Chapter 6: Risk and Control Self-Assessment Flashcards
What is the Risk Assessment Unit (RAU) in RCSA?
LOB?
The business line, entity, or division responsible for evaluating operational risks.
How are risks identified in RCSA?
Through workshop-style discussions that involve collaborative identification and assessment of inherent risks and key controls.
What dimensions are used to assess risks in RCSA?
There are 4, prob…..imp……veloc……risk hor……
Probability, impact, velocity (speed of impact realization), and risk horizon (timeframe for risk significance).
What are inherent risks in RCSA?
Risks evaluated before the application of controls, often considered as risks that could materialize with multiple control failures.
What are the variants of RCSA?
C or S
Independent risk and control assessments (RCA) and residual risk self-assessments (RSA).
How does RCSA assess controls?
What type of controls?
By evaluating preventive and detective controls to reduce risk exposures to residual levels.
What does RCSA estimate regarding expected losses?
Under what type of conditions?
The most likely impacts and likelihood of risks under normal conditions.
What action plans are developed in RCSA?
Mitigating what above what?
Mitigating actions for residual risks above the firm’s risk appetite, such as adding controls, reducing exposure, or buying insurance.
What are stress shortfalls in RCSA?
Stressss!
Potential impacts in adverse conditions or multiple control failures.
What are the key outcomes of RCSA?
What constitutes a succesful RCSA.
Determining if the control environment aligns with the firm’s risk appetite and implementing further risk mitigation if necessary.
How often is RCSA typically performed?
Annually and updated after significant changes in the risk environment, such as incidents at peer firms.
What types of impact are assessed in RCSA
5
- Financial
- Regulatory
- Customer
- Service delivery
- Reputation impacts.
What scale is used for impact ratings in RCSA?
A four-point scale (low, moderate, major, extreme) to categorize the severity of impacts.
What is a challenge in RCSA related to subjectivity?
What do RCSAs rely on?
RCSA relies on judgment-based assessments, which can be subjective and influenced by biases.
What is a best practice for achieving comparability in RCSA?
What must participants keep the same?
Ensuring all participants use the same definitions to avoid conflicting interpretations.
What is a practical tip for using impact scales in RCSA?
How can you help assesors understand the actual impact?
Provide intuitive definitions and real-world examples to help assessors understand impact scales.
What are the multiple severity assessments in RCSA?
The cases.
Mild case (expected loss), stressed case, and worst case scenarios.
What is the focus of RCSA in terms of risk severity?
When I was little every car journey stuck in the…….
The “middle” risks—those that are neither too mild nor too severe—providing valuable insights for risk management.
What role does RCSA play in integration with other assessments?
What are these assesments?
It informs scenario assessments, Own Risk and Solvency Assessment (ORSA), and capital assessments for identifying tail risks.
Why is clear guidance is essential in RCSA?
Clear guidance to assessors to avoid confusion and disparity in results.
What is the role of incident management in RCSA?
Recognizing its role in reducing the net impact of risks.
What is the challenge of customization vs. consistency in RCSA, across various LOB and processes?
Customization of scales for different units can improve relevance but poses challenges for aggregating and comparing results.
What is the significance of the middle ground focus in RCSA?
Not too hot or too cold
It provides valuable insights for risk management and business decision-making by focusing on risks that are neither too mild nor too severe.
What is the role of RCSA in scenario and capital assessment?
RCSA findings can inform scenario assessments and capital assessments, crucial for identifying tail risks and planning for continuity.
