I am pleased to be an author of this new IIA Practice Guide. The IIA's position paper on the Third Line of Defense has been widely referenced. It provided a framework for other types of audits - environmental, safety, contract, security, quality, etc. - that make up the Second Line of Defense. It is not possible or practical for some organizations to have unique groups for all areas of 2LOD and the 3LOD. Many in those 2LOD audit functions don't understand Internal Audit. So what to do? This PG offers examples, pathways, and suggestions.
I have experience in Operations, Corporate Compliance, EHS Auditing, Internal Audit - and supporting financial audits - four lines of defense - and have seen the tension between them. The process of conducting interviews, participating in this great team, and working towards this PG was gratifying.