Page 51 - Risk Management in current scenario
P. 51
Three Lines of Defense Model
To ensure effectiveness of an organization's risk management framework,
the board and senior management have created line functions for
monitoring and assurance within the organization. The role of the first
line of defense is to own and manage risk. Under the first line of defense,
operational management has ownership, responsibility, and
accountability for directly assessing, controlling and mitigating risks. On
the other hand, the second line of defense is a risk function that oversees
and specializes in risk management and compliance and the third line of
defense is the Audit function that provides independent assurance.
Given the background of risk culture currently prevailing in India,
especially for the first line of defense, it will be a big challenge to
implement risk management effectively and make three lines of defense
model as a success. Even at the global level, similar challenges are
observed because "risk" as a thought process has not been part of
attitude and resulting behavior due to similar reasons cited for the Indian
example. However, the difference could be due to their some more
advanced level of risk management implementation compared to the
Indian market. Even at global business schools, risk management as a part
of the core curriculum is yet to be developed.
So, unless a habit disappears from the very DNA, the success of any
initiative may have a shallow base, this is some kind of a universal
principle. It is of paramount importance to improve the risk culture to
make corporates less susceptible to failure to anticipate risk and take
proactive management action. There is a need to change the risk culture.
Some of the efforts discussed below may be used to transform the risk
culture to help effective implementation of risk management.
Improvement in risk culture
Similar to risk mitigation, risk culture also needs risk mitigation plan
Risk Management in Current Scenario | 49
