DNU - OLD Flashcards

Question 1

Q

Describe the risk opportunity management matrix

Question 2

Q

What are the 3 sides to the COSO ERM cube?

Answer

A

Top: the categories of organisational objectives

Front: the risk management process

Side: the top down implementation process

Question 3

Q

Describe the IRM model of risk objective setting

Question 4

Q

What are the 7 weaknesses of Basel II?

Answer

A

The accords provisions didn’t adequately assess risk capital
Assets could belong to the banking book or the trading book
Treatment of market risk failed to capture the effects of excess concentration of credit exposure in the trading book
Failed to recognise the effect of liquidity on bank securitisation practices
Inadequate calibration of risk weights and risk assessments
A lack of understanding of the correlation between risks

Question 5

Q

What are the 3 primary risk management standards?

Answer

A

IRM (2002) Model
COSO ERM Cube
ISO 31000 (2018)

Question 6

Q

What are the disadvantages of the PESTLE risk classification system?

Answer

A

Disadvantages

o Can over simplify

o Needs to be regularly done to be effective

o Requires different people’s perspectives

o Difficult to anticipate external events

Question 7

Q

What are the key differences between Basel II and III

Answer

A

Risk weighted assets Basel II: Banks should set aside 2.5% of the RWA Basel III: Banks should set aside 7% of the RWA
Balance sheet: Basel III introduced a leverage ratio to limit bank activities and balance sheet
Liquidity Basel III introduces stress testing for 30 days Basel III introduces macro-prudential issues Basel III requires systemically important banks to raise extra capital

Question 8

Q

What are the 8 Rs of Hazard Risk management

Answer

A

Recognition of risks, incl. the nature and trigger
Rating of risks in terms of magnitude and likelihood of producing the risk profile in the risk register
Ranking of current level of risk against the established appetite
Responding to significant risks
Resourcing controls to ensure introduction of sustainable control activities
Reaction planning, e.g. BCM
Reporting of risk performance, actions and events, incl. communicating risk issues
Reviewing the risk management system, including internal audit procedures, review of the risk architecture, strategy and protocols

Question 9

Q

What are the key points to remember when managing cyber risks?

Answer

A

establishing processes that can deliver information about cyber security – and the benefits of investment in this area – up to board level
establishing good communication between risk managers and information managers (e.g. between the chief risk officer and chief information officer)
identifying the critical information systems that may be most at risk from cyber attacks
developing multiple layers of defence which place more obstacles in the way of potential attackers
developing controls that will detect attacks quickly

Question 10

Q

What is the IRM definition of ‘risk management’

Answer

A

Risk management is the process which aims to help organisations to understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure

Question 11

Q

What are the 5 over-arching principles of the COSO ERM framework?

Answer

A

Governance and culture. Governance sets the tone for the organisation and establishes oversight responsibilities for ERM. Culture relates to ethical values, behaviours and understanding of risk
Strategy and objective setting. ERM strategy and objective setting work together. Appetite and objectives should be aligned
Performance. Risks that can impact the achievement of strategy and business objectives need to be identified and prioritised in the context of severity and appetite, so that responses can be selected
Review and revision. By reviewing entity performance an organisation can consider how well ERM components are functioning over time, including after substantial changes, and decide what revisions are needed
Information, communication and reporting. ERM requires a continual process for obtaining and sharing information, from internal and external sources, and that flows up and down through an organisation

Question 12

Q

Internal models is a requirement for Solvency 2. Under Solvency II an insurer must pass six tests covering what?

Answer

A

Statistical quality standards – demonstrating that the methodology assumptions and data underlying the model are sound Calibration standards – demonstrating that the model is calibrated to a level equivalent to the Standard Formula for the purposes of the SCR calculation
Validation standards – substantiating a sound control environment around the model
Documentation – enabling a third party to reproduce the model from the documentation of the model
Profit and loss attribution – demonstrating an ability to reconcile the sources of variance (or profit and loss) in the results of the model with the risks included in the model
Use test – demonstrating that the internal model is used within the business for a wider range of purposes than just calculation of regulatory capital.

