Skip to main content

The Three Lines Model by Institute of Internal Auditors

The Institute of Internal Auditors (IIA) published its first tripartite line of Defense in January 2013, Renewed as of July 2020. The key features of the new model are as follows:

The Three Lines Model helps organizations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management. The model applies to all organizations and is optimized by:


  • Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances.
  • Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value.
  • Clearly understanding the roles and responsibilities represented in the model and the relationships among them.
  • Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders.

three lines model updated 1 - The Three Lines Model by Institute of Internal Auditors - 2024 -

Prıncıples Of The Three Lınes Model

Principle 1: Governance

Governance of an organization requires appropriate structures and processes that enable: accountability, actions, assurance and advice


Principle 2: Governing body roles

The governance body ensures the availability of appropriate structures and processes, compliance of institutional objectives and activities with the interests of stakeholders, compliance with legal regulations and ethical expectations. Assign responsibilities to management and provide resources. Establish and oversee the internal audit function.


Principle 3: Management and first and second line roles

First line roles are most directly aligned with the delivery of products and/or services to clients of the organization, and include the roles of support functions2. Second line roles provide assistance with managing risk.


Principle 4: Third line roles

Internal audit provides independent and objective assurance and advice on the adequacy and effectiveness of governance and risk management.


Principle 5: Third line independence

Internal audit’s independence from the responsibilities of management is critical to its objectivity, authority, and credibility.


Principle 6: Creating and protecting value

All roles working together collectively contribute to the creation and protection of value when they are aligned with each other and with the prioritized interests of stakeholders


Detailed information can be found at the link below.

Bu gönderi şu adreste de mevcuttur: Türkçe