< Back to Governance, Risk & Control

Three Lines of Defence

Maintain a robust control framework across the Three Lines of Defence.


In today’s ever-changing regulatory environment, there is more pressure than ever for companies to demonstrate their ability to pre-empt risk and provide robust control and governance frameworks. In addition, we are witnessing a shift from corporate to individual responsibility. With new regulatory initiatives such as the Senior Managers and Certification Regime in place, accountability for control governance has devolved to individual managers. Everyone needs to be prepared.

In our experience, strong and effective governance is essential for any firm’s long-term survival. TORI will work with you to optimise your governance framework. We will link risks, policies, control objectives, first line controls and ensure proactive management and measurement of your control and risk status.

We know what industry best practice looks like and we’ll measure your current capabilities against that. We identify control weaknesses and build new controls that are missing, calibrate the ineffective ones and remove any duplication.

The last step is to secure buy-in from internal and external stakeholders to make sure that a control culture is embedded within your organisation.

Services this covers:

  • Target Operating Model
  • Governance structure
  • Risk and control assessments
  • Alignment across the Three Lines of Defence
  • Process/control mapping
  • Risk reporting and MI - ControlNet
  • Stakeholder engagement


Who to contact

Paul Lowrie
Paul Lowrie
Head of Governance, Risk & Control

Other Three Lines of Defence Services