Skip to content

Managing Risk with the Second Line of Defence Launchpad

The Second Line of Defence Launchpad within the Protecht.ERM system is an effective and interactive visualisation designed specifically for the Line 2 Risk and Compliance Management teams to use in their role of reviewing and challenging Line 1, together with independent reporting and escalation. Read on to find out more.

Why a Launchpad?

A Launchpad can be configured as the first screen a user sees when they log into Protecht.ERM. This ensures that users first see the most important and relevant information to carry out their responsibilities.

Three Lines of Defence Model

Regardless of the organisation’s size and complexity, implementation of the three lines of defence should be the first principle of an effective risk management framework. At each line of defence there needs to be risk governance to support and provide oversight to the risk management framework.” Read complimentary article: Risk Governance and the three lines of defence.

Three-Lines-of-Defence-Model

Figure 1: Three Lines of Defence Model

The Second Line of Defence

The second line of defence is an organisation’s Risk and Compliance Management function(s) that provide independent review and challenge  of the risk, compliance and decision making management activities of the first line of defence. The Second Line of Defence Launchpad has been designed to support the Risk and Compliance Management teams with quick access to relevant information required by the second line.

lod2

Figure 2: The second line of Defence Launchpad

The Second Line of Defence Launchpad includes the essential components for the Second Line of Defence model including Risks, KRIs, Compliance and Actions, allowing a Risk Manager to quickly ascertain the current status of relevant risk information in the organisation.

Risks

The Risk row includes only a Residual Matrix to save real estate with the Inherent details being available in the details table. The matrix can be clicked to filter the details in the table, which now includes risk trends where historical models are applied. Read the article on Historical Models. This is extremely valuable for a Risk Manager who wants to see the changes in risk over time.

Residual Risk assessment Screenshot1

KRIs

Important KRI data, including slipped and overdue items, is highlighted using bubbles that are easy to view and provide a way to filter the KRI details table. Once filtered, the user can review the details and click directly to the KRI in the register, or alternatively use the links to review KRI analytics to support business decision making.

Key risk indicators Screenshot 1

Compliance

In a similar way to KRI's, the Compliance information provides easy to read metrics that provide important summary data, whilst also filtering the details table.

Compliance screenshot1

Actions

Overdue Action details are highlighted in red to clearly differentiate them from other actions. 

KRI Actions Screenshot1

Filtering for relevance

The first filter in the heading allows the user to switch between “All” and “My items”, which is respectively everything the user has permission to see versus the items assigned to the user directly. This makes it easy for the user to quickly alternate between these filters without having to move to a different report.

The tree filter on the top right allows a Risk Manager to filter for specific Business Units. This will assist in determining any areas or interest that need investigation.

Usability (UX/UI) and Design

The launchpad is designed with UX (user experience) in mind so that each component has its own row that flow logically from top to bottom. Each row reads left to right starting with a component summary, detail and then links to related registers and analytics where further details can be found. All non-required marks and lines have been removed to increase the Data-Ink ratio, which makes the Launchpad simpler and easier to understand. Individual branding can be applied based on specific client requirements.

Use Cases

Specific examples of when this Launchpad would be used include:

  • The Risk Manager opens ERM and immediately sees Residual Risk Assessment Matrix and selects one of the high-risk areas. The risk details are highlighted with a trend showing an increase in residual risk. The Risk manager clicks through for the details in the Risk Details report and reviews the linked controls and finds an anomaly. This allows the risk manager to take action to address the control before an incident can happen.

  • The Compliance Manager opens Protecht.ERM and sees that a key obligation is now non-compliant. Drilling down he sees that the non-compliance is due to related control attestations with ‘No’ responses but without any remediation actions. The Compliance Manager is able to create actions, assign them to appropriate staff with due dates, and monitor and track the status of the actions from within the Launchpad.

This Launchpad is a must for any organisation looking for best practice ways at managing their risk and compliance using the Three Lines of Defence. The simple design minimises unwanted noise whilst highlighting essential information for Risk and Compliance functions.

What's next?

This Launchpad is a must for any organisation looking for best practice ways at managing their risk and compliance using the Three Lines of Defence. The simple design minimises unwanted noise whilst highlighting essential information for Risk and Compliance functions.

If you think this launchpad could help your organisation, please click the banner below to talk to one of our consultants.

New call-to-action

About the author

Matthew joined Protecht in 2017, as the Manager of Business Intelligence and Analytics having extensive experience in senior roles within government and private organisations delivering large transformation projects, providing hands-on expertise and thought leadership in data and software. He graduated with a PhD in Applied Mathematics in 2001 from the University of Wollongong and more recently with an Executive MBA in 2008 from RMIT.