three lines of defense assurance mapping
play

THREE LINES OF DEFENSE & ASSURANCE MAPPING IIA Ottawa April 8, - PowerPoint PPT Presentation

Nov 17, 2023 •964 likes •1.3k views

THREE LINES OF DEFENSE & ASSURANCE MAPPING IIA Ottawa April 8, 2015 Sharon M. Messerschmidt, CPA, CMA, CIA Outline 2 This presentation will bring together: Three Lines of Defense: A tool for dialogue and understanding

  1. THREE LINES OF DEFENSE & ASSURANCE MAPPING IIA Ottawa April 8, 2015 Sharon M. Messerschmidt, CPA, CMA, CIA

  2. Outline 2 ¨ This presentation will bring together: ¤ Three Lines of Defense: A tool for dialogue and understanding ¤ Assurance Mapping : A complete view of organizational assurance ¨ Opportunity to share knowledge: ¤ How the two were used together successfully in the international public sector ¤ Lessons for the Canadian public sector

  3. Why Three Lines of Defense? 3 ¨ Financial Crisis ¤ Something went wrong with risk management… ¨ Proliferation of Assurance Providers ¤ Means to identify and assign responsibilities ¨ Defines Management’s Role in Assurance ¤ Clarifies responsibilities ¨ Three Lines of Defense as a dialogue on assurance ¤ Opportunity for organizational learning

  4. IIA’s Position Paper 4 Useful and frequently quoted publication Internal Audit’s role in the Three Lines of Defense

  5. Line 1: Operational Management 5 ¨ Management’s responsibility ¤ Within a defined area; risks are owned ¤ To manage risk to achieve objectives through effective control systems ¨ This includes: ¤ Design and implementation of policies, procedures, systems and controls ¤ Managerial and supervisory review

  6. Line 2: Management Oversight 6 ¨ Ensure first line controls are properly designed, in place and operating as intended ¨ Typically Include: ¤ Enterprise Risk Management ¤ Internal Control Assurance Processes (COSO/SOX) ¤ Controllership for Financial Risks and Reporting ¤ Others…

  7. Line 2: Management Oversight 7 Many 2 nd lines will be unique by organization: ¨ Oversight over regional or field based operations ¨ Program Audits of grants and contributions ¨ Payment gating and sampling reviews ¨ Specialized or Regulated Quality Control functions ¨ Management oversight committees (IT, HR, Program)

  8. Line 2 Management Oversight 8 Features of 2nd Line assurance processes: ¨ Separate from first line chain of command ¨ Reliance is placed on this oversight ¨ Are not completely independent…still management ¨ There won’t always be a second line… ¨ Wide variance in degree of maturity of oversight provided.

  9. Line 3: Independent Oversight 9 ¨ Internal Audit is the focal or coordination point ¨ There may be others… ¤ Independent Evaluation ¤ External Audit in some cases ¤ Ethics, Investigations, Whistleblower etc. ¨ Key is independence and reporting lines ¤ Must report internally to governing body ¨ Recognized professional standards

  10. IIA’s Three Lines of Defense Model 10

  11. Model with Advisory Audit Committee: 11

  12. Why Assurance Maps? 12 Assists understanding of assurance processes: ¨ Provides a visual and informative summary for governing bodies and senior executive ¨ Categorizes and assesses assurance processes ¨ Identifies gaps and overlaps in assurance ¨ Promotes collaboration and opportunities for reliance on other assurance providers

  13. Assurance Maps Key Elements 13 ¨ Quantitative: requires a framework to support identification of assurances: ¤ For Risk Management - key corporate risks ¤ For Internal Audit - Audit Universe, Business Process, Functional Areas… ¨ Qualitative: requires a means to assess the strength of the assurances provided ¤ Simple (R-Y-G) ¤ Maturity Model/COSO elements

  14. Assurance Map – Text Based 14 http://www.anao.gov.au/html/Files/BPG%20HTML/BPG_PublicSectorAuditCommittees/app_3.html

