Businesses are continuing to evolve out of necessity, responding to an onslaught of disruption, new business models, and technology. This continuous change affects business operations at all levels, with customers demanding real-time interactions, regulators applying increasing levels of scrutiny, and governance stakeholders requiring assurance in this complex and dynamic risk environment. The result has exposed weaknesses in the traditional three lines of defence (3LOD) framework.
Is the 3LOD framework still relevant and efficient in its current form? As the risk landscape becomes more complex and fast-moving, it is critical for organisations to identify and respond to emerging risk events quickly and effectively. We believe that internal audit (IA) should play a key role in this evolution.
IA is at the cusp of innumerable possibilities to collaborate with the other lines, develop roadmaps, and help lead improvement to optimise governance across the organisation. Our point of view represents fulfilling assurance responsibilities with combined core assurance spread throughout the lines of defence, rather than just through IA, but also includes the imminent need for IA to advise the business with anticipation and measurement of risk.