Solutions

RCSA Application

Risk Control Self-Assessment is a major, and often mandatory, exercise by businesses to test the design of internal controls and controls effectiveness; and to ensure that controls are reducing the inherent risk to the extent that they have been designed for.

RiskCounts provides a comprehensive RCSA Application, that allows organizations to conduct their quarterly risk-control reviews, with the simplicity and workflow execution on a single platform. The RCSA provides an inbuilt issue-tracking and remediation module but can also easily be integrated with other issue and incident management systems that an organization may already be using.

RCSA Dashboard

  • Send mail
    The dashboard views can be customized to client need. A full range of Analytics is available . These include: 1. RCSA process 2. Bottlenecks 3. Key Risk issues
  • Send mail
    Control and Residual Risk Ratings, changes, distribution, dispersion
  • Send mail
    New Remediation with timeline, status, aging
  • Send mail
    Open remediation items from the past with aging, slippages, re-prioritization, rescheduling
  • Send mail
    Trend over the last four Quarters in RCSAs conducted
  • Send mail
    Provides overall ratings, average outstanding issues for the past RCSA's and issues closed

RCSA Set-Up

  • Send mail
    A full list of Assessors is set up in the system – default is that All Employees are assessors
  • Send mail
    List of Business Units and designated Unit Heads is set up
  • Send mail
    Risk Management is set up as the third key “role”
  • Send mail
    Controls categories are defined; Policies & Risks are tagged to Controls categories
  • Send mail
    Key elements in each Control Category are identified as distinct Control Procedures

Role of An Assessor

  • Send mail
    Assessors assess each control category by answering a set of key questions for each Control Section
  • Send mail
    Questions focus on Control failures, Test documentation, and Control effectiveness
  • Send mail
    Assessors rate Control Effectiveness on a scale. They also draft any Remediation required and submit rating and remediation to Business Unit Head/RCSA coordinator

Ratings Aggregation by RCSA Coordinator

  • Send mail
    Business Unit Head/RCSA Coordinator finalizes the control ratings for each key risk and/or risk policy
  • Send mail
    Coordinators also finalize draft remediation details and submit to Risk Management

Finalization by Risk Management

  • Send mail
    At inception, Risk Management identifies and assesses the Inherent Risks jointly with the First Line of Defense
  • Send mail
    The RCSA follows a questionnaire for the assessors, and based on their responses, the business unit coordinators summarize the risk
  • Send mail
    The Risk Manager finally aggregates the ratings of various business unit coordinators to come up with a final rating/s on the effectiveness of controls
  • Send mail
    Risk Manager determines (an optional algorithm is provided in the system) the Residual risk based on the effectiveness of the controls, as rated by the assessors, consolidates ratings and remediation details and derives Residual Risk ratings
  • Send mail
    Obtains all required Analytics on the RCSA process, Ratings, and Remediation
  • Send mail
    Finalizes any report or presentation, and escalation and training based on RCSA results

Issue Management & Remediation

  • Send mail
    All Control items rated as “Needs Improvement” automatically ask for Remediation plans: Assessor provides Draft Remediation
  • Send mail
    Business Head approves, consolidates, and submits Final proposed remediation
  • Send mail
    Risk Management finalizes all Remediation, and completes details
  • Send mail
    Remediation is managed as a full project-plan with identified ownership, dates, priority
  • Send mail
    Remediation can be actively tracked at all levels
  • Send mail
    Enables central recording, prioritization, resource-allocation, tracking, and project-management of issues, and reviews by Risk Management
  • Send mail
    Business and Risk Management/Legal/Compliance can be on top of all issues at any given time