Why Is the Third Line Quality Assurance Function so Critical?
It has now been three and a half years since we moved from the clutches of the Office of Fair Trading to those of the Financial Conduct Authority. The transition clearly required several operating changes not least the formalisation of a structured three lines of defence.
Despite the time passing it’s clear that for many in the purchase and collections sector the third line, internal audit, function remains critically under-resourced and thus undervalued. It’s a story seen throughout many firms of all sizes.
Conversely, Senior Managers within larger or more complex firms should be desperate to install a well-functioning, risk-based third line; not because the FCA forces them to do so, but instead, because they obtain a true vision of what is happening within their own firm. The second line is fantastic at ensuring the first line are accountable, keeping their reporting accurate and honest, but, as its remit tends to be wider than its quality assurance role, it often gets pulled into other areas of work.
The positive impact that a fully focussed third line quality assurance function has on a firm can’t be underestimated. Senior Managers should aim to obtain two distinct reporting lines, the first an amalgamation of the first and second lines where managers can be reasonably sure the reports they are receiving are accurate and wide enough to give true business trends. The second reporting line should be the internal audit function. From this reporting line the senior managers are receiving a sense check on the first and second line reports, providing confidence the data received is correct.
Equally, an internal audit function approaches their work from a different perspective to the operational areas within the business; the third line should be auditing business functions in the following way.
It’s imperative that internal audit do not simply repeat the checks that occur at first and second line, we need that different perspective. Instead of concerning themselves with adherence to compliance rules they should be focussed upon:
Whether key functions have adhered to internal policy
Whether the data produced by departments is accurate
Whether the work undertaken (i.e. quality assurance checks) is accurate
You can see the main purpose of the third line is to keep the first and second lines accountable, approaching the audit with a focus on the above is, in our experience, the best way to achieve this. It should, therefore, be the primary focus of the audit department before, resource permitting, looking at key risks to customers that the business poses. This may manifest itself in monthly customer journey audits focused upon a range of key risk areas such as vulnerability, financial difficulty or complaints handling.
library. Please download this free resource to ensure your team are covering all areas they should be.
This article is designed to be a short snapshot of some of our auditing experience, if you have any further queries please do not hesitate to contact us!