Chpt 5

Question 1

What is RCSA?

Answer 1

Risk and Control Self-Assessment - a process for identifying, assessing and managing risks and controls.

Question 2

What are the benefits of RCSA?

Answer 2

Cultural change, strategy alignment, consensus, accountability, anticipating threats, efficiency.

Question 3

What is the role of RCSA?

Answer 3

Proactively identify and manage operational risks before they impact objectives.

Question 4

Name 3 RCSA approaches.

Answer 4

Workshops, Questionnaires, Hybrid.

Question 5

What are 2 advantages of RCSA workshops?

Answer 5

Interaction, guidance, buy-in.

Question 6

What are 2 disadvantages of questionnaires?

Answer 6

Misinterpretation, bias.

Question 7

Define likelihood.

Answer 7

Possibility of a risk event occurring.

Question 8

Define impact.

Answer 8

Consequences if an operational risk occurs.

Question 9

What is assessed for likelihood and impact?

Answer 9

Inherent risk and residual risk.

Question 10

Name 4 types of controls.

Answer 10

Preventative, detective, corrective, directive.

Question 11

What determines if a control is effective?

Answer 11

Design and operation.

Question 12

Who is the risk owner?

Answer 12

Accountable for managing risk identification, assessments etc.

Question 13

Who is the control owner?

Answer 13

Designs, operates and monitors controls.

Question 14

Name 4 risk response actions.

Answer 14

Accept, reduce, transfer, avoid.

Question 15

What are 2 uses of risk reporting?

Answer 15

Guide decisions, raise awareness.

Question 16

What does a heat map show?

Answer 16

Visual summary of risk exposures.

Question 17

Name 3 triggers for ad hoc RCSA.

Answer 17

Change in appetite, restructure, new regulation.

Question 18

What validates likelihood and impact assessments?

Answer 18

Risk indicators and loss events.

Question 19

What are 3 reporting contents?

Answer 19

Assessments, actions, changes.

Question 20

What maintains RCSA as BAU activity?

Answer 20

Governance committee oversight.

Question 21

What skills make an effective RCSA facilitator?

Answer 21

Risk knowledge, challenge consensus, unbiased.

Question 22

What evidences control effectiveness?

Answer 22

Testing and attestation.

Question 23

What causes re-assessment of risks?

Answer 23

Changes in likelihood, impacts or controls.

Question 24

What improves reporting?

Answer 24

Interpretation not just data.

Question 25

What is a risk register?

Answer 25

Database recording RCSA outputs.

Question 26

What confirms RCSA adds value?

Answer 26

Implemented efficiency improvements.