The IIA has released a consultation document reviewing the widely accepted Three Lines of Defense model for public comment. The document, available at www.theiia.org/3LOD, aims to ensure the guidance is more applicable to today's changing organizational environment. It seeks to clarify essential responsibilities in governance, risk management, and control. Comments are welcome by Sept. 19.
The IIA's Three Lines of Defense task force seeks to "breathe new life" into the model by focusing on organizational success and embracing governance processes. IIA Global Chairman Naohiro Mouri explains that The IIA recognizes that risk "goes beyond 'defense'" and can create opportunity. "We want to ensure organizations can allocate and structure their resources and responsibilities by using the Three Lines of Defense to their advantage," he says.
To that end, the review considers both a reactive and proactive approach to fulfilling an organization's purpose and value creation. Moreover, the task force is evaluating how the model can be scaled for organizations of different sizes.
Additionally, the task force is considering how internal audit functions should address the "blurring of the lines" when they are asked to take on responsibilities within areas of the organization. The objective is to stress flexibility among the lines.