Reinsurance Costs and Availability for Strengthening risk management through effective internal audit partnerships
By Paul Bennett, Audit Manager and Daniel How, Head of Internal Audit, Asta, & Chair of the LMA Internal Audit Committee
In the dynamic and highly regulated environment of the Lloyd’s market, robust risk management is no longer just about meeting regulatory expectations – it has become a strategic imperative. Organisations are facing an increasingly complex risk landscape: climate change, cyber threats, geopolitical instability, and shifting regulatory demands are all converging to test the resilience of risk frameworks.
Against this backdrop, internal audit’s oversight of the second line of defence – Risk Management and Compliance – has never been more important. The quality of this relationship can determine not only whether risks are effectively controlled, but also whether organisations are positioned to respond with agility and confidence.
Auditing the second line with impact
Auditing the second line requires a nuanced approach. Unlike the first line, which owns and directly manages risk, the second line is there to challenge, support and monitor. Internal audit must therefore assess whether these functions are effectively designed, appropriately resourced, and operating independently. This involves more than reviewing process documents: it means evaluating the quality of risk assessments, the robustness of compliance monitoring, and the clarity of reporting lines.
Building strong relationships that drive value
The most effective governance structures are those where internal audit and the second line enjoy a constructive, professional relationship. While independence must be maintained, collaboration fosters transparency and mutual understanding. Regular, structured dialogue allows internal audit to stay informed about emerging risks while enabling the second line to benefit from audit’s wider perspectives across the business. Organisations that succeed in building this kind of relationship see more than just compliance benefits—they cultivate a stronger risk culture and reduce the likelihood of regulatory surprises.
Towards combined assurance
The concept of combined assurance – where assurance providers across the first, second, and third lines coordinate their efforts – is gaining traction across the market. Done well, it creates a synergistic effect with the power of one voice, highlights blind spots, and provides Boards with a holistic view of risk.
Internal audit is well positioned to lead this transition by mapping assurance activities and identifying overlaps or gaps. Over time, this can evolve into something more powerful: a dynamic “risk intelligence” framework where assurance functions work together not just to validate, but to actively anticipate and respond to new threats.
Meeting and exceeding expectations:
Regulators such as the PRA and Lloyd’s, expect internal audit to deliver independent assurance on the effectiveness of the second line. But forward-looking organisations see this as more than a compliance exercise. Internal audit can play a role in shaping how the second line adapts to new regulatory standards, technological change, and emerging best practice.
The opportunity is to move beyond “meeting expectations” and towards creating a model of risk management that is both proactive and resilient – one that gives Boards, regulators, and investors confidence that the organisation is fit for the future.
Turning assurance into advantage
In today’s environment, where risk is multifaceted and fast-moving, internal audit’s role in evaluating and supporting the second line is not simply about oversight. By fostering strong relationships, promoting combined assurance, and helping organisations stay ahead of regulatory and market developments, internal audit can transform risk management from a compliance requirement into a genuine source of competitive strength.
If you would like to continue the conversation, get in touch Audit Manager, Paul Bennett, at p.bennett@asta-uk.com and Head of Internal Audit, Daniel How, at d.how@asta-uk.com
