Chapter 5 Learning Outcomes Flashcards

1
Q

What is RCSA?

A

RCSA stands for Risk and Control Self-Assessment. It is a process for identifying, recording and assessing potential risks and related controls.

(Introduction, para 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of RCSA and what can it be used for?

A

The purpose is to enable a firm to manage key risks to avoid impacting objectives. It involves identifying, assessing, monitoring and reporting risks and controls. It enables risks to be proactively managed.

(5.2, para 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key elements of an RCSA process?

A

Key elements are:
* identifying risks,
* assessing inherent and residual exposures,
* assessing controls,
* assigning owners,
* deciding on responses,
* taking action,
* monitoring,
* reporting.

(Fig 5.3.1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you assess operational risk exposure?

A

By judging the likelihood of occurring and expected impact (financial or non-financial) if it does occur. These are combined on a matrix to show level of exposure.

(5.5, 5.5.1, 5.5.2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the benefits of an effective RCSA process?

A

Benefits include:
* cultural change,
* alignment to strategy,
* consensus building,
* clear accountability,
* anticipating threats,
* process efficiencies.

(Table in 5.2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you identify which risks to include?

A
  • Use risk categories,
  • internal loss data,
  • external loss data,
  • indicators,
  • objectives,
  • complaints,
  • planning
  • outputs,
  • performance data,
  • upcoming changes,
  • analysis reports.

(5.3.2, 5.3.3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s the difference between inherent and residual risk exposures?

A

Inherent is untreated exposures.
Residual is remaining exposure after accounting for effectiveness of controls.

(5.5.3, Fig 5.5.3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What 4 types of actions can you take to address risk exposure?

A

Accept, reduce (add controls), transfer (insure), avoid (eliminate).

(5.7.2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s a control?

A

Any action taken to reduce likelihood or impact. E.g. preventative, detective, corrective controls.

(5.6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What roles do controls play in risk management?

A

Prevent underlying causes, detect if an event occurs, take corrective action, direct through policies. Overall reduce exposures.

(5.6, Fig 5.6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What key things are included in reporting of RCSAs?

A

Scope, changes in profile, risk assessments, controls, actions, heat map.

(5.8.1 to 5.8.6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s the difference between a risk owner and a control owner?

A

Risk owner manages the risk identification, assessment etc.
Control owner designs and operates controls.

(5.7, 5.7.1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly