Chapter 1 - Risk Identification Tools

Question 1

What are the most dangerous risks

Answer 1

those we ignore, as they can lead to nasty surprises

Question 2

What must be done before organizing risks in a register

Answer 2

identify risks specific to your business, not just an external list, and then assess, mitigate and monitor them

Question 3

How should Risk identification in an organization take place

Answer 3

top-down at senior management level, and
bottom-up at business process level

Question 4

What does top-down Risk identification at senior management level look at

Answer 4

the large exposures and threats to the business

Question 5

What does bottom-up Risk identification at business process level look at

Answer 5

local or specific vulnerabilities or inefficiencies

Question 6

Do you need top down and bottom up risk identifcation or can you survive with just one

Answer 6

both are vital because it is not sufficient to have one without the other

Question 7

How often should Top-down risk analysis be performed

Answer 7

between one and four times a year

Question 8

What determines the frequency of top down risk analysis

Answer 8

the growth and development of the business and the level of risks

Question 9

What is the aim of Top-down risk analysis

Answer 9

identify key risks, the major threats that
jeopardize objectives

Question 10

Who do Top-down risk identification sessions typically include

Answer 10

Senior risk owners, Executive committee members, Heads of business lines

Question 11

How are Top-down risk identification sessions organized as

Answer 11

brainstorming workshops

Question 12

What is Top-down risk identification exercises similar to

Answer 12

scenario generation, which is the first phase of scenario analysis

Question 13

For small to medium-sized firms, how should top down risk ident. meetings take place

Answer 13

with both risk identification and scenario generation in mind in order to save time

Question 14

what can the result of top down risk ident. meetings be used as inputs for

Answer 14

risk and control self-assessment (RCSA) exercises and scenario analysis

Question 15

What 4 risks does top down look at

Answer 15

• Risks to strategy
• Emerging risks
• Global trends
• Major threats

Question 16

What 4 things does bottom up look at

Answer 16

• Operational efficiency:
• Organized processes
• Efficient systems
• Competent staff

Question 17

what is one of the most efficient ways to identify important threats to a business

Answer 17

Top-down risk analysis

Question 18

is top down or bottom up more common in the industry

Answer 18

bottom-up

Question 19

who tends to employ only bottom up risk identification

Answer 19

firms new to the discipline, where the practice is the least
mature.

Question 20

If the scope of the bottom-up risk identification exercise is too restricted what happens?

Answer 20

the output will be a disparate collection of small risks, eg manual errors/process risks, not much value to senior management.

Question 21

what are the most common bottom-up risk identification techniques

Answer 21

process mapping and interviews

Question 22

What are the typical large exposures for a business

Answer 22

large company projects and critical third parties

Question 23

What are an increasing focus in operational risk management

Answer 23

Operational risks related to projects and
to outsourcing practices

Question 24

Large exposure typically relates to what category of risk?

Answer 24

high impact/low probability risks

Question 25

vulnerabilities relate to what type of risks

Answer 25

higher frequency but not necessarily lower impact

Question 26

What are the two benefits to the risk identification method of exposure and vulnerabilities

Answer 26

it’s business-driven (s doesn’t require risk management jargon, everyone can relate to) and specific (tailored to a given organization)

Question 27

ready-made lists from industry bodies or the Basel Committee are useful during what stage of identifying risk

Answer 27

ex-post check, to ensure that the exercise has not missed some significant threat

Question 28

who popularized the risk wheel

Answer 28

Institute of Risk Management (IRM) in London

Question 29

what is the risk wheel

Answer 29

support tool to spark creativity during risk identification brainstorming sessions

Question 30

is there only one risk wheel

Answer 30

There are many versions

Question 31

what risk has increased as of recent

Answer 31

political risks and instability

Question 32

what benefit is provided by the circular presentation of the risk wheel

Answer 32

encourages managers to connect risk types, highlighting chains of causes and effects

Question 33

what do risk relationships help with

Answer 33

to prioritize risk mitigation.

Question 34

foreseeable advances in operational risk management

Answer 34

The evolution of risk lists into risk networks

Question 35

What is the most common risk and control identification approach, bottom-up?

Answer 35

Process mapping

Question 36

where is Process mapping well developed

Answer 36

information technology, operations and project management

Question 36

what level should process description be at

Answer 36

level 2 or level 3

Question 37

what if risk ident. is too high-level,

Answer 37

will not be revealing enough

Question 38

what two types of employees stand out when it comes to risk interviews

Answer 38

the most experienced and recent hires

Question 38

what will risk reports rarely be better than

Answer 38

'ears on the ground' speaking to employees

Question 39

what is an “amazement report”

Answer 39

the experience of new employees in their first six weeks, before habit tames their surprise.

Question 40

what is the first thing we review in most institutions

Answer 40

Past losses, or “lagging indicators,”

Question 41

how can we refine the technique of using the past to predict the future

Answer 41

we should distinguish between internal losses, external losses and near misses

Question 42

what do Internal losses indicate

Answer 42

concentrations of operational risk in a firm

Question 43

where do internal losses affect banks

Answer 43

back offices: first financial market activities, retail and then the IT department

Question 44

natural operational risk drivers

Answer 44

number of transactions and the size of the money flows

Question 45

which internal losses should be budgeted and accounted for in pricing

Answer 45

repeated internal losses which do not represent systematic failure in internal controls but simply the level a business is exposed to operational risk

Question 46

what acts as a systematic benchmark that helps risk identification and assessment for mature firms

Answer 46

External losses

Question 47

definition of Near misses

Answer 47

incidents that could have occurred but did not because of sheer luck or fortuitous intervention outside the normal control

Question 48

where are near misses more likely reported

Answer 48

firms which have a no-blame culture