Second line of defense - advantages and set up
-
Upload
jim-mcclanahan -
Category
Business
-
view
209 -
download
1
Transcript of Second line of defense - advantages and set up
![Page 1: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/1.jpg)
©2015 RSM US LLP. All Rights Reserved. ©2015 RSM US LLP. All Rights Reserved.
THREE LINES OF DEFENSE Compliance Risk – Regulatory or Policy
![Page 2: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/2.jpg)
©2015 RSM US LLP. All Rights Reserved.
Today’s goals
1. Help you understand the three lines of defense model
2. Sell you on the value of a second line of defense
3. Show you how to set up a second line of defense
• 45 minutes - 30/15 intention
2
![Page 3: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/3.jpg)
©2015 RSM US LLP. All Rights Reserved. ©2015 RSM US LLP. All Rights Reserved.
WARM UP
![Page 4: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/4.jpg)
©2015 RSM US LLP. All Rights Reserved.
This is a relevant topic
• Yes – a prudent, best practice…trickle down?
• IIA Position Paper – The Three Lines of Defense in Effective Risk Management and Control
− January 2013
• OCC Heightened Standards – Risk Governance Framework − September 2014
• COSO – Leveraging COSO Across the Three Lines of Defense − July 2015
• EY 2015 Survey of Major Financial Institutions − 75% are changing risk culture − Only 17% have achieved a strong risk culture − 57% focused on compliance risk − 60% expect increases in size of risk function
4
![Page 5: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/5.jpg)
©2015 RSM US LLP. All Rights Reserved.
Three lines in a nutshell and context
• Risk management − First line – operations (the function) − Third line – independent checking (internal audit) − Second line – independent risk monitoring (ERM)
• Three-line concept applicable to any function
− HR, finance, IT, legal, etc.
• Three-line concept adaptable to any size organization or function
5
![Page 6: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/6.jpg)
©2015 RSM US LLP. All Rights Reserved.
Level Set
• Are you familiar with the three lines of defense model?
• Has your organization implemented a second line of defense in your function, or any function?
6
![Page 7: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/7.jpg)
©2015 RSM US LLP. All Rights Reserved. ©2015 RSM US LLP. All Rights Reserved.
UNDERSTANDING AND SELLING PORTION
![Page 8: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/8.jpg)
©2015 RSM US LLP. All Rights Reserved.
The three lines of defense
• First Line of Defense – operations − Creates risks − Mitigates risks
• Policies and procedures • Management controls • Transaction level controls
• Second Line of Defense – monitoring and oversight − Manages risks − Mitigates risks
1. Challenges design effectiveness 2. Monitors risk levels 3. Tests implementation effectiveness
• Third Line of Defense – internal audit − Provides assurance
• Tests implementation effectiveness
• Additional − External audit − Regulators
8
![Page 9: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/9.jpg)
©2015 RSM US LLP. All Rights Reserved.
Value added by the second line
• 1st line shortcomings − Silo − Too close − Self-incrimination − Low priority − Overhead, no revenue
• 3rd line shortcomings − Not comprehensive − Compliance testing − Periodic testing − Well after the fact
• 2nd line advantages − Entity continuity − Fresh perspective − Independent − Only priority − Revenue irrelevant
− Broad − Challenge − Continuous monitoring − Immediately after the fact
9
![Page 10: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/10.jpg)
©2015 RSM US LLP. All Rights Reserved.
Second line’s effective challenge
• Authority and ability to challenge is vital − Independent perspective − First line self-challenge is suspect − Third line focused on compliance
• What constitutes effective challenge − Focus on risk, not operational procedures − All risks identified and covered − Rationale, logic for risk management process − Rationale, logic, process documented
• Challenge versus approval − Varies, fine line − Approval is an in-line responsibility
10
![Page 11: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/11.jpg)
©2015 RSM US LLP. All Rights Reserved. ©2015 RSM US LLP. All Rights Reserved.
“HOW TO” PORTION
![Page 12: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/12.jpg)
©2015 RSM US LLP. All Rights Reserved.
Setting up a second line of defense
• One approach: − Phase I – buy-in, understanding and planning
− Phase II – trial runs and refinement
− Phase III – implementation
• Be prepared for
12
![Page 13: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/13.jpg)
©2015 RSM US LLP. All Rights Reserved.
Set up Phase 1
• Phase 1 - Buy-In, Understanding, Planning ~ sympathize with resistance ~
− 2nd line superiors; 1st line and 1st line superiors − Identify risks and scope − Learn 1st line policies and procedures; and controls − Formulate potential challenges − Design tentative 2nd line procedures − Agree on plan with 1st line, 2nd line superiors
13
![Page 14: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/14.jpg)
©2015 RSM US LLP. All Rights Reserved.
Set up Phase 2
• Phase 2 - Trial Runs and Refinement ~ be flexible ~
− Obtain 1st line information − Conduct procedures
• Challenge • Monitor • Test
− Evaluate results − Prepare and deliver reports − Obtain remedial action plans
• Challenge − Perform 2nd line self-audit procedures
14
![Page 15: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/15.jpg)
©2015 RSM US LLP. All Rights Reserved.
Set up Phase 3
• Phase 3 – Implementation ~ Be receptive to change ~ − Conduct procedures − Prepare reporting − Monitor 1st line remedial actions − Conduct 2nd line self-audit procedures
15
![Page 16: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/16.jpg)
©2015 RSM US LLP. All Rights Reserved.
Set up tips
• Relationships − Is culture conducive to oversight − 2nd line same objectives as 1st line − Constantly communicate − Not obligated to find criticism
• Structure − Make procedures their idea − Use formats they already use − Agree mutually on second line activities timetable
16
![Page 17: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/17.jpg)
©2015 RSM US LLP. All Rights Reserved.
Set up tips
• Process − Complete design before implementation − Ask don’t tell
• Other − 2nd line is not substitute for 1st line − Document rationale − Be patient on implementation
17
![Page 18: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/18.jpg)
©2015 RSM US LLP. All Rights Reserved. ©2015 RSM US LLP. All Rights Reserved.
RECAP
![Page 19: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/19.jpg)
©2015 RSM US LLP. All Rights Reserved.
Recap
• The three lines of defense • The value added by a second line • One way to go about setting up a second line
• A second line can be practical for any size
organization
19
![Page 20: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/20.jpg)
©2015 RSM US LLP. All Rights Reserved.
Me
Consumer regulatory compliance specialist
Jim McClanahan CPA
20
![Page 21: Second line of defense - advantages and set up](https://reader031.fdocuments.us/reader031/viewer/2022022419/589f43ac1a28ab490c8b69ad/html5/thumbnails/21.jpg)
©2015 RSM US LLP. All Rights Reserved. ©2015 RSM US LLP. All Rights Reserved.
21