The Tribune

By ANISHKA COLLIE

CEO and principal consultant

ATC Financial Advisors & Consultants

TODAY’S ever-changing business environment requires companies to implement a culture of dynamic risk management through effective internal controls to ensure their objectives are achieved. Companies should continuously assess their risks, and the effectiveness of these controls, in mitigating those risks.

To achieve this, companies can implement a Risk Control Self-Assessment (RCSA). This is an effective approach to identifying and managing areas of risk exposure, as well as highlighting potential opportunities. In simple terms, an RCSA involves a structured approach to documenting business objectives, risks and controls, and having operational management and staff assess the adequacy of controls.

An RCSA is a technique that allows managers and work teams directly involved in business units, functions or processes to participate in assessing the company’s risk management and control processes. In its various formats, an RCSA can cover objectives, risks, controls and processes.

Managers can use RCSA programmes to clarify business objectives, identify existing risks, monitor the effectiveness of controls, gauge performance and assess critical systems. The results should be evaluated by managers and used to continuously improve the company’s operations. Self-assessments do not eliminate the need for independent audits.

Internal auditors can use RCSA programmes for gathering relevant information about risks and controls; for focusing audit work on high risk, unusual areas; and to forge greater collaboration with operating managers and work teams.

Internal auditors, in a consulting role, often act as facilitators to help work teams assess risks and controls. The involvement of those performing the work in evaluating risks and controls used the company’s expertise, increases buy-in on any action items, and focuses efforts on important business activities.

Other benefits of risk control self-assessments include creating a clear line of accountability for addressing risks, implementing controls and the creation of an entity with a lower risk profile.