Question 13

Q

What is Credit Risk?

Answer

A

credit risk

o the borrower (counter-party) may fail to meet it’s obligations (to pay interest, or the credit itself)

o the largest risk faced by most banks

Question 14

Q

What are Market Risks?

Answer

A

Market risk is losses arising through movement of market prices as a result of:

interest rate risk; where long term assets (e.g. mortgage) falls lower than short term liabilities (e.g. deposits)
equity risk; adverse change in the price of stock foreign exchange risk (fluctuations in the value of foreign cash)
credit price risk (adverse market prices move a change in the risk of a loan)
commodity risk (risk of change in the prices of commodities – such as: • agricultural (wheat or corn) • industrial (metals) • energy (gas and oil)

Question 15

Q

What is CCAR?

Answer

A

Comprehensive Capital Analysis and Review (CCAR) is a United States regulatory framework introduced by the Federal Reserve to assess, regulate, and supervise large banks and financial institutions

Question 16

Q

Describe the S&P ERM calculator miodel

Question 17

Q

What is the HM Treasury definition of ‘risk management’

Answer

A

Risk management is all the processes involved in identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or anticipate them, and monitoring and reviewing progress

Question 18

Q

What are Operational Risks?

Answer

A

operational risk

risk of loss resulting from inadequate or failed internal controls, people, processes, systems, or legal risk
the least understood risk and the most challenging to measure, monitor and manage

Question 19

Q

What are the 8 non-core functions of a bank?

Answer

A

Cash management
Investment and securities
Derivatives trading
Loan commitment fees
Letters of credit fees
Insurance services
Trust services
Risk management services fees

Question 20

Q

What are the factors that affect ERM implementation?

Answer

A

The start position
The commitment from the top
The size and complexity of the organisation
The extent to which the enterprise is a global actor
The resources available to support implementation

Question 21

Q

What are the 7 features of CCAR (Comprehensive Capital Analysis and Review)

Answer

A

Sound financial risk management
Effective loss estimation methodologies
Solid resource estimation methodologies
Sufficient capital adequacy impact assessment
Comprehensive capital policy and capital planning
Robust internal controls
Effective governance

Question 22

Q

What does good Risk Management do?

Answer

A

Enable better strategic decision making. Because risks associated with different options will be fully analysed
Improve tactics. Because consideration will have been given to selection of the tactics and risks involved in the alternatives available
Improve operations. Because events that can cause disruption will be identified in advance And actions taken to reduce likelihood and limit damage
Enhance compliance. Because the risks associated with failure to achieve customer and statutory obligations will be recognised

Question 23

Q

What are the Financial benefits of ERM (FIRM):

Answer

A

Financial

Reduced cost of funding and capital
Better control of CapEx approvals
Increased profitability for organisations
Accurate financial risk reporting
Enhanced corporate governance

Question 24

Q

What are the 4 levels of risk sophistication

Answer

A

Inform – unaware of obligations
Reform – awareness of non compliance
Conform – actions to ensure compliance
Perform – achieve business opportunities
Deform – inactivity caused by obsession

Question 25

Q

What internal control policies can help manage operational risk?

Answer

A

anti-money laundering
recruitment policies
compliance policies
conflicts of interest policies
human resources, in particular recruitment and retention policies
control policies for key internal processes, such as underwriting

Question 26

Q

Describe the 3 ISO wheels of principles, framework and process

Question 27

Q

What are the 5 Cs of assessing potential loan credit?

Answer

A

character – the reputation of the company
capital – how the company is currently financed
conditions – of the sector and country where the company operates
capacity – of the company to repay the loan
collateral – assets that the bank could claim if the company could not repay the loan.

Question 28

Q

Describe a Risk Matrix

Question 29

Q

What are non-primary risk management standards?

