Bruce McCuaig


Measuring Performance Of The Three Lines Of Defense

11-Mar-2016 | Bruce McCuaig

The Three Lines of Defense concept was first introduced in 2006 as a proposal for better equipping audit committees. Here is a simple illustration of how it is supposed to work:    

White water rafting on the Owyhee River --- Image by © Ocean/Corbis

Finding The Risks Worth Having

3-Feb-2016 | Bruce McCuaig

The risk literature is full of promises that adopting risk management practices will prevent risk. There are, in fact, areas where risks are destructive and have little value-adding potential and shou

Businessman Looking out Window --- Image by © BASE/Corbis

GRC Predictions For 2016

26-Jan-2016 | Bruce McCuaig

Over the last few weeks, in the spirit of the holidays, my colleagues here posted blogs on the Twelve Days of GRC Christmas and Resolutions for a Better GRC in 2016. I offered to complete the trilogy

SAP SapphireNOW 2015, Orlando, USA

Digitizing Governance Risk And Compliance

30-Nov-2015 | Bruce McCuaig

Most of our treasured concepts of control, and many of our accepted risk practices, will land in the digital boardroom with a thud and disappear — if they make it there at all. The truth is, much


Reporting On The Three Lines Of Defense: The Problem With Truisms

12-Nov-2015 | Bruce McCuaig

“The delay in boarding your flight is caused by the late arrival of the incoming flight.” We’ve all heard this announcement in our travels. There’s a name for a statement like this; it’s

20 Jul 2012 --- Hikers checking direction with compass. --- Image by © Hero/Corbis

Aligning The Three Lines Of Defense: The Enemy Is Us

7-Oct-2015 | Bruce McCuaig

In two of my recent blogs on the Three Lines of Defense (TLoD), I explained why I thought it would transform governance, risk management, and compliance (GRC) (Understanding the Three Lines of Defense

skydivers form circle

Understanding The Three Lines Of Defense: It’s Not About Defense

28-Sep-2015 | Bruce McCuaig

It’s about collaboration The first thing to realize is that the Three Lines of Defense (TLoD) framework is not about defense at all. The three lines in question are already defending against risk.

Continuous Control Monitoring – An Automotive Perspective

11-Sep-2015 | Bruce McCuaig

Technology provides the ability to continuously scan enormous amounts of information from a huge variety of sources and instantly tell us exactly what we need to know and exactly when we need to know