The Challenge

Our client, which plays a significant role in Europe’s financial infrastructure, had a mature, well developed three lines of defence model in place. However, the Audit and Risk committees had limited visibility of the assurance provided by the first line and both Risk Management and Internal Audit were going through separate (un-coordinated) transformation programmes, leading to concerns over duplication of effort and gaps in coverage.

Our Solution

Halex Consulting helped the client define an integrated assurance (three lines of defence) strategy to address the committees’ concerns but also to clarify roles, responsibilities and boundaries between the first, second and third lines of defence.

Key to this was:

  • Requiring first line management to become the primary source of (non-independent) assurance to senior management and the Audit and Risk committees through development of a system of ‘positive assurance’ (PAR) reporting
  • Leveraging the PAR process to focus first line management on the achievement of business objectives through the effective identification and management of risks
  • Clarifying the role of the Risk function as providing robust, independent oversight of management risk-taking (with a view to achievement of strategic business objectives)
  • Encouraging Internal Audit to step back from excessively detailed testing of processes and controls to developing an understanding of what was really happening in the business and then plan their work accordingly. (This led to a smaller, but bigger hitting, internal audit department with a reduced number of higher-calibre internal auditors, increasing their value to the business.)

The Result

With the positive assurance framework in place, the second and third lines re-positioned themselves appropriately, reinforcing the assurance provided by the first line and improving the overall efficiency and effectiveness of the business’ internal control arrangements.

Other Case Studies

<< All Case Studies
Halex © 2023. All Rights Reserved | Halex Consulting Limited, 86-90 Paul Street, London, EC2A 4NE | Company No. 6770271 registered in England & Wales | VAT registration: 243 7888 67 | A register of directors is maintained at the above address. | Privacy Policy | This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. | Website Design Dorset - Good Design Works