Answer

A

Basel III
Solvency II
IAIS
Standard and Poors
Moody’s
Fitch Ratings
Dodd-Frank; U.S. securities
IFRS
COBIT
SEC

Question 30

Q

Describe the target levels of risk model

Question 31

Q

What are the features of Risk Appetite?

Answer

A

Risk appetite and risk exposure are considered as consequences of business decisions rather than a driver of those decisions.
Questions about risk appetites can only be answered within the context of the strategy tactics operations and compliance activities within the firm.
Risk appetite is the total value of the corporate resource is that the board of the organisation is willing to put at risk

Question 32

Q

What are examples of derivatives?

Answer

A

Swaps, options, forwards; value/change in value of goods to bonds, stocks or commodities.

Question 33

Q

Why group banking and insurance together?

Answer

A

The risks are similar (credit, market and operational etc)
Both are heavily regulated and are important to the world’s economy
Regulators seek harmonisation of financial markets (Basel III and Solvency II)
People now move between both, leading to transfer of knowledge
Both have advanced risk management approaches
Both need to understand and respond to changing technologies, including those that provide threats and opportunities

Question 34

Q

What are the 3 sub-types of wholesale banks?

Answer

A

commercial banks (specialised loans to businesses, fund raising intermediaries)
correspondent banks (banks lending to other banks)
investment (or merchant) banks (advisors to government and firms about raising funds in capital markets, privatising public assets)

Question 35

Q

What is the COSO definition of ERM?

Answer

A

ERM is process, effected by a board, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential risks that may effect the entity, manage risks to be within it’s risk appetite, and to provide reasonable assurance regarding the achievement of entity objectives

Question 36

Q

What are the 3 aims of COBIT?

Answer

A

Help optimise IT enabled investments
Ensure service delivery
Provide a measure to judge when things go wrong

Question 37

Q

What % impact should Infrastructure risks be benchmarked at under FIRM?

Answer

A

½ day impact on normal operations
10% budget increase on operations

Question 38

Q

What are the 3 sub-types of retail banks?

Answer

A

retail banks (banks, cooperatives, savings and loans companies (incl. building societies), credit unions
private banks (wealth management, tax and investment)
postal banks

Question 39

Q

Name some of the sources that can be used to get information on risk trends, best-practice or research

Answer

A

• PwC banana skins • WEF Global Risks report • HM Treasury Orange Book • CIMA risk report on RBS and Tesco • PRA Handbook • BCBC Guidelines and Principles • IIA • Financial Reporting Council • IRM • COSO

Question 40

Q

What does ICCAP emphasise?

Answer

A

The importance of stress testing
The ability of regulatory capital to absorb losses in times of stress
Long term capital requirements (through future cycles)
Also, how quickly assets could be liquidated to meet requirements

Question 41

Q

What are the central (strategic) roles a bank has in facilitating economic activity?

Answer

A

financial intermediation channelling savings from depositors to borrowers
asset transformation creating loans from deposits
money creation the process of generating additional money through repeated lending, through the fractional reserve banking system, the original deposit to a bank

Question 42

Q

What are the Marketplace benefits of ERM (FIRM):

Answer

A

Marketplace

Commercial opportunities maximised
Better marketplace presence
Increased customer satisfaction (and spend)
Higher ratio of business success 5. Lower ratio of business disasters

Question 43

Q

What key events are there within the timeline of good Risk Management?

Answer

A

2022 - Basel III implementation date
2017 - Basel III changes published
2016 - Implementation of Solvency II
2010/11 - Basel III publication date
2004 - Basel II adopted
1997 - VaR widely adopted
1995 - Early risk management frameworks are adopted
1989 - Chair of JP Morgan calls for daily 4.15 Report
1988 - Basel I adopted
1973 - Solvency I adopted

Question 44

Q

What are the 3 Lines of Defence?

Answer

A

Business lines management
Independent operational risk management function
Independent review and challenge (audit)

Question 45

Q

What are the principal reasons for the 2007-2009 financial crash?

