Tip of the Month: Version 11 Embedding Risk Management with RCSAs

Did You Know?

BarnOwl makes it possible to send out risk and control self-assessments (RCSAs) to all risk and control owners across your organisation at the click of the button with no additional license costs.

The risk profession has for many years spoken about embedding risk management within the organisation, however, in a recent BarnOwl info sharing session, presented by Mark Victor, Partner, Deloitte Risk Advisory Services, Mark says that in his experience, “accountability and ownership is still not embedded well enough and that the risk function needs to help people understand the risks that they are running and for the business to take responsibility. We still find that the risk function do the work for the business instead of promoting accountability and playing the advisory role”.

Risks and controls are not updated regularly enough and too much time is spent by the risk function gathering information rather than analysing and providing decision-making insight to the business.

BarnOwl’s simple web-based RCSAs make it much easier to embed and drive ownership and accountability for risk management down to the business owners (1st line of defence). In addition, BarnOwl enables action plans to be captured with due dates and owners driving ownership for remedial action. BarnOwl automatically sends out email notifications and email reminders to owners with a simple web link to complete their RCSAs and / or action plans online, including the attaching evidence.

Five (5) simple steps to distribute, complete, monitor, collate, update and report on your risk universe with RCSAs

BarnOwl enables a ‘Rich’ user to build a risk or control self-assessment (RCSA) vote based on your risk and control registers and send these RCSAs out to the relevant risk and control owners. The risk / control owners receive an email with a link to vote using BarnOwl’s simple web-based interface. In addition, a reviewer (e.g. process owner) can review the votes before they are finally committed to the database. BarnOwl’s RCSAs allow a start date and end date to be defined within which time the owner must complete his / her RCSA. Email notification and reminder emails with a link to the RCSAs are automatically sent out by the system. In addition, each owner has access to his / her own web-based portal in order to view his / her outstanding RCSAs, action plans etc. The owners are able to save their votes as they go as well as submit their final vote. Once the risk / control owners have submitted their votes, the reviewer (e.g. process owner) can review the votes and capture comments where required. RCSA results can viewed and exported into Excel. In addition, graphical, drill-down RCSA dashboards are available using the BarnOwl Business Intelligence (BI) module.

The steps include:

    • Step 1 – Risk Champion creates and distributes the RCSA

 

    • Step 2 – Owners complete their RCSAs online

 

    • Step 3: Risk Champion monitors and collates the RCSA results

 

    • Step 4: Risk Champion updates the live BarnOwl registers with the RCSA voting results

 

  • Step 5: Up to date risk management reporting

 

Step 1 – Risk Champion creates and distributes the RCSA

Step 1.1 – Create and configure a vote

The risk champion (Rich license) creates RCSA template/s and applies these to the required business units.

FIG1.1a: capture a new Voting Template

FIG1.1b: e.g. Control Self-Assessment (CSA) FIG1.1c: Select a filter on controls which is applied when the vote is sent out
FIG1.1d: Select additional filters and conditions which force
the voter to capture comments and/ or action plans depen
ding on how they rate the control
FIG1.1e: Select users or a Voting template of pre-configured users
who are required to vote. Votes are also filtered by Unit permissions.
Multiple users can vote on a control and the votes can
be moderated by a ‘Reviewer’
FIG1.1f: Configure recurrence if required, whereby a vote will
automatically be sent out by the system based on its recurrence
settings (monthly, quarterly, twice per annum, annually etc.).
FIG1.1g: set the date by when the Voters must vote by as well
as by when the Reviewer must review by. The system sends
out automatic email reminders to the relevant Voters and Reviewer.

 

Step 1.2 – Apply the vote to the relevant Units in your organisational structure:

FIG1.2a: Apply the vote to the relevant Business Units in your organisational structure

FIG1.2b: Apply and activate the vote check boxes. FIG1.2c: Select the relevant unit/s where this voting template
will be applied to. The system will activate the vote for Voters
who have voting rights on their specific units.

