Chapter 1: Risk Identification Tools

Question 1

What is the main focus of the Top-Down Approach in risk identification?

To identify what? Who is this conducted by, why?

Answer 1

Strategic risks, major threats, and emerging risks

Conducted by senior management to align with strategic objectives.

Question 2

How often should the Top-Down Approach be conducted?

Answer 2

1-4 times a year, depending on business growth and risk levels.

Question 3

What techniques are involved in the Top-Down Approach?

Answer 3

• Reviewing exposures
• Vulnerabilities
• Risk wheel
• Causal analysis
• Scenario generation

Question 4

What is the primary focus of the Bottom-Up Approach?

Answer 4

Specific vulnerabilities and inefficiencies at the business process level.

Question 5

Which technique is commonly used in the Bottom-Up Approach?

Answer 5

Process mapping and interviews.

Question 6

What is a risk and control self-assessment (RCSA)?

Answer 6

A technique used to identify risks at a granular level.

Question 7

What can result from focusing too granularly in the Bottom-Up Approach?

Answer 7

A collection of small risks, potentially missing the big picture.

Question 8

Why are both Top-Down and Bottom-Up approaches necessary for risk management?

Answer 8

They provide different perspectives and are complementary for a holistic understanding of risks.

Question 9

What is a “key client vulnerability” in risk exposure?

What does this involve?

Answer 9

Involves key clients, distribution channels, central systems.

Question 10

What is one example of a vulnerability in an organization?

Outdated what?

Answer 10

Outdated products/processes.

Question 11

What is the importance of identifying exposures and vulnerabilities?

What does this encourage?

Answer 11

Business-driven and specific, encouraging natural risk discussions.

Question 12

What is the purpose of root cause analysis techniques?

Answer 12

To reflect on business risks beyond incident analysis.

Question 13

What technique can help identify underlying causes of potential issues?

Answer 13

The ‘five whys’ technique.

Question 14

What do internal losses reflect in a firm?

Answer 14

Concentrations of operational risk.

Question 15

What are near misses in risk management?

Answer 15

Incidents that almost occurred but were avoided by luck or external intervention.

Question 16

What is the purpose of process mapping?

Very simply

Answer 16

To identify risks and controls associated with specific tasks.

Question 17

What is an important consideration in process mapping regarding the level of analysis?

Finding the what?

Answer 17

Finding the right balance in detail.

Question 18

What are common symbols used in process mapping?

Answer 18

• Tasks/actions
• Decision points
• Documents
• Manual operations
• Outputs
• Data

Question 19

What does ‘Auditing with Your Feet’ refer to?

Answer 19

Gathering information by walking around, talking to staff, and observing.

Question 20

What is an ‘Amazement Report’?

Answer 20

Captures new employees’ initial impressions.

Question 21

What are the benefits of interviewing key staff?

Answer 21

• Reveals qualitative insights into risks
• Encourages open communication
• Offers historical context and operational insights