Risk Identification, Assessment, Response and Communication Paper.

Risk Identification, Assessment, Response and Communication Paper.

Background Overview: • Risks and controls resulting from the business self-assessments (also called RCSA) are recorded in the firm’s risk register and owned by the business. Scorecards build on RCSAs by weighting residual risks to provide a means of translating the RCSA output into metrics that give a relative ranking of the control environment – these scorecards will include the quantification of the impact (severity) and likelihood (frequency) of the risks occurring by using firm’s uniform scoring methodology (e.g. H/M/L – see Exhibit). Risk Identification, Assessment, Response and Communication Paper.• The RCSA process considers financial, client, legal & regulatory and reputation risks when considering the risk impact. The outcome of risk assessments (adhoc, specific or process driven) will result in a list of potential risks to which that the firm is exposed. These identified risks, along with their scoring, their mitigation controls, and controls scoring (these are also scored but not being asked here), must be stored in a structured/ formal risk register. Regulated firms keep their risk register updated and ready to disclose to a regulator if that requirement arises. • Where risk mitigating controls are scored low or weak, either in terms of design or performance, action plan must be defined immediately and assigned to one or more owners (across 1st and/or 2nd lines of defense). Action plan is to further manage the risk within firm’s risk appetite through adding/ enhancing new/ existing controls. The aim is to bring the residual risk to within a pre-determined risk appetite (e.g. from moderate to low or for a moving target (such as cyber) maintain residual risk at moderate through establishing capabilities). • The risk management department follows up/ track/ reports (to risk committee or board) on any action plan (in progress until completion), since in the interim there might be a control in place which won’t be robust enough and compensatory controls are needed. Risk Identification, Assessment, Response and Communication Paper.Ultimately, the head of risk might block or place a condition (exception raised to Sr management and/or Board) if a certain initiative/action plan/ project (as a risk mitigation control) is not in place or is not progressing as planned or found to be not robust enough by a specified time.


