The Three Lines of Defence model is ideally suited for dividing up the individual topics and tasks of enterprise-wide risk management among the different levels of corporate management. Using this model purely to define the terms or determine the responsibilities would leave some unused potential on the side.
The full benefit of this approach is realized once those responsible for the system along the 2nd Line of Defence recognize the potential of working together to resolve cross-cutting issues and give operational management the opportunity to complete the required tasks efficiently, comprehensively and on time. Mapping the Three Lines of Defence also enables cross-line collaboration, especially between the 1st and 2nd Lines of Defence.
In addition, the resulting integrated and centralized database spares the internal and external auditors time-consuming data collection. The immediately available, clear and historically traceable data reduces the effort required for data analysis. These aspects provide the audit department with additional resources that can be used for the development of improvement potentials as well as for consulting activities.
The success factors of an integrated GRC based on the Three Lines of Defence model are:
- Collaboration of management functions along the 2nd line of defence in the course of defining the governance structure and in the area of strategic management
- Definition of common methodologies and the use of unified technical support
- Use of a common language for the same topics within the organization
BOC Group has many years of experience in consulting and implementation of an integrated GRC system and offers not only expert advice, but also comprehensive tool support as well as training for successful implementation and continued operation.
We would be pleased to master your change towards a process-oriented, integrated GRC system together with you!