Incident Reporting
RCSA
Basic Risk Management and KRIs
200

How many hours from detecting the incident are you required to file the report?

24 hours from detection

200

What does RCSA stand for?

Risk & Control Self-Assessment

200

What does KRI stand for?

Key Risk Indicator

400

Which Department has access to the Incident Report?

Risk Management Unit

400

What is the formula for inherent risk?

Impact x Likelihood

400

Who is responsible for managing risk?

Managing risk is everyone's responsibility.

600

Name three (3) classifications of operational loss.

1. Near Miss; 2. Actual; 3. Potential

600

What are the three (3) types of Controls?

1. Detective; 2. Corrective; 3. Preventive

600

What are the three (3) qualities of a good KRI?

1. Measurable; 2. Predictive; 3. Actionable.

800

Name one (1) element that makes a good incident report.

1. Incident Title & Category; 

2. What happened? (date, time, location, process)

3. Impact (financial. customer, regulatory, reputational) severity v risk matrix; 

4. Financial Loss? Type? (actual, potential, near miss)

5. Why did it happen? (causal category: people, process, systems. external events); 

6. What control failed? (no controls, preventive, detective)

7. Action/Response (a) what was done? (immediate action) (b) what will prevent recurrence (corrective action) (c) who owns action items)

800

What is the formula for residual risk?

Impact x Likelihood x Control Effectiveness

800

Name the four (4) processes of risk management.

1. Identify; 2. Evaluate; 3. Respond; 4. Monitor

M
e
n
u