A new white paper from Active Risk


The latest in an occasional series of white papers that tackle the more strategic elements of risk management, we aim to explain the Three Lines of Defence (3LOD) framework, and how it can be applied to your organisation (regardless of size). Most importantly, we will explain the business benefits you can expect to achieve as a result.


3LOD has been widely adopted by financial institutions internationally; however, there is much within it that is equally applicable to every enterprise, not just those in the financial sector. In the modern organisation there are many different functions and teams involved in managing and controlling risk.


The 3LOD approach brings together those diverse disciplines – something that we have long been recommending from an enterprise risk management standpoint. 3LOD provides a framework for good governance. For the Board and CEO it helps to provide confidence that the business has identified key risks and that those risks are being controlled. It ensures that business risk owners, risk and compliance functions and audit functions work together using shared data. While 3LOD is not a risk management standard, process or maturity model in itself, it does however bring transparency and fosters collaboration – this ensures that all areas involved in risk communicate in a meaningful way to better manage risk controls within the organisation.


It is worth noting that a risk management standard, process and approach to maturity evolution is still required in addition to the 3LOD model, as this is only one part of an overarching risk management strategy. However, as part of a holistic approach to risk management, 3LOD provides many benefits.


Benefits of taking the 3LOD approach

  • 3LOD helps organisations to delegate and coordinate risk management duties across the organisation
  • It improves communication by clarifying roles and responsibilities
  • It improves the effectiveness of risk management because it positions risk as an enterprise-wide concern and provides independent assurance
  • Risk and controls owners have greater confidence in the quality of their assessment of uncertainty in their areas of responsibility
  • Assurance providers/auditors are able to plan their efforts and resources based on the organisation’s requirements
  • The Board has a governance pan-organisation process in place that provides protection for future business performance.


For your copy, click here.

Leave a Response