The Institute of Enterprise Risk Practitioners (IERP®) is the world’s first and leading certification institute for Enterprise Risk Management (ERM).

Image Alt

IERP® International Institute of Enterprise Risk Practitioners

  /  Thought Leadership   /  The Usefulness of the Concepts of 3 Lines of Defense

The Usefulness of the Concepts of 3 Lines of Defense

ERM practitioners and business professionals globally have reported increasing levels of risks and have sought structures and frameworks to deal with these various emerging scenarios.

To address such concerns, the concept of the “3 lines of defence” has been adopted by a number of forward looking organisations and has also been mandated by a number of regulators internationally.

Financial institutions have made good progress in building an effective three lines of defence model to respond to regulatory expectations. However, the model still isn’t fully embedded and hasn’t been consistently applied within most other organizations, leading to duplication of processes and a lack of a proper understanding of the various roles and responsibilities across the organization within a 3 lines of defence framework.

This lack of clarity is a potential contributor to the reason why the first line (business line) often does not take complete accountability of risk; and the second line continues to operate in silos.

The speaker for the session was Mr. Abu Bakar Baba, an IERP® graduate and the Head of the Internal Audit Department in Petronas Dagangan Berhad. He is a subject matter expert within Petronas on auditing and risk management and a frequent speaker at their inhouse seminars.

The program was overbooked due to its popularity and a few attendees opted to stand at the back rather than miss the session. Abu Bakar stressed that one of the main purposes of the three lines of defence was to underscore the roles and relationships between those responsible for taking business risk, those responsible for driving risk self-assurance, and those responsible for providing independent assurance.

He stressed that all three lines needed to work effectively with each other and with the relevant Board oversight committees to ensure the proper and effective functioning of the ERM process and framework.

    Name (required)

    Email Address (required, business email address only)

    Mobile Number (required)

    Company (required)

    Designation (required)

    Preferred Contact Method: (required)

    CallEmail

    What is the biggest challenge in your job/industry

    Which modules are you interested in? (required)

    Managing ESGMechanics of ESGEnterprise Risk Management

    Message

      Name (required)

      Email Address (required, business email address only)

      Mobile Number (required)

      Company (required)

      Designation (required)

      Preferred Contact Method: (required)

      CallEmail

      What is the biggest challenge in your job/industry

      Message

        Name (required)

        Email Address (required, business email address only)

        Mobile Number (required)

        Company (required)

        Designation (required)

        Preferred Contact Method: (required)

        CallEmail

        What is the biggest challenge in your job/industry

        Which modules are you interested in? (required)

        Evaluating Risk and Internal ControlCorporate GovernanceEstablishing a Cybersecurity FrameworkEnterprise Risk Management

        Message

          Name (required)

          Email Address (required, business email address only)

          Mobile Number (required)

          Company (required)

          Designation (required)

          Preferred Contact Method: (required)

          CallEmail

          What is the biggest challenge in your job/industry

          Message

            Name (required)

            Email Address (required, business email address only)

            Mobile Number (required)

            Company (required)

            Designation (required)

            Preferred Contact Method: (required)

            CallEmail

            What is the biggest challenge in your job/industry

            Which modules are you interested in? (required)

            Digital Risk Management and DisruptionMechanics of CyberSecurityEnterprise Risk Management

            Message

              Name (required)

              Email Address (required, business email address only)

              Mobile Number (required)

              Company (required)

              Designation (required)

              Preferred Contact Method: (required)

              CallEmail

              What is the biggest challenge in your job/industry

              Which modules are you interested in? (required)

              Evolution of BCM Standards, Policies and FrameworksBIA & BCMS Frameworks and StrategiesRisk, Sustainability, Metrics and Crafting Effective Business Continuity Plans

              Message

                Name (required)

                Email Address (required, business email address only)

                Mobile Number (required)

                Company (required)

                Designation (required)

                Preferred Contact Method: (required)

                CallEmail

                What is the biggest challenge in your job/industry

                Which modules are you interested in? (required)

                Emergency Preparedness, Response, BC Awareness and trainingBCMS Performance, Metrics and Audits, Disaster Recovery Plans and Lean MethodologiesCrisis Management

                Message

                User registration

                Reset Password