The last couple of weeks I have been pointing out some of the failings of the Three Lines of Defence (3LoD) Model of Risk Management. The red tape it creates and the outsourcing of responsibility for managing risk.

However, there is something even worse about the 3LoD model. It has a fundamental flaw that risk and compliance functions battle with every day. The language that surrounds it creates barriers between the business (first line) and both the risk and compliance functions (second line) and internal audit (third line).

While the business should be looking to risk, compliance and audit functions to support them to achieve their goals, their first introduction to the three lines of defence is through language that has negative connotations like defence, oversight, challenge, monitor and independent assurance.


No one goes looking for oversight. People only want to be challenged when they are proved right. People are happy to monitor what they want to monitor, not what is imposed on them. And, the business is traditionally wary of auditors and their role as assurers to audit and risk committees.

In short, the language and the way 3LoD has been implemented in most organisations makes it harder to be influential. It makes the risk function good cop and bad cop. It is a tough ask to be both and be a trusted adviser to the business.

It is time to either ditch the Three Lines of Defence risk management model or change how we implement it. Above all, the focus of whatever framework you implement needs to add value to the business. And that means a combination of strong analytical skills and the ability to cut through with your message. To cut through with your message to open the eyes of decision makers so it does not feel like you are challenging them or overseeing them.



Bryan's new book teaches you practical methods to cut through with your advice and make the impact you want to make. Available on Amazon or order here now.



Available on Amazon or order here now.

Bryan Whitefield works with strategic leaders across all sectors to help organisations harness uncertainty – uncertainty is the strategic leader’s best friend. He is the author of DECIDE: How to Manage the Risk in Your Decision Making and Winning Conversations: How to turn red tape into blue ribbon. He is the designer of the Risk Culture: Build Your Tribe of Advocates Program for support functions and the Persuasive Adviser Program for internal advisers. Both can be booked individually or in-house. For more information about Bryan, please click here.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!