RCSA Risk Control Self-Assessment
Also See Risk Based Auditing
In this article I will explain how Symbiant gives you the tools to perform RCSA and to have this important process as an ongoing embedded part of your risk management program.
Most risk managers when assessing the residual (NET) risk score will have to assume that the controls that contribute to the reduction are working. But what if there not? This would mean your residual score is incorrect, meaning your risk registers are incorrect and you are exposing your company and its officers to a higher level of risk than they are aware of. Obviously, this is unacceptable but it’s often the best you can do with the tools you are working with.
Symbiant overcomes this problem by allowing you to place the controls that are responsible for the reductions in impact and likelihood between the inherent (Gross) and residual (Net) scores, you can also weight the controls that are more valuable. The first benefit of doing this is, our system will calculate how effective each control is, how much they contribute to risk reduction, how valuable they are. You can also see which risks benefit from each control. The built in reporting gives you all this information.
Symbiant then allows you to assess these controls on a regular schedule of your choosing. Because you can give individual ownership of each assessment questions you can enrol your department managers in to the assessment process. Reducing the overhead on the audit department and reducing the disruption audits can cause. Which means you can test more frequently.
Based on the responses received from the question owners the program will automatically assess the viability of the control, if it is deemed to have failed or not working the control will automatically deactivate. This in turn will cause emails to be issued to all affected risk owners, notifying them that a risk they are a manager of has a failed control. It will also automatically adjust the residual risk scores to account for the loss of the control. Meaning your risk registers risk scoring will be more accurate.
The system then allows for a review and remedial actions to be assigned and put in place to fix the problem(s).
The Symbiant system is the only affordable solution that offers this functionality as part of the core system, we call this Dynamic Residual Scoring.
Symbiant audit and risk management software contains all of the above and more as standard, whilst remaining the most cost-effective software solution on the market. Contact us today for more information, view our packages or sign up for a 30 day free trial.