Risk and Control Self Assessment May

9:00am Tuesday, 2 May 2023
12:15pm Thursday, 4 May 2023
Professional Development Course

Risk and Control Self Assessment May 

An RMIA Virtual Course in partnership with The Protecht Group.


This workshop is aimed at risk practitioners and business managers who have, or are looking to implement, a robust and comprehensive Risk & Control Self Assessment (RCSA) process within their organisation. The workshop covers all aspects of the RCSA process from design and implementation through to carrying out assessments, reporting results and creating follow up actions. The RCSA process is considered both as a stand-alone process and as part of an integrated Enterprise Risk Management framework.

The course applies the AS/NZS ISO 31000 and 31010 standards.

Course Overview

1.  An overall Framework for Managing Enterprise Risk

  • Revisiting risks and controls —what are we assessing?
  • The risk Bow Tie. Causes, Events and Impacts.
    • A risk framework and where RCSA fits
    • Inherent, Residual, Expected and Targeted Risk
  • Treatment methods and control effectiveness
  • Understanding likelihood and impact drivers

2.  Defining Risk & Control Self Assessment (RCSA)

  • Objectives of RCSA
  • What is RCSA?
  • The importance of linking RCSA to strategy and objectives
  • The various approaches to RCSA

3.  The steps in an RCSA process

  • Identifying business and process objectives
  • Identifying critical processes
  • Identifying risks
  • Identifying controls
  • Assessing risks: Inherent and residual
  • Assessing the effectiveness of controls
  • Creating escalations, follow ups and action plans

4.  RCSA inputs

  • Determining what we will assess
  • Identifying risks
  • Risk descriptions-what are the rules?
  • Identifying treatment methods
  • Types of Control
  • Likelihood and impact scales
  • Setting likelihood scales: What measure?
  • Setting impact scales: How many types of impact?

5.  RCSA processes

  • Linking risks to objectives and critical processes
  • Linking risks to causes and impacts
  • Linking risks to controls
  • Assessing the size of risk
  • Is inherent risk useful and can it be determined?
  • Cumulative and aggregated control effectiveness
  • Determining treatment/control improvements
  • RCSA Case study: Carrying out an RCSA

6.  Setting up an RCSA for completion

  • Deciding on participants
  • Background information
  • Carrying out an initial assessment
  • Carrying out periodic assessment updates
  • Towards continuous assessment

7.  RCSA Reporting

  • Types of report and information
  • Information to report
  • Including RCSA in an aggregated dashboard report
  • Interpreting reports

8.  Using RCSA

  • Escalations and notifications
  • As a risk monitoring and management tool
  • As a benchmarking tool
  • As a driver of behaviour

9.  RCSA as part of a Risk Framework

  • Linking RCSA to KRIs, Compliance, Incident Management, Issues and Action Tracking
  • Obtaining business engagement

10.  The future of RCSA

  • Where to next?
  • Maximising the value from the RCSA process
  • The main pitfalls and how to overcome them

Learning Objectives

  • An in-depth understanding of the objectives and outcomes of a robust RCSA process
  • An understanding of how the RCSA process integrates into an enterprise risk management framework and how the results of RCSA can be used in scenario analysis, key risk indicators, incident management and compliance
  • The ability to design an effective and efficient RCSA process
  • The ability to set relevant risk scoring scales to reflect risk appetite and tolerance
  • The ability to produce meaningful reports as output from the RCSA process
  • How to use the RCSA in risk and general management
  • How to use RCSA results to develop risk treatment improvements
  • An appreciation of the system requirements and system pitfalls for an effective RCSA process
  • The skills to be able to carry out effective and engaging RCSA workshops
  • An understanding of the pitfalls to a successful RCSA process and how to overcome them
  • An understanding of relevant external guidance and requirements including ISO 31000 and ISO 31010

Format of the Course

This course is delivered online. This event is offered as 2 x 3.25 hours interactive sessions (total 6.5 hours) over 2 days via GoToTraining online.


About Your Trainer: David Tattam, Chief Research & Content Officer, The Protecht Group

David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David’s vision is to redefine the way the world thinks about risk and to pioneer the development of risk management to its rightful place as a key driver of value creation in each of Protecht’s clients. David is the driving force behind Protecht’s risk thinking, pushing risk management to the frontiers of what is possible. He is also focused on driving the uplift of people risk capability through training and content.

David is passionate about risk and risk management and in reaping the value that risk and good risk management can create for any organisation willing to embrace it. He is particularly passionate about risk management research and is prolific in creating a wide range of content delivered in blogs, ebooks, webinars and training courses. He has developed Protecht’s comprehensive suite of  risk management training courses and has, and continues, to train many thousands of risk practitioners across the globe. David also manages Protecht’s consulting business offering a range of risk consulting capabilities from Risk Management Framework to Risk Appetite Statement development.

He is also the author of "A Short Guide to Operational Risk".


Course Details


Session 1          9:00am - 12:15pm AEST on Tuesday, 2 May 2023

Session 2          9:00am - 12:15pm AEST on Thursday, 4 May 2023

AEST = UTC +10:00

LOCATION: GoToTraining for both Sessions

PRICE: $770.00 incl.GST for Members

$924.00 incl. GST for Non-Members

CPD: 12 points

When you register for this course you agree to the RMIA passing your registration details onto our Training Partner, The Protecht Group. 

Group Bookings: For Group Bookings, please contact us via email on events@rmia.org.au or by phone on 02 9095 2500.

The time on your ticket when issued is the RMIA server timezone and may differ to the time of the event in your timezone. Please check this registration page for correct TIMEZONE and ACTUAL SESSION TIMES. 

Registration for each session will close 24 hours prior to the event when final Zoom invitation details will be sent, we cannot guarantee receipt of the Zoom invitation details after this time.


$924.00 *
$924.00 *
* Price includes GST where applicable

Contact Information

Wendy Graham

If you are experiencing any issues registering, please contact us on the below number. 

Additional Information