On how 3LoD as a going-concern silo’isation of ‘governance’ stuff that says to deal with Risk [which it doesn’t, in any useful way], is inherently i.e. by its very semantic internal structure, a placebo at rare, seldom, near-unique very best and more often a nocebo [yes, the opposite: something that doesn’t work but its expected (sic2) side effects will help you down the drain] but in most cases just palliative care. I.e., helping alleviate the pain of dying.
Earlier, there was this tweet (oh, on the blog post by the Giant) about how ‘audit’ may be a placebo and no more. Going through the motions and shaking off some nervousness, psych insecurity, by report recipients about the future — of course forgetting that auditors look back, not forward too much.
The same, now for ‘risk’ as captured in the 3LoD nonsense. Too many posts out there [mine, but if you want better explanations why the non-, check the ‘net it’s full of pertinent info] to quote or even link here. Only one of the vast number of theoretical, logical, methodological, tactical, operational and very factual problems with the model: It requires all to dally in babblestuff instead of standing between threat and vulnerability. Except for the threat of a regulator probing all the way through the humbug and finding some weakness in the 1st line; which is a purely hypothetical issue since indeed it would hard-require said regulator to know what he’s doing… All the time, there’s nothing in the model that requires 1st line management to deal adequately with risk.
Yes having eager beaver 3LoD in place may feel lukewarm but shareholder value maximisation over everything [still reigning supreme in executives’ minds despite some window dressing] requires you to just wet your pants for that effect; much cheaper. You’re laughed at anyway since you promote 3LoD so much.
And then, Schumpeter [when applying to you personally, drop the h] strikes again, sped up by the nocebo effects [cost of all the overhead].
Hence the palliative angle. Feel epicurean until you’re done.
[For whoM the bell tolls; Baltimore – followed Procedure until cyber-probed (cyberattack‘s too much said!)]