The Innovation of Risk does not typically provide postings on risk management standards and guidance but in this case we felt that sharing the recently announced guidance note on the risk and control self-assessment process from the Risk Management Association (RMA) in Australia was worth highlighting.
The RMA media release details that “the Risk and Control Self-Assessment Guidance Note outlines a set of guiding principles for implementing a risk and control self-assessment (RCSA) process for Australian financial services firms. The Guidance Note aims to document industry-agreed suggestions on what works well, what to be aware of, and what to avoid when applying the RCSA process. While the Guidance Note is by no means prescriptive, its content has been developed and agreed by industry peers from 13 Australian banks“. The performance of risk and control assessments is one of the most critical elements of an effective operational risk management framework.
This guidance note provides an excellent supporting document for all organisations, regardless of the industry, to help perform the assessment process. In particular the document is broken up into the 7 key steps in the proces.
The guidance note also highlights that for an effective risk and control self-assessment (RCSA) to occur it must:
- Link with the strategic plan;
- Facilitate management prioritisation; and
- Be an enabler of good governance.
The guidance note itself outlines 11 principles in the performance of an RCSA.
We encourage everyone to review this guidance note as part of their risk management process but more importantly, as detailed in the guidance note, to ensure that the risk assessment process is aligned to ensuring that it enables management to deliver on their business objectives in a risk focused manner.
Organisations across the globe need to understand and manage their risks every day, and every piece of guidance and support can help in making that process simpler, clearer and more effective.