Risk and Control Self-Assessment
The objectives of risk and control self-assessment are clear. It is management that best understands the nature of their control environment, so it should be management that regularly assesses this as part of their normal controls.
All risk and control self-assessment (RCSA) achieves is to codify this into a consistent format to enable successful reporting to management.
Of course, this does change the role of internal audit and internal control and we shall consider that later.
RCSA starts with the risk register which, as previously discussed, is the articulation of the complete control environment for the firm. Each risk has a clear and concise definition that is understandable by the people that ...
Get Enterprise Risk Management in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.