The first full-service mortgage risk management firm in the United States.
Third Line of Defense and Risk-Based Auditing    
May 11, 2023
QUESTION
Although we're a small bank in the Midwest, we still are required to have policies and procedures that are similar to banks much larger than ours. However, our regulator has sent a letter notifying us that our corporate governance is not adequately implementing the "third line of defense." The letter also cited our need for "risk-based auditing."

We want to show that we are responding to the regulator by revising our corporate governance policy to acknowledge this third line of defense. And we want to include a reference to risk-based auditing. We hope you can provide some insight into how to revise our policy for these requirements.

What is the third line of defense?

What is risk-based auditing?
ANSWER
The term "corporate governance" is a general term that refers to the oversight of daily business activities. Specifically, the board of directors should be actively and attentively looking over the performance of senior executives to ensure daily operations are performed within the adopted policies and objectives of the institution.
 
Ultimately, the board of directors is responsible for the organization's performance. When delegating authority to senior management team members for day-to-day activities and decisions, the board should also require feedback and monitoring reports to assess executive performance. For the directors, it becomes a matter of setting high standards and ensuring they are maintained.
 
The process whereby governance directs auditing programs is essential to effective risk management and internal control systems. Effective internal and external audit programs are also a critical defense against fraud and provide vital information to the board of directors about the effectiveness of internal control, among other things.
 
Here's a generalized three-step process involved in corporate governance:
FEATURED

COMPLIANCE TUNE-UP
COMPLIANCE MANAGEMENT SYSTEM
Jonathan Foxx - Portrait
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Monthly or Hourly Compliance
Request List
Pioneering Mini-Audits
Request List
Policies & Procedures
Request List
Compliance Solutions
FEATURED

COMPLIANCE SOLUTION
Do You Know?

What are the five factors to consider in notification to individuals in a
data breach?
Commensurate with an institution’s size, complexity, and risk profile, the following factors are:

  1. State laws;
  2. The nature of the compromise;
  3. The type of information taken;
  4. The likelihood of misuse; and
  5. The potential damage if the information is misused.
The most comprehensive mortgage compliance solutions in the United States.
Member of National Organizations
ABA | MBA | NAMB | AARMR | MISMO | ARMCP | ALTA | IIA | ACAMS | MERSCORP