Welcome to the series of How To:Quality. Your 3 min guide on how Quality Professionals address various business needs to drive Improvement and Governance.
Quality Professionals, regardless of the sector they work in, strive to help businesses achieve their strategic objectives. They do this in various ways: be it deploying governance frameworks, implementing improvement strategies, or delivering assurance programmes.
In this post I talk about how Quality Professionals can help support any businesses set up a three line of defence compliance model and fast track it to the three dimensions assurance framework.
How to: Quality
All businesses have some type of requirements they need to adhere to. Customer, Business, Regulatory, Governmental or Legal are examples of such requirements. When you understand what these requirements are, and run your businesses with the scope of always complying, how do you ensure that you are achieving that level of compliance?
In this post, I will explain the three lines of defence model and how Quality Professionals can help organisations get an added value implementation programme.
- Set up your first line of defence
- Set up your second line of defence
- Get a third line of defence ready
Before we explore the three lines of defence, let us define this framework. The Insitute of Internal Auditors (IIA) defines this framework as:
The Three Lines Model helps organisations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management.
The IIA Resource: An update of the Three Lines of Defence (https://www.iia.org.uk)
Governance, Risk Management and achievement of objectives i.e. strategy are the three key words in the above statement. Business Strategy is collective effort of various teams focused on a clear direction. With that in mind, governance structures and risk management is also a collective effort. That is why the three line of defence is helpful to understand. In a very simplistic approach, the three lines model helps you define a three layered structured. Each layer provides an additional level of governance and risk management. Think of if as your bottom up approach. Start at the business as usual operational duties, then work with those less involved in the day-to-day operations, after which you engage with those are totally independent from the work.
1. Set up your first line of defence
Ownership and accountability are key for any business’ success. This applies to smaller teams within a business as well. An operation should be built to enable ownership and accoutability at each level of task performance.
The first line of defence helps you define the process stakeholders who are responsible and accountable for the work. Understanding who does what, alongside the inputs and outputs of your processes will help you build checks within your operating environment. You can call them Quality Checks, approval gates, or maker-checker steps.
💡 Remember this step should usually be performed within the same team to be counted as first loine of defence.
2. Set up your second line of defence
The second line of defence in a business offers an independent level of assurance from the team performing the task. This type of defence has different shapes and forms and places risk management at the heart of this activity. Example of teams who can help your operation with such defence are Quality, Compliance, Info Security, your PMO, your Internal Audit function, your Corporate Sustainability Office, etc.
💡Your second line of defence should be able to provide you with the successful criteria, the rate of success, analytical reports with trends, observations, and improvement plans. If you do not have a monitoring programme in place, Quality Professionals can help you design a programme to give you the insights you need.
3. Get a third line of defence ready
You can probably guess where the third line of defence is heading to. Your first line is within the accountable team, your second line is internally independent; which brings us to the third line. This is when a business engages with an external auditor to provide independent assurance and adherence to legislative and regulatory requirements. Many businesses require to have such assurance to be able to commercially operate. Obtaining such level of assurance without having the first two lines clearly defined becomes an inefficient and an extremely expensive exercise.
💡 Quality Professionals help businesses get the most out of the third line of defence. They understand that extenral assurers are on the business side and can help you translate a lot of the outcome of such engagements into practical value added operational steps.
Quality 4.0 & Three Lines of Defence
Implementing the three lines of defence model is a great framework to if you have not had such set up in your business. If you want to drive a stronger level of compliance, I would highly recommend you review the three dimensions of assurance introduced by the Chartered Quality Insitute (CQI).
The CQI conducted a research on the Future of Assurance. The research identified that emerging technologies play a role in the assurance framework. Quality professionals understand such fundamentals and can help you assure technology that is being developed to assure your processes. If you are a member of the CQI | IRCA, you can access the details of the research in your membership portal.
If you enjoyed this How To scenario, why not follow me for other scenarios dropping straight into your inbox 👇
If you would like to see a particular topic covered in this series, please get in touch and let me know the topic or scenario, and I will do my best to help. You can get in touch on your preferred platform 👇
the Quality strategy 
Leave a reply to How To: Quality©️ – 2023 Wrap up – The Project EDIT Cancel reply