Chapter 3 - Risk Definition and Taxonomy

Question 1

Is technology a risk or resource

Answer 1

a resource

Question 2

is manual processing considered a risk

Answer 2

it’s a cause/risk driver- increases
probability of risk e.g. input errors and omissions

Question 2

what are the Risks due to
manual processing

Answer 2

errors in the valuation of funds, errors in accounting records, omitting to send reports to clients

Question 2

are Inadequate supervision or insufficient training considered risks

Answer 2

they are control failures

Question 3

solution to control failiures

Answer 3

fix the control. Or add a secondary control

Question 4

what can Inadequate supervision lead to

Answer 4

internal fraud, sub-standard productivity resulting in customer dissatisfaction or loss.

Question 5

how should Risks be defined as

Answer 5

negative events, uncertainties, incidents or accidents. They should be specific and concrete

Question 6

simple question to define risks

Answer 6

“What could go wrong?”

Question 7

Basel category level 1

Answer 7

Event-type
category

Question 8

Basel category level 2

Answer 8

categories (sub categories of level 1)

Question 9

Basel category level 3

Answer 9

Activity examples

Question 10

Level 2 categories of Internal fraud (level 1)

Answer 10

• Unauthorised activity
• Theft and Fraud

Question 11

Level 2 categories of external fraud (level 1)

Answer 11

• Systems security
• Theft and Fraud

Question 12

Risk of too much detail in risk identification

Answer 12

detrimental to quality of information and is difficult to review- drains effort without benefits

Question 12

How many levels of regulatory categories does basel commitee recognise

Answer 12

2 levels of category, level 3 is just for detail/examples

Question 13

what is required when for firms to categorise risks

Answer 13

firms are required to map risk categories to the Basel categories

Question 14

what do firms not have to do when classifying risks

Answer 14

n doesn’t have to define a firm’s risk taxonomy these days

Question 15

When was the basel classification drafted

Answer 15

almsot 20 years ago

Question 16

what has led to tncrease in cybercrime

Answer 16

mass digitization

Question 17

what has multiplied the risks of outsourcing project/change management, and information management

Answer 17

Business transformation and wider international operations

Question 18

what have business practices been renamed as

Answer 18

conduct

Question 19

what did 08 highlight the need for higher focus on

Answer 19

“conduct,” anti-money laundering (AML),
international sanctions and preventing tax-evasion

Question 20

how many risk classification’s do Basel have

Answer 20

7

Question 21

dictionary definition of taxonomy

Answer 21

a “scheme of classification.”

Question 22

what does taxonomy mean in terms of risk management

Answer 22

categorizing risks and recording causes, impacts and controls as a MECE system

Question 23

whats a mece system

Answer 23

Mutually Exclusive and Collectively Exhaustive

Question 24

Basel definition of operational risk

Answer 24

“The risk from failed internal processes, people, systems or external events”

Question 25

What was initially counted as a loss from operational risk in the 1990s - what did this grow to include

Answer 25

At first only financial, now reputational is included

Question 26

What are the current four commonly used categories for the impacts of operational risks

Answer 26

financial, reputation , regulatory non-compliance and customer detriment

Question 27

Which firms find continuity of services important

Answer 27

online financial services or trading platforms

Question 28

a common category of impact for firms where continuity of service is important

Answer 28

service disruption

Question 29

PPSE/ causes of risk in a mece taxonomy

Answer 29

people, processes, systems or external events

Question 30

The four main categories of controls in a mece taxonomy

Answer 30

Preventive, Detective, Corrective, Directive

Question 31

Preventive control

Answer 31

reduce likelihood of risks by mitigating their causes

Question 32

Detective control

Answer 32

during the event/soon after, early detection to reduce impact

Question 33

Corrective control

Answer 33

reduces impacts caused by incidents. Damage is repaired /loss compensated by using backup and redundancies

Question 34

Directive control

Answer 34

comprises guidelines and procedures that structure the mode of operations to reduce risks.

Question 35

When does detective control have a preventative element

Answer 35

if detection also identifies the cause of an incident

Question 36

4 parts of a mece taxonomy

Answer 36

Causes Risks Impacts Controls

Question 37

4 impacts of risks in a mece taxonomy

Answer 37

Financial loss Reputation damage Regulatory breach Customer detriment

Question 38

Operations risk L1 code

Answer 38

5

Question 39

Information security risk L1 code

Answer 39

6