Best Practices in Equipping Audit & Assurance on Policy Effectiveness
The Three Lines of Defence is a popular framework for managing Governance, Risk Management & Compliance (GRC). In our first webinar on the Three Lines of Defence we explored the policy implications of the first line of defence – the front line employees, then we explored effective policy management and oversight in the second line of defence. In this webinar we now explore the third line of defence, audit and assurance professionals and their role in providing assurance and validation that policies are properly managed, communicated, and enforced in the organization.
Policies are futile if they are not properly understood, enforced, and lived by in the organization. The third line of defence is key in providing validation and assurance that polices are properly managed and current by the second line of defence, and the third line provides assurance that the first line of defence is aware of policies and that they are lived by throughout the organization to maintain integrity, mitigate risk, and reliably achieve organization objectives. It is necessary that audit and assurance professionals are equipped with the right insight into policy management and communications so they can fulfill their role in providing assurance to the organization.
This webinar focuses on how to audit policies and provide assurance by the third line of defense in your organization through effective policy governance. Attendees will learn:
- GRC and policy management in the context of the Three Lines of Defence Model
- How the third line interacts with the first and second lines of defense to provide assurance on policies
- How to effectively audit and validate policies are current and understood in the organization
- Methods for third line employees to to assure policies are manage by the second line
- How technology can automate and enable the third line of defence
GRC 20/20 Presenter
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Metacompliance has been developing software and content for the compliance market since 2005. They recognize the difficulty of mitigating the liability and risk that arise from the mismatch between staff awareness and the threats and security decisions needed to be resolved.
The company has worked closely with their clients to deepen the usability and functionality of their products to assist with corporate governance and cyber threats as they evolved through compliance legislation and hacker sophistication. Initially they entered the market with their Policy Management system with its unique enforcement capability. However, getting attestation from staff needed to be underpinned by understanding and that led them to develop their own Learning Management System (LMS) along with high quality cyber security and compliance content.
Metacompliance is a privately held company that has been funded to deliver on its business goals. Metacompliance is a software development organization focused on delivering commercial off the shelf (COTS) software and eLearning content against their innovative product vision.