Control Self Assessment (CSA)

JUNI 2020
Control Self Assessment Framework
 Control Self Assessment
Outline
Control-Self Assessment Definition
Control-Self Assessment Objectives
Enterprise wide Control Self Assessment Framework
 Balanced Scorecard
 CSA Methodology
 Results
Corporate Governance
CSA Rollout - Project Time Line
Appendix - Delivered Solution
1. Risk Map
2. Excel Based Worksheets
3. HTML Interface
4. Excel Based
 Control Self Assessment

Definition
Control-Self Assessment is a risk management tool used by business
managers to transparently assess risk and control strengths and weaknesses
against a Control Framework. The “self” assessment refers to the
involvement of management and staff in the assessment process.
 Control Self Assessment
Objectives
Communication
 To ensure better communication of CEO’s objectives and strategies to all
business lines
 To ensure business line managers communicate their risks and controls more
effectively
Education
 To ensure business line managers have a better comprehension of effective risk
control
 To ensure business line managers have a better comprehension of risk
management
Proactive Management
 To ensure business line managers align their objectives and strategies with the
CEO's objectives and strategies
 To ensure business line managers assume greater responsibility and
accountability for their risks and controls
 To ensure business line managers monitor their risk effectively and timely
 To ensure business line managers utilize and allocate their resources effectively
 Enterprise-wide CSA Framework
Goal
To foster a proactive management framework which is pervasive throughout a firm
Enterprise-wide CSA Framework
 Step 1: Objective Setting

Balanced Scorecard *
A tool that translates a firm’s mission and strategy into a comprehensive set
of performance measures that provides the framework for a strategic
measurement and management system

Objectives
Ensures linkage between the objective of senior management and the
businesses
Increased focus on the appropriateness of the objectives
Reinforced as the central “top down” articulation of goals
Provides a framework within which the oversight functions, risk
management and the business lines operate
 Step 2: CSA Methodology

ORCA Framework
Objectives
Risk Assessment of Key Processes
Controls
Action Plans
The ORCA framework components fit logically together to form a
comprehensive relationship between firm-wide objectives, processes
and risks, and controls. This relationship may be viewed as the core of
a firm’s internal control.
 Step 2: CSA Methodology

ORCA Framework
To find equilibrium, the business managers must carefully assess the risks
inherent within their key processes and apply controls that will work at
a reasonable cost.
 Step 2: CSA Methodology

ORCA Framework
 Step 2: CSA Methodology

Key Indicators

Metrics to measure the effectiveness of controls in the mitigating

or managing risks
 TO measure operational problems

 TO monitor the quality of the services provided

 TO provide early warning for problems

 TO aid in the containment of losses
 TO determine trends
 TO set limits for risk or escalation criteria

 TO facilitate everyday decisions.

 Step 3: Results

Qualitative
Bottom-up feedback to executive management to ascertain how
successfully the organization accomplished its strategic vision
Identification of the interdepartmental and thematic risks within the
firm

Quantitative
CSA Metric Score
Inherent & Residual Risks Model
CSA Scenario Engine
Step 3: Results
 Step 3: Results
Inherent and Residual risk models provide a sense of the potential monetary
impact before and after the implementation of controls.

CSA scenario engine may shed insight on how the department’s or firm’s
control environment may evolve – for better or worse.
 Corporate Governance

Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS

II compliance
The enterprise-wide CSA framework presented here is a key component of
a robust corporate governance structure. It enables the organization to
inform executive management of the current state of the firm’s risk
environment on an ongoing basis
The expected benefits of a strong corporate governance structure are:
 Summary

The presented enterprise-wide control self-assessment framework:

Provides flexibility and dynamism to evolve with the changing firm

Allows a firm to manage risks from both the “top-down” and “bottom-up”
perspectives
Is an integral component of a strong corporate governance structure
 CSA Rollout - Project Time Line
 Planning  Design and Development (Prototype)
Project Scope Meet with Business Lines
Þ Define CSA scope Gather Key business processes
Þ Evaluate current firm wide objectives Establish
Þ Identify key business areas and processes Create Data Model
Þ Obtain Sr. Management support Create Database
Project Planning Create user interface
Þ Create project timeline Load master tables data into database
Þ Allocate resources Create procedure guide
Deliverables: Project Plan, Road map Deliverables: CSA beta version software, User guide

 Analysis  Implementation
Define Op Risk components Rollout Control Self Assessment Software
Þ Firm wide objectives Data Gathering of Business Units CSA
Þ Risk map Support business units performing CSA
Define CSA components
Þ Objectives and key processes
Þ Risks Deliverables: Cutover Plan, CSA application
Þ Control Methods
Þ Action Plans  Close-out
Þ Key Risk Indicators
Review user feedback
Refine Timeline and estimates
Establish cyclical review requirements
Deliverables: Business requirements, User presentation
Update CSA reporting package

April May June

June July August September October November December January February March

Closeout
Planning Analysis

Design Implementation

Development