Tip of the Month: Embedding Risk Management with RCSAs

August 20, 2021

Did you know ?

BarnOwl makes it possible to send out risk and control self-assessments (RCSAs) to all risk and control owners across your organisation at the click of the button with no additional license costs.
The risk profession has for many years spoken about embedding risk management within the organisation, however, in a recent BarnOwl info sharing session, presented by Mark Victor, Partner, Deloitte Risk Advisory Services, Mark says that in his experience, “accountability and ownership is still not embedded well enough and that the risk function needs to help people understand the risks that they are running and for the business to take responsibility. We still find that the risk function do the work for the business instead of promoting accountability and playing the advisory role”.
In addition, risks and controls are not updated regularly enough and too much time is spent by the risk function gathering information rather than analysing and providing decision-making insight to the business.
BarnOwl’s simple web-based RCSAs make it much easier to embed and drive ownership and accountability for risk management down to the business owners (1st line of defence). In addition, BarnOwl enables action plans to be captured on the fly with due dates and owners. BarnOwl automatically sends out email notifications and email reminders to owners with a simple web link to complete their RCSAs and / or action plans online, including attaching evidence.

Five (5) simple steps to distribute, complete, monitor, collate, update and report on your risk universe with RCSAs

BarnOwl enables a ‘Rich’ user to build a risk or control self-assessment vote based on your risk and control registers and send these RCSAs out to the relevant risk and control owners. The control owners receive an email with a link to vote using a simple web-based interface. In addition, a reviewer (e.g. process owner) can review the votes before they are finally committed to the database. BarnOwl’s RCSAs allow a start date and end date to be defined within which time the owner must complete his / her RCSA. Email notification and reminder emails with a link to the RCSAs are automatically sent out by the system. In addition, each owner has access to his / her own web-based portal in order to view his / her outstanding RCSAs, action plans etc. The owners are able to save their votes as they go as well as submit their final vote. Once the control owners have submitted their votes, the reviewer (e.g. process owner) can review the votes and capture comments where required. RCSA results can viewed and exported into Excel. In addition, graphical, drill-down RCSA dashboards are available when using the BarnOwl Business Intelligence (BI) module..

Step 1 – Risk Champion creates and distributes the RCSA

The risk champion (Rich license) creates RCSA template/s and applies these to the required business units.

Step 2 – Owners complete their RCSAs online

Step 2a – Risk & Control Owner/s complete their RCSA online (free license)

The system automatically sends an email to the relevant risk and control owners with a web link to their RCSA/s including an end (due) date by which their vote must be completed. The system will send out email reminders automatically as the end date (due date) approaches. The owner can also login to the BarnOwl portal at any time to view and complete his / her active RCSA/s. In the following example, the control owner rates the control effectiveness for each his / her controls:

Step 2b: Reviewer (optional) reviews the completed CSA online (free license)

Once the risk and control owners have completed their vote/s, the reviewer views the voting results and can override the vote where required including a reason for the override.

Step 3: Risk Champion monitors and collates the RCSA results

Step 3a: Monitor the RCSA submission status

Step3b: View the RCSA results including comparing the Reviewer’s control ratings with the Control Owner’s ratings:

Step 4: Risk Champion updates the live BarnOwl registers with the RCSA voting results

Step 4a: Update the risk and control registers with the RCSA voting results:

Step 4b: View the updated risk and control registers in BarnOwl:

Step 5: Up to date risk management reporting

The BarnOwl business intelligence module provides interactive, drill-down dashboards transforming risk, compliance and audit data into valuable business insight and foresight:

Useful links

Link to info latest info sharing session




About BarnOwl:

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by close to 200 organisations in Africa, Australasia and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please see www.barnowl.co.za for more information.