In the Three Lines of Defense Model, the Second Line (functions such as risk management and compliance) may provide assurance over First Line (business operations) activities under specific conditions to ensure independence, objectivity, and competence.

Conditions for Second Line Assurance:

Separation of Duties: The Second Line can only provide assurance if it did not design or perform the activities it is examining. This separation is crucial to avoid conflicts of interest.

Assurance Objectivity: The Second Line personnel must maintain objectivity, avoiding any bias or personal stake in the outcome of their evaluations.

Assurance Competence: The Second Line must have the technical expertise and skills required to evaluate the subject matter accurately.

Why Option C is Correct:

It aligns with the principles of independence and objectivity required for assurance activities.

It recognizes the Second Line's role in oversight and assurance without encroaching on the operational responsibilities of the First Line.

Relevant Frameworks and Guidelines:

IIA’s Three Lines Model (2020): Emphasizes the importance of objectivity and independence in assurance activities.

COSO ERM Framework: Discusses the distinct roles of governance, risk, and assurance functions.

In summary, the Second Line can provide assurance over the First Line, but only under conditions that ensure objectivity and competence, as outlined in established GRC models and frameworks.