Setting up 3 Lines of Assurance Model

The Basic Fundamentals

The old adage of “what doesn’t get measured, doesn’t get managed” is a fundamental principle on which the effectiveness and efficiency of the regulatory compliance effort relies for its success. Delegating responsibility for the many different oversight functions within a company’s regulatory compliance model that are spread throughout the organisation is crucial. We call this a control group for delivery of combined assurance. Also, having standard procedures in place to ensure consistency of approach and effectiveness of outcomes by this control group is critical.

Governance Controllers With Automated Standard Compliance Procedures

We assist clients in setting up, reviewing and improving their compliance monitoring functions using an internationally benchmarked framework – we advocate the Three Lines of Assurance model with our own Plan-Action-Review-Attest Compliance Monitoring framework. This model relies on having a control group with standard procedures for it to work properly. This is achieved through our methodology that includes the formal appointment of the control group individuals that we call Governance Controllers and the development of Automated Standard Compliance Procedures (ASCPs) that we help our clients establish (see our Regulatory Risk Service on ASCPs) for ensuring consistency of approach and effectiveness of outcomes.

Control Measures and Policies for Risk Management

The effectiveness of monitoring is dependent on sound control measures for all the regulations where risks have been identified, along with the supporting policy framework that drives what the organisation needs to do about the risks. Accountability for this needs to be explicitly governed through a top-down approach using Governance Controllers. Identifying these control measures and managing them is a key component of our Regulatory Compliance Solution TP-RCS and involves all five modules of COMPLY-ASSESS-INTERPRET-FIX-MONITOR. For further details on this see the separate menu selection dedicated to this solution.

Levels of Work and Performance Contracts

We use the concept of stratified systems theory (SST) for resolving the various levels or accountability in the organisation that are required and for setting up the delegation of responsibilities for Governance Controllers at these levels. The ASCPs developed for each role are part of these responsibilities. This forms the basis of performance contracts for the Governance Controllers, covering the Plan-Action-Review-Attest cycle for delivery of their obligations to the Board and meeting key regulatory compliance objectives.

Request a call back

Should you wish to find out more about this or any of our other Regulatory Risk Services or Solutions, request a call back from one of our team by completing the Request form.