  15. Assurance Maps - Visual 15 http://www.bakertilly.co.uk/SiteCollectionDocuments/Social housing/Assurance Web Presentation.pdf

  16. Assurance Map – By Functional Area 16

  17. Assurance Maps 17 ¨ Can be complicated… ¨ Need to suit your purpose and your organization ¨ Challenge to describe simply but with enough information to be useful. ¨ Assessing the strength of the 2 nd lines is important ¤ Consider doing with management ¤ A maturity model provides good structure

  18. COSO-based Maturity Template 18

  19. Step 1- Do your Homework… 19 ¨ Consider your framework – how detailed? ¨ Start to fill in what you know…1 st and 2 nd lines ¤ Determine your approach (risk, function, process etc.) ¨ You know a lot about the 3 rd line… ¤ What will you include? ¤ To what extent can IA rely on this work?

  20. Step 2: Dialogue, Dialogue, Dialogue.. 20 ¨ Meet with Management ¤ Explain model and their role in assurance ¤ Confirm mutual understanding of 2 nd lines. ¨ Do you want to assess the 2 nd lines with management? ¤ Is identification enough… ¤ Maturity Model, options here… ¤ Current and Future States

  21. Maturity Assessment by Function 21

  22. Step 3: Prepare and Share 22 ¨ How you will portray this will depend on your purpose… ¤ Expectations of Senior Mgmt and Audit Committee ¤ Culture and appetite of organization ¨ Sharing is important, will help determine next steps ¤ Will IA need to validate 2 nd line effectiveness? ¤ Impact on Audit Plan….

  23. Second Line Assessment by Function 23

  24. What you might learn… 24 ¨ There can be a lot of traffic in high risk areas… ¤ What can IA use from 2 nd and other 3 rd line reviews ¨ Importance of looking at “low risk” areas ¤ Are there gaps? Are things as low risk as you think? ¨ What 2 nd lines does management rely on? ¤ Have these been tested? ¤ There can be a lot of value in auditing second lines...

  25. Detailed Assurance Map for IA 25

  26. Criticisms of the Model 26 ¨ As an ERM tool seen as promoting risk aversion ¤ Should be a way of stating how risks will be taken… ¤ As an audit tool is an aid in supporting risk assurance ¨ Felt to not appropriately take into account external regulators and governing bodies ¤ The “Five” Lines of Defense*… ¤ Governance and Tone at the Top are considered in audit planning and risk assessments *Protiviti Bulletin

  27. When 2 nd and 3 rd Lines Intersect… 27 ¨ Can’t compromise the effectiveness of 3 rd Line ¨ Clearly communicate the impact and get approval ¨ No management responsibility ¨ Formalize in audit charter ¨ Some roles may be temporary ¨ Outsource audits in these areas ¨ Ensure Duties are segregated. Source: IIA Netherlands White Paper

  28. Canadian Public Sector 28 ¨ ERM and ICFR are key second lines ¤ Are there others? ¨ What second lines are institutionalized? ¤ Program audits, payment controls, ¨ External Audits, Special Examinations ¤ Audits directed to your department ¨ Other Department and Agency Audits ¤ Central Agency, Shared Services etc.

  29. Key Takeaways 29 ¨ Dialogue with management; enhance their understanding of their role in assurance ¨ Mapping of all key assurance activities; opportunity to clarify roles and responsibilities ¨ Understand the assurances that management relies on; identify gaps and overlaps in audit coverage ¨ More complete audit universe and synergy with other assurance providers

  30. Three Lines of Defense and Assurance Mapping 30 Sharon M. Messerschmidt, CPA, CMA, CIA sharon.messerschmidt@sympatico.ca +1 613 816 5777

  31. 2 nd Line Maturity Model - Example 31

  32. Other Sources of Information 32 ¨ IIA Netherlands, Combining Internal Audit and Second Line of Defense Functions? , 2014 White Paper ¨ HM Treasury, Assurance Frameworks, December 2012 ¨ IIA Audit Executive Center, Assurance Mapping – Charting the Course for Effective Risk Oversight , 2012 ¨ Protiviti, Applying the Five Lines of Defense in Managing Risk , The Bulletin, Volume 5 Issue 4, 2013

