper on value and risk management
Thesis paper on value and risk managementThesis paper on value and risk management
Thesis paper on value and risk management
 
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
 

Plus de Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP

Plus de Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP (20)

Detasering_secondment_BLU_SPI_APIP.pdf
Detasering_secondment_BLU_SPI_APIP.pdfDetasering_secondment_BLU_SPI_APIP.pdf
Detasering_secondment_BLU_SPI_APIP.pdf
 
Aturan pALING LENGKAP Manajemen ASN_pns _sESUAI_NSPK_SLIDE SHARE.pdf
Aturan pALING LENGKAP Manajemen ASN_pns _sESUAI_NSPK_SLIDE SHARE.pdfAturan pALING LENGKAP Manajemen ASN_pns _sESUAI_NSPK_SLIDE SHARE.pdf
Aturan pALING LENGKAP Manajemen ASN_pns _sESUAI_NSPK_SLIDE SHARE.pdf
 
Transformasi Internal Audit_APIP_Auditor Agile_Itjen_Kemenhub_Agile Auditing_...
Transformasi Internal Audit_APIP_Auditor Agile_Itjen_Kemenhub_Agile Auditing_...Transformasi Internal Audit_APIP_Auditor Agile_Itjen_Kemenhub_Agile Auditing_...
Transformasi Internal Audit_APIP_Auditor Agile_Itjen_Kemenhub_Agile Auditing_...
 
Perilaku Kerja Inovatif Memediasi Pengaruh Integritas, Kompetensi Dan Leader...
Perilaku Kerja Inovatif Memediasi Pengaruh Integritas, Kompetensi Dan Leader...Perilaku Kerja Inovatif Memediasi Pengaruh Integritas, Kompetensi Dan Leader...
Perilaku Kerja Inovatif Memediasi Pengaruh Integritas, Kompetensi Dan Leader...
 
Buku Saku Perilaku Kerja Inovatif dan Efektivitas Kerja Internal Audit
Buku Saku Perilaku Kerja Inovatif dan Efektivitas Kerja Internal AuditBuku Saku Perilaku Kerja Inovatif dan Efektivitas Kerja Internal Audit
Buku Saku Perilaku Kerja Inovatif dan Efektivitas Kerja Internal Audit
 
Sistem manajemen kinerja pns permenpan 8 tahun 2021
Sistem manajemen kinerja pns permenpan 8 tahun 2021Sistem manajemen kinerja pns permenpan 8 tahun 2021
Sistem manajemen kinerja pns permenpan 8 tahun 2021
 
Change it today birokrasi is modern model
Change it today birokrasi is modern modelChange it today birokrasi is modern model
Change it today birokrasi is modern model
 
Penyederhanaan struktur organisasi kementerian lembaga penyederhanaan birokrasi
Penyederhanaan struktur organisasi kementerian lembaga penyederhanaan birokrasiPenyederhanaan struktur organisasi kementerian lembaga penyederhanaan birokrasi
Penyederhanaan struktur organisasi kementerian lembaga penyederhanaan birokrasi
 
Manajemen talenta ASN arah model birokrasi 2020 2024
Manajemen talenta ASN arah model birokrasi 2020 2024Manajemen talenta ASN arah model birokrasi 2020 2024
Manajemen talenta ASN arah model birokrasi 2020 2024
 
Pentingnya pengendalian risiko bagi organsiasi menghadapi revolusi global dar...
Pentingnya pengendalian risiko bagi organsiasi menghadapi revolusi global dar...Pentingnya pengendalian risiko bagi organsiasi menghadapi revolusi global dar...
Pentingnya pengendalian risiko bagi organsiasi menghadapi revolusi global dar...
 
