The Financial Crisis of 2008 and Subsequent Market Changes
The Business Case for Insurers to Adopt Operational Risk Management
Insurance: Its Products, Services and Business Operations
Insurers’ Operational Risk Governance and Framework
External Loss Data
Risk and Control Assessments
Reporting and Analysis
The Past, the Present and the Future of Operational Risk Modelling
The Insurance Landscape
Three Lines of Defence
Risk-and-control assessments (RCSAs) are an essential component of a robust operational-risk framework. The exercise itself can be a unique opportunity for employees from different areas to get together to discuss risk. Although there are several ways in which to perform an RCSA, the workshop approach remains one of the author ’s favourites, the reasoning being that the interplay and cross-fertilisation of the discussion creates a dialogue and debate impossible in a desktop exercise.
In this chapter, we will explore the background to the use of RCAs; explain what they are and how they are conducted; and differentiate inherent and residual risk levels and the beneficial effect of controls. We will also consider how to quantify the risk levels using a consideration of the impact and likelihood that a risk event will occur.
In order to leverage the human interaction in assessing risk, the information that the participants should receive ahead of an assessment are explained, and which participants are needed. The cycle of risk assessment, remediation and reassessment concludes the chapter.
RCSAs have been utilised in the operational-risk framework for