Recommend

Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY Elements of

662 views • 49 slides
FY 2013 Statement of Assurance (SoA) / Managers Internal Control Program (MICP) for AT&L and

FY 2013 Statement of Assurance (SoA) / Managers Internal Control Program (MICP) for AT&L and

FY 2013 Statement of Assurance (SoA) / Managers Internal Control Program (MICP) for AT&L and Defense Agencies Training Session Rosie Heraud / Freddie Anderson Office of the Under Secretary of Defense Acquisition, Technology and Logistics

1.41k views • 91 slides
Mapping OCL as a Query and Constraint Language Carolina Ins Dania Flores PhD defense

Mapping OCL as a Query and Constraint Language Carolina Ins Dania Flores PhD defense

Mapping OCL as a Query and Constraint Language Carolina Ins Dania Flores PhD defense Supervisors: Manuel Garca Clavel - Marina Egea Gonzlez Universidad Complutense de Madrid, Madrid, Spain 30th of June, 2017. Outline Motivation

694 views • 65 slides
Parallel lines They are lines whose distance between then does not change along their

Parallel lines They are lines whose distance between then does not change along their

D AY 4 P ARALLEL LINES I NTRODUCTION We see electric cables hanging between poles, athletic track lines and so many other similar features. Have we ever asked ourselves about a special feature about the lines that are identified with these

348 views • 12 slides
Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation

INSTITUTE OF INFORMATION SYSTEMS Probabilistic Mission Defense and Assurance NATO STO IST-148 Symposium on Cyber Defence Situation Awareness Alexander Motzek Ralf Mller Universitt zu Lbeck Institute of Information Systems

605 views • 28 slides
the National Defense Business Operations Plan Enable greater efficiency through more agile

the National Defense Business Operations Plan Enable greater efficiency through more agile

Great power competition , characterized by increased complexity, interdependence, and Aligns to the National Defense uncertainty Strategy lines of effort (Restore Readiness, Strengthen Alliances, Unprecedented rate of technological

368 views • 11 slides
MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why

Luanna Cambas, P.E. LADOTD District 02 Lab Engineer Jason Davis, P.E. LADOTD Field Quality Assurance Administrator MATERIALS AND TESTING QUALITY ASSURANCE QUALITY ASSURANCE What is Quality Assurance? Why needed? Sampling &

1.01k views • 63 slides
Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of

Census Data Quality Assurance 17 May 2010 Types of Quality Assurance (QA) Quality assurance of captured and coded data Quality assurance of downstream processes (including data security and integrity) Quality assurance of population counts,

129 views • 12 slides
yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help?

yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help?

yxwvutsrponmlkihgfedcbaYWUTSRPONMLKIHFEDCBA How Big is Your Digital Footprint? Can U Help? FISSEA Mark Loepker Defense-wide Information Assurance Program Office of the DoD Chief Information Officer Office of the Secretary of Defense

435 views • 27 slides
TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment Mapping Bump Mapping Basic mapping strategies Forward vs backward mapping Point sampling vs area averaging Introduce

775 views • 25 slides
V 3 lines maximum size of equi lines in IR Question 23 41 42 6 7 14 3 4 5 2 h 6 10 16 28

V 3 lines maximum size of equi lines in IR Question 23 41 42 6 7 14 3 4 5 2 h 6 10 16 28

Equiangular lines with a fixed angle Joint with Alexandr Polyanskii, Jonathan Tidor, Yuan Y ao, Shengtong Zhang and Yufei Zhao arxiv arxiv 1708.02317 1907.12466 through 0 pairwise separated by same angle Lines in IR rt IRB blines V 3 lines

470 views • 4 slides
Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping - Disadvantages Example Forward Mapping Original Rotated Zoom In Backward Mapping The Problem: (u,v) are not integers! "# Nearest Neighbor

