Recently, we’ve been thinking about audits and examinations. We know, we know, that’s pretty par for the course over here. But we’ve been thinking about the exact role they take in the risk reduction process. Specifically, we’ve been thinking about the three lines of defense in audits.

We’ve got a couple blogs lined up to explore the topic. They’ll include non-financial industry comparisons and key takeaways for the credit union audit process.

So, let’s lay some groundwork.


What Are the Three Lines of Defense in Credit Union Audits?

We’ve written a lot about the importance of consistency in audits. It’s critical for CU audit teams to be on the same page about everything:

  • Due dates, roles, responsibilities
  • Definitions, policies, processes, and procedures
  • Good communications and sharing capabilities

But these are just the foundations of a good audit process. They’re not lines of defense—they’re the things you’ll need to successfully complete an audit.

The lines of defense explain how these things fit into a greater risk reduction strategy. Here are those lines.

1.    Credit Union Employees and Management

CU employees and management are the ones who carry out all daily tasks and processes. They follow all the standard operating procedures that come with the job. If they do their job correctly, then they prevent any compliance errors.

It makes sense then that CU employees and their managers are best positioned to create and enforce the daily processes and procedures that they follow.

But humans do make mistakes. And so sometimes, the first line of defense falters. (One could even say that they introduce new risk!)

2.    Credit Union Compliance Functions

Whoever’s in charge of compliance at your credit union is the second line of defense. This person—or these people—know compliance better than anyone.

These brave souls have many responsibilities, such as:

  • Monitoring multiple business units
  • Uncovering compliance deficiencies
  • Meeting with management and the board

Their purpose is to work together with management to ensure that the correct policies and procedures are executed by employees. As the second line of defense, they’re not involved in day-to-day activities.  Instead, they provide broad compliance oversight for the organization.

3.    Credit Union Audits

Audits, especially internal audits, are the third line of defense against risk. Their purpose is to provide independent assurance that your management policies and controls are being executed properly. This is when you test your systems to make sure they’re working correctly. If you see anything you don’t like you’ve got a chance to correct it before regulating bodies bring down the hammer.

Basically, credit union audits are your third line of defense against mistakes, ineffective practices, and poor decisions.

audit checklist

FREE: Audit Checklist for Credit Unions

4 key principles and 9 questions to jumpstart your audit planning. From leading credit unions.

Final Thoughts

What’s important to remember about the three lines of defense is that they all work in concert to keep a credit union safe. Compliance is a team effort.

We’ll write a bit more about the three lines of defense and credit union audits soon. If you’d like to see where we’re taking this topic, subscribe to our blog!

Or follow the links below. They’re good too.



Posted in: