EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Risk governance framework and the three lines of defence construct: A challenged self-assessment process through an activity-based approach

Bradford Hu and Aslihan Denizkurdu
Additional contact information
Bradford Hu: Chief Risk Officer, Citigroup, USA
Aslihan Denizkurdu: Head of Governance and Chief Operating Officer for Risk Management, Citigroup, USA

Journal of Risk Management in Financial Institutions, 2020, vol. 13, issue 3, 212-223

Abstract: Since the financial crisis, there has been significant focus by international governing bodies, global regulators and management teams on enhancing corporate and risk governance practices. In international banks, a key component of this objective has been the establishment of a risk governance framework, a foundational pillar of which are the three lines of defence construct that assigns clear control and risk management responsibilities to units in an organisation. The objective of this paper is to recommend, as a best practice, a challenged selfassessment process to assess the robustness of a bank’s three lines of defence construct in light of the continuous changes in its risk profile. In this exercise, each organisational unit would selfassess its core activities against prescribed standards for front line units, control/support units (control/support), independent risk management (IRM) and internal audit. The exercise would confirm each organisational unit’s and its core activities’ placement within the lines of defence construct and determine whether required roles and responsibilities for controlling the risks generated from these activities are being carried out effectively. The exercise, challenged by IRM functions, would identify where the firm needs to establish increased IRM oversight of certain units, activities or processes or enhance the control environment around these activities. The depth, breadth and execution of the assessment exercise can be adapted to the bank’s primary goals or specific concerns related to its control environment. As the exercise is implemented periodically and matures, the bank may also choose to take a concentrated or risk-tiered approach, with certain areas periodically selected for a deeper dive, full end-to-end process review based on monitoring, thematic focus or other considerations.

Keywords: risk management; risk governance; three lines of defence; challenged self-assessment process; activity-based approach (search for similar items in EconPapers)
JEL-codes: E5 G2 (search for similar items in EconPapers)
Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/5662/download/ (application/pdf)
https://hstalks.com/article/5662/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:rmfi00:y:2020:v:13:i:3:p:212-223

Access Statistics for this article

More articles in Journal of Risk Management in Financial Institutions from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:rmfi00:y:2020:v:13:i:3:p:212-223