Answer: The corporate operational risk function, as part of the second line of defense, should challenge risk inputs from business line managers.

The correct answer is C. The Basel three lines of defense model establishes the following lines of defense: In the first line of defense, business line managers manage the risk of their business lines. In the second line of defense, the corporate operational risk function (CORF) reviews the risk controls put in place by the first line of defense and establishes firm-wide risk management procedures. In the third line of defense, an independent review (such as an internal auditor) reviews the effectiveness of the risk controls in the first two lines of defense. C is correct, since as part of the second line of defense, the CORF should challenge inputs from business line managers. Option A is incorrect because internal audit is part of the third line of defense, and the validation team is generally part of the corporate risk function as part of the second line of defense. Option B is incorrect because business line managers do not challenge the audit function as part of the first line; rather, they manage the risk of the business lines. Option D is incorrect because the CORF is the second line of defense, not the third.

Author: LeetQuiz Editorial Team