Please visit our Sound Practice Guidance page: a revised Guidance for Risk and Control Self Assessment (RCSA) has been posted.
RCSA forms an integral element of the overall operational risk framework, as it provides an excellent opportunity for a firm to integrate and co-ordinate its risk identification and risk management efforts and generally to improve the understanding, control and oversight of its operational risks.
RCSA provides a systematic means of identifying control gaps that threaten the achievement of defined business or process objectives and monitoring what management is actually doing to close these gaps. It is therefore an integral component of good operational risk management.
The findings from a RCSA can be used to formulate appropriate action plans to address identified control gaps, taking into account risk-reward (cost-benefit) considerations, with progress against these plans monitored as part of the overall operational risk management approach. In this respect RCSA promotes analysis and monitoring of factors that affect the level of operational risk exposure.
A further driving force behind the growth and emergence of RCSA is that it acts as a complementary audit and management tool, and is a generally accepted means by which to satisfy corporate governance and regulatory requirements.