Risk and control self assessment.

In this course, David Tattam, Chief Research and Content Officer at Protecht, covers all aspects of the RCSA process from design and implementation through to carrying out assessments, reporting results and creating follow up actions.

The course is aimed at risk practitioners and business managers who have, or are looking to implement, a robust and comprehensive Risk & Control Self Assessment (RCSA) process within their organisation. It considers the RCSA process both as a stand-alone process and as part of an integrated Enterprise Risk Management framework.

The course applies the ISO 31000 and 31010 standards.

Course overview

In this course, you'll learn:

1. Objectives & purpose of RCSA

• Objectives of RCSA
• What is RCSA?

2. What are we assessing – risks

• Types of risk

• Components of risk

• Risk bow ties

• Measures of risk

3. What are we assessing – controls

• Types of controls

• How controls modify risk

• Control classifications

4. Risk & control taxonomies

• Objectives of taxonomies
• Common types of taxonomies
• Using taxonomies in RCSA
  

5. Risk management & RCSA frameworks

• How RCSA integrates with other risk processes
• Risk and reward framework
• RCSA in an enterprise risk management framework
  

6. Approaches to risk assessment

• Tools and techniques for risk assessment

7. RCSA methods

• Determining what we will assess
• Likelihood and impact scales
• Setting likelihood scales: what measure?
• Setting impact scales: how many types of impact?
• Assessing risks: inherent, residual and targeted
• Assessing the effectiveness of controls
  

8. RCSA process

• Identifying business and process objectives
• Identifying critical processes
• Identifying risks
• Identifying controls
• Evaluating risks
• Treatment methods
• Methods for collecting information
• Preparing for a risk workshop
• Facilitating a risk workshop
  

9. RCSA reporting

• Types of report and information
• Information to report
• Including RCSA in an aggregated dashboard report
• Interpreting reports
  

10. When should risk assessment be carried out?

• Periodic risk assessment
• Dynamic risk assessment
• Integration with other risk processes
• Formal and informal risk assessment
  

11. Roles and responsibilities

• RCSA and the three-lines model
• Who owns risk and controls?
• Who owns risk and control self assessment?
  

Learning objectives

• An in-depth understanding of the objectives and outcomes of a robust RCSA process
• An understanding of how the RCSA process integrates into an enterprise risk management framework and how the results of RCSA can be used in scenario analysis, key risk indicators, incident management and compliance
• The ability to design an effective and efficient RCSA process
• The ability to set relevant risk scoring scales to reflect risk appetite and tolerance
• The ability to produce meaningful reports as output from the RCSA process
• How to use the RCSA in risk and general management
• How to use RCSA results to develop risk treatment improvements
• An appreciation of the system requirements and system pitfalls for an effective RCSA process
• The skills to be able to carry out effective and engaging RCSA workshops
• An understanding of the pitfalls to a successful RCSA process and how to overcome them
• An understanding of relevant external guidance and requirements including ISO 31000 and ISO 31010

Course expectations

• Watch 25 videos
• Answer 12 knowledge questions
• Complete 1 Interactive Risk Assessment Forecast
• Answer 10 quiz questions

Timings

• 4.5 hours of video content
• Approximately 5-6 hours for the whole course

Cost

• US$600 payable by credit card on registration

Next steps

You can purchase this course on-demand via Protecht Academy by credit card.

This course has been approved by the International Institute of Risk and Safety Management for the period covering March 2024 - September 2025. Find out more about the IIRSM.

Please contact Protecht directly if you would like to discuss packages to implement this training across your organization. Bulk discounts are available and packages can be invoiced in your local currency.