Coordination Challenges in Implementing the Three Lines of Defense Model

Abstract

The three lines of defense model (TLoD) aims to provide a simple and effective way to improve coordination and enhance communications on risk management and control by clarifying the essential roles and duties of different governance functions. Without effective coordination of these governance functions, work can be duplicated or key risks may be missed or misjudged. To address these challenges, professional standards recommend that the chief audit executive (CAE) coordinates activities with other internal and external governance stakeholders (assurance providers). We consider survey responses from 415 CAEs from Austria, Germany, and Switzerland to analyze determinants that help to implement the TLoD without any challenges and to explore the extent of (coordination) challenges between the internal audit function and the respective governance stakeholders. Our results show a great variance in the extent of coordination challenges dependent on different determinants and the respective governance stakeholder.