The Three Lines Model, updated from the Three Lines of Defense, clarifies how different organizational functions coordinate to manage risk and achieve objectives. The first line (operational management) owns and manages risk daily. The second line (risk management, compliance, quality) provides expertise, oversight, and challenge. The third line (internal audit) offers independent assurance to the board and senior management. In healthcare organizations, for instance, clinical staff form the first line, the compliance and patient safety teams constitute the second line, and internal audit provides the third line perspective on effectiveness.