CRISC - Governance - Section 1.8
Establish lines of defence that separate risk ownership, oversight and independent assurance.
Describe the three lines of defence model, distinguishing risk ownership in the first line, risk oversight in the second, and independent assurance provided by internal audit in the third. Apply this structure to evaluate whether an organisation's governance design adequately separates these responsibilities.
Lines of defenceRisk ownershipOversightInternal audit
More in this domain
Back to all Governance objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.