O'Reilly logo

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors by Christopher Wright

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 3: RISK MANAGEMENT ASSURANCE AND AUDIT

Overview

Having established a risk assessment and control framework, the Board/senior management of an organisation will need comfort or assurance that it is designed and operating effectively. To achieve this, as part of their ERM process, many organisations are adopting the three lines of defence model. In this chapter we will consider this model for risk management and compare and contrast internal and external audit roles and responsibilities. Each of these has their own culture, their own roles and responsibilities. As an information risk manager, I have been required to work in all of these capacities. In this chapter we will consider:

•   The three lines of defence model

•   First line of ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required