Skip to content
Log in

Second-line oversight

Definition

The risk management and compliance functions, including the CISO office and the risk function, that set policy, monitor control effectiveness across the organisation, and provide independent challenge to the first line. Must be organisationally separate from the first line to be effective.

Related terms

Audit committee
A sub-committee of the board of directors composed principally of independent non-executive directors, responsible for overseeing financial reporting, internal controls, and the...
CISO (Chief Information Security Officer)
The senior executive responsible for developing and maintaining the information security programme. The CISO reports to the board or a board committee...
First-line controls
Controls owned and operated by the business units and IT functions that process or store information. The first line is accountable for...
Security steering committee
A cross-functional management body, typically chaired by the CISO or Chief Risk Officer, that coordinates security priorities across business units, approves major...
Three lines of defence
A governance model that separates security responsibility into three distinct layers: operational management that owns controls (first line), risk and compliance functions...

Explained in

  • Security Governance Structures and RolesThe risk management and compliance functions, including the CISO office and the risk function, that set policy, monitor control effectiveness across the organi...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account