 

FIG1.2d: Vote is applied / copied to the relevant units

Step 2 – Owners complete their RCSAs online

Step 2.1 – Risk & Control Owner/s complete their RCSA online (free license)

The system automatically sends an email to the relevant risk and control owners with a web link to their RCSA/s including an end (due) date by which their vote must be completed. The system will send out email reminders automatically as the end date (due date) approaches. The risk / control owner can also login to the BarnOwl portal at any time to view and complete his / her active RCSA/s. In the following example, the control owner rates the control effectiveness for each of his / her controls:

FIG2.1a: My Voting page (logged in as the voter ‘Manager, Risk’)

Fig2.1b: Voter rates his / her controls

Fig2.1c: Voter can capture the following per control: a) Action Plans in moderation mode b) Upload evidence c) Capture comments

In the example below, the Voter captures an action plan. New action plans are automatically saved in moderation mode which means that they won’t go ‘live’ until they have been moderated (authorised) by the reviewer and the vote has been closed and updated to BarnOwl.

Fig2.1d: A voter can also ‘assign a proxy’ if someone else needs to vote on his / her behalf

Step 2.2 – Reviewer (optional) reviews the completed CSA online (free license)

Once the risk and control owners have completed their vote/s, the reviewer views the voting results and can override the vote where required including a reason for the override.

Fig2.2a: By clicking on the ‘scale’ icon, the Reviewer can see all the other votes and use the ‘Use Average’ button if required to average all voting

The Reviewer can also rate each controls which takes precedence over all other votes. (i.e. becomes the final control rating)

FIG2.2b: The Reviewer can choose to ‘select’ or ‘deselect’ any action plans created or linked by the Voter/s

The Reviewer can also add an action plan/s to the control/s.

The ‘selected’ action plans only become live once the vote is closed and updated to BarnOwl.

The action plan icon shows the number of action plans selected (authorised) out of the total number of action plans:

Fig2.2c: The Reviewer (or Voter) can generate a Vote report and / or export the voting register to PDF

Fig2.2d: Reviewer can close the vote and update to BarnOwl

Step 3 – Risk Champion monitors and collates the RCSA results

Step 3.1 – Monitor the RCSA submission status

Fig3.1a: Vote tracking showing status of votes

Step 3.2 – View the RCSA results including comparing the Reviewer’s control ratings with the Control Owners’ ratings:

Fig3.2a: Vote tracking results

Fig3.2b: Vote tracking dashboard

Fig3.2c: Vote tracking dashboard drill through into a specific vote

Step 4 – Risk Champion updates the live BarnOwl registers with the RCSA voting results

Step 4.1 – Update the risk and control registers with the RCSA voting results

Fig4.1a: Update voting results into BarnOwl

Step 4.2 – View the updated risk and control registers in BarnOwl

Fig4.2a: View the updated results in BarnOwl

Step 5 – Up to date risk management reporting

The BarnOwl business intelligence module provides interactive, drill-down dashboards transforming risk, compliance and audit data into valuable business insight and foresight.

Fig5.1a: Risk dashboard showing risk rating trends

Fig5.1b: Control dashboard showing control effectiveness trends

Useful links

Link to info latest info sharing session

https://barnowl.co.za/knowledge-base/tip-of-the-month/tip-of-the-month-a-quick-guide-to-the-barnowl-version-11-web-app/

https://barnowl.co.za/knowledge-base/spotlight/barnowl-spotlight-session-power-bi-and-ssrs-standard-report-packs/

https://www.barnowl.co.za/tip-of-the-month/tip-of-the-month-barnowl-combined-assurance/

https://www.barnowl.co.za/tip-of-the-month/tip-of-the-month-barnowl-online-help-manuals/

About BarnOwl:

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 150 blue-chip organisations. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please see www.barnowl.co.za for more information.

arrow up