Privacy and Data Protection Part 1

The concept of an organization’s risk appetite is a fundamental element to healthy governance. Yet it is typically focused primarily on financial risk considerations. How should the growing focus on non-financial risk, including ESG, influence how organizations view their risk appetite, and what can internal audit do to support that examination?

Originally the Three Lines of Defense, the model has gained popularity for organizing governance and risk management in organizations. However, acknowledging that risk-based decision-making is as much about seizing opportunities as it is about defensive moves, the new Three Lines Model helps organizations better identify and structure interactions and responsibilities of key players toward achieving more effective alignment, collaboration, accountability and, ultimately, objectives.

Intended to serve as a practical, step-by-step approach for internal audit leaders, this guide summarizes the standards, staffing, and resources needed to successfully plan and implement or improve an internal audit activity in the public sector. It reviews existing literature, applicable IPPF guidance, and practical advice from experts who have been through the experience.