Operational Risk

Question 1

Types of Risk in Regulatory Def

Answer 1

Internal fraud, external fraud, employment practices and workplace safety, business practices (client facing), damage to physical assets, business disruption and system failures, process management.

Question 2

Unofficial definition

Answer 2

Operation risk is everything that is not credit and market risk.

Question 3

Risk management framework

Answer 3

A representation of actions, techniques or tools deployed to manage the risk of an entity.

Question 4

Four main activities of risk management

Answer 4

Risk identification, risk assessment, risk mitigation and risk monitoring.

Question 5

Corollary definition of risk

Answer 5

Risk of impact due to event, caused by cause.

Question 6

Exposure

Answer 6

The surface at risk.

Question 7

Environment

Answer 7

This refers both to external and internal environments, which are controllable only to a certain extent.

Question 8

Internal business environment

Answer 8

The organizational features of the firm, such as effective straight-through processing, competent staff and inspiring leaders.

Question 9

Strategy

Answer 9

The most controllable part of risk causes. A major driver of exposure to operational risk.

Question 10

Events

Answer 10

Risks turn into ‘events’ or ‘incidents’ when they become a reality rather than a possibility. An event is the materialization of a risk.

Question 11

Preventative controls

Answer 11

Besides process design and sensible organization of tasks, internal controls are the main methods for risk reduction.

Question 12

Corrective controls

Answer 12

Reaction once an incident occurs, early intervention and contingency planning.

Question 13

Risk identification

Answer 13

Exposures and vulnerabilities, risk wheel, root causes of impact, past losses and near misses, process mapping interviews.

Question 14

Risk assessment

Answer 14

Expected losses, RCSA, scenarios.

Question 15

Risk mitigation

Answer 15

Internal controls & testing/bowtie analysis + preventative action plans.

Question 16

Risk monitoring

Answer 16

KPI, KRI, risk reporting.

Question 17

Examples of top down

Answer 17

Risks to strategy, emerging risks, global trends, major threats.

Question 18

Examples of bottom up

Answer 18

Operational efficiency, organized processes, efficient systems, competent staff.

Question 19

Types of Exposures

Answer 19

Key distribution channels, main clients, main suppliers and third parties, critical systems, regulatory exposure, main drivers of revenues, brand value.

Question 20

Types of Vulnerabilities

Answer 20

Weakest links, fragile systems, revenue channels at risk, systems or processes not integrated, parts of the business resistant to risk management, unmonitored operations or people, unmaintained systems, BCP due for testing or updates.

Question 21

The Risk Wheel

Answer 21

Governance, strategic objectives, reward & value, political & social, reputation & ethics, technology, project & change, regulation, legal liability, natural events, information, business continuity.

Question 22

Scenario analysis

Answer 22

The assessment and management of the exposure to high severity, low frequency events on the firm.

Question 23

Scenario analysis steps

Answer 23

Preparation and governance, generation and selection, assessment, validation, incorporation into management, scenario aggregation, incorporation into capital.

Question 24

Preparation documents

Answer 24

External loss data, internal loss data, RCSA results, key risk indicator scores, audit issues and other issue logs, concentrated exposures, relevant documents for risk and exposure assessment.

Question 25

Internal fraud

Answer 25

Losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involve at least one internal party.

Question 26

External fraud

Answer 26

Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party.

Question 27

Employee practices and workplace safety

Answer 27

Losses arising from acts inconsistent with employment, health, or safety laws or agreements, from payment of personal injury claims or from diversity/discrimination events.

Question 28

Clients’ products & business practices

Answer 28

Losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements) or from the nature or design of a product.

Question 29

Damage to physical assets

Answer 29

Losses arising from loss or damage to physical assets from natural disaster or other events.

Question 30

Execution, delivery, and process management

Answer 30

Losses from failed transaction processing or process management, from relations with trade counter-parties and vendors.

Question 31

Basel definition of operational risk

Answer 31

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.

Question 32

Preventive

Answer 32

The aim is to reduce the likelihood of risks materializing by mitigating their possible causes.

Question 33

Detective

Answer 33

This takes place during the event or soon after, with early detection helping to reduce impact. There is a preventive element if detection also identifies the cause of an incident.

Question 34

Corrective

Answer 34

This reduces impacts caused by incidents. Damage is repaired or loss is compensated for by using backup and redundancies.

Question 35

Directive

Answer 35

This comprises guidelines and procedures that structure the mode of operations to reduce risks.

Question 36

Risk appetite

Answer 36

Qualitative statements, implicit risk/reward tradeoff, or pure risk avoidance at a cost, per risk category.

Question 37

Risk tolerance

Answer 37

Metrics translating appetite, value at risk, indicators, budget.

Question 38

Key controls

Answer 38

Internal controls and processes ensuring the respect of risk limits.

Question 39

Risk limits

Answer 39

Key indicators and thresholds, allow monitoring, loss budget or incident tolerance.

Question 40

Governance

Answer 40

What to do if limits are breached, risk owners and accountabilities.

Question 41

KRI

Answer 41

Key Risk Indicator.

Question 42

Top four KRIs

Answer 42

Aggressive profit growth targets, under-investment in infrastructure and people, regulatory negligence, top-level wishful risk appetite statements that are not consistently tied to actual controls and limits.

Question 43

RCSA

Answer 43

Risk and Control Self-Assessment.

Question 44

RAU

Answer 44

Risk Assessment Unit.

Question 45

Assessment dimensions

Answer 45

Probability of occurrence, impact if occurring, velocity.

Question 46

RSA

Answer 46

Residual risk self-assessment.

Question 47

Key risks exposures

Answer 47

A view of the magnitude of impacts if key controls are missing or failing.

Question 48

Four types of impact

Answer 48

Financial, regulatory, customer, reputation.

Question 49

SMA

Answer 49

Standardized Management Approach.

Question 50

IMA

Answer 50

Internal Modeling Approach.