When a large bank is evaluating its operational risk management in accordance with the best practices prescribed by the Basel Committee on Banking Supervision (BCBS) and implementing the three lines of defense model, which of the following statements is correct?
