Skip to main content
Mobile
  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations
HS Talks HS Talks
Subjects  
Search
  • Notifications
    Notifications

    No current notifications.

  • User
    Welcome Guest
    You have Limited Access The Business & Management Collection
    Login
    Get Assistance
    Login
    Forgot your password?
    Login via your organisation
    Login via Organisation
    Get Assistance
Finance, Accounting & Economics
Global Business Management
Management, Leadership & Organisation
Marketing & Sales
Strategy
Technology & Operations
You currently don't have access to this journal. Request access now.
Practice paper

Risk governance framework and the three lines of defence construct: A challenged self-assessment process through an activity-based approach

Bradford Hu and Aslihan Denizkurdu
Journal of Risk Management in Financial Institutions, 13 (3), 212-223 (2020)
https://doi.org/10.69554/DMHY7281

Abstract

Since the financial crisis, there has been significant focus by international governing bodies, global regulators and management teams on enhancing corporate and risk governance practices. In international banks, a key component of this objective has been the establishment of a risk governance framework, a foundational pillar of which are the three lines of defence construct that assigns clear control and risk management responsibilities to units in an organisation. The objective of this paper is to recommend, as a best practice, a challenged selfassessment process to assess the robustness of a bank’s three lines of defence construct in light of the continuous changes in its risk profile. In this exercise, each organisational unit would selfassess its core activities against prescribed standards for front line units, control/support units (control/support), independent risk management (IRM) and internal audit. The exercise would confirm each organisational unit’s and its core activities’ placement within the lines of defence construct and determine whether required roles and responsibilities for controlling the risks generated from these activities are being carried out effectively. The exercise, challenged by IRM functions, would identify where the firm needs to establish increased IRM oversight of certain units, activities or processes or enhance the control environment around these activities. The depth, breadth and execution of the assessment exercise can be adapted to the bank’s primary goals or specific concerns related to its control environment. As the exercise is implemented periodically and matures, the bank may also choose to take a concentrated or risk-tiered approach, with certain areas periodically selected for a deeper dive, full end-to-end process review based on monitoring, thematic focus or other considerations.

Keywords: risk management; risk governance; three lines of defence; challenged self-assessment process; activity-based approach

The full article is available to subscribers to the journal.

Already a subscriber? Login or review other options.

Author's Biography

Bradford Hu is the Chief Risk Officer for Citigroup. He leads the global Risk Management organisation, which is responsible for developing the Group’s risk governance framework, recommending its risk appetite and ensuring that all risks generated by the businesses are measured, reviewed and monitored on an ongoing basis.

Aslihan Denizkurdu is the Head of Governance and Chief Operating Officer for Risk Management at Citigroup. She oversees the design and execution of frameworks and processes that enable proactive and effective identification, measurement, monitoring and control of risks.

Citation

Hu, Bradford and Denizkurdu, Aslihan (2020, June 1). Risk governance framework and the three lines of defence construct: A challenged self-assessment process through an activity-based approach. In the Journal of Risk Management in Financial Institutions, Volume 13, Issue 3. https://doi.org/10.69554/DMHY7281.

Options

  • Download PDF
  • Share this page
    Share This Article
    Messaging
    • Outlook
    • Gmail
    • Yahoo!
    • WhatsApp
    Social
    • Facebook
    • X
    • LinkedIn
    • VKontakte
    Permalink
cover image, Journal of Risk Management in Financial Institutions
Journal of Risk Management in Financial Institutions
Volume 13 / Issue 3
© Henry Stewart
Publications LLP

The Business & Management Collection

  • ISSN: 2059-7177
  • Contact Us
  • Request Free Trial
  • Recommend to Your Librarian
  • Subscription Information
  • Match Content
  • Share This Collection
  • Embed Options
  • View Quick Start Guide
  • Accessibility

Categories

  • Finance, Accounting & Economics
  • Global Business Management
  • Management, Leadership & Organisation
  • Marketing & Sales
  • Strategy
  • Technology & Operations

Librarian Information

  • General Information
  • MARC Records
  • Discovery Services
  • Onsite & Offsite Access
  • Federated (Shibboleth) Access
  • Usage Statistics
  • Promotional Materials
  • Testimonials

About Us

  • About HSTalks
  • Editors
  • Contact Information
  • About the Journals

HSTalks Home

Follow Us On:

HS Talks
  • Site Requirements
  • Copyright & Permissions
  • Terms
  • Privacy
  • Sitemap
© Copyright Henry Stewart Talks Ltd

Personal Account Required

To use this function, you need to be signed in with a personal account.

If you already have a personal account, please login here.

Otherwise you may sign up now for a personal account.

HS Talks

Cookies and Privacy

We use cookies, and similar tools, to improve the way this site functions, to track browsing patterns and enable marketing. For more information read our cookie policy and privacy policy.

Cookie Settings

How Cookies Are Used

Cookies are of the following types:

  • Essential to make the site function.
  • Used to analyse and improve visitor experience.

For more information see our Cookie Policy.

Some types of cookies can be disabled by you but doing so may adversely affect functionality. Please see below:

(always on)

If you block these cookies or set alerts in your browser parts of the website will not work.

Cookies that provide enhanced functionality and personalisation. If not allowed functionality may be impaired.

Cookies that count and track visits and on website activity enabling us to organise the website to optimise the experience of users. They may be blocked without immediate adverse effect.