Talk to an Expert
Pricing

The Three Lines of Defense Framework – What is it?

The Three Lines of Defense Framework is a model risk management system that assigns responsibility for risk across an organization. The First Line of Defense is the business line or unit responsible for managing the risk. The Second Line of Defense is the independent function, such as Internal Audit, that provides assurance to management and the Board that the risk is being managed effectively by the business. The Third Line of Defense is the control function, such as Risk Management, that provides challenge and oversight to ensure that risks are appropriately identified and mitigated.

The Three Lines of Defense Framework was first introduced by COSO in 2004 as part of its Enterprise Risk Management–Integrated Framework. COSO updated the framework in 2017 to reflect changes in how organizations operate and manage risk.

The framework provides a structure for understanding an organization’s risk governance practices and can be used to assess an organization’s current state and identify opportunities for improvement. It can also be used as a common language for dialogue between the three lines of defense and other stakeholders.

The Three Lines of Defense Framework is not intended to prescribe specific roles and responsibilities but rather to provide guidance on how the three lines of defense can work together effectively to manage risk.

The Three Lines of Defense Framework is a widely accepted tool for managing risk across organizations. If you work in Internal Audit, Risk Management, or Compliance, it’s important to be familiar with the framework and how it can be used to assess and improve your organization’s risk management practices.

Like this article?

Email
Share on Facebook
Share on LinkedIn
Share on XING

Empowered Systems is a leading provider of environmental, sustainability, and governance as well as governance, risk and compliance solutions with an expansive global customer base. 

Linkedin-in Facebook Youtube Instagram

our products

our Solutions

Company info

website disclaimer

Any capabilities or technologies described on this site or shown to you are subject to intellectual property protection, including, without limitation, international copyright laws and treaties (and in some cases patents/patent applications) and all rights are reserved. Any quotation provided must be kept confidential and used only for your purchasing decision. You can share a quotation or proposal with your advisers for that purpose if they have signed an agreement with you covering non-disclosure of such information, but you may not share it with anyone else without Empowered Systems prior written consent. Any supplementary information provided by Empowered Systems shall also be treated as confidential and may only be used in the same way as the information set out in your quotation or proposal (unless otherwise specified). This website is not a quotation or proposal.

This website is provided for informational purposes only. It neither constitute an advice nor an offer capable of acceptance or create any right or obligation between Empowered Systems and the user of this website or anyone associated with the aforementioned user. Any contract will be made based on Empowered Systems standard terms and conditions. Nothing on this site creates any agreement between Empowered Systems and the user of this website.

The information on this site has been compiled with care, but Empowered Systems does not make any express or implied representation or warranty that the information is without errors or omissions and shall have no liability resulting from use of or reliance on the information (except when arising from fraudulent misrepresentation or other matters where liability cannot be excluded or limited under law).

References to Empowered Systems capability may include capability provided to Empowered Systems by third parties.

 AutoAudit® and Empowered Systems are all registered trademarks of Empowered Systems IP Holder LLC.

© 1995-2024 Empowered Systems. All rights reserved.

Empowered Systems is the trade name of Empowered Systems Ltd. in the United Kingdom. Registered Number: 13416888 in England and Wales. Registered office: 6 Lloyds Avenue, Suite 4cl, London, England EC3N 3AX.

Talk to an Expert
Pricing
Talk to an Expert
Pricing

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.

    GDPR Cookie Consent with Real Cookie Banner Skip to content