With the Super Bowl just around the corner, don’t ask me who is going to win. That I don’t have a clue just makes it even more exciting as either team is capable of winning.
Unlike the anticipation many of us are feeling with the Super Bowl match-up between Seattle and Denver, risk management and compliance management issues do not generate the same level of excitement unless something goes wrong and the board of directors, CEO and executive team are pushed into crisis management mode. Instead of the outcome being decided in one football season or a single game, effective enterprise risk management is an ongoing process of “blocking and tackling” to make sure it works — and, in today’s fast-paced world, a company’s viability often depends on it being done right.
In a recent issue of Board Perspectives: Risk Oversight, we discuss how an effectively designed and implemented lines-of-defense framework (as shown below) can provide strong safeguards against breakdowns in risk management and compliance management.
As you can see, this lines-of-defense model emphasizes a fundamental concept of risk management: From the boardroom to the customer-facing processes, managing risk, including compliance risk, is everyone’s responsibility. It differs from the traditional view of three lines of defense.
I encourage you to subscribe to this newsletter and invite you to provide any comments or responses here. How does your organization safeguard against breakdowns in risk management and compliance management? How does executive management evaluate the organization’s risk culture? Do the board of directors and executive management play separate and distinct roles in overseeing the execution of risk management and compliance management?
Note that this article is also available on my blog for the National Association of Corporate Directors: http://www.directorship.com/author/jim-deloach/. You also can find more about the five lines of defense here.