Kill the Three Lines Model and adopt what I call the Tri-Partite Model of Risk! In a nutshell, the essence of T-PM is:
- Business decision makers are wholly accountable for the decisions they make.
- The risk function is only responsible for providing advice but is wholly accountable for the quality of that advice.
- And the assurance function is wholly accountable for assessing the effectiveness of the two working together.
This is what is necessary to design success for your risk function and to be part of the momentum shift, moving risk from being seen as a painful compliance activity to being seen as valuable.
And can I tell you, this momentum shift can’t arrive too soon. Just last weekend I was on a golf trip with 11 buddies. The partner of one of my friends had recently joined one of the big banks in risk and compliance. When one of the other guys heard this he remarked “Man, I can’t believe anyone can like doing that s#!t.”
Yep, this is what I’ve had to put up with for decades. Once friends sit down and discuss with me my philosophy about risk-taking in organisations, they get it. But it takes more than a minute for them to get it.
If you want a full explanation of what I call the Tri-Partite Model of Risk then download Chapter 7: Designing Success from my book Risky Business: How Successful Organisations Embrace Uncertainty. If you want to read about all the reasons we should kill off the Three Lines Model, previously the Three Lines of Defence Model, then you can buy the book here.
PS. I’m thrilled to say my book Risky Business hit the #1 Amazon Best Seller list recently in the Risk Management Category. If you have read it and think it’s worthy of a review, I would greatly appreciate your time in leaving one. You would make this risk nerd very, very happy. Click HERE for the link.