Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

CHAPTER 3: RISK MANAGEMENT ASSURANCE AND AUDIT

Overview

Having established a risk assessment and control framework, the Board/senior management of an organisation will need comfort or assurance that it is designed and operating effectively. To achieve this, as part of their ERM process, many organisations are adopting the three lines of defence model. In this chapter we will consider this model for risk management and compare and contrast internal and external audit roles and responsibilities. Each of these has their own culture, their own roles and responsibilities. As an information risk manager, I have been required to work in all of these capacities. In this chapter we will consider:

• The three lines of defence model

• First line of ...

Get Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors by Christopher Wright

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly