Understanding the Three Lines of Defense in Risk Management
Explore the key principles of COSO framework and the responsibilities of the three lines of defense – Control Environment, Risk Assessment, Control Activities, and Information & Communication. Learn about the main responsibilities within each line for effective risk management and control.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Leveraging COSO across the three lines of defense Jean-Pierre Garitte Tbilisi, 29 October 2018
Remember the three lines of defense The Three Lines of Defense in Effective Risk Management and Control, (Altamonte Springs, FL: The Institute of Internal Auditors Inc, January 2013.
Remember the COSO principles Internal Control Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (Jersey City, NJ: American Institute of Certified Public Accountants, May 2013.
Who is mainly responsible for the control environment? Control Environment
Control environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability
Who is mainly responsible for risk assessment? Risk Assessment
Risk assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change
Who is mainly responsible for control activities? Risk Assessment Control Activities
Control activities 10.Selects and develops control activities 11.Selects and develops general controls over IT 12.Deploys through policies and procedures
Who is mainly responsible for information and communication? Risk Assessment Control Activities Information & Communication
Who is mainly responsible for information and communication? Information & Communication Risk Assessment Control Activities Information & Communication
Information & Communication 13.Uses relevant information 14.Communicates internally 15.Communicates externally
Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring
Who is mainly responsible for monitoring? Risk Assessment Control Activities Information & Communication Monitoring Monitoring
Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring Monitoring
Who is mainly responsible for monitoring? Information & Communication Monitoring Risk Assessment Control Activities Information & Communication Monitoring Monitoring: Assurance Reassurance Monitoring
Monitoring 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies
Leveraging COSO across the three lines of defense Adapted from the Leveraging COSO Across the Three Lines of Defense, commissioned by The Committee of Sponsoring Organizations of the Treadway Committee (Lake Mary, FL: The Institute of Internal Auditors Inc and, July 2015).
