(Click Category to List Courses)

12 - MSE - Maintenance, Scheduling, Planning

MSE 166 - Risk and Control Self Assessment (10 Days)

Code Start Date Duration Venue
MSE 166 27 June 2022 10 Days Istanbul Registration Form Link
MSE 166 22 August 2022 10 Days Istanbul Registration Form Link
MSE 166 17 October 2022 10 Days Istanbul Registration Form Link
MSE 166 12 December 2022 10 Days Istanbul Registration Form Link
Please contact us for fees


Course Description

Risk Control Self Assessment (RCSA) is an empowering method/process by which management and staff of all levels collectively identify and evaluate risks and associated controls. It adds value by increasing an operating unit’s involvement in designing and maintaining control and risk systems, identifying risk exposures and determining corrective action. The aim of RCSA is to integrate risk management practices and culture into the way staff undertake their jobs, and business units achieve their objectives. It provides a framework and tools for management and employees. 

Course Objectives

  • Identify and prioritize their business objectives
  • Assess and manage high risk areas of business processes
  • Self-evaluate the adequacy of controls
  • Develop risk treatment action plans
  • Ensure that the identification, recognition and evaluation of business objectives and risks are consistent across all levels of the organization

Who Should Attend?

  • Risk and internal audit professionals
  • Third-party service providers
  • First-line risk and operations managers with responsibilities for operational risk management

Course Details/Schedule

Day 1

  • An overall Framework for Managing Enterprise Risk
  • Revisiting risks and controls —what are we assessing?
  • The risk Bow Tie. Causes, Events and Impacts.
  • A risk framework and where RCSA fits
  • Inherent, Residual, Expected and Targeted Risk
  • Treatment methods and control effectiveness
  • Understanding likelihood and impact drivers

Day 2

  • Defining Risk & Control Self Assessment (RCSA)
  • Objectives of RCSA
  • What is RCSA?
  • The importance of linking RCSA to strategy and objectives
  • The various approaches to RCSA

Day 3

  • The steps in an RCSA process
  • Identifying business and process objectives
  • Identifying critical processes
  • Identifying risks
  • Identifying controls
  • Assessing risks: Inherent and residual
  • Assessing the effectiveness of controls
  • Creating escalations, follow ups and action plans

Day 4

  • RCSA inputs
  • Determining what we will assess
  • Identifying risks
  • Risk descriptions-what are the rules?
  • Identifying treatment methods
  • Types of Control
  • Likelihood and impact scales
  • Setting likelihood scales: What measure?
  • Setting impact scales: How many types of impact?

Day 5

  • RCSA processes
  • Linking risks to objectives and critical processes
  • Linking risks to causes and impacts
  • Linking risks to controls
  • Assessing the size of risk
  • Is inherent risk useful and can it be determined?
  • Cumulative and aggregated control effectiveness
  • Determining treatment/control improvements
  • RCSA Case study: Carrying out an RCSA

Day 6

  • Setting up an RCSA for completion
  • Deciding on participants
  • Background information
  • Carrying out an initial assessment
  • Carrying out periodic assessment updates
  • Towards continuous assessment

Day 7

  • RCSA Reporting
  • Types of report and information
  • Information to report
  • Including RCSA in an aggregated dashboard report
  • Interpreting reports

Day 8

  • Using RCSA
  • Escalations and notifications
  • As a risk monitoring and management tool
  • As a benchmarking tool
  • As a driver of behaviour

Day 9

  •  RCSA as part of a Risk Framework
  • Linking RCSA to KRIs, Compliance, Incident Management, Issues and Action Tracking
  • Obtaining business engagement

Day 10

  • The future of RCSA
  • Where to next?
  • Maximising the value from the RCSA process
  • The main pitfalls and how to overcome them