Difference between revisions of "Four Eyes Principle"

From Open Risk Manual
 
Line 1: Line 1:
 
== Definition ==
 
== Definition ==
The '''Four Eyes Principle''' is a widely used [[Internal Control]] that requires that any activity by an individual within the organization that has a material risk profile must be controlled (reviewed, double checked) by a second individual that is independent and competent.
+
The '''Four Eyes Principle''' is a widely used [[wikipedia:Internal Control]] mechanism that requires that any activity by an individual within the organization that has a material risk profile must be controlled (reviewed, double checked) by a second individual that is independent and competent.
  
 
== Objective ==
 
== Objective ==
 
The objective of the control is to mitigate risks primarily of the following two types:
 
The objective of the control is to mitigate risks primarily of the following two types:
* [[Business Execution]]
+
* [[Business Execution]], adverse outcomes as the result of poor execution of regular business tasks (mistakes, oversights)
* [[Internal Fraud]]
+
* [[Internal Fraud]], adverse outcomes as the result of fraudulent action of persons internal to the firm
but potentially also other risks
+
 
 +
Potentially other risks may also arise from the absence of this control.
  
 
== Implementation ==
 
== Implementation ==
Implementing this control is relatively simple in document based approval processes as it requires adding additional qualified persons in the approval list
+
Implementing this control is relatively simple in ''document based'' approval processes. It requires adding qualified persons in the approval list
 +
 
 +
== Examples ==
 +
* A classic example of implementing "Four Eyes" is in the [[Credit Approval Process]] where any credit decision must be reviewed by a second independent person
 +
* In many areas the principle is generalized in requiring a separate review by a ''different team''. An important example is the review any risk models by [[Independent Model Validation]]
 +
 
  
 
== Issues and Challenges ==
 
== Issues and Challenges ==
* Implementing the principle may be excessively onerous in resources or even impossible in cases where individuals within the organization possess unique knowledge / expertise.
+
* Implementing the principle may be excessively onerous in resources or even impossible in cases where individuals within the organization possess unique knowledge / expertise
 +
* When internal processes and/or decision making are not fully reflected in traceable documentation the control might be inadequate
 
* The lack of sufficient depth in check and balances is related also to [[Key Person Risk]]
 
* The lack of sufficient depth in check and balances is related also to [[Key Person Risk]]
 
----
 
----
 
[[Category:Risk Management]]
 
[[Category:Risk Management]]

Revision as of 15:44, 10 June 2019

Definition

The Four Eyes Principle is a widely used wikipedia:Internal Control mechanism that requires that any activity by an individual within the organization that has a material risk profile must be controlled (reviewed, double checked) by a second individual that is independent and competent.

Objective

The objective of the control is to mitigate risks primarily of the following two types:

  • Business Execution, adverse outcomes as the result of poor execution of regular business tasks (mistakes, oversights)
  • Internal Fraud, adverse outcomes as the result of fraudulent action of persons internal to the firm

Potentially other risks may also arise from the absence of this control.

Implementation

Implementing this control is relatively simple in document based approval processes. It requires adding qualified persons in the approval list

Examples

  • A classic example of implementing "Four Eyes" is in the Credit Approval Process where any credit decision must be reviewed by a second independent person
  • In many areas the principle is generalized in requiring a separate review by a different team. An important example is the review any risk models by Independent Model Validation


Issues and Challenges

  • Implementing the principle may be excessively onerous in resources or even impossible in cases where individuals within the organization possess unique knowledge / expertise
  • When internal processes and/or decision making are not fully reflected in traceable documentation the control might be inadequate
  • The lack of sufficient depth in check and balances is related also to Key Person Risk

Contributors to this article

» Wiki admin