A large bank is reviewing its processes and procedures to manage operational risk in accordance with best practices established by the Basel Committee. In implementing the three lines of defense model, which of the following statements is correct?

Exam-Like

Community

LLeetQuiz

The internal audit function should serve as the first line of defense and continually validate operational procedures used by the business lines.

Business line managers, as part of the first line of defense, should provide a credible challenge to the internal audit function.

The corporate operational risk function, as part of the second line of defense, should challenge risk inputs from business line managers.

The corporate operational risk function should serve as the third line of defense and validate model assumptions made by senior management.

Financial Risk Manager Part 2