The new model’s principles-based approach is designed to provide users greater flexibility,” Chambers wrote. “Governing bodies, executive management, and internal audit are not slotted into rigid lines or roles. The ‘lines’ concept was retained in the interest of familiarity. However, they are not intended to denote structural elements but a useful differentiation in roles.
This final point, that the lines are not intended to denote structural elements, bears emphasizing because it addresses another common criticism of the old model, which is that, intentional or not, many interpreted it too literally. Boundaries started to develop between departments, with the mentality being, “That’s a first-line responsibility. I’m second line, so that’s not my job, not my problem,” says Stephen Masterson, Technical Advisory Partner at Advisory and Audit Firm SM+Co LLC.
In other cases, the direct opposite problem would result—the duplication of audit efforts. In some organizations, there was often too much overlap between the second line (risk control and compliance monitoring) and the third line (internal audit). “The second line often looked and felt and acted like an audit function,” Masterson says.
In comparison, the new model enables greater fluidity between the first and second lines while also stressing internal audit’s independence from management to ensure the role is “free from hindrance and bias in its planning and in the carrying out of its work, enjoying unfettered access to the people, resources, and information it requires,” the new model states.
The new model further stresses, however, that “independence does not imply isolation” and that regular interaction between internal audit and management is needed “to ensure the work of internal audit is relevant and aligned with the strategic and operational needs of the organization.”
Please see full article as attached here: Masterson Three Lines Model-IIA in Compliance Week