Answer

A

Banks assumed that re-packaged debts (incl. sub prime mortgages) would continue to be tradable commodities
Banks assumed that short term borrowing on the wholesale money markets would continue to be available
Regulators and bankers did not understand how important shadow banking institutions had become to the everyday functioning of financial markets
Banks did not always understand the risks of securitisation
Over reliance on ratings agencies

Question 46

Q

What is the side of the COSO ERM cube?

Answer

A

The top down implementation process, incl. -

Subsidiary
Business unit
Division
Entity level

Question 47

Q

What are the features and differences of Compliance, Hazard, Control and Opportunity Risks?

Answer

A

Compliance risks; should be minimised, cannot be fragmented
Hazard risks; only negative outcomes, linked to insurance, can only inhibit the mission, can be mitigated
Control risks; unknown or unexpected events, difficult to quantify, approach is based on managing uncertainty of events. Cause doubt about the ability to achieve the organisation’s mission. Most difficult to describe. Usually dependant on the successful management of people and thee effective implementation of processes, to be managed
Opportunity risks; relate to risk vs. return, approach based on investment. Usually deliberately sourced or embraced. Most important risk for future success.

Question 48

Q

What are the 5 steps in the credit risk assessment process?

Answer

A

Identify opportunity
Evaluate prospective borrower
Make credit decision
Disburse credit
Monitor credit

Question 49

Q

Explain Corrective risk controls (from PCDD)

Answer

A

Corrective

To correct a risky situation
Often simple and effective, and don’t require elimination of processes. But can be difficult to quantify.
Costs can be disproportionate to benefits.
Often meet regulatory requirements

Question 50

Q

Why analyse risks?

Answer

A

Prioritise risks for treatment
Compare risks with the risk appetite
Achieve consistent perceptions of significance
Inform decisions for resource management
Inform decisions about risk strategy execution
Ensure capital adequacy

Question 51

Q

What is the RIMS definition of ERM?

Answer

A

ERM is a strategic business discipline that supports the achievement of an organisation’s objectives by addressing the full spectrum of it’s risks and managing the combined impact of those risks as an interrelated risk portfolio

Question 52

Q

What are the 3 steps to implementing ERM?

Answer

A

Employ a CRO to oversee implementation
Align with PACED
Assess benefits through FIRM

Question 53

Q

What are the 8 PRA Fundamental Rules for Firms:

Answer

A

Rule 1: A firm must conduct its business with integrity.
Rule 2: A firm must conduct its business with due skill, care and diligence.
Rule 3: A firm must act in a prudent manner.
Rule 4: A firm must at all times maintain adequate financial resources.
Rule 5: A firm must have effective risk strategies and risk management
Rule 6: A firm must organise and control its affairs responsibly and effectively.
Rule 7: A firm must deal with its regulators in an open and cooperative way and must disclose to the PRA appropriately anything relating to the firm of which the PRA would reasonably expect notice.
Rule 8: A firm must prepare for resolution so, if the need arises, it can be resolved in an orderly manner with a minimum disruption of critical services.

Question 54

Q

What was the European financial crisis of 2009-2013

Answer

A

Caused by a sovereign debt crisis, caused by unsustainable spending/borrowing by governments in 17 countries
Outcomes incl. understanding of how government finances impact banking performance, and uncertainty as to who was responsible for resolving banking crises and how this can deepen the problem

Question 55

Q

Describe the COSO ERM cube

Question 56

Q

What are the 6 steps in the process of evaluating a prospective borrower, within the context of the wider 5 step credit risk assessment process?

Answer

A

Evaluate prospective borrower

Internal bank records
Historical and current financial accounts
Management accounts and projections
External credit ratings
Company websites and brochures
Group structure and board information

Question 57

Q

What are the key FS regulatory bodies?

