Risk · RCSA Tool

The Interactive RCSA Workshop is a guided browser tool that walks risk and compliance professionals through building a complete Risk and Control Self-Assessment for any business process. Instead of starting from a blank spreadsheet, users follow a structured methodology: define the process scope, identify inherent risks, map existing controls to each risk, score likelihood and impact, calculate residual risk, and generate a visual heat map. The pain point is real — most firms run RCSA exercises in bloated, inconsistent spreadsheets with no standardisation, no methodology enforcement, and no audit trail. A clean, structured tool that enforces the methodology makes the output defensible, comparable across assessments, and genuinely useful for risk committees and regulators. Everything runs in the browser — no data stored on any server.

• Step-by-step RCSA builder — process definition through residual risk scoring
• Inherent risk identification with likelihood and impact scoring matrix
• Control mapping — link existing controls to each identified risk
• Residual risk calculation based on control effectiveness ratings
• Visual risk heat map — inherent vs. residual risk positioning
• Exportable Excel register with full RCSA output
• Fully browser-based — no data stored or transmitted

Risk and Control Self-Assessments are a core part of operational risk management, yet most organisations run them in spreadsheets that vary by department, assessor, and cycle. There is no consistency in how risks are identified, how controls are rated, or how residual risk is calculated. The result is RCSA outputs that are hard to compare, difficult to defend in front of risk committees, and useless for trend analysis. This tool solves the problem by enforcing a clean, repeatable methodology in a guided browser interface — so any user, regardless of background, can produce a structured and consistent RCSA with a defensible heat map and an exportable register.