Risk Control Self Assessment (RCSA)

Posted By: Herkunft

Risk Control Self Assessment (RCSA) - 04/10/12 08:04 PM

Hi, could anyone advise how Risk Self Assessment should be done in Operations? Suppose, we want to assess risks of job done by Employee-A. Does Employee-A have to come up with risk inherent in his job and controls, or is it supposed to be done by Employee-B within the same department? And is it Employee-B who is supposed to check if Employee-A performs adequate controls in his job? Thanks!
Posted By: DCS Planning

Re: Risk Control Self Assessment (RCSA) - 06/19/12 02:56 PM

This is an important question and I'm sorry I just stumbled on it today. I hope this information helps you. Essentially what you're talking about is the structure behind an employee deskbook including identifying, monitoring and reporting risks. Through systematically understanding and recording the objectives of business activity (aligned with your Business Impact Analysis), the risks that could prevent these objectives from being reached, and the controls that will channel activities and energy into the right and relevant direction, a coherent structure for managing the internal control framework is established.
So, you take your BIA work and apply it to each job position as risk, and possibly performance, indicators (NOT to each employee). Some jobs may have multiple employees performing them and in that case I'd use the same assessment.
Does this answer your question?