Answer

A

FINMA (Switzerland)
BMA (Bermuda)
Federal Reserve (US)
Financial Reporting Council (UK)
FCA (UK)
PRA (UK)
Credit agencies
Financial Accounting Standards Board (US)
National Association of Insurance Commissioners (US)

Question 58

Q

What is PCDD?

Answer

A

PCDD is a list of risk controls

Question 59

Q

What % impact should Marketplace risks be benchmarked at under FIRM?

Answer

A

0.5% impact on balance sheet 1% annual profit impact loss

Question 60

Q

What control measures can a bank take to improve a weakening credit situation?

Answer

A

Apply a higher rate of interest
Diversify it’s portfolio to reduce concentration risk
Sell some loans to third parties
Syndication 5. Credit default swaps (known as hedging) to share the risk with another party
Securitisation

Question 61

Q

What are the 5 key reasons for outsourcing?

Answer

A

streamlining operations
cost control
freeing up resources for other work
improving quality and service
resources not available internally

Question 62

Q

What are the 3 pillars of Solvency II?

Answer

A

Quantitive requirements, incl. - Level of capital an insurer is expected to hold (e.g. solvency capital requirement; SCR) - Absolute minimum capital level before regulatory intervention (minimum capital requirement; MCR)
Qualitative requirements, incl. - Governance - Supervisory review - Own risk and solvency assessment (ORSA)
Reporting and disclosure requirements, incl. - To the regulator, through the solvency and financial condition report (SFCR) - To the supervisors

Question 63

Q

What are the 7 key issues facing financial services firms

Answer

A

International bank regulation
Interconnectivity and contagion
Shadow banking
Economic performance trends (Banana skins)
Geographical issues
Climate change
New technologies

Question 64

Q

What are the 3 features of the Dodd-Frank Act (2010)

Answer

A

Strengthens supervisory oversight
Gives regulators additional powers to tackle fraud, conflicts of interest, corruption and insider trading
Requires stress testing on 3 different (not prescribed) financial scenarios

Answer 58

A

The risk management process, incl.

Internal environment
Objective setting
Event identification
Risk assessment
Risk response
Control activities
Information and communication
Monitoring

Answer 59

A

Risk appetite is the immediate or short term willingness of an organisation to undertake an activity that involves risk. Risk attitude represents a longer term view of risk.

Answer 60

A

Quantify operational risk
Measure operational risk
Allocate capital

Answer 61

A

Argentinian currency revaluation of 2001
Wall St crash of 1920s
Black Wednesday 1992
Asian financial crisis of 1997
UK property crisis of 1970s
Swedish banking crisis of 1990s
European financial crisis of 2009-2013

Answer 62

A

liquidity risk o the risk that the bank may not be able to meet it’s own obligations to repay deposits or other funding

Answer 63

A

Risk Architecture. Defines roles, responsibilities, communication and structure

Risk Strategy. Risk strategy, appetite, attitudes and philosophy

Risk Protocols. Risk protocols are defined in the risk guidelines Includes rules and procedures and methodologies and tools and techniques

Answer 64

A

Information has to be gathered from many sources

Different methods are needed to gather the information

Generating reliable likelihoods and impacts is difficult

Answer 65

A

The role of the board and senior managers
The qualifications and composition of the board
The importance of an independent risk management function (incl. CRO)
The importance of monitoring risks on a firmwide and individual entity basis
The board’s oversight of compensation systems
The board and senior management understanding of the bank’s operational structure and risks
The importance of supervisors regularly evaluating the bank’s corporate governance policies and their implementation

Answer 66

A

10% fall on share price

National TV event

Answer 67

A

Is the control we chose to implement really the best control for the risk?
Is that control effective in practice?
Does the control provide good value for money?

