CHAPTER 10Risk and Control Self-Assessments
This chapter explores the role of risk and control self-assessment (RCSA) in the operational risk framework. Various RCSA methods are described and compared, and several scoring methodologies are discussed. RCSA challenges and best practices are explained, and the practical considerations that can help ensure the success of an RCSA program are outlined.
THE ROLE OF ASSESSMENTS
Risk and control self-assessments play a vital role in the operational risk framework.
While operational risk event databases are effective in responding to past events, additional elements are needed in order to identify, assess, monitor, control, and mitigate events that have not yet occurred. A well-designed RCSA program provides insight into risks that exist in the firm, regardless of whether they have occurred before. The RCSA program fits into the operational risk framework as illustrated in Figure 10.1. While loss data allows us to look back at what has already happened, RCSA gives a tool to look forward at what might happen in the future. RCSA results often provide the best leading indicators of where risk needs to be mitigated.
Even if these risks are well understood by their owners, there is rarely a tool outside the operational risk framework that provides consistency and transparency in reporting, mitigating, and escalating these risks. For this reason, risk and control assessments are often the most enthusiastically adopted elements of the program, ...
Get Operational Risk Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.