Overstepping the 3 Lines

Overstepping the 3 Lines

Early this year I asked readers of my blog what they would like me to blog about this year.??Some asked about the Three Lines Model, which for those not in the know, refers to a risk management operating model that is the brainchild of the Institute of Internal Auditors. Line 1 is the business. Line 2 is the risk function. And Line 3 is Internal Audit. Originally it was called the Three Lines of Defence Model and Line 2’s role, in addition to designing and implementing the risk framework, was to challenge and oversight Line 1.

In response to criticism by many practitioners, myself included (refer 3LoD Resulted in Outsourcing Responsibility for Risk, the IIA revised the model and removed “Defence” as being too negative and omitted the “oversight” role of Line 2. Unfortunately, how the Three Lines Model is being implemented in practice (in particular in heavily regulated financial firms) there is a strong focus on “challenge” – and it smells of oversight. Given the findings of Australia’s Royal Commission into the sector and the never-ending stream of fines for non-compliance across the sector globally, one might say for very good reasons.

The problem with the situation is TRUST. Risk practitioners want to be trusted advisers but many in the business do not trust them because they are potential “dobbers”. Hence there lacks a strong mature relationship where the risk team are – what I call – leading alongside. Which is why I say to risk practitioners, you must first persuade the business to take your advice, so you earn your place as a trusted adviser.

When I assist organisations to design a risk management framework and operating model, I recommend my Tri-partite Model for Risk Management which I described in Chapter 7 Designing Success of my book Risky Business – How Successful Organisations Embrace Uncertainty. The shift focuses heavily on risk being a partner to the business, in helping to challenge their thinking, not to challenge them. I also recommend the risk team refrain from having any assurance responsibilities. Stick to advising the business so when the assurance happens, the business passes with flying colours at minimal cost and builds trust.

Deborah Schembri

Senior Risk & Compliance Executive | Strategic Leader in Regulatory Governance, Risk Management, and Compliance | Driving Excellence in Corporate Integrity & Resilience

11 个月

Great insight. The Three Lines of Defense (3LoD) model has been widely used in risk management, but its suitability depends on the organisations context and evolving risk landscape. Some argue it may need adaptation or supplementation to address modern challenges effectively. Organisation’s should continually evaluate their risk management frameworks to ensure they align with their objectives and mitigate emerging risks.

回复
Pradip Panda

Senior Manager | Strategic Operations Leader | 16+ Years Shaping Excellence in Insurance & Mortgage| Driving Innovation, Efficiency, and Team Success

1 年

Fascinating insights, Bryan. The evolution of the Three Lines Model is indeed intriguing. It's inspiring to see the growing interest and focus on risk management and internal audit practices.

Exciting to see more interest in the Three Lines Model! Keep educating your readers. #riskmanagement #internalaudit #threelinesmodel

回复
DeAnna Gladieux Burton

Adaptive Cultures Practitioner. Risk Culture Specialist. Supporting organisations at the intersection of strategy, leadership & culture.

1 年

Such an important topic. Completely agree with your focus on how risk professionals' ways of working and how they show up either enables or inhibits whether they are seen/experienced as 'dobbers' or truly trusted advisors. If I could add a call to action for risk professionals (in addition to yours - challenge the thinking, not the thinker) I would encourage risk professionals to consider what are the leadership / influencing / adaptive capabilities they need to complement or supplement their technical risk management skills. When risk professionals are experienced as advisors rather than police, I reckon some of the adaptive capabilities they have adopted include things like: a learning mindset, working with and within complexity, using influencing through relationship building, creating space for shared ownership of risks to flourish, creating safe-spaces and making time for meaningful retrospectives, and individual development.

Andrea Pavkovic, MPA, IRMCert

Enterprise & Operational Risk | Operational Resilience | @ Visa

1 年

Thank you for the insight Bryan.

要查看或添加评论,请登录

Bryan Whitefield的更多文章

  • Be Powerful

    Be Powerful

    Ever wonder why decisions made collectively are more powerful than those made solo? It’s not magic, and it’s not luck –…

  • Your Biggest Risk? Playing It Safe

    Your Biggest Risk? Playing It Safe

    Ever made a big call as a leader that looked brilliant – until it wasn’t? And then came the blame game. Right? “What…

    3 条评论
  • The Decision Jam

    The Decision Jam

    Ever found yourself frustrated by how slow decisions move through your organisation? Maybe it feels like the same…

  • Summary in Detail

    Summary in Detail

    I got the term “summary in detail” from a fantastic client of mine who I worked with for near on a decade. We were…

  • Your Hands, a Coin and a Pair of Gloves

    Your Hands, a Coin and a Pair of Gloves

    Back in 2015, McKinsey published a paper on the future of risk management in the banking sector. At the time I sent it…

    5 条评论
  • Your Secret Weapon

    Your Secret Weapon

    Ever wondered why some organisations thrive in uncertainty while others crumble? As a management consultant, I've seen…

  • Bust Groupthink

    Bust Groupthink

    Was that Groupthink you just saw in your team meeting? It happens to the best of us, and often it’s right under our…

  • Decide Fast, Connect Deeper

    Decide Fast, Connect Deeper

    High-performance teams have a secret: how they connect in making decisions. Top teams decide better and faster.

    2 条评论
  • Sync or Sink

    Sync or Sink

    Happy New Year! I’m back and feeling energised for the year ahead looking forward to making a real impact. I'm kicking…

    2 条评论
  • The Art of Speaking C-Suite

    The Art of Speaking C-Suite

    Picture this: You’re at a networking event, proudly introducing yourself as a risk/compliance/procurement/HR/other…

    2 条评论

社区洞察

其他会员也浏览了