The ERM framework within CSE is to embed and build on the 4 lines of defence (as illustrated in the diagram below), a prerequisite to ensure the overall ERM process and system of internal controls is robust across CSE. Figure 1: CSE’s Four Lines of Defence LINES OF DEFENCE 1 Business Governance / Policy Management – This refers to CSE’s policies and procedures (e.g. Standard Operating Procedures) and operational staff that help to manage and monitor key risks and detect changes in the organisation’s risk profile. 2 Management and Assurance – This refers to CSE’s Risk Management function and other functions, involved in ensuring compliance, which enforce and coordinates risk and control activities in CSE. 3 Independent Assurance – This refers to independent sources of assurance on CSE’s internal controls, risk mitigating measures or financial statements. 4 Board Oversight – This refers to CSE’s Board and/or Audit & Risk Committee (ARC) and their oversight over CSE’s key risks, controls and measures to manage risks within the organisation. 4th line of defence: Highest level oversight 3rd line of defence: Independence assurance Internal/External audit 2nd line of defence: Management and assurance 1st line of defence: Business governance/policy management Risk management Compliance Operational governance Financial governance Policy management Process Systems RISKS RISKS People RISK GOVERNANCE AND INTERNAL CONTROL ANNUAL REPORT 2025 63
RkJQdWJsaXNoZXIy NTM2MDQ5