The “Three Lines of Defense” – a matter of corporate culture
Samuel Brandstaetter, Founder and CEO of avedos, speaks about the integration of GRC and how the “Three Lines of Defense model” can support a company in achieving this goal. Measurements taken by the executive board can only make an impact, if a corporate culture focusing on risk and compliance is established.
The “First Line of Defense” includes a company’s operational unit - people who have to make risk oriented decisions according to policy.
The “Second Line of Defense” offers a regulatory framework and is responsible for certain management systems. These members of staff establish standards and tools that enable the operational unit to work risk oriented.
The “Third Line of Defense”, also called internal audit, serves as independent supervisory body. It checks the lawful and orderly execution of operative processes as well as the efficiency of a management system.
Learn more about the Three Lines of Defense in context of integrated GRC and how to overcome “silo thinking”.