Three Lines Model


This publication is available for members. Please log in to download.
Would you like to become a member?

Originally the Three Lines of Defense, the model has gained popularity for organizing governance and risk management in organizations. However, acknowledging that risk-based decision-making is as much about seizing opportunities as it is about defensive moves, the new Three Lines Model helps organizations better identify and structure interactions and responsibilities of key players toward achieving more effective alignment, collaboration, accountability and, ultimately, objectives.

It clearly outlines the roles of various leaders within an organization, including oversight by the board or governing body; management and operational leaders including risk and compliance (first- and second-line roles); and independent assurance through internal audit (third line). And it addresses the position of external assurance providers. The model applies to all organizations, regardless of size or complexity.

Webinar: Three Lines Model Webinar: During the webinar, Mark Carawan, Member of the Three Lines Working Group, Former CAE and CCO of Citigroup, and 2020–21 Global Board Director of Stakeholder Relations, and Francis Nicholson, Vice President of Global Relations at the IIA, provided a detailed overview of the new Three Lines Model and how it’s been redefined.