Mewujudkan birokrasi di era disrupsi dan tatanan normal baru
Mewujudkan birokrasi di era disrupsi dan tatanan normal baruMewujudkan birokrasi di era disrupsi dan tatanan normal baru
Mewujudkan birokrasi di era disrupsi dan tatanan normal baru
 
Dua model pengukuran dampak ekonomi proyek infrastruktur publik
Dua model pengukuran dampak ekonomi proyek infrastruktur publikDua model pengukuran dampak ekonomi proyek infrastruktur publik
Dua model pengukuran dampak ekonomi proyek infrastruktur publik
 
Perencanaan dan penganggaran yang lebih efisien, efektif dan bermanfaat bagi ...
Perencanaan dan penganggaran yang lebih efisien, efektif dan bermanfaat bagi ...Perencanaan dan penganggaran yang lebih efisien, efektif dan bermanfaat bagi ...
Perencanaan dan penganggaran yang lebih efisien, efektif dan bermanfaat bagi ...
 
Redesain sistem perencanaan dan penganggaran kementerian dan lembaga
Redesain sistem perencanaan dan penganggaran kementerian dan lembagaRedesain sistem perencanaan dan penganggaran kementerian dan lembaga
Redesain sistem perencanaan dan penganggaran kementerian dan lembaga
 
Maizar_Pembangunan zona integritas zi wbk wbbm tahun 2020 kementerian perhubu...
Maizar_Pembangunan zona integritas zi wbk wbbm tahun 2020 kementerian perhubu...Maizar_Pembangunan zona integritas zi wbk wbbm tahun 2020 kementerian perhubu...
Maizar_Pembangunan zona integritas zi wbk wbbm tahun 2020 kementerian perhubu...
 
Kebijakan implementasi reformasi birokrasi RB 2020 2024
Kebijakan implementasi reformasi birokrasi RB 2020 2024Kebijakan implementasi reformasi birokrasi RB 2020 2024
Kebijakan implementasi reformasi birokrasi RB 2020 2024
 
Proses audit jarak jauh selama dan setelah corona virus disease 2019 covid 19
Proses audit jarak jauh selama dan setelah corona virus disease 2019 covid 19Proses audit jarak jauh selama dan setelah corona virus disease 2019 covid 19
Proses audit jarak jauh selama dan setelah corona virus disease 2019 covid 19
 
Pembangunan Zona Integritas (ZI) menuju predikat Wilayah Bebas dari Korupsi (...
Pembangunan Zona Integritas (ZI) menuju predikat Wilayah Bebas dari Korupsi (...Pembangunan Zona Integritas (ZI) menuju predikat Wilayah Bebas dari Korupsi (...
Pembangunan Zona Integritas (ZI) menuju predikat Wilayah Bebas dari Korupsi (...
 
Pedoman telaah sejawat ekstern bagi apip inspektorat jenderal pusat dan daerah
Pedoman telaah sejawat ekstern bagi apip inspektorat jenderal pusat dan daerahPedoman telaah sejawat ekstern bagi apip inspektorat jenderal pusat dan daerah
Pedoman telaah sejawat ekstern bagi apip inspektorat jenderal pusat dan daerah
 
Kerangka konseptual pengawasan intern aaipi-inspektorat-intansi pemerintah
Kerangka konseptual pengawasan intern aaipi-inspektorat-intansi pemerintahKerangka konseptual pengawasan intern aaipi-inspektorat-intansi pemerintah
Kerangka konseptual pengawasan intern aaipi-inspektorat-intansi pemerintah
 

Dernier

call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...saminamagar
 
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...Amil baba
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxTechSoupConnectLondo
 
Start Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor PeopleStart Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor PeopleSERUDS INDIA
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...ResolutionFoundation
 
Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Sonam Pathan
 
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdf2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdfilocosnortegovph
 
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Yellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdfYellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdfAmir Saranga
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...narwatsonia7
 
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Servicenarwatsonia7
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.Christina Parmionova
 
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 

Dernier (20)

call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
call girls in Mukherjee Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝...
 
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
NO1 Certified kala jadu Love Marriage Black Magic Punjab Powerful Black Magic...
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in sector 22 Gurgaon 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptx
 
Start Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor PeopleStart Donating your Old Clothes to Poor People
Start Donating your Old Clothes to Poor People
 
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...Powering Britain: Can we decarbonise electricity without disadvantaging poore...
Powering Britain: Can we decarbonise electricity without disadvantaging poore...
 
Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170Call Girls Near Surya International Hotel New Delhi 9873777170
Call Girls Near Surya International Hotel New Delhi 9873777170
 
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Model Town DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdf2023 Ecological Profile of Ilocos Norte.pdf
2023 Ecological Profile of Ilocos Norte.pdf
 
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Punjabi Bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Yellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdfYellow is My Favorite Color By Annabelle.pdf
Yellow is My Favorite Color By Annabelle.pdf
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
 
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
Call Girls Service AECS Layout Just Call 7001305949 Enjoy College Girls Service
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Narela DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.
 
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Mayapuri DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
9953330565 Low Rate Call Girls In Adarsh Nagar Delhi NCR
 

Three lines model updated, IIA update model tiga lapis pertahanan risiko

  • 1. THE IIA’S THREE LINES MODEL An update of the Three Lines of Defense
  • 2. Table of Contents Introduction................................................................................................................................................... 1 Principles of the Three Lines Model............................................................................................................ 2 Principle 1: Governance ...................................................................................................................... 2 Principle 2: Governing body roles ...................................................................................................... 2 Principle 3: Management and first and second line roles................................................................. 3 Principle 4: Third line roles ................................................................................................................. 3 Principle 5: Third line independence.................................................................................................. 3 Principle 6: Creating and protecting value......................................................................................... 3 Key roles in the Three Lines Model............................................................................................................. 5 The governing body............................................................................................................................. 5 Management ......................................................................................................................................... 5 Internal audit......................................................................................................................................... 6 External assurance providers ............................................................................................................. 6 Relationships among core roles.................................................................................................................. 7 Between the governing body and management (both first and second line roles)........................ 7 Between management (both first and second line roles) and internal audit .................................. 7 Between internal audit and the governing body................................................................................ 8 Among all roles .................................................................................................................................... 8 Applying the model....................................................................................................................................... 9 Structure, roles, and responsibilities ................................................................................................. 9 Oversight and assurance....................................................................................................................10 Coordination and alignment...............................................................................................................10
  • 3. 1 INTRODUCTION Organizations are human undertakings, operating in an increasingly uncertain, complex, interconnected, and volatile world. They often have multiple stakeholders with diverse, changeable, and sometimes competing interests. Stake- holders entrust organizational oversight to a governing body, which in turn delegates resources and authority to manage- ment to take appropriate actions, including managing risk. For these reasons and more, organizations need effective structures and processes to enable the achievement of objectives, while supporting strong governance and risk management. As the governing body receives reports from management on activities, outcomes, and forecasts, both the governing body and management rely on internal audit to provide independent, objective assurance and advice on all matters and to promote and facilitate innovation and improvement. The governing body is ultimately accountable for governance, which is achieved through the actions and behaviors of the governing body as well as management and internal audit. The Three Lines Model helps organizations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management. The model applies to all organizations and is optimized by:  Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances.  Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value.  Clearly understanding the roles and responsibilities represented in the model and the relationships among them.  Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders. Key terms Organization - An organized group of activities, resources, and people working toward shared goals. Stakeholders - Those groups and individuals whose interests are served or impacted by the organization. Governing body - Those individuals who are accountable to stakeholders for the success of the organization. Management - Those individuals, teams, and support functions assigned to provide products and/or services to the organization’s clients. Internal audit - Those individuals operating independently from manage- ment to provide assurance and insight on the adequacy and effectiveness of governance and the management of risk (including internal control). The Three Lines Model - The model previously known as the Three Lines of Defense. Internal control - Processes designed to provide reasonable confidence over the achievement of objectives.
