When people hear the acronym for risk and control self-assessment, RCSA, the first response typically uttered by those who are familiar with the term is an exasperated sigh. To them it is another activity that checks a box for providing governance functions to C-suite officers and regulators with a bird’s eye view of the identified risk and controls associated with an organization’s myriad business processes...