Answer 68

A

Advantages:

Simple
Wider business focus
Encourages external and strategic thinking
Helps to identify opportunities

Answer 69

A

Profit =

+ (earned premiums + investment income)

– losses (incurred losses + underwriting expenses)

Answer 70

A

insurance and risk transfer
business continuity planning
outsourcing (also a form of risk transfer)
cyber risk

Answer 71

A

Deposits for individuals/SMEs go out at 5 or 10%
Deposits from banks go out at 100%
Deposits from corporates go out at 25% or 7%, depending on the existence of an operational relationship with the corporate

Answer 72

A

ISO / BS31100
IRM
HM Treasury

Answer 73

A

Provides a top down strategic approach
Provides a process for identifying threats to businesses
Helps to understand and articulate business risk appetite/tolerance

Answer 74

A

The Internal Capital Adequacy Assessment Process (ICAAP), from PRA, allows firms to assess their capital adequacy and requires them to have appropriate risk management techniques in place.

This process is summarised in the ICAAP document which should be completed by firms on a regular basis. Regulators review and challenge a bank’s own assessment of capital adequacy and will either agree or, if not satisfied apply a capital add-on to if they do not or have concerns.

Answer 75

A

RIMS (Risk Management Society)

COSO (Committee of Sponsoring Organizations of the Treadway Commission)

IIA (Institute of Internal Auditors)

HM Treasury

Answer 76

A

PESTLE is a way of approaching risk classification, organised by risk type

Answer 77

A

1. VaR
1. Expected shortfall
1. Stress testing

Answer 78

A

the bank’s risk management system is conceptually sound and is implemented with integrity
the bank has enough staff skilled in the use of sophisticated models in trading areas, risk control, audit and back office functions
the bank’s models have a proven track record of measuring risk with reasonable accuracy
the bank regularly conducts prescribed stress tests.

Answer 79

A

The 4Ps
Timescale of impact
FIRM
COSO ERM cube
IRM standard
Source-based
PESTLE

Answer 80

A

Risk management is an integral part of all organisational activities
Structured and comprehensive approach is required
Framework and processes should be customised and proportionate
Appropriate and timely involvement of stakeholders is needed
Risk management anticipates, detects, acknowledges and responds to changes
Risk management explicitly considers all limitations of available information
Human and cultural factors influence all aspects of risk management
Risk management is continually improved through learning and experience

Answer 81

A

Long term risks may be up to 5 years, and relate to strategic decisions
Medium term risks may be up to 1 year, and associated with projects or programmes
Short term risks are immediate – probably the easiest to identify and mitigate

Answer 82

A

Avoid the risk (by not undertaking the activity that leads to it)
Taking or increasing the risk in order to pursue an opportunity
Retaining the risk by informed decision
Changing the likelihood (where possible)
Changing the consequences (incl. contingency planning)
Sharing the risk (e.g. through commercial contracts)

Answer 83

A

ERM is a rigorous and coordinated approach to assessing and responding to all risks that affect the achievement of an organisation’s strategic and financial objectives

Answer 84

A

Financial benefits arising from better allocation of funds, monitoring of expenditure and reduced exposure to fraud
Infrastructure benefits incl. fewer IT failures
Reputation benefits
Marketplace benefits

Answer 85

A

Risk framework (Basel II for banks, including the 4 key principles)
Processes for identifying risk in the organisation, incl. quantification approaches
Risk appetites
Risk reporting
An annual submission that reflect the above (ICAAP for banks, or ORSA for insurers)

Answer 86

A

Principles of risk management have been reviewed
Importance of top level leadership, as is governance
Greater emphasis on the iterative nature of risk management
The content is streamlined with a greater focus on sustaining an open systems model

Answer 87

A

Hacking
DDOS
Viruses
Information theft
Identity theft
Industrial espionage
Email fraud
ATM fraud
Cyber money laundering
Theft

Answer 88

A

retail banks serving retail customers
wholesale banks serving corporate customers
central banks set monetary policy, liaises with other central banks and sometimes acts as a regulator

Answer 89

A

Directive

To direct to a particular outcome
The most frequent
Wide range of controls, but low levels of confidence
Not reliable on their own, but always part of the bigger control system

