Vous trouverez ci-dessous un document de réflexion publié par Sean Lyon* et paru dans la série Executive Action du Conference Board. Ce document partagé et commenté par Denis Lefort, CPA, CA, CIA, CRMA, fait référence à cinq (5) lignes de défense interne, soit les opérations, les fonctions de surveillance tactiques comme la gestion des risques et la conformité, les fonctions d’assurance indépendante que sont le comité d’audit, l’audit interne et les autres sous-comités du conseil, et, enfin, la direction et le conseil d’administration.
Quatre lignes de défense externe sont aussi proposées, soit: les auditeurs externes, les actionnaires, les agences de notations et les organismes de réglementation.
Le modèle des 5 lignes de défense est aussi comparé au modèle traditionnel des trois lignes de défense.
Finalement, l’auteur insiste sur l’importance pour l’ensemble des lignes de défense d’agir de façon concertée, voire intégrée, pour assurer le succès global des interventions des uns et des autres pour le bénéfice de l’organisation.
Voici un extrait du document. Bonne lecture !
Corporate stakeholder responsibility should take intoaccount various stakeholder groups, including shareholders, employees, customers, suppliers, special interest groups,
communities, regulators, politicians, and, ultimately, society. Consequently, a comprehensive corporate oversight framework should be multi-faceted to safeguard the diverse interests and varied expectations of all stakeholders. Increasingly, stakeholders are demanding oversight that safeguards a multitude of their interests, be they financial, economic, social, or environmental. Such an inclusive approach should include an appreciation of the symbiotic relationship that exists between business, society, and nature.
Organizations should understand the complexity of this interconnectedness to fulfill their social responsibilities. A holistic focus that includes the various lines of defense approach helps provide different stakeholders with the comfort that their interests are safeguarded, if implemented appropriately. A lines-of-defense framework provides stakeholders with a comprehensive system of “checks and balances.”
The existence of such an integrated framework means that stakeholders can reasonably rely on it to ensure that the organization is fulfilling its fiduciary duties, legal obligations, and moral responsibilities, while creating durable value and sustainable economic performance in the process. For this approach to operate effectively, however, each line of defense must play its part both individually and collectively—fulfilling its oversight duties within a holistic framework.
Accordingly, each line of defense collaborates with and challenges the other (complimentary yet antagonistic) lines of defense, as it acts in its own enlightened self-interest. Enhanced cooperation and communication between these lines of defense should be facilitated by better interaction between stakeholders through regular dialogue which is based on mutual understanding of the organization’s objectives. This, however, must be achieved without allowing respective responsibilities or accountabilities to become blurred in the process.
To strengthen corporate defense capabilities, organizations should consider fortifying the second line of defense, which provides the critical link between operational line management and executive management. For many organizations, this is still perhaps the weakest link in the chain. Unfortunately, in many organizations, the defense activities at this layer are operating in a silo; they are not in alignment with other lines, but rather, operate in isolation, with little or no interaction, sharing of information, or collaboration. The activities of an effective second line of defense must be managed in a coordinated and integrated manner.
Each of the other lines of defense requires differing degrees of fortification, but this perhaps has as much to do with best practices rather than any radical makeover. The goal is to reach a more effective balance between the spirit of guidelines based on principle and the interpretation of guidelines that are legal or more prescriptive.
* Sean Lyons is the principal of Risk Intelligence Security Control (R.I.S.C.) International (Ireland) and a recognized corporate defense strategist. He is published internationally and has lectured and spoken at seminars and conferences in both Europe and North America. His contributions have been acknowledged in the Walker Review ofCorporate Governance in UK Banks and Other Financial Institutions, the Financial Reporting Council (FRC)’s Review of the Effectiveness of theCombined Code and the International Corporate Governance Network (ICGN)’s ICGN Corporate Risk Oversight Guidelines. In 2010 Sean was shortlisted as a finalist in the GRC MVP 2009 Awards organized by US based GRC Group (SOX Institute) co-chaired by Senator Paul Sarbanes and Congressman Michael Oxley.
Articles d’intérêt :