This is the third blog in this Operational Risk Management series. In the first article, I explained the incredible KRI system we all have via our five senses. In the second blog, I discussed the application of the Risk and Control Self Assessment (RCSA) in our personal lives using the example of the annual medical check-up. The seven key steps of the RCSA process were set out as part of this example.
In this blog, we will see how the RCSA works in a business context by applying it to a business process. I will use the process of managing employee expense claims, their payment, processing and recording, a process we can all appreciate from one perspective or another. This example is deliberately at a granular level to illustrate the principles. The same concepts should be used at any level of the organisation using the appropriate level of granularity. This means that the volume of information should be similar for any risk assessment carried out.