The first line of defence in an organisation is responsible for owning and managing risks. This includes implementing and maintaining effective internal controls, and executing day-to-day operational activities to ensure compliance with policies and procedures.