Risk & Control Self-Assessment

In this course, David Tattam, Chief Research and Content Officer at Protecht, covers all aspects of the RCSA process from design and implementation through to carrying out assessments, reporting results and creating follow up actions.
  Course Launch: On-Demand
Course Access:  90 days from date of purchase

6 Hours


About This Course

Course Description

In this course, you'll learn:

1. Objectives & purpose of RCSA

  • Objectives of RCSA
  • What is RCSA?

2. What are we assessing – risks

  • Types of risk
  • Components of risk
  • Risk bow ties
  • Measures of risk

3. What are we assessing – controls

  • Types of controls
  • How controls modify risk
  • Control classifications

4. Risk & control taxonomies

  • Objectives of taxonomies
  • Common types of taxonomies
  • Using taxonomies in RCSA

5. Risk management & RCSA frameworks

  • How RCSA integrates with other risk processes
  • Risk and reward framework
  • RCSA in an enterprise risk management framework

6. Approaches to risk assessment

  • Tools and techniques for risk assessment

7. RCSA methods

  • Determining what we will assess
  • Likelihood and impact scales
  • Setting likelihood scales: what measure?
  • Setting impact scales: how many types of impact?
  • Assessing risks: inherent, residual and targeted
  • Assessing the effectiveness of controls

8. RCSA process

  • Identifying business and process objectives
  • Identifying critical processes
  • Identifying risks
  • Identifying controls
  • Evaluating risks
  • Treatment methods
  • Methods for collecting information
  • Preparing for a risk workshop
  • Facilitating a risk workshop

9. RCSA reporting

  • Types of report and information
  • Information to report
  • Including RCSA in an aggregated dashboard report
  • Interpreting reports

10. When should risk assessment be carried out?

  • Periodic risk assessment
  • Dynamic risk assessment
  • Integration with other risk processes
  • Formal and informal risk assessment

11. Roles and responsibilities

  • RCSA and the three-lines model
  • Who owns risk and controls?
  • Who owns risk and control self assessment?


Course Expectations:

  • Watch 25 videos
  • Answer 12 knowledge questions
  • Complete 1 Interactive Risk Assessment Forecast
  • Answer 10 quiz questions


  • 4.5 hours of video content
  • Approximately 5-6 hours for the whole course

About Our Experts


David Tattam is the Chief Research & Content Officer and co-founder of the Protecht Group. David's vision is to redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht's customers.

Michael Howell is Protecht's Research and Content Lead. He is passionate about the field of risk management and related disciplines, with a focus on helping organisations succeed using a ‘decisions eyes wide open’ approach.

Continued Risk Learning Credits: 6

PRMIA Continued Risk Learning (CRL) programs provide you with the opportunity to formally recognize your professional development, documenting your evolution as a risk professional. Employers can see that you are not static, making you a highly valued, dynamic, and desirable employee. The CRL program is open to all Contributing, Sustaining, and Risk Leader members, providing a convenient and easily accessible way to submit, manage, track and document your activities online through the PRMIA CRL Center. To request CRL credits, please email [email protected].

 Membership Type Price
 Members $479
 Non-members $599

If this is your first time accessing the PRMIA website you will need to create a short user profile to register. Save on registration by becoming a member.


Register Now

Virtual Course
Registration not available.

Sign In to Register for Event


Contact Us

Looking to further your career?

Become a Member

Sign Up for Mailing List

Thank you to our sponsors, including:


Contact Us

Looking to further your career?

Become a Member

Sign Up for Mailing List