  • 4. 2 PRINCIPLES OF THE THREE LINES MODEL Principle 1: Governance Governance of an organization requires appropriate structures and processes that enable:  Accountability by a governing body to stake- holders for organizational oversight through integrity, leadership, and transparency.  Actions (including managing risk) by manage- ment to achieve the objectives of the organiza- tion through risk-based decision-making and application of resources.  Assurance and advice by an independent internal audit function to provide clarity and confidence and to promote and facilitate continuous improvement through rigorous inquiry and insightful communication. Principle 2: Governing body roles The governing body ensures:  Appropriate structures and processes are in place for effective governance.  Organizational objectives and activities are aligned with the prioritized interests of stakeholders. The governing body:  Delegates responsibility and provides resources to management to achieve the objectives of the organization while ensuring legal, regulatory, and ethical expectations are met.  Establishes and oversees an independent, objective, and competent internal audit function to provide clarity and confidence on progress toward the achievement of objectives. Key terms Risk-based decision-making - A considered process that includes analysis, planning, action, monitoring, and review, and takes account of potential impacts of uncertainty on objectives. Assurance - Independent confirmation and confidence.
  • 5. 3 Principle 3: Management and first and second line roles Management’s responsibility to achieve organizational objectives comprises both first and second line roles.1 First line roles are most directly aligned with the delivery of products and/or services to clients of the organiza- tion, and include the roles of support functions2 . Second line roles provide assistance with managing risk. First and second line roles may be blended or separated. Some second line roles may be assigned to specialists to provide complementary expertise, support, monitoring, and challenge to those with first line roles. Second line roles can focus on specific objectives of risk management, such as: compliance with laws, regulations, and acceptable ethical behavior; internal control; information and technology security; sustainability; and quality assurance. Alternatively, second line roles may span a broader responsibility for risk management, such as enterprise risk management (ERM). However, responsibility for managing risk remains a part of first line roles and within the scope of management. Principle 4: Third line roles Internal audit provides independent and objective assurance and advice on the adequacy and effectiveness of governance and risk management.3 It achieves this through the competent application of systematic and disciplined processes, expertise, and insight. It reports its findings to management and the governing body to promote and facilitate continuous improvement. In doing so, it may consider assurance from other internal and external providers. Principle 5: Third line independence Internal audit’s independence from the responsibilities of management is critical to its objectivity, authority, and credibility. It is established through: accountability to the governing body; unfettered access to people, resources, and data needed to complete its work; and freedom from bias or interference in the planning and delivery of audit services. Principle 6: Creating and protecting value All roles working together collectively contribute to the creation and protection of value when they are aligned with each other and with the prioritized interests of stakeholders. Alignment of activities is achieved through communication, cooperation, and collaboration. This ensures the reliability, coherence, and transparency of information needed for risk-based decision making. 1. The language of “first line,” “second line,” and “third line” is retained from the original model in the interests of familiarity. However, the “lines” are not intended to denote structural elements but a useful differentiation in roles. Logically, governing body roles also constitute a “line” but this convention has not been adopted to avoid confusion. The numbering (first, second, third) should not be taken to imply sequential operations. Instead, all roles operate concurrently. 2. Some consider the roles of support functions (such as HR, administration, and building services) to be second line roles. For clarity, the Three Lines Model regards first line roles to include both “front of house” and “back office” activities, and second line roles to comprise those complementary activities focused on risk-related matters. 3. In some organizations, other third line roles are identified, such as oversight, inspection, investigation, evaluation, and remediation, which may be part of the internal audit function or operate separately.
  • 6. 4 The IIA’s Three Lines Model KEY: Accountability, reporting Delegation, direction, resources, oversight Alignment, communication coordination, collaboration EXTERNALASSURANCEPROVIDERS GOVERNING BODY Accountability to stakeholders for organizational oversight MANAGEMENT Actions (including managing risk) to achieve organizational objectives INTERNAL AUDIT Independent assurance First line roles: Provision of products/services to clients; managing risk Second line roles: Expertise, support, monitoring and challenge on risk-related matters Third line roles: Independent and objective assurance and advice on all matters related to the achievement of objectives Governing body roles: integrity, leadership, and transparency
