Many lessons were learned from the financial crisis. For example, if a chief executive ignores the warning signs posed by risk management, resists contrarian information suggesting the corporate strategy is either not working or losing relevance, or fails to consider critical risks when evaluating whether to enter a new market or consummate a complex acquisition, the stakeholders can end up paying a high price.

Essential to effective risk management, the lines-of-defense model is implicit in COSO’s recently issued internal control framework. An effectively designed and implemented “lines-of-defense” framework can provide strong safeguards. In this issue of The Bulletin, we explore five essential lines of defense for managing risk.