Hva er nytt? Det mest umiddelbare er selve navnet. Man har besluttet å fjerne ‘Forsvar’ og modellen går nå under betegnelsen ‘Trelinjemodellen’ – Three Lines Model.
Intensjonen bak den opprinnelige modellen var å organisere governance og risikostyring i organisasjoner, med fokus på kontrollelementet. I den oppdaterte utgaven anerkjenner man at risikostyring vel så mye handler om å identifisere og gripe muligheter som å sørge for kontroll og tilstrekkelig forsvar.
Med utgangspunkt i den nye utgaven skal organisasjoner, uavhengig av størrelse og kompleksitet, bedre kunne identifisere og strukturere samhandling og ansvarsområder i nøkkelfunksjoner og ledelse. Formålet er å sikre effektivt samarbeid, tydeliggjøre og forankre ansvar – slik at man oppnår organisasjonens målsetninger.
Hvem har vært involvert i prosessen?
En arbeidsgruppe ledet av IIA Global, bestående av praktiserende internrevisorer, ledere av risikostyring og compliancefunksjoner, interessenter og en rekke andre har samarbeidet om oppdateringen av modellen.
Ønsker du mer informasjon?
Styreleder i IIA Global Jenitha Jones forklarer trelinjemodellen her: https://www.theiia.org/sites/auditchannel/Pages/Topic-Governance.aspx.
Det skal også settes opp et webinar 24. september. Mer informasjon følger.
Full text from IIA Global:
Originally the Three Lines of Defense-model has gained popularity for organizing governance and risk management in organizations. However, acknowledging that risk-based decision-making is as much about seizing opportunities as it is about defensive moves, the new Three Lines Model helps organizations better identify and structure interactions and responsibilities of key players toward achieving more effective alignment, collaboration, accountability and, ultimately, objectives.
It clearly outlines the roles of various leaders within an organization, including oversight by the board or governing body; management and operational leaders including risk and compliance (first- and second-line roles); and independent assurance through internal audit (third line). And it addresses the position of external assurance providers. The model applies to all organizations, regardless of size or complexity.
The Three Lines Model has largely been viewed as the basis for sound risk management. For implementation by organizations on both a reactive and proactive basis, these updates help modernize and strengthen application of the model to ensure its sustained usefulness and value.
Former IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA
A task force spearheaded by The IIA and representing audit practitioners, risk and compliance executives, stakeholders and others came together to provide this update in part to highlight the important relationships between central and common components of organizations and to weigh the concept’s strengths, application and usefulness toward ensuring its continued relevance in today’s operational climate.
“For more than two decades, myriad organizations embraced the former model, attracted by its simplicity in describing risk-management and control responsibilities in three separate lines,» said task force leader and incoming IIA Global Chairman Jenitha John. “The update reinforces that organizations must determine appropriate, pragmatic structures for themselves, taking into account their objectives and circumstances against a backdrop of an ever-evolving risk landscape.”
Added Chambers, “Risk management goes beyond mere defense. Organizations need effective structures and processes to enable the achievement of objectives and support strong governance and risk management. The updated Three Lines Model addresses the complexities of our modern world.”
Further details about the Three Lines Model, including key principles toward applying the model and an updated illustration of the model, are found HERE.
