Manage compliance risk in the new landscape

Billy Hughes (william.hughes@gartner.com) is a Senior Director, Advisory, and Dian Zhang (dian.zhang@gartner.com) is a Research Specialist at Gartner in Arlington, VA.

Countless compliance executives have asked themselves who actually “owns” compliance risks once they are identified.

Traditionally, assurance executives have used the “Three Lines of Defense” model when considering who should be involved in managing the risk and in what capacity. This model describes interactions between business units that manage risks (first line), departments that provide oversight (second), and groups that supply independent assurance (third). The second line is where Compliance gets involved by setting risk management strategy, monitoring its execution, and making cross-functional connections.

This document is only available to members. Please log in or become a member.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field