The Second Line of Defense: An Overview

Risk management in any organization can be complex and difficult. Many companies address the complexity by adding layers of audit and governance, and when an organization grows large enough or risks are deeply intertwined in different segments of the business, the layers become separate internal entities. This layered structure for managing business risks is known as the Three Lines of Defense risk management model.

Within the model, the Second Line of Defense (2LOD) is an independent group tasked with identifying, measuring, monitoring and reporting on risk across the enterprise. By creating and maintaining the appropriate policies, frameworks, methodologies and tools, the 2LOD team develops the companywide aggregate risk appetite profile and control standards.

Implementing a second line of defense is key to creating a sustainable risk management program. When organizations move to the Three Lines of Defense model, they shift from treating risk as a secondary task for management and business teams to a centralized, ongoing program. Establishing the 2LOD enables cohesive risk management strategies, trend identification across the enterprise and coordinated operational risk mitigation efficiencies. The second line team also serves as a check against the operational teams that execute the risk governance plan. The challenge process employed by the second line promotes discussion on the results and conclusions drawn by the operational teams during their implementation of the risk framework.

The need for a 2LOD emerges when there are pervasive risks across a number of separate business segments and supporting operational groups. Greater numbers of stakeholders and the need for transparent risk management are key factors in any decision to move to a second line of defense. Oftentimes, the three-tier model is used in large corporations since it allows executive leadership better visibility and understanding into the risks faced throughout their organization. The model is also used in companies where there is a strong focus on managing financial and business risk.

The fact is, any business can benefit from having a 2LOD and implementation does not have to be daunting. Large enterprises may need a team of risk professionals to oversee all policies and activates, but smaller organizations can make their second line a single risk officer who sets policy and tracks risks in disparate parts of the company. They can establish a cohesive risk program to help leaders better understand and holistically manage risk across the organization.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Benefits of a Trusted Co-Source Audit Partner During the Great Resignation
Illumina Cybersecurity Vulnerability Advisory Issued to Healthcare Providers
Business Continuity and Disaster Recovery Planning
Staying Secure During Vacation Season
What Should a Service Organization Consider When Determining Its SOC Report Testing Period?
Lincoln College Closes Due to Ransomware Attack
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.