September 2, 2022

Risk Management Question

Assignment #3 (175 points)

PART 1 –

Program Construction

You are hired in the Operational Risk department (2nd Line of defense) and tasked to create a Risk and Control Self-Assessment (RCSA) program for one of the following companies: Amazon -AMZN (NASDAQ); JP Morgan Chase & Co. – JPM (NYSE); Tencent TCEHY (Hong Kong, US OTC). Please choose one company from the provided three companies and answer the questions below:

Tip: To understand the nature and scale of the company’s business, you could review the company’s description and data on any financial data websites (Yahoo finance, Google finance etc.) and the Annual Report (10-K), which is usually available under the Investor relations menu on the company’s website. (The financial information will be useful to determine the severity scale).

1) What are Risk and Control Self Assessments (RCSAs)? How would you construct an RCSA program for the company you chosen? Create a rating scale similar to Exhibit B. The company’s revenues can help determine the size of the severity buckets. (50 points) (Tips: Please also define various terms including risk, inherent and residual risk ratings, controls, Action plans etc. during your construction of chosen company’s RCSA. Decide whether your firm would adopt a top down or bottom up approach and explain why this method was chosen. create scope and how frequently RCSAs should be performed etc.). Note: Tips are not a comprehensive list of things you should define. They are just ideas to start. You should include more details about the construction of RCSA program and explain well about the items to your audience.

2) As you create the program please identify the scopes, roles and responsibilities of the First (1st) and the Second (2nd) line of defense with respect to the RCSA program that you design for the company (These would normally be the contents of policy and/or procedures). (50 Points) 1

PART 2 – .

Identification of Risks and Controls

1) Identify Two Potential Operational Risks for the company. Use the following template:

Risk Name Inaccurate Disbursement Risk Local Description Employment initiates wire transfers from client accounts to external back due to lack of segregation of duties and entitlement controls causing financial loss. Inherent Risk Rating Once a month, 5M – 20M Controls Residual Risk Rating Action Plans and Rationale – Maker checker – Call back for new accounts – Accounts payable review before execution Once a quarter, 500k-5M Implement escalated approvals based on amount.

For each of the identified risk, fill the above template with the guidance below and elaborated more thoroughly in your writings and graphs: (each part worth 5 points for each risk, 45 points total):

a. Articulate (describe) the risk in the “cause, potential event and impact” in the local description column (Please also show the result similar Exhibit A separately).

b. Assess the inherent risk and fill the inherent risk rating column with Frequency and Severity table as Exhibit B. You may guess the Frequency and Severity according to the company you chosen and then pick the color).

c. Identify at least two types of controls that would mitigate the risk and identify the control type (directive, preventive, corrective, detective). If you are not able to find any controls that the organization has implemented, identify (make up) some that you feel would best mitigate the underlying risk. Controls should reflect processes that have already been implemented by the company to mitigate the risk.

d. Fill the residual risk ratings field using the Frequency and Severity. (You may guess the Frequency and Severity according to the company you chosen and controls strength you designed)

e. Create a minimum of one action plan that would mitigate the risk (An action plan is a description to create a NEW control or enhance an existing control).

2) Provide an explanation (approximately one paragraph) of the values that you selected for each of the fields within the table. For example, what is the rationale for residual risk rating (Frequency & Severity)?

How do the controls effectively reduce (or not) the inherent risk rating to residual risk rating (Frequency & Severity) etc. (15 points each risk, 30 points in total)?

Exhibit A: Use as reference only Control 1 Impact 1 Cause 1 Control 2 Event Impact 2 Control 3 Cause 2 Risk

Exhibit B: Create a similar scale based on the size of your company. Severity

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.

Risk Management Question

Related Posts

FIN/711: Financial Measures Of Value Added Wk 3 – Risk and Return Analysis [due Mon] Wk 3 – Risk and Return Analysis

What is financial risk management, and why is it important for businesses and organizations?

Why do companies merge or acquire another company?