1) What are Risk and Control Self Assessments (RCSAs)? How would you construct an

RCSA program? How would you monitor the progress and success of an RCSA program?

(50 points) (

Tips: Define various terms including risk, inherent and residual risk ratings,

controls, Action plans etc., top down or bottom up and explain why that’s chosen. create

scope and how frequently RCSAs should be performed etc.

)

Note: Tips are not a comprehensive list of things you need to define. They are just ideas to

start.

2) As you create the program please identify the roles and responsibilities of first and

second line of defense (These would normally be the contents of policy and/or

procedures). (50 Points)

Part 2

Identification of Risks and Controls (70 points)

1. Chose a public company from any industry. To understand the nature and scale of the business you

could review the company’s description and data on any financial data websites (Yahoo finance,

google finance etc.) and the Annual Report (10-K), which is usually available under the Investor

Relations menu on the company’s website.

2. Identify

THREE

potential

Operational Risks

for the company. For each of the risks that you identify,

please do the following:

Articulate (describe) the risk in the “cause, potential event and impact” format

Identify controls that would mitigate the risk. If you are not able to identify any controls or

mitigation plans that the organization has implemented, identify (make up) some that you feel

would best mitigate the underlying risk.

Identify the approximate inherent and residual rating for the risk assuming the identified

controls exist. The scale provided in Exhibit B should be used for this step.

Please use the format in exhibit C to submit the assignment with rationales/explanation for

the fields following the table.

Answered>Order 15618