Scribd
Upload
551 views9 pages

RCSA Session 1 Revised - FINAL PDF

This document provides an overview of a Risk and Control Self Assessment (RCSA) training session. The session will cover: setting the context of RCSAs; why organizations conduct them; organizational issues; required resources; and frequency and granularity. Specific topics that will be discussed include the definition of an RCSA, its role in operational risk management, inherent vs. residual risk, and the roles of the board, senior management, businesses, and audit in the RCSA process. Resources needed like people, time, and technology will also be reviewed.

Uploaded by

Tejendrasinh Gohil
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
551 views9 pages

RCSA Session 1 Revised - FINAL PDF

This document provides an overview of a Risk and Control Self Assessment (RCSA) training session. The session will cover: setting the context of RCSAs; why organizations conduct them; organizational issues; required resources; and frequency and granularity. Specific topics that will be discussed include the definition of an RCSA, its role in operational risk management, inherent vs. residual risk, and the roles of the board, senior management, businesses, and audit in the RCSA process. Resources needed like people, time, and technology will also be reviewed.

Uploaded by

Tejendrasinh Gohil
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Risk and Control Self Assessment

(RCSA)

Session 1

Presented by Phyllis Segal


RMA Faculty—Operational Risk
[email protected]

Today’s Instructor
Phyllis Segal

[email protected]

RMA Faculty –
Operational Risk

Course Topics

Session 1
1. Setting the Context of RCSA
2. Why do a RCSA?
3. Organizational Issues
4. Resources Required
5. Frequency and Granularity

1
Course Topics

Session 2
6. RCSA Components and Steps
7. Step by Step - How to conduct a RCSA

1. Setting the Context

A. What is a RCSA?

B. RCSA and Operational Risk toolbox

C. Operational Risk in the context of Risk Management

D. What is Operational
p Risk?

E. Operational Risk and Basel II

F. Inherent vs. Residual Risk

A. What is RCSA?

Formal documented process used to proactively identify,


assess, manage and report operational risks and controls

2
A. What is RCSA?

Risk
 Anything that could jeopardize the achievement of an objective.
 Examples include: inaccurate records or information, fraud or employees
not following process due to lack of skill.

Control
 Methods, procedures, equipment or other things that provide additional
assurance that relevant business objectives will be met.
 Types of Controls include: Preventative, Detective, Compensating controls

B. RCSA and Operational Risk Toolbox

 Key Risk Indicators

 Loss Reporting and Analysis

 Operational Risk Dashboard

3
C. Operational Risk in the Context of Risk
Management

Risk

Earnings Reputational
Volatility Risk

Management of the drivers of Management of the perception of


earnings volatility management strength and
corporate culture

10

C. Operational Risk in the Context of Risk


Management

Earnings
Volatility

Business/
Operational
Credit Risk Market Risk Strategic
Risks
Risks

11

D. What is Operational Risk?

“. . . the risk of loss resulting from inadequate or failed internal processes,


people and systems or from external events. The definition includes
legal risk but excludes strategic and reputational risk.”

12

4
E. Operational Risk - Basel II

 3 methods for calculating operational risk capital charges (Basic,


Standard, Advanced Measurement Approach)
 11 principles for the sound management of operational risk relate to:
 Role of the Board and Senior Management in developing and maintaining
pp p
an appropriate risk management
g framework and environment
 Risk Management: Identification, Assessment, Monitoring and
Mitigation/Control including New Product Approvals, and Business
Continuity
 Role of Disclosure

13 www.bis.org

F. Inherent vs Residual Risk

 Inherent/gross risk is the amount of risk that exists, without taking


into account the existence of controls

 Residual/net risk is the amount of risk that exists, taking into account
the existence of controls

14

2. Why do a RCSA?

 Consistent management of operational risks across the organization

 Reduce losses, higher profitability

 Improve audit results

 Regulatory requirement

 Management takes responsibility for their own risks

 Improved processes, teamwork and role clarity

 Greater efficiency and effectiveness

15

5
3. Organizational Issues

A. Centralized vs. Decentralized

B. Role of the Board

C. Role of Senior Management and Businesses

D. Role of Audit

E. Ownership and Accountability

16

A. Centralized vs. Decentralized

 Who conducts the RCSA?

 Methodology

 Identification

 Assessment

 Monitoring

 Reporting

 Benefits of each approach

17

B. Role of the Board

 Take the lead in establishing a strong risk management culture.

 Approve and periodically review the bank’s operational risk management


framework. Framework should provide a firm-wide definition of
Operational Risk and lay down the principles of how operational risk is to
be identified, assessed, monitored and controlled/ mitigated
 Approve and review a risk appetite and tolerance statement for
operational risk that articulates the nature, types, and levels of operational
risk that the bank is willing to assume.

18

6
C. Role of Senior Management and Businesses

 Senior Management
 Implementing the operational risk framework approved by the board of
directors
 Developing policies, process and procedures for managing operational
risk in all of the bank’s material products, activities, processes and
systems
 Businesses
 Manage/”own” risks in their businesses

19

D. Role of Audit

 NOT directly responsible for Operational Risk management


 Conduct an independent check on all management processes, including
Operational Risk management, and RCSA
 RCSA ratings should be a consideration for Audit business reviews
 Ensure th
E thatt risks
i k were id
identified
tifi d and
d assessed
d properly,
l ththatt progress iis
being made on RCSA Action Plans

20

E. Ownership and Accountability

 Responsibilities for risks have been formalized

 Awareness of risks by business heads has increased and that THEY


own the risk

 Some of these risk categories were managed before (with varying


degrees of success)

21

7
4. Resources Required

A. People

B. Time

C. Technology

22

Some RCSA Software*

Name of Web Address Product name GRC?


Vendor
Centerprise centerprise.com/products/eopriskcenter.html Enterprise OpRisk No
Center

Sword Achiever www.sword-achiever.com/ Achiever Plus Yes

Methodware www.methodware.com/kairos/ Kairos Yes

OpenPages www-01.ibm.com/software/analytics/openpages/ GRC Platform Yes

Protiviti www.protiviti.com/grc-software/Pages/Risk- Governance Portal for Yes


Management.aspx Risk Management

SAS www.sas.com/software/governance-risk- Governance Risk and Yes


compliance/index.html Compliance

Thomson accelus.thomsonreuters.com/solutions/enterprise- Enterprise GRC Yes

Reuters grc Solutions

23* Not an endorsement for any particular software

5. Frequency & Granularity

A. Frequency

 As often is required to manage the risk

 Annually, on a tiered basis

 Quarterlyy
Q

B. Granularity

 Scoping the enterprise

24

8
See you next session!

 RCSA Components: Objectives, Risks, Controls, Action Plans


 RCSA Steps: Identify, Assess, Act, Report
 Step by Step - How to conduct a RCSA

25

You might also like