CHAPTER 13

The Three Lines of Defense (3LoD)

Most companies have multiple types of audit activities that take place throughout the organization. Examples could include quality control, supplier audits, distributor audits, process improvement functions, environmental testing, security audits, systems intrusion testing, and many others. All of these are generally performed by independent groups primarily to:

comply with contractual terms and conditions;

create more reliable products;

comply with regulatory requirements;

create more efficient and effective processes; and

address other risk elements.

Typically, these groups are not cross-functional in nature, nor are there any synergies gained from their efforts. The primary common characteristic ...

Get Enhanced Enterprise Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.