Chapter 3: Operational Risk

Question 1

What is Operational risk

Answer 1

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events

Question 2

What elements are essential for effective operational risk management framework

Answer 2

Clear risk oversight by board and SM
Strong operational risk culture
Strong Internal control culture
Effective internal reporting
Contingency planning

Question 3

What are the seven operational risk types

Answer 3

Internal fraud
External fraud
Employment practices and workplace safety
Clients, products and business practices
Damage to physical assets
Business disruption and system failures
Execution, delivery and process management

Question 4

Examples of market abuse

Answer 4

Insider dealing
Improper disclosure
Improper dissemination

Question 5

What are the three stages of money laundering

Answer 5

Placement
Layering
Integration

Question 6

What are the Anti-money laundering provisions

Answer 6

Identify customers and report suspicious transactions at the placement and layering stages
Keep adequate records which should prevent the integration stage being reached
Report suspicious activity or behavior to the relevant regulatory or legislative authority

Question 7

What are some risk management precautions in place to prevent financial crime

Answer 7

Educating staff
Putting systems and controls in place to mitigate the risk of occurrence
Monitoring staff compliance with the internal rules and the external legal and regulatory stipulations
Escalating behavioral exceptions to a specific individual or committee for investigation
Penalizing contravention with the rules and if necessary informing the relevant authorities

Question 8

Operational risk’s consequential effects

Answer 8

Reputational risk
Compliance risk
Credit risk
Market risk
Liquidity risk
Investment risk

Question 9

What is an operational risk policy

Answer 9

A document which outlines a firms strategy and objectives for operational risk management

Question 10

What is included in an operational risk policy

Answer 10

Identify key officers
Roles and responsibilities
Segregation of duties
Cross-functional involvement and agreement

Question 11

Roles of operational risk management function

Answer 11

Assess risks
Benchmark good practice
Support and maintain
Provide oversight
Ensure issues are escalated
Statistical modelling

Question 12

How to identify operational risk

Answer 12

Self assessment
Key risk indicators (KRIs)
Risk workshops
Loss data trend analysis
External loss data
Audit reviews

Question 13

How to prevent a risk from materializing

Answer 13

Identify risk before it occurs
Establish clear ownership of the risk
Monitor appropriate risk indicators

Question 14

How to reduce impact of materialized risk

Answer 14

Quick escalation
Assign an owner
Ensure appropriate insurance is in place

Question 15

What is included in an operational risk management framework

Answer 15

Risk identification
Risk measurement and assessment
Risk monitoring
Risk Reporting
Operational risk policy

Question 16

Why is categorizing risks beneficial

Answer 16

More succinct risk management
Better understanding of weaknesses
Common language for discussing risks

Question 17

What is self assessment risk identification

Answer 17

Typically involves a checklist of the risk that a particular area of the firm faces. Risks are scored on probability and impact

Question 18

Why does self assessment have limitations

Answer 18

It is subjective and therefore subject to manipulation
Combining scores from different participants can be difficult

Question 19

reasons for measuring and assessing operational risk

Answer 19

Establish quantitative baseline from improving control environment
Provide incentive
Improve management decision making
Satisfy regulators and shareholders
Make an assessment if the financial risk exposure

Question 20

What is risk measurement

Answer 20

The use of quantitative techniques to understand the size of a firm’s or business area’s risk profile

Question 21

What is risk assessment

Answer 21

Utilizes objective data and uses human judgement to estimate the impact on the business

Question 22

What is an impact and likelihood assessment

Answer 22

The assessment may be subjective or objective. The risk severity ranking depends on the likelihood of the risk being realized and the impact

Question 23

What is an example of likelihood probability ratings

Answer 23

1 = very low - not likely to occur within 10 years
2 = low - Likely to occur within 3 to 10 years
3 = medium - Likely to occur within 3 years
4 = High - Likely to occur within a year

Question 24

What is an example of impact loss ratings

Answer 24

1 = Very low - under £1000
2 = low - £1000 to £10,000
3 = Medium - £10,000 to £50,000
4 - High - Above £50,000

Question 25

How to calculate risk score

Answer 25

Likelihood score*Impact score

Question 26

Advantages of impact and likelihood assessment

Answer 26

Simple
Evaluates control environment
Focuses attention on most important risks

Question 27

Disadvantages of impact and likelihood assessment

Answer 27

Over simplified
Subjective

Question 28

What is scenario analysis

Answer 28

A top down method of highlighting potential risk combinations in order to allow preventative action to be taken

Question 29

What is bottom up analysis

Answer 29

Bottom up measurement seeks to analyze the individual risks and adequacy of controls across business processes.

Question 30

Advantages of bottom up analysis

Answer 30

Addresses risk issues at process level
Clearly defines responsibility
Encourages better risk culture
Can improve quality of management information

Question 31

Disadvantages of bottom up analysis

Answer 31

Takes time to implement
can be subjective
Not always straight forward

Question 32

Advantages of using KRIs

Answer 32

They allow trends to be monitored and can be used to anticipate problems
Allow for limits of acceptability
Provide a basis for objective risk management

Question 33

Disadvantage of KPIS

Answer 33

Can cause skewed business performance if managers start managing to their KRIs

Question 34

What are expected losses

Answer 34

errors that occur with reasonable frequency. They represent known process weaknesses which may be too expensive to fix. These errors are paid for through a pre-provided budget

Question 35

What are unexpected losses

Answer 35

Low frequency, high impact events that can create serious problems

Question 36

What are the practical constraints in risk management

Answer 36

Data collection constraints
Cultural constraints
Resource and cost constraints
Indicator constraints

Question 37

What is a BCP

Answer 37

A business continuity plan deals with the premises and people aspects of a disaster e.g., where will staff work if main site is out of action

Question 38

What is DR

Answer 38

Disaster recovery procedures deal with the IT and other infrastructure required to keep the business running

Question 39

What is a CMT

Answer 39

Crisis management team

Question 40

what can historical loss data be used for

Answer 40

Escalation thresholds
Loss casual analysis