Risk Management Tool Guide: Detailed Risk and Controls Assessment (DRACA)

What is the DRACA Tool?

  • The Detailed Risk and Controls Assessment (DRACA) tool is an analysis tool for understanding operational risks faced by an institution. This tool follows a systematic framework to identify the inherent risks in a process, and evaluate the controls put in place by the institution to address these risks.
  •  The detailed analysis is visually presented in an easy-to-interpret ‘DRACA Dashboard,’ which clearly identifies processes where risks have not been mitigated sufficiently.
  • The tool is designed for identifying critical processes that, when not tightly controlled, may lead to large negative consequences for the institution from a strategic, financial, reputational, legal or business continuity perspective. A unique aspect of the DRACA tool is its ability to evaluate risks in a process according to the likelihood and extent to which they might impact the entire institution.
  • The DRACA tool is flexible and can be applied to rigorously study a single process, several processes in a department, or even multiple departments. The tool assigns numeric scores to capture the extent of residual risk in a process (defined below), which is useful in comparing the risks in processes across the institution.
  • Since the tool evaluates risks based on the impact they would have at an institutional level, the tool outputs are helpful for senior managers who wish to optimally allocate resources to tackle priority problems faced by their institution.

Sign up to receive emails