Season 2 | Ep. 5: From Concept to Reality: Enacting RCSA in Financial Institutions
Podcast

Season 2 | Ep. 5: From Concept to Reality: Enacting RCSA in Financial Institutions

January 30, 2024

In this episode of the Risk Intel Podcast, host Ed Vincent, welcomes Doug Cargnel back to the show to help explain some of the practical aspects of enacting a Risk and Control Self-Assessment (RCSA). Doug is a compliance expert, who brings nearly 30 years of operational risk management and audit experience in the financial sector. Let's explore some of the key themes and best practices shared by Doug during the episode:

Defining the Risk Assessment Universe

First Ed and Doug discussed the importance of defining the risk assessment universe once a financial institution decides to enact an RCSA. Doug emphasizes that this process is crucial but often challenging. Larger banks may encompass all processes and technologies, while mid-sized banks might start with critical products or services. Defining the universe involves decisions on whether to focus on products, major processes, organizational units, or a combination.

Doug highlights the importance of collaboration when defining risk assessments and working with all stake holders to ensure success. Involving business units and those delivering products and services is crucial, ensuring that the RCSA is meaningful to them. While a risk professional facilitates the conversation, the ultimate goal is to secure business buy-in for the defined universe and how it is broken into logical pieces.

Importance of Taxonomy

The conversation shifts to the significance of having a standard and consistent taxonomy. A standardized approach helps in comprehensively addressing various risk exposures. Taxonomies enable a logical discussion about risks and controls, breaking down broad categories like operational risk into specific elements such as people, process, system failures, fraud, and cybersecurity.

Risk Appetite and Aggregation

Doug next explains that defining risk appetite is essential, determining how much exposure an organization can live with. A standardized taxonomy facilitates the aggregation of risks across different RCSAs, allowing organizations to assess whether risks are managed within their defined appetite. This step is crucial for identifying areas that might be out of appetite and require targeted attention.

Pitfalls and Preparations For Implementing RCSAs

Finally the discussion ended on they types of pitfalls to avoid when enacting an RCSA. Pre-work, including clear definition of units, educating business teams on risk and control concepts, and developing a control inventory, is emphasized. Facilitated sessions, led by someone with risk experience, are recommended for effective implementation.

Conclusion

The themes of collaboration, standardization through taxonomy, and effective pre-work are highlighted as essential elements for successful implementation of Risk and Control Self-Assessment (RCSA). This podcast and second episode on RCSA sets the stage for future discussions on tools and regulatory interactions related to RCSA. Stay tuned as we will have Doug back on the show to discuss some different tools to facilitate RCSA execution, best practices to monitor risks once identified.

If you missed Part 1 of this series, read, listen, or watch here.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
SCHEDULE a demo
risk maturity framework

EXPERIENCE. WISDOM. KNOWHOW.

Book an

SRA CONSULTING

discovery session

SCHEDULE NOW
enterprise risk management for credit unions
Three ways to tap into the people, technology and insights of SRA Watchtower.
We're focused exclusively on the serving the financial & Insurance industries.

DISCOVERY 
SESSION

Discovery Session
Schedule a 30 minute discovery call with an SRA Watchtower risk expert to understand your challenges or opportunities ahead to see how Watchtower's holistic risk intelligence platform can support your goals.
SCHEDULE NOW

WATCHTOWER
DEMO

watchtower demo
Look inside Watchtower, the holistic risk intelligence platform to learn how it helps executives navigate risk and drive growth.
BOOK TODAY

Risk Intel
Podcast

Risk Intel Podcast
Listen and learn from SRA Watchtower risk enthusiasts, customers, and experts across the financial industry through our weekly risk focused podcast.
REGISTER

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
SCHEDULE a demo
risk maturity framework