  • 7. 5 KEY ROLES IN THE THREE LINES MODEL Organizations differ considerably in their distribution of responsibilities. However, the following high-level roles serve to amplify the Principles of the Three Lines Model. The governing body  Accepts accountability to stakeholders for oversight of the organization.  Engages with stakeholders to monitor their interests and communicate transparently on the achieve- ment of objectives.  Nurtures a culture promoting ethical behavior and accountability.  Establishes structures and processes for governance, including auxiliary committees as required.  Delegates responsibility and provides resources to management for achieving the objectives of the organization.  Determines organizational appetite for risk and exercises oversight of risk management (including internal control).  Maintains oversight of compliance with legal, regulatory, and ethical expectations.  Establishes and oversees an independent, objective, and competent internal audit function. Management First line roles  Leads and directs actions (including managing risk) and application of resources to achieve the objectives of the organization.  Maintains a continuous dialogue with the governing body, and reports on: planned, actual, and expected outcomes linked to the objectives of the organization; and risk.  Establishes and maintains appropriate structures and processes for the management of operations and risk (including internal control).  Ensures compliance with legal, regulatory, and ethical expectations.
  • 8. 6 Second line roles  Provides complementary expertise, support, monitoring, and challenge related to the management of risk, including: o The development, implementation, and continuous improvement of risk management practices (including internal control) at a process, systems, and entity level. o The achievement of risk management objectives, such as: compliance with laws, regulations, and acceptable ethical behavior; internal control; information and technology security; sustainability; and quality assurance.  Provides analysis and reports on the adequacy and effectiveness of risk management (including internal control). Internal audit  Maintains primary accountability to the governing body and independence from the responsibilities of management.  Communicates independent and objective assurance and advice to management and the governing body on the adequacy and effectiveness of governance and risk management (including internal control) to support the achievement of organizational objectives and to promote and facilitate continuous improvement.  Reports impairments to independence and objectivity to the governing body and implements safeguards as required. External assurance providers  Provide additional assurance to: o Satisfy legislative and regulatory expectations that serve to protect the interests of stakeholders. o Satisfy requests by management and the governing body to complement internal sources of assurance.
  • 9. 7 RELATIONSHIPS AMONG CORE ROLES Between the governing body and management (both first and second line roles) The governing body typically sets the direction of the organization by defining the vision, mission, values, and organizational appetite for risk. It then delegates responsibility for the achievement of the organization’s objectives to management, along with the necessary resources. The governing body receives reports from management on planned, actual, and expected outcomes, as well as reports on risk and the management of risk. Organizations vary as to the degree of overlap and separation between the roles of the governing body and management. The governing body can be more or less “hands on” with respect to strategic and operational matters. Either the governing body or management may take the lead in developing the strategic plan, or it may be a shared undertaking. In some jurisdictions, the Chief Executive Officer (CEO) may be a member of the governing body and may even be its chair. In all cases, there needs to be strong communication between management and the governing body. The CEO is typically the focal point for this communication, but other senior managers may have frequent interactions with the governing body. Organizations may wish, and their regulators may require, leaders of second line roles such as a Chief Risk Officer (CRO) and a Chief Compliance Officer (CCO) to have a direct reporting line to the governing body. This is fully consistent with the Principles of the Three Lines Model. Between management (both first and second line roles) and internal audit Internal audit’s independence from management ensures it is free from hindrance and bias in its planning and in the carrying out of its work, enjoying unfettered access to the people, resources, and information it requires. It is accountable to the governing body. However, independence does not imply isolation. There must be regular interaction between internal audit and management to ensure the work of internal audit is relevant and aligned with the strategic and operational needs of the organization. Through all of its activities, internal audit builds its knowledge and understanding of the organization, which contributes to the assurance and advice it delivers as a trusted advisor and strategic partner. There is a need for collaboration and communication across both the first and second line roles of management and internal audit to ensure there is no unnecessary duplication, overlap, or gaps. Key term Chief Executive Officer (CEO) - The most senior individual in the organiza- tion with responsibility over operations.