Answer 90

A

Exist In mature or declining markets
Explore Opportunities
Exploit Opportunities until competitors arrive
Expand Depending on risk appetite
Exit If risk exceeds appetite

Answer 91

A

Systemic risk is the risk that an entire banking system may face losses or collapse. Often caused by macroeconomic or monetary events such as currency devaluation, or from a single, systemically important, bank failing

Answer 92

A

PACED is a list of key features in an approach to risk management frameworks

Answer 93

A

Preventative
Corrective
Detective
Directive

Answer 94

A

Mandatory obligations on the organisation
Assurance regarding the management of significant risks
Decisions that pay full regard to risk considerations
Effective and efficient core processes

Answer 95

A

Accounting issues
Company issues
Management issues
Liquidity issues
Industry issues

Answer 96

A

Infrastructure

Efficiency and competitive advantage
Achievement of the state of no disruption
Improved staff and supplier morale
Targeted risk and cost reduction
Reduced operating costs

Answer 97

A

Reputational

Regulators satisfied
Improved utilisation of company band
Enhanced shareholder value
Good reputation and publicity
Improved perception of organisation

Answer 98

A

Risk management is the coordination of activities to direct and control and organisation with regard to risk

Answer 99

A

Provides a qualified answer to the question: “how much could we lose in the next day”
VAR is not a worse case view, but is a view of confidence
Involves calculating the current position as well as possible return values, over a given period
VaR can be calculated using the historical method, the variance-covariance method and the Monte Carlo simulation.
But, VaR is not a measure of maximum loss. And we can never be certain that the historical data that we’re using to predict the future is so complete

Answer 100

A

An aggressive CEO, and change of CROs
RBS had grown acquisition and increasing market penetration
Not all risks were adequately quantified or reported
Recommendations from risk staff were not always sought or acted upon where provided
The bank had an aggressive risk culture
Risks were compartmentalised with credit, market and operational risks separated out Stephen Hester stated, ‘it was not detailed risks than made RBS weak’ but ‘the macro imbalances’ which included the over-reliance on external funding as well as a build-up of risk concentrations and exposures that were not effectively reported or managed.

Answer 101

A

In 1989, following the October 1987 financial market crash. Dennis Weatherstone, chairman of the bank JP Morgan, was famously calling for a ‘4:15 report’ after the time it was prepared each afternoon.

The report combined all the firm’s data on market risk in one place. The intention was that it should contain information sufficient to answer the question: How much could the bank lose if tomorrow turns out to be a relatively bad day?’

Answer 102

A

Links IT to business objectives 2. Organises IT activities into generally accepted process models 3. Identifies major IT resources to be leveraged 4. Defines management control objectives that need to be considered

Answer 103

A

borrowers may submit loan repayments late or fail to do so
depositors may demand money bank at a faster rate than the bank has reserved for
market interest rates may change and hurt the value of the bank’s loans
investments made by the bank may lose value
bank may discover it as acted in a way contrary to the law or regulation, and be fined
human error or fraud may lead to losses

Answer 104

A

MADE2 are the benefits of risk management frameworks

Answer 105

A

FIRM is used to demonstrate the benefits of an effective risk management framework:

Answer 106

A

COBIT is a framework created by ISACA for information technology management and IT governance

Answer 107

A

Transfer (to another party)
Terminate (any activity that generates the risk)
Tolerate (the risk)
Treat (to reduce the likely impact or exposure)

Answer 108

A

Political
Economic
Social
Technological
Legal
Environmental

Answer 109

A

0.25% impact on balance sheet 2.5% impact on profit

Answer 110

A

Strategic – high level goals that support a mission
Operations – effective and efficient use of resources
Reporting – reliability of reporting
Compliance – compliance with laws and regulation

Answer 111

A

develop a security culture, driven from the top down
have good governance around cyber security
identify key assets and appropriate protections
have adequate detection capabilities so firms know if they are being attacked
have systems and controls to ensure recovery and response in the event of an attack

Answer 112

A

Preventative (the most important)
To stop the risk from occurring
Highly successful, but can be time consuming or expensive, or could eliminate opportunities

Answer 113

A

The categories of organisational objectives, incl.

