Chapter 1 Flash Cards
What is operational risk?
The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events
What are the four primary causal factors of operational risk?
Processes, people, systems, external events
What are the two most common operational risk manifestations?
Business continuity risk and systems/IT risk
Name four common operational risk impacts
Financial efficiency, service, reputation, lost business opportunities
What links cause, event and impact?
The bow-tie model
What goes between cause and event in the bow-tie model?
Preventative controls
What goes between event and impact in the bow-tie model?
Corrective controls
What are the four components of the operational risk management process?
Risk identification, risk assessment, risk response, risk monitoring/reporting
What is the first line of defence in risk governance?
The business units
What is the second line of defence in risk governance?
Central risk management functions
What is the third line of defence in risk governance?
Internal audit
What does RCSA stand for?
Risk and control self assessment
What do risk indicators measure?
Exposure to key risks
What do control indicators measure?
Effectiveness of key controls
What are near misses in operational risk?
Events that could have caused loss but did not
What is scenario analysis for?
Understanding severe but plausible risk exposures
What are 3 key challenges with operational risk reporting?
Lack of integration between operational risk tools
Lack of common definitions and categorisation; Inappropriate tools
What is internal fraud?
Misappropriation of assets by employees
What is external fraud?
Theft of assets or information by external parties
What is employment practices and workplace safety risk?
Discrimination, health and safety violations
What is business disruption and systems failures risk?
Failures of technology infrastructure
What is cyber risk?
Inability to protect digital assets from damage or theft
What is compliance risk?
Failure to comply with laws and regulations
What is legal and litigation risk?
Unexpected legal judgments or unenforceable contracts
What is third party risk?
Losses due to vendors/partners not meeting expectations
What are the 7 regulatory risk event types described in Basel II
1) Internal Fraud
2) External Fraud
3) Employment Practices and Workplace Safety
4) Clients, Products, and Business Practice
5) Damage to Physical Assets
6) Business Disruption and Systems Failures
7) Execution, Delivery, and Process Management
What is Strategic Risk?
Uncertainties that may affect or may be created by an organisation’s business strategy and strategic objectives
What is Credit Risk?
The risk of loss due to counterparty default. It is restricted to default or situations where the counterparty can but refuses to make payment when due
What is Market Risk?
The risk of loss due to adverse economic changes in market conditions, rates or prices or fluctuations in volatility
What is Liquidity Risk?
The risk of not having adequate funds available to meet financial commitments as they fall due. This may be caused by local or foreign economic conditions, a reduction in the firm’s credit rating, or situations where the firm is interested in trading an asset but cannot do so because nobody in the market wants to trade that asset
What is Insurance Risk?
Also known as underwriting risk. Insurance risk is the risk of a claim being made on an insurance policy or underwriting
What is the difference between inherent and unexpected operational risk?
Inherent/Expected risks occur frequently, Unexpected risks occur rarely
What risk looks at market volatility?
Market Risk
What risk looks at disaster, pandemic, cyber threats?
Operational Risk
