65 ANNUAL REPORT 2023 RISK GOVERNANCE AND INTERNAL CONTROL The ERM framework within CSE is to embed and build on the 4 lines of defence (as illustrated in the diagram below), a prerequisite to ensure the overall ERM process and system of internal controls is robust across CSE. LINES OF DEFENCE 1. Business Governance / Policy Management – This refers to CSE’s policies and procedures (e.g. Standard Operating Procedures) and operational staff that help to manage and monitor key risks and detect changes in the organisation’s risk profile. 2. Management and Assurance – This refers to CSE’s Risk Management function and other functions, involved in ensuring compliance, which enforce and coordinates risk and control activities in CSE. 3. Independent Assurance – This refers to independent sources of assurance on CSE’s internal controls, risk mitigating measures or financial statements. 4. Board Oversight – This refers to CSE’s Board and/or Audit & Risk Committee (ARC) and their oversight over CSE’s key risks, controls and measures to manage risks within the organisation. Process 4th line of defence: Highest level oversight 3rd line of defence: Independence assurance 2nd line of defence: Management and assurance 1st line of defence: Business governance/policy management Risk management Operational governance Internal/External audit Systems People Compliance Financial governance Policy management RISKS RISKS FIGURE 1: CSE’S FOUR LINES OF DEFENCE
RkJQdWJsaXNoZXIy NTM2MDQ5