Chapter 1 - Introduction

Question 1

What is the difference between risk and uncertainty?

Answer 1

Risk can be measured using probability, whereas uncertainty refers to unknown probabilities of an event happening.

Question 2

What is the ISO definition of risk?

Answer 2

The effect of uncertainty on objectives.

Question 3

What must risk be mapped to in order to be relevant?

Answer 3

Risk must be mapped to a firms objectives, otherwise it is irrelevant.

Question 4

What is the definition of risk (Basel Committee)?

Answer 4

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events

Question 5

What are the 7 types of operational risk categories?

Answer 5

Internal fraud
External fraud
Workplace safety
Clients and products
Damage to physical assets
System failures
Process management and execution

Question 6

What is a non-official way of looking at operational risk?

Answer 6

Operational is all risk, excluding market or credit risk (and liquidity risk). Operational risk is all risk excluding any financial risk.

Operational risk is just noted as risk in other industries.

Question 7

What is the international risk framework published by ISO?

Answer 7

ISO 31000

Question 8

What does a risk framework leverage?

Answer 8

Actions, techniques and tools used to manage the risks of an entity.

Question 9

What does ISO and COSO stand for?

Answer 9

International Organisation for Standardisation and Committee of Sponsoring Organsiations

Question 10

What was COSOs framework called and what risk did it focus on? What did this framework do?

Answer 10

The cube framework focused on enterprise risk. This framework places its vision, risk culture and mission in common circles and details 23 tools and actions for performing enterprise risk management

Question 11

What are the 4 main activities within risk managemenrt?

Answer 11

Identification
Assessment
Mitigation
Monitoring

Question 12

What are the alternative representations of risk?

Answer 12

Sequence: cause - event - impact
Actions - identification - assessment - mitigation - monitoring
Techniques - the tools used for each risk management action

Question 13

What are the 3 parts of sequential risk?

Answer 13

Cause - Event - Impact

Question 14

Under sequential risk management, what are the elements under the cause?

Answer 14

Exposure - what is the overall exposure, i.e. number of employees with access to high value transactions
Environment - Internal and external - external could be expanding. Internal could be risk culture, training
Strategy - business strategy - any major strategy change will lead to a risk appetite change

Question 15

What is a risk event?

Answer 15

A risk event is when potential risk actually materialises.

Question 16

What is a risk impact?

Answer 16

The overall result of the risk materialising - there always be a financial impact as non-financial impacts will eventually lead to a financial impact

Question 18

What are the