Part one – internal audit and compliance: some thoughts for directors
In this first of two articles, which considers questions that a board director might ask of their organisation’s compliance and internal audit functions, Mark Stock starts with a reminder of the three lines of defence (3LD) model.
Boards, audit committees and senior management need to establish mechanisms to assist them control the organisation, manage the risks it faces and comply with the legal and regulatory frameworks in which it operates as well as with its own internal policies and procedures. These mechanisms will primarily focus on line management in the business but will be supplemented (particularly in larger organisations) by separate internal audit and head office compliance and company secretary functions.
Put simply, the ‘three lines of defence’ model explicitly allocates responsibility and accountability for control to each business unit or function within an organisation.