Reasons why organizations need risk and control self-assessment (RCSA) policies

You have been asked by the CIO of the company to justify a need for RCSA policies. What approaches would you use to plan for threats and events that could potentially cause disruptions? Discuss your four reasons why organizations need risk and control self-assessment (RCSA) policies. Explain your answers.

Please cite references in APA format