A workflow for operational risk assessment & tracking corrective actions.

4 minutes read 

Understanding RCSA

In operational risk management, self-assessed risk control systems have long been used to continuously identify and remedy operational shortcomings.

Line management conducts RCSAs to assess risks against a set of expected controls. Risk management is a difficult task.
Today, many sorts of hazards exist, most notably Operational Risk.

The ability to design technology that enable extensive risk assessments from multiple perspectives to be completed rapidly, consistently, and with decent quality is the most fundamental difficulty. Businesses need the right technology to examine massive amounts of data quickly and accurately.


How do most people do this risk assessment now? Why is so hard to do?

All evaluations are done manually, which increases the turnaround time in ensuring that the appropriate preventive measures are in place. It also requires a lot of human labor to analyze and combine data into reports.

What are their most requested requirements?

For users – to complete risk assessments without detracting too much from their daily routine. “I know we have to finish this RCSA as soon as possible so I can get back to work.” For Risk Managers, a highly parameterized system that adapts to shifting risk environments, and faster turnaround with built-in rules and automation across increasingly distant operations

Why don’t IT organisations provide systems to address corporate operational risk requirements ?

Off-the-shelf choices tend to be prohibitively expensive and don’t meet all of your operational and risk needs. Time and money are both involved in customizing a product.

How did a pandemic lockdown prove that some corporate operational risk did not take account of this black swan event?

Many firms failed or lacked the tools to operate with low resources or remotely. Most organizations did not expect to be entirely remote in weeks, if not days.

Due to a lack of tools and processes, many firms were unable to assess new operational risks.

Our take on RCSA implementation for our clients

Too frequently, the RCSA has devolved into a minimally-compliant regulatory chore. If we prevent RCSA from being just a low value add regulatory requirement, we will erode rather than strengthen risk management. The system we assembled had to address the following issues in order to make RCSA a useful tool:

How to execute RCSA across geographically scattered multi-subsidiary businesses?

How to do periodic or ad-hoc “risk assessment campaigns”?

How to engage personnel and managers in a highly parameterized system with built-in controls for time-critical monitored operations?

How to automate risk assessment using business rules?

 It was vital to avoid making RCSA just another annual bureaucratic tick-box exercise.

Characteristics of our RCSA module

Our version of RCSA was built for a holding company with multiple subsidiaries. This corporation is regulated by both central banks and securities regulators, notably in Basel III operations compliance.

This system incorporated the following functionality:

  • Drag-and-drop graphical designer of workflow
  • Multi-users, multi-department, multi-company support
  • Staffer reporting hierarchy
  • Control center at-a-glance view of statuses of audits
  • Enquiry of past audit report filings
  • Automated email notifications
  • Campaign-based initiations
  • User-defined escalation reminders on overdue responses
  • Production of heat map showing likelihood-versus-impact areas for further analysis

In addressing these issues, we implemented more a “Collaborative assessment” module, where the business leader contributes the expert understanding of the business objectives and the business processes, and the risk expert contributes in depth understanding of the risk and the control options.

The benefits seen by our customers

Reduced Long Term IT Costs

Implemented within the SeaScape platform, users can adapt to changing risk management requirements. 

Common Platform Across Business Entities

Management can see how successful mitigation measures are across the organization.

Faster Real-Time Assessment

Create reports and heat maps to assess risks at any stage of the process.

Risk Management is changing with the “New Normal”

COVID 19 showed everyone that business success requires agility.

True risk management development programs today incorporate operational, environmental, technological, and talent pool challenges in addition to financial issues.

To complement the decoupled operations of work-from-home environment, we combine RCSA with a mobile phone application that assists firms in implementing best-practice audit management.

The app runs on Android and iOS and provides:

  • Best practices checklists can be customized, and listed for purchase in a best-practices marketplace
  • Multi-company, multi-team, multi-project support
  • Integration with messaging, email, and calendar
  • Tasks are assigned to subject matter experts
  • Performance targets and productivity are measured
  • Daily check-in/check-out
  • Flexible tasks allocation and duration
  • In-built action-review-accept management framework


Contact us today and explore with us how we can help your organization