Risk Control Self Assessment (RCSA) as an accepted component of effective operational risk software is well established, and forms a core part of Optial’s Operational Risk Management software.
Through systematically understanding and recording the objectives of business activity, the risks that could prevent these objectives from being reached, and the controls that will channel activities and energy into the right and relevant direction, a coherent structure for managing the internal control framework is established.
Optial Risk Registers
A systematic approach is the best one for an organisation to take to create and manage a library of risks on both a global / group level as well as at a local / business unit level. Optial provides pre-configured libraries for this where organisations can add their own risks.
The resultant risk templates will be used to generate the risk assessment checklists, either automatically or on demand, for selected businesses and business units for the manager to use to rate their current performance and identify control inefficiencies and build action plans in Optial to address them.
Optial RCSA Solution
Optial reduces the administrative burden associated with compliance and internal control and, more importantly, provides the infrastructure to obtain real business value. Optial’s flexible object model is ideally suited to supporting this kind of risk management framework including:
- Risks
- Controls and control monitoring
- Checklists.
As these are an integral part of the Optial solution. Internal Control monitoring can be set up to generate reminder checklists, whether daily, weekly, monthly or quarterly. Risk-based self-assessments can equally be generated either by individual managers, or distributed to key business units by the central risk group.
Typically an RCSA is a periodic assessment and takes place in a workshop environment, with involvement of all responsible managers, a selection of their peers and participation/facilitation by a risk professional. The results of the assessments are documented in the system as answers to risk-based checklists, along with relevant supporting documentation and commentary.
Impact and probability assessments of risks and controls are part of the standard system; an organisation may wish to use inherent and/or residual and target impact and probability, along with an assessment of the effectiveness of the controls. Standard risk categorisations can be selected to implicitly link items and drive much of the reporting from the Optial system. Explicit links can be created on a one-one or many-many basis, e.g. linking risks to associated losses, controls, regulations, audit findings, etc.
Automatic scoring allows comparison and benchmarking of results. Risks can be automatically red-flagged on the basis of freely definable combinations of impact, probability, control effectiveness or other dropdown selections, and these can in turn be built into Key Risk Indicators (KRI).
Since Optial can be configured without the need to change code, each institution can choose which parts of the framework are to be employed.
Risk Reporting
Reporting on the results of the risk assessments takes various forms: lists, charts, radars, maps and tables are provided within the standard Optial system, with additional user generated reports available through the Optial Business Intelligence browsers.
If you would like further information on Optial Products or services email: request@optial.com or telephone: +44 (0) 207 247 7673.