Which of the following is NOT one of the three lines of defense in internal auditing?

The three lines of defense model is a widely accepted framework for risk management and internal control within organizations, including credit unions. It illustrates how legal and regulatory compliance, risk management, and internal auditing work together to protect the organization.

In this model, the first line of defense is typically represented by the business units themselves, which are responsible for identifying and managing risks associated with their operations. The second line of defense involves risk management and compliance functions, which help to ensure that risks are adequately managed and that the organization adheres to relevant laws and regulations. The third line of defense is the internal audit function, which provides independent assurance and reports on the effectiveness of governance, risk management, and internal controls.

Account management, however, does not fit into this framework as a line of defense. While account management is important in the operational context, it is not categorized as a separate layer of defense in risk management or internal auditing within this model. The focus of account management is more on the operational aspect of managing member accounts rather than providing oversight or risk management, which are the key functions needed in the context of the three lines of defense framework.