CHAPTER 3: RISK MANAGEMENT ASSURANCE AND AUDIT
Having established a risk assessment and control framework, the Board/senior management of an organisation will need comfort or assurance that it is designed and operating effectively. To achieve this, as part of their ERM process, many organisations are adopting the three lines of defence model. In this chapter we will consider this model for risk management and compare and contrast internal and external audit roles and responsibilities. Each of these has their own culture, their own roles and responsibilities. As an information risk manager, I have been required to work in all of these capacities. In this chapter we will consider:
• The three lines of defence model
• First line of ...