Assignment Objective: You are a risk manager of a publicly traded company that is facing business problems/ risks. You have been tasked to create a dashboard report to the board risk committee in the form of a template/ rubric provided using the Likelihood and Impact rating scale provided. In the dashboard report, you will identify, assess, respond (action plan) and communicate key/ material risks to the Board risk committee. Students are expected to develop original work. Risk Identification, Assessment, Response and Communication Paper.
Select a publicly available risk event of a publicly traded company. In addition, review the annual report to identify material and nonmaterial risks throughout business lines, products, and services. For the risk event (one real and other risks from business lines, products, and services in annual report), please describe the following provided in the template that provides instructions and rubric for grading: • Citations: You are required to cite information sources as appropriate. • Length: Your assignment should be no longer than 2 pages (double-spaced). • Provide your name / UNI, clear assumptions, references and citations, proper format / spelling and grammar / length.
Template and Rubric for Grading:
10 points (5 per risk type)
20 points (10 per risk type)
10 points (5 per risk type)
20 points (10 per risk type)
10 points (5 per risk type)
10 points (5 per risk type)
20 points (10 per risk type)
Total 100 (50 per risk type)
Risk Name/ Type
Risk Description
Inherent Risk Rating/ Rationale
Controls Residual Risk Rating
Action Plans Rationale for Residual Risk Rating
Inaccurate Disbursement (Operational Risk) Risk Identification, Assessment, Response and Communication Paper.
Describe who, what, when, why, how, and root causes On xx date, an employee initiated wire transfers from client accounts to his own external Account due to lack of
Once a month, 5M – 20M
– Maker checker – Call back for new accounts – Accounts payable review before execution
Once a quarter, 500k-5M
Implement escalated tier based approval in the policy based on $$ amount.
How do the controls effectively reduce (or not) the inherent risk rating (Highred) to (yellowmoderate)?
segregation of duties and entitlement controls causing xxx in financial loss.
Risk Type #2
For each risk, fill the template with the following:
1) Column 1: Identify two potential risks for the public traded company. Your reasoning must be consistent with publicly available information about the risk event, but you may draw additional conclusions based on this information. The risks can be categorized as credit, liquidity, strategic/business/reputation, market, operational, compliance/legal, financial, and capital adequacy. 2) Column 2: Provide brief description of the risk event. (Describe who, what, when, why, how, and root cause) 3) Column 3: Assess and fill the inherent risk rating column using the rationale of Frequency and Severity of Impact as shown in the example. If not readily available, assume/ guess the Frequency and Severity of Impact for the firm and then pick the color from Exhibit. 4) Column 4: Identify at least two controls that in your opinion were absent. Explain how the lack of control would have contributed to the risk event. Identify the vulnerabilities most likely to contribute to the event. 5) Column 5: Fill the residual risk ratings field using the Frequency and Severity. (You may guess Frequency and Severity of impact if not readily available) 6) Column 6: Create a minimum of one action plan that would mitigate the risk (An action plan is a description to create a NEW control or enhance an existing control). Risk Identification, Assessment, Response and Communication Paper.
7) Column 7: Risk Rating Rationale focus on the control (strength or weakness that led to the residual risk rating) on why the residual risk is reduced to yellow based on strength/s of control/s. Identify the weaknesses apparent in the information system, system security procedures, internal controls, or implementation that could have been exploited by the threat source. Explain how the control could have mitigated the threat frequency or severity impact. For example, what is the rationale for residual risk rating? How do the controls effectively reduce (or not) the inherent risk rating to residual risk rating etc.
Likelihood 1 Rare
2 Infrequent
3 Occasional
4 Frequent
5 Imminent
Frequency In more than/ every 5 years
In the next/ every 3-5 years
Within the next/ every 1-3 years
Within the next/ every 1 year
Within the next/ every Qtr. Risk Identification, Assessment, Response and Communication Paper.
Impact 1 Minor
2 Moderate
3 Significant
4 Severe
5 Catastrophic Critical success factors Financial Exposure,
Brand Damage,
Legal/ Regulatory Action,
Health & Safety
Client Operations
• Financial loss up to $X million • Local media attention quickly remedied • Not reportable to regulator • No injuries to employees or third parties, such as customers or vendors
• Financial loss of $X million up to $X million • Local reputational damage • Reportable incident to regulator, no follow up • No or minor injuries to employees or third parties,
• Financial loss of $X million up to $X million • National shortterm negative media coverage • Report of breach to regulator with immediate correction to be implemented • Out-patient medical treatment
• Financial loss of $X million up to $X million • National longterm negative media coverage; significant loss of market share • Report to regulator requiring major project for corrective action
• Financial loss of $X million or more • International long-term negative media coverage; game-changing loss of market share
• Significant prosecution and fines, litigation
• Isolated staff dissatisfaction
such as customers or vendors • General staff morale problems and increase in turnover
required for employees or third parties, such as customers or vendors • Widespread staff morale problems and high turnover
• Limited inpatient care required for employees or third parties, such as customers or vendors • Some senior managers leave, high turnover of experienced staff, not perceived as employer of choice
including class actions, incarceration of leadership • Significant injuries or fatalities to employees or third parties, such as customers or vendors • Multiple senior leaders leave
Source: COSO:Risk Assessment in Practice (Link) Risk Identification, Assessment, Response and Communication Paper.

Calculate the price of your order

The price of a paper depends on the number of pages, academic level and the urgency. Our prices are discounted and start from as low as $10 per page. To know how much you would pay for an order, fill in the basic paper details.

Confidentiality and Security

We take confidentially of our customers seriously. This is the reason we use only PayPal to make payments that require only an email. This means you can order and pay for your order without disclosing your full identity and with no trace to you or your credit/debit card details as this information is only shared with PayPal, a trusted international payment system. Our website is also encrypted to ensure additional security. In addition, we never sell your paper nor divulge the paper or client details to anyone.


We write all our papers from scratch and never plagiarize at all. Our papers are 100% original with no plagiarism element even when many students place a similar order with us. You are guaranteed of a custom-made non-plagiarized paper that you cannot find anywhere else even in part whenever you order from us.


Professional writers in the various fields who have a wealth of experience in academia write all your papers. You are, therefore, guaranteed of a well-researched paper with the right content and in the correct structure. All our papers are properly referenced and any sources used are correctly cited using your preferred referencing styles such as APA, MLA, OSCOLA, Harvard, Chicago/Turabian, Vancouver, or any other referencing style you prefer.

Our services are legal and acceptable

Do you know that it is legal to seek our academic writing services and is not against the policies of your university, college or any other learning institution?
You are not prohibited from getting our custom-made papers if you use them in any of the following ways;

  1. As a source for additional understanding of the subject
  2. As a source of ideas for your research, in this case, it should be properly referenced
  3. For proper paraphrasing as per your schools plagiarism definition and acceptable paraphrase
  4. Direct citing in your work, when properly referenced.