Module 6 - Midterm Pt 2 Flashcards
Heat Map Strength & Weakness
Strength: Easy to communicate and visualize
Weakness: May oversimplify risks
Heat Map User
Risk managers, executives
Bow-Tie Analysis Strength & Weakness
Strength: Comprehensive view of causes and consequences
Weakness: Time-consuming and complex to create
Bow-Tie Analysis User
Risk professionals, control experts
RCSA User
Operational staff, risk managers
What is the Risk and Control Self-Assessment (RCSA)
- Integral part of operational risk management frameworks
- Structured approach to understand the effectiveness of the control environment by identifying and assessing operational risks and associated controls
- Helps determine whether the residual risk is within approved risk boundaries
What is the value RCSA
- Correct internal control gaps on a timely basis
- Improve value
- Provide assurance
- Enhance risk culture
What can RCSA lead to
- Corrective actions
- Review of risk boundaries
- Accepting the level of risk for a period of time
- Management and board reporting
RCSA Key Considerations
- What risks to cover?
- What elements are required?
- Who does what?
RCSA Pros
- Interaction with other control processes
- a real-time view of the enterprise control environment
- Improve business value and enhance risk
culture
RCSA Cons
- Can be time-consuming and manually intensive
- Relies heavily on the quality of inputs
- Only captures what is known (room for bias)
KRIs First Line
Business Units
- Identifies KRIs
- Sets thresholds
- Monitors positions
- Escalates breaches of limits to management
KRIs Second Line
Risk Management
- Creates KRI framework and provide training
- Challenges / provides guidance to KRI selection process
- Facilitates reporting / escalation of breaches
- Identifies trends
KRIs Third Line
Internal Audit
- Provides validation/assurance around KRI processes
KRI Lifecycle
- Develop KRIs
- Establish KRI thresholds
- Monitor and report on KRIs
- Manage breaches of KRIs
- Revise KRIs as needed
