LINES OF DEFENCE
Challenges of Implementation
Lines of Defence is a well-established practice of implementing policies and controls within an organisation.
By being aware of the potential risks and implementing appropriate mitigation strategies, organisations can leverage the benefits of the Lines of Defence model. A well-designed and implemented risk management framework should be flexible, adaptive, and aligned with the organisation's overall goals and culture.
Silo Mentality and Lack of Collaboration
Separating responsibilities into distinct lines can lead to departments working in isolation without effectively communicating or sharing information.
This can result in missed opportunities for identifying and mitigating risks, as well as duplicated efforts.
Witness encourages cross-functional collaboration, regular meetings between different lines, and shared risk views to ensure transparency and collective understanding of risks.
Over-Reliance on the First Line
Placing too much responsibility on the first line (business units) might lead to a lack of oversight from higher levels.
Frontline staff may not possess sufficient expertise or resources to adequately identify and manage complex risks.
Implementing Witness ensures appreciation and understanding by the first line
Maintains strong second and third-line oversight and independent challenge functions.
Inadequate Challenge Function
The effectiveness of the model relies heavily on a robust and independent third line of defence (audit and compliance).
If this function lacks sufficient authority, resources, or objectivity, it may fail to provide effective challenge and oversight.
Witness ensures that the third line has visibility to senior management and the board
Provides the necessary overviews and tools for independent assessments
Is empowered to make recommendations for improvement.
Bureaucracy and Inefficiency
Rigid adherence to a strict lines of defence model can create unnecessary bureaucracy and slow down decision-making processes.
Overly complex reporting structures and multiple layers of approvals can hinder agility and responsiveness to emerging risks.
Witness streamlines oversight, and highlights risk as it occurs
Empower individuals within each line to make timely decisions within their scope of responsibility.
Successful Implementation requires each Line to be fully effective.
By bringing transparency to each Line, Records Witness can ensure
Sources continue to hold Records, or highlight when they have issues
Policies are implemented at the Sources and can be Dip-tested on demand
Stakeholders have full visibility of Issues, actions on those Issues, and overall Records Estate