Risk and Control Self-Assessments
This chapter explores the role of risk and control self-assessment in the operational risk framework. Various RCSA methods are described and compared and several scoring methodologies are discussed. RCSA challenges and best practices are explained, and the practical considerations that can help ensure the success of an RCSA program are outlined.
THE ROLE OF ASSESSMENTS
Risk and control self-assessments (RCSAs) play a vital role in the operational risk framework.
While operational risk event databases are effective in responding to past events, additional elements are needed in order to identify, assess, monitor, control, and mitigate events that have not yet occurred. A well-designed RCSA program provides insight into risks that exist in the firm, regardless of whether they have occurred before. The RCSA program fits into the operational risk framework as illustrated in Figure 10.1. While loss data allows us to look back at what has already happened, RCSA gives a tool to look forward at what might happen in the future. RCSA results often provide the best leading indicators of where risk needs to be mitigated.
Even if these risks are well understood by their owners, there is rarely a tool outside the operational risk framework that provides consistency and ...