Do you have a second line of defense team? What frameworks do they cover - SOX only or more? Where does this team report in the organization (i.e. CFO, Accounting, Legal, Chief Compliance Officer, CEO, CAE, etc.)?
Sort By:
Oldest
Vice President - Internal Audit and Enterprise Risk Management in Healthcare and Biotech6 months ago
Our Ethics & Compliance program reports up to our Chief Compliance Officer, who in turn reports to our Chief Legal and Risk Officer. We also have an IT-centric second line function (reporting to our CISO) that provides security and control guidance to the organization. They cover multiple frameworks, including NIST and HITRUST, as well as the controls frameworks utilized for our SOC1 and SOC2, plus any regulatory driven control requirements.Chief Financial Officer6 months ago
I have a very active and integrated second line of defense who do, ERM (including hosting a cross functional risk committee), SOX and IA. They report to CFO, accountable to Audit Committee.They have very good connections across the whole company, they add a lot of value.
VP of Legal in Energy and Utilities5 months ago
We're in the process of scaling our Compliance team to perform second line of defense control testing; our current frameworks are OSHA, SOX, and some bespoke regulatory requirements specific to our business. Compliance reports to our Chief Growth Officer as we are in the process of building out an in-house Legal function.