Enhancing RCSAs - A guide to three key areas

Risk and Control Self-Assessment (RCSA) remains a pivotal activity for banks and insurers, serving as a robust framework to identify, assess, and mitigate operational and non-financial risks (ONFR).While numerous organisations have started efforts to enhance their RCSA practices, a wide range of practices and maturity levels persists within the industry. A recent study by the ORX Risk Management Working Group (RMWG) explored current and emerging RCSA practices. Read on for some of our key findings, and ORX members can read the full results in a short report.

Key Insights: Three Ways to Optimise RCSA Processes

1. The First Line of Defence

The first line of defence (1LOD) can play a key role in enhancing the effectiveness of the RCSA exercise

RCSAs mostly involve colleagues from many different functions and across the 1LOD and 2LOD. Consequently, the exercise could result in a significant resource burden and coordination challenge. One of the key ways firms can optimise the RCSA process is by clearly defining 1LOD and 2LOD roles and responsibilities.

2. Moving to a process view of RCSAs

Moving to a process view of RCSAs brings many potential benefits, but there are challenges to overcome

An end-to-end process view within RCSAs brings a range of benefits, including:

• Consistency
• Ensuring there are no gaps in material risks and/or key controls
• Leveraging for resilience risk management
• Supporting the development of scenario analysis storylines

3. Aligning to business strategy

Alignment to business strategy unlocks additional value but core challenges must first be navigated

Ideally, a cyclical relationship between RCSAs and business strategy can be established, with strategy informing RCSAs and control effectiveness/action plans generated as part of RCSAs feeding back into the business strategy-setting process.