Page 58 - Demo
P. 58
56ADVANCING AHEADPeopleProcessesSystems4th Line ofDefence:Board Oversight3rd Line of Defence:Independent AssuranceInternal / External Audit2nd Line of Defence:Management and AssuranceRisk ManagementCompliance1st Line of Defence:Business Governance/Policy ManagementOperational Governance Financial Governance Policy ManagementIn establishing an organisation-wide risk governance structure, ESR adopts the %u201cfour lines of defence%u201d model. This governance model drives risk accountability and ownership at all levels of the organisation while maintaining appropriate commitment and segregation across stakeholder groups.Four Lines of DefenceFirst Line of Defence:Business Governance/Policy ManagementProcesses, systems and risk owners constitute the first line of defence. Risk management should be embedded in day-to-day operations and governed by relevant established Group-wide policies and procedures that can manage risks to an acceptable residual level for the achievement of the business objectives.Second Line of Defence:Management and AssuranceThis line of defence comprises risk management and compliance-related functions within the Group. The main role of these functions is to ensure risk management and compliance-related frameworks are well defined and consistently applied across the organisation and embeds a culture of risk ownership and accountability.Third Line of Defence:Independent AssuranceFunctions in this line of defence primarily provide independent assurance over the adequacy and effectiveness of risk management and internal control systems design and recommend changes or improvements in response to the evolving internal and external business and control environments.Fourth Line of Defence:Board OversightThe last line of defence against risks in any organisation is the Board of Directors. The Board, supported by the Audit Committee, is overall responsible for the governance and oversight of risk management and internal control systems within the Group to safeguard the interests of the Group and its stakeholders.