The European Confederation of Institutes of Internal Auditing (ECIIA) created the foundation for the 3 lines of defense model which is to date used to establish a risk function to promote good corporate governance and risk oversight. However, as it is difficult to create an adequate risk function, the 3 lines of defense can lack effective oversight because of misalignment and an incomplete overview of roles and responsibilities across the risk function.
How can the corporate governance be organised to be more effective? Commonly, the different lines of defense are organised in columns in which every line of defense works efficiently in their own silo. To improve the corporate governance as a whole, the risk function should be arranged in an end-to-end manner in which the processes, roles and responsibilities, handover moments and governance are formally aligned.
In the future of corporate governance, this should be embedded in the organisation to ensure an effective risk function and establish capabilities to identify, assess and process all relevant risk types. This includes regulatory risk from existing and new regulations and implementation of tools to automate this in order to reduce human errors and reduce any loss.