715 views • 49 slides
Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Software Assurance Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security Bad (buggy, insecure software) comes not from discrete, unpredictable,

561 views • 18 slides
Product Lines that supply Product Lines that supply other Product Lines: other Product Lines: A

Product Lines that supply Product Lines that supply other Product Lines: other Product Lines: A

Product Lines that supply Product Lines that supply other Product Lines: other Product Lines: A Service- -Oriented Approach Oriented Approach A Service Salvador Trujillo Christian Kstner Sven Apel IKERLAN Research Center University of

1.13k views • 17 slides
SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance

SeeTest Quality Assurance Platform On-premise Digital Assurance Lab On-premise Digital Assurance Lab Centrally manage browsers & mobile devices (physical/emulated), and allow your team to remotely access them from anywhere at anytime Run

534 views • 17 slides
If two lines are parallel then they have the same slope. Consider the figure below. Line MN has

If two lines are parallel then they have the same slope. Consider the figure below. Line MN has

D AY 27 S LOPE CRITERIA OF SPECIAL LINES I NTRODUCTION Two lines which intersect at a right angle are said to be perpendicular. If two or more lines on the same plane do not meet, they are said to be parallel. The slopes of parallel are

171 views • 13 slides
Constructing perpendicular lines with a compass and a straightedge. Given a horizontal line AB,

Constructing perpendicular lines with a compass and a straightedge. Given a horizontal line AB,

D AY 37 C ONSTRUCTING PERPENDICULAR LINES I NTRODUCTION Two lines which intersect making a right angle are said to be perpendicular. In this lesson, we are going to learn various methods that we can use to construct lines intersecting at

485 views • 22 slides
i). The use of a set square ii). The use of angle transfer method iii). The use of parallelogram

i). The use of a set square ii). The use of angle transfer method iii). The use of parallelogram

D AY 38 C ONSTRUCTING PARALLEL LINES I NTRODUCTION Parallel lines refer to lines in a plane that do not meet or have a constant distance between them along their length. We encounter parallel lines in most cases such as opposite edges of

334 views • 18 slides
SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access

SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access

SeeTest Quality Assurance platform SaaS Digital Assurance Lab SaaS Digital Assurance Lab Access hundreds of browsers & mobile devices (physical/emulated) Hosted in Experitest data centers, from anywhere at anytime Run your tests across

288 views • 18 slides
Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump

Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump

Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump Mapping CS351-50 Displacement mapping Actually moving geometry ie Create screw from cylinder, Terrain, etc 11.05.03 An Overview An

496 views • 11 slides
Texture and other Mappings Texture Mapping Texture Mapping Bump Mapping Bump Mapping

Texture and other Mappings Texture Mapping Texture Mapping Bump Mapping Bump Mapping

Texture and other Mappings Texture Mapping Texture Mapping Bump Mapping Bump Mapping Displacement Mapping Displacement Mapping Environment Mapping Environment Mapping Angel Chapter 7 Last Time - Shading Flat shading: Inexpensive to

629 views • 26 slides
Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant Opportunities Effective Post-Arrest and Indigent Defense Practices Longview, TX August 10, 2018 Scott Ehlers, Special Counsel T exas Indigent Defense

676 views • 30 slides
Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment

Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment

Texture and other Mappings Texture Mapping Bump Mapping Displacement Mapping Environment Mapping Example: Checkerboard Particularly severe problems in regular textures 1 The Beginnings of a Solution: Mipmapping Pre-calculate how

552 views • 14 slides
Chapter 1 Elementary Concepts Lines and Coordinates Device Coordinates Logical

Chapter 1 Elementary Concepts Lines and Coordinates Device Coordinates Logical

Chapter 1 Elementary Concepts Lines and Coordinates Device Coordinates Logical Coordinates Converting Between Logical and Device Coordinates Mapping From Logical to Device Coordinates Anisotropic mapping Isotropic

758 views • 26 slides

More recommend