The three lines in a row

The Organization (1st line)

This group is ultimately responsible for the choices that are made and the risks that are taken in daily practice.

Control (2nd line)

This group develops the systems for good risk management and control processes, always in support of the management.

Internal Audit (3rd line)

This group provides assurance to senior management about the quality of management and control in certain areas within the organization.

Good Coordination of Work is key to the Functioning of the Three Lines Model

Within the 3-lines of defence model, management (the first line) is most able to manage risks and be in control. Internal audit, as the third line, must ensure that the control measures and controls are actually operational. The second line has an important role in facilitating the first line with the responsibilities and checking whether or not these are taken care of. The second line has expanded considerably in recent years. As a result, the first line is overloaded with questions from risk specialists such as business control, financial control, CISO, privacy officer and quality assurance officer. Coordination of these activities is the key to the actual functioning of the Three Lines Model. By having an integral risk-based collaboration, the board of directors can obtain the assurance that they are in control.

Three Lines Model


Try it yourself for 30 days free of charge, no strings attached

Link Risks to Objectives

The organization’s strategy is the basis for setting up your control framework. This helps managers to be accountable to stakeholders and thus gain their trust. With NARIS Next, it is possible to visually link risks and controls. This creates a risk strategy map as the basis for the daily management of the organization.

Encourage Collaboration

Due to legislation or guidelines, such as ISO27001 and the AVG, many separate risk control frameworks have been created. The process within these risk specialisms is always the same and cooperation pays off. With NARIS Next, the frameworks are brought together and cooperation between control, management and internal audit is facilitated.

Quick Start and Assurance via a Knowledge Database

Do you want to create your own control framework or do you prefer to use a best practice? NARIS Next contains several examples of risk & compliance frameworks that are easy to adapt to your organization. With that, most of the administrative work is done and you can focus on what really matters: the key risks and controls.

Three Lines Model

Useful infographic

Inspiration around Three Lines of Defense.

Let's talk

Do you have questions about our solutions for your organization? Please feel free to contact us

Fill out the form or
call Floor:

Floor Bakker

Contact us without obligation

Would you like to know what we can do for your organization? Fill in the form below.