Strategic - Operations - Reporting - Compliance

Answer 114

A

IRM : The amount of risk that an organisation is willing to seek or accept in the pursuit of long term objectives
ISO Guide 73: the amount and type of risk that an organisation is willing to pursue or retain
Orange Book: the amount of risk that an organisation is prepared to accept tolerate or be exposed to at any point in time
CIIA: the level of risk that is acceptable to the board or management

Answer 115

A

Risk identification (most important): What might happen (the event)?
Risk analysis: How likely is it to happen? If it does, what might the impact be?
Risk evaluation: So what? Is it within our risk appetite and tolerance?

Answer 116

A

Proportionate to the level of risk in an organisation - Aligned with other business activities - Comprehensive, systemic and structured - Embedded within business procedures and protocols - Dynamic, iterative and responsive to change

Answer 117

A

The standardised approach 2. Foundation Internal Ratings Based Approach (F-IRB) 3. Advanced Internal Ratings Based Approach (A-IRB)

Answer 118

A

Top down (Portfolio – business line – business unit) • Establishes a general assessment of risk and then refines down risks into individual components. 2. Bottom up (business unit – business line – portfolio) • Business units are individually analysed for their risks and this is aggregated upwards to build a risk profile

Answer 119

A

Collecting deposits 2. Arranging payments 3. Making loans

Answer 120

A

Value at risk (VaR) is a statistic that measures and quantifies the level of financial risk within a firm, it’s portfolio or it’s position over a specific time frame.

Answer 121

A

Internal environment – the tone of the organisation and how risk is viewed and addressed
Objective setting – must exist before management can identify potential events affecting their achievement
Event identification – internal and external events must be identified, including risks and opportunities
Risk assessment – risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed
Risk response – management accepts risk responses, including - Avoiding - Accepting - Reducing - Sharing
Control activities – policies and procedures are established and implemented
Information and communication – relevant information is identified, captured and communicated so that people can fulfil their responsibilities
Monitoring – the entirety of ERM is monitored and modifications made as necessary

Answer 122

A

Audit oversight Supports bottom up risk models Looks at individual business processes
Critical self assessment Business units look at their own risks Bottom up process
Risk mapping Bottom up process Links types of operational risks to business units, process flows and organisational units
Causal networks Map of factors that directly or indirectly cause an operational risk event Captures causes of risks Bottom up approach
KRIs Top down and bottom up Measure change in risks over time Assumes that activities with KRIs increase leads to severity and impact increasing Uses early warning signs to estimate potential losses
Actuarial models Uses mathematical modelling to determine potential losses Bottom up or top down
Earnings volatility Assumes that variations in earnings reflect operational risk events Relies on historical data Top down approach Vulnerable to not identifying changes in business processes

Answer 123

A

• Pillar 1 – calculate how much capital you need to hold to support risk exposures for credit, market and operational risk (for banks) and these plus insurance risk (for insurers) using one or more of the approaches permitted by the regulators. • Pillar 2 – explain what other major risks you are exposed to, how you calculate these exposures and what level of capital you require to support these exposures. These risks can include interest rate risk, liquidity risk and pensions risk but will also include risks relevant to the use of models.

Answer 124

A

Repayment – can the creditor repay - Restructure – the creditor business - Reschedule – e.g. change the loan

Answer 125

A

Detective

To identify where undesirable situations have occurred
Closely related to monitoring
Simple to administer, and essential.
But, are post-event

Answer 126

A

FS is 6.9% of the total economic output
50% of FS is in London
FS contributed £132bn to the UK economy
FS has 1.1m jobs I the UK (3.2% of the total)
UK exports £60bn
UK imports £18bn

Brainscape's Knowledge GenomeTM

DNU - OLD Flashcards

Brainscape's Knowledge Genome^TM