9DECEMBER 2023risks and identifying and mitigating new risks. This coordinated effort to help grow an organization responsibly within an acceptable risk appetite is referred to as the Three Lines of Defense model.It starts with ownership and accountability of business line management, referred to as the 1st line, that are responsible for managing emerging risks that impact their areas. The risk management function is the 2nd line, which is skilled in risk assessment and can help the 1st line evaluate current and emerging risk. They can also help them develop metrics to monitor those risks. The 3rd line, IA, is the control experts that can give guidance on how to mitigate those risks within the organization's risk appetite while also giving independent assurance those controls are working as management intended. Risks in every industry are not just inevitable; they can drive businesses forward if managed correctly. Those organizations that figure out how to mitigate not just the challenging risks noted in this article, but the risks that bring them opportunities and growth are the ones that are well-positioned for success. Leveraging internal audit's consulting services and a comprehensive Three Lines of Defense model will help them achieve their strategic initiatives and ultimately succeed. Jacqueline Breslauer
< Page 8 | Page 10 >