Assignment
Part 1
1) What are Risk and Control Self Assessments (RCSAs)? How would you construct an RCSA program? How would you monitor the progress and success of an RCSA program? (50 points) (Tips: Define various terms including risk, inherent and residual risk ratings, controls, Action plans etc., top down or bottom up and explain why that's chosen. create scope and how frequently RCSAs should be performed etc. )
Note: Tips are not a comprehensive list of things you need to define. They are just ideas to start.
2) As you create the program please identify the roles and responsibilities of first and second line of defense (These would normally be the contents of policy and/or procedures).
Part 2
Identification of Risks and Controls
1. Chose a public company from any industry. To understand the nature and scale of the business you could review the company's description and data on any financial data websites (Yahoo finance, google finance etc.) and the Annual Report (10-K), which isusually available under the Investor Relations menu on the company's website.
2. Identify THREE potential Operational Risks for the company. For each of the risks that you identify, please do the following:
a. Articulate (describe) the risk in the "cause, potential event and impact" format
b. Identify controls that would mitigate the risk. If you are not able to identify any controls or mitigation plans that the organization has implemented, identify (make up) some that you feel would best mitigate the underlying risk.
c. Identify the approximate inherent and residual rating for the risk assuming the identified controls exist. The scale provided in Exhibit B should be used for this step.
d. Please use the format in exhibit C to submit the assignment with rationales/explanation for the fields following the table.
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.
Attachment:- Exhibits.rar