the Three Lines of Defense in Risk Management

Explore the key principles of COSO framework and the responsibilities of the three lines of defense – Control Environment, Risk Assessment, Control Activities, and Information & Communication. Learn about the main responsibilities within each line for effective risk management and control.

• Risk Management
• COSO Framework
• Three Lines of Defense
• Control Environment
• Risk Assessment

yara Follow

Uploaded on Aug 01, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Leveraging COSO across the three lines of defense Jean-Pierre Garitte Tbilisi, 29 October 2018

2. Remember the three lines of defense The Three Lines of Defense in Effective Risk Management and Control, (Altamonte Springs, FL: The Institute of Internal Auditors Inc, January 2013.

3. Remember the COSO principles Internal Control Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (Jersey City, NJ: American Institute of Certified Public Accountants, May 2013.

4. Who is mainly responsible for the control environment? Control Environment

5. Control environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability

6. Who is mainly responsible for risk assessment? Risk Assessment

7. Risk assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change

8. Who is mainly responsible for control activities? Risk Assessment Control Activities

9. Control activities 10.Selects and develops control activities 11.Selects and develops general controls over IT 12.Deploys through policies and procedures

10. Who is mainly responsible for information and communication? Risk Assessment Control Activities Information & Communication

11. Who is mainly responsible for information and communication? Information & Communication Risk Assessment Control Activities Information & Communication

12. Information & Communication 13.Uses relevant information 14.Communicates internally 15.Communicates externally

13. Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring

14. Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring Monitoring

15. Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring Monitoring

16. Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring Monitoring: Assurance Reassurance Monitoring

17. Monitoring 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies

18. Leveraging COSO across the three lines of defense Adapted from the Leveraging COSO Across the Three Lines of Defense, commissioned by The Committee of Sponsoring Organizations of the Treadway Committee (Lake Mary, FL: The Institute of Internal Auditors Inc and, July 2015).

19. Questions?