  • 10. 8 Between internal audit and the governing body Internal audit is accountable to, and sometimes described as being the “eyes and ears” of, the governing body. The governing body is responsible for oversight of internal audit, which requires: ensuring an independent internal audit function is established, including the hiring and firing of the Chief Audit Executive (CAE); serving as the primary report- ing line for the CAE4 ; approving and resourcing the audit plan; receiving and considering reports from the CAE; and enabling free access by the CAE to the governing body, including private sessions without the presence of management. Among all roles The governing body, management, and internal audit have their distinct responsibilities, but all activities need to be aligned with the objectives of the organization. The basis for successful coherence is regular and effective coordination, collaboration, and communication. 4. For administrative purposes, the CAE may also report to an appropriately senior level of management. Key term Chief Audit Executive (CAE) - The most senior individual in the organization with responsibility for internal audit services, often known as the Head of Internal Audit or similar title.
  • 11. 9 APPLYING THE MODEL Structure, roles, and responsibilities The Three Lines Model is most effective when it is adapted to align with the objectives and circumstances of the organization. How an organization is structured and how roles are assigned are matters for management and the governing body to determine. The governing body may establish committees to provide additional oversight for particular aspects of its responsibility, such as audit, risk, finance, planning, and compensation. Within management, there are likely to be functional and hierarchical arrangements and an increasing tendency toward specialization as organizations grow in size and complexity. Functions, teams, and even individuals may have responsibilities that include both first and second line roles. However, direction and oversight of second line roles may be designed to secure a degree of independence from those with first line roles — and even from the most senior levels of management — by establishing primary accountability and reporting lines to the governing body. The Three Lines Model allows for as many reporting lines between management and the governing body as required. In some organizations, most notably regulated financial institutions, there is a statutory requirement for such arrangements to ensure sufficient independence. Even in these situations, those in management with first line roles remain responsible for managing risk. Second line roles may include monitoring, advice, guidance, testing, analyzing, and reporting on matters related to the management of risk. Insofar as these provide support and challenge to those with first line roles and are integral to management decisions and actions, second line roles are part of management’s responsi- bilities and are never fully independent from management, regardless of reporting lines and accountabilities. A defining characteristic of third line roles is independence from management. The Principles of the Three Lines Model describe the importance and nature of internal audit independence, setting internal audit apart from other functions and enabling the distinctive value of its assurance and advice. Internal audit’s independence is safeguarded by not making decisions or taking actions that are part of management’s responsibilities (including risk management) and by declining to provide assurance on activities for which internal audit has current, or has had recent, responsibility. For example, in some organizations, the CAE is asked to assume additional decision-making responsibilities over activities utilizing similar competencies, such as aspects of statutory compliance or ERM. In such circumstances, internal audit is not independent of these activities or of their results, and therefore, when the governing body seeks independent and objective assurance and advice relating to those areas, it is necessary for its provision to be undertaken by a qualified third party.
  • 12. 10 Oversight and assurance The governing body relies on reports from management (comprising those with first and second line roles), internal audit, and others in order to exercise oversight and achievement of its objectives, for which it is accountable to stakeholders. Management provides valuable assurance (also referred to as attestations) on planned, actual, and forecast outcomes, on risk, and on risk management by drawing upon direct experience and expertise. Those with second line roles provide additional assurance on risk-related matters. Because of internal audit’s independence from management, the assurance it provides carries the highest degree of objectivity and confidence beyond that which those with first and second line roles can provide to the governing body, irrespective of reporting lines. Further assurance may also be drawn from external providers. Coordination and alignment Effective governance requires appropriate assignment of responsibilities as well as strong alignment of activities through cooperation, collaboration, and communication. The governing body seeks confirmation through internal audit that governance structures and processes are appropriately designed and operating as intended.
  • 13. About The IIA The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The association’s global headquarters is in Lake Mary, Fla., USA. For more information, visit www.globaliia.org. Disclaimer The IIA publishes this document for informational and educational purposes. This material is not intended to provide definitive answers to specific individual circumstances and as such is only intended to be used as a guide. The IIA recommends seeking independent expert advice relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material. Copyright Copyright © 2020 The Institute of Internal Auditors, Inc. All rights reserved. For permission to reproduce, please contact copyright@theiia.org. July 2020 Global Headquarters The Institute of Internal Auditors 1035 Greenwood Blvd., Suite 149 Lake Mary, FL 32746, USA Phone: +1-407-937-1111 Fax: +1-407-937-1101 www.globaliia.org