Week 2 Flashcards
How to prepare a RCSA
Define the scope and objectives
Gather relevant data and documentation.
value of RSCA
HELPS IN EVALUATING THE EFFECTIVENESS OF RISK MANAGEMENT PRACTICES AND
CONTROL MECHANISMS
what are Likelihood Scales
% chance of occurring next year (a 1-in-10-year event means a 10% chance next year)
what are major incidents
top level involvement but not firm threatening
what does RSCA stand for
RISK AND CONTROL SELF-ASSESSMENT.
what is the Importance of RCSA
Enhances risk awareness and ownership
Identifies risk exposures/weakness
Structured approach
Supports regulatory compliance
How have Likelihood scales generally moved
from a 5-point to a 4-point system
how can Facilitators avoid misunderstandings in risk evaluations
ensure all participants use the same definitions
What are moderate incidents
significant but internal impact or limited external impact
what are extreme incidents
threaten firms survivial
what is RSCA
SYSTEMATIC PROCESS FOR IDENTIFYING AND ASSESSING RISKS AND CONTROLS
Components of RCSA
Risk/control Identification
Risk/ control Assessment
Action plans
RCSA exercises
Risk view, assessment, loss estimate, stress/shortfall estimate, action plan
RCSA benefits
Enhanced Awareness
Improved Management
Compliance
Decisions
Improvement
what is rated major on RSCA
> 5%
what is rated moderate on RSCA
> 0.5%
what is rated extreme on RSCA
> 25% yearly budget at risk
what is rated low on RSCA
<0.5% budget
limitations of RSCA
simple
subjective
inconsistent
improper prioritization
benefit of Four Point Scale in RSCA
removes “insignificant” impacts to focus on meaningful risks
What are low incidents
Accepted as cost of doing business
what does The Heatmap Combine
Likelihood and Impact
What are Mild cases of expected loss
resulting from control failure or mishap
in normal business conditions
What are Stressed cases
pessimistic version of possible losses, following key control failure or multiple control failures
