Talking Risk

Chapter 10

Actually, the Internal Audit Department is the Third Line of Defence.

Well I would never have thought that the Bank had so much risk.

Wait … It sound like the Bank turn into the Defence Force now … so who is the second line?

The Office of Risk Management or ORM is the Second Line of Defence.

That’s why there is a whole Risk Office. At one time risk used to reside with Internal Audit (IAD). Then, you know like when children mature, risk ‘moved out’ and went on its own. But, Risk and IAD still collaborate and share information.

In other words, if the ORM see the front line struggling and things more than them, they step in and help out?

So the ORM and Internal Audit are like the backstop in case anything slip through the first line?

Or better yet, they could just come in front with us. Get all the risk information first hand!

Oh that’s how you see it? The way I look at it, we who in the first line take all the ‘blows’, and the ORM and Internal Audit stay behind looking on, and hope nothing pass through the first line.

Actually, ORM provides support to the departments in managing their risks and the Internal Audit gives the assurance that everything is in order. the

Ok, but just to clarify, it’s not that they wait until they see the whole front line wipe out to step in? They know they could jump in anytime and help.

Sure. The ORM continually monitors the risks across the Bank to facilitate timely responses to risk issues and events. Even if a department does not report a risk issue or event, once they become aware they will follow up to make sure that it is addressed.

The ORM has to keep abreast of the risk issues across the Bank , not just a single department, so they can be proactive in their responses to all risk issues.

Just making sure. Remember you say ‘ we all ’ in this thing together.