Certified in Risk and Information Systems Control (CRISC) — Question 58

Which of the following is an example of the second line in the three lines of defense model?

Answer options

• A. External auditors
• B. Internal auditors
• C. Risk management committee
• D. Risk owners

Correct answer: C

Explanation

The correct answer is C, the Risk management committee, as it acts as the second line of defense, supporting risk management and compliance. Options A and B refer to external and internal auditors, respectively, who are part of the third line of defense, while D, risk owners, represent the first line of defense.