Understanding the RCSA process from design and implementation through to carrying out assessments, reporting results and creating follow-up actions.
This course covers all aspects of the RCSA process from design and implementation through to carrying out assessments, reporting results and creating follow up actions. The course is aimed at risk practitioners and business managers who have, or are looking to implement, a robust and comprehensive Risk & Control Self Assessment (RCSA) process within their organisation. It considers the RCSA process both as a stand-alone process and as part of an integrated Enterprise Risk Management framework.
The course applies the ISO 31000 and 31010 standards.
Course overview
In this course, you’ll learn:
1. Objectives & purpose of RCSA
- Objectives of RCSA
- What is RCSA?
2. What are we assessing – risks
- Types of risk
- Components of risk
- Risk bow ties
- Measures of risk
3. What are we assessing – controls
- Types of controls
- How controls modify risk
- Control classifications
4. Risk & control taxonomies
- Objectives of taxonomies
- Common types of taxonomies
- Using taxonomies in RCSA
5. Risk management & RCSA frameworks
- How RCSA integrates with other risk processes
- Risk and reward framework
- RCSA in an enterprise risk management framework
6. Approaches to risk assessment
- Tools and techniques for risk assessment
7. RCSA methods
- Determining what we will assess
- Likelihood and impact scales
- Setting likelihood scales: what measure?
- Setting impact scales: how many types of impact?
- Assessing risks: inherent, residual and targeted
- Assessing the effectiveness of controls
8. RCSA process
- Identifying business and process objectives
- Identifying critical processes
- Identifying risks
- Identifying controls
- Evaluating risks
- Treatment methods
- Methods for collecting information
- Preparing for a risk workshop
- Facilitating a risk workshop
9. RCSA reporting
- Types of report and information
- Information to report
- Including RCSA in an aggregated dashboard report
- Interpreting reports
10. When should risk assessment be carried out?
- Periodic risk assessment
- Dynamic risk assessment
- Integration with other risk processes
- Formal and informal risk assessment
11. Roles and responsibilities
- RCSA and the three-lines model
- Who owns risk and controls?
- Who owns risk and control self assessment?
Course expectations
- Watch 25 videos
- Answer 12 knowledge questions
- Complete 1 Interactive Risk Assessment Forecast
- Answer 10 quiz questions
Time
- 4.5 hours of video content
- Approximately 5-6 hours for the whole course
