Internal Controls and Assurance: A Help or Hindrance Between the Lines

Increasing regulatory attention has created a growing need across financial organizations to establish more formal coverage and independent assurance over their second-line control functions, such as Risk and Compliance.

Increasing regulatory attention has created a growing need across financial organizations to establish more formal coverage and independent assurance over their second-line control functions, such as Risk and Compliance. Typically considered the gate-keepers who calculate business risk and safeguard the firm against legal and regulatory violations, Risk and Compliance departments are increasingly undergoing a similar check and challenge by third-line Internal Audit. 

Depending on the size of the organization and resources allotted to the second-line control functions, companies are allocating more third-line assurance professionals to continuously monitor or coordinate the timing and scope of Audit coverage with Risk and Compliance colleagues, which raises the question: How do second-line control functions and third-line internal audit operate effectively and efficiently without over-taxing front-line resources and causing Audit fatigue?

“It really needs to be a partnership, with the one line feeding the other,” said an Audit executive at a large foreign bank organization. “The more focus, the more assurance you’re going to get (but) you want to make sure the parties are all focused on the right things and working together. You don’t want duplication. You want coordination. You don’t want to put yourself in the place of second line functions.”

With that point of collaboration in mind, the Institute of Internal Auditors (IIA) updated the Three Lines of Defense Model last year to de-emphasize the original defensive approach and focus on more flexibility and cooperation between the three lines of defense

In the IIA’s own words, “The new Three Lines Model helps organizations better identify and structure interactions and responsibilities of key players toward achieving more effective alignment, collaboration, accountability and, ultimately, objectives.”

But what if your organization does not have strong flexibility and collaboration between functions? This will undoubtedly not only cause friction and tension between, say Compliance departments and Audit, but also create significant strain on the business if the second line control functions and Audit are duplicating testing and monitoring efforts, but each in their own way. 

From a talent perspective, there has been increasing amount of cross-over of second-line Risk and Compliance professionals to third-line Audit, specifically at organizations under greater regulatory pressures. Similar to the transition in recent years of first-line business professionals to second-line control function roles, this movement “between the lines” may provide a stronger perspective from professionals who know what to look for and are better aligned in their controls assurance.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email
Christopher Kelly

Christopher Kelly

Chris is a Director at Second Line Advisors. Previously, he served as a Senior Associate with Sheffield Haworth, assisting in the identification and placement of executives within the risk, compliance, legal, technology and finance functions. Prior to his executive search career, Chris was a journalist with Thomson Reuters for 12 years, where he covered the daily commodity futures trading, with a particular focus on the precious and industrial metals markets. His career in finance began in 1998, working in the middle office clearing function of Liberty Brokerage.

Subscribe To Our Newsletter

Receive Our latest Risk and Compliance Updates

More To Explore

risk-officer-research
Perspectives

Update: Today’s Chief Risk Officers in Banking and FinTech

Second Line Advisors conducted a 2021 update of research and analysis on today’s Chief Risk Officers from the top US bank holding companies (>$50B in total assets) and the top publicly-traded FinTechs to identify trends on talent and profile.

Compliance and Risk Specialists
Perspectives

Update: Today’s Chief Compliance Officers in Banking and FinTech

At year-end 2021, Second Line Advisors conducted research and analysis on today’s Chief Compliance Officer (CCO) from the top US bank holding companies (>$50B in assets) as well as the top public and private FinTechs to identify and assess trends on talent and profile.

Skip to content