KnowledgeLeader Blog

What is the Second Line of Defense?

Essential to effective risk management, the lines-of-defense model is implicit in COSO’s internal control framework through the control environment, control, activities, monitoring and other components of an internal control system. It provides assurance to the board of directors, as the elected representatives of the shareholders to oversee the organization’s operations on their behalf, that risks are reduced to a manageable level as dictated by the organization’s appetite for risk. Much more than “segregating incompatible duties” and “ensuring checks and balances,” the lines-of defense model emphasizes a fundamental concept of risk management: From the boardroom to the customer-facing processes, managing risk is everyone’s responsibility.

Copyright pirates, brand impersonators, patent flouters and trade secret thieves are a major threat to businesses, given their increased aggressiveness towards intellectual property (IP) theft. These, and any other original creative works that have economic value and are protected by law, can be categorized as IP.

What is Money?

What is Organizational Alignment Risk?

Organizational alignment is defined as a conscious and systematic coordination and alignment of three powerful and interrelated driving forces: organizational strategy, organizational culture and organizational infrastructure. Organizational alignment is to be mutually supportive and contribute as efficiently and effectively as possible to meet organizational goals and objectives.

Risk assessment helps identify and document critical business processes and the internal controls within each process. Combined with facilitated management meetings, this approach can help gain company-wide consensus by including key process owners in risk and controls analysis.

Corporations today are thinking about how to protect assets. A few of the white collar crime problems include hacking/intrusions (cyber vulnerability), insider/outsider trading (convergence of cyber and financial crimes), the Foreign Corrupt Practices Act (FCPA), spear fishing (email compromise) and economic espionage. They must consider the possibility of internal corruption or external corruption, and environmental factors such as culture and competition contributing to these crimes. As protection, organizations can use cyber security, pen testing and data loss prevention tactics.

When initiating the project to update its ERM framework, COSO saw opportunities to achieve clarity on several fronts.  The updated framework recognizes the increasing importance of the interconnection of risk, strategy and enterprise performance – particularly in conjunction with making important decisions.  It begins with an underlying premise that every entity exists to provide value to its stakeholders and faces uncertainty in the pursuit of that value.  Therefore, the framework itself focuses on preserving and creating enterprise value, with an emphasis on managing risk within the entity’s risk appetite.  The term “uncertainty” is defined as not knowing how or if potential events may manifest themselves in the context of achieving future strategies and business objectives. “Risk” is considered the effect of such uncertainty in the formulation and execution of the business strategy and the achievement of business objectives.