Chapter 2 - Key Learning Questions Flashcards
What are the fundamentals components of a firm’s risk governance framework?
The fundamental components of the risk governance framework comprises of:
* the governing body,
* the risk owners,
* those who fulfil risk oversight functions and
* those who fulfil risk assurance.
(Section 2.1.1)
Do you understand how to distinguish operational risk as a discipline and as a function?
Operational risk as a discipline falls on every individual in a firm, as an inherent part of their day-to-day responsibilities. Operational risk as a function refers to the independent risk management department that oversees operational risk.
(Section 2.1.1)
What are the key aspects of the three lines of defence model?
The key aspects are: first line - risk owners; second line - risk oversight; third line - risk assurance
(Section 2.1.1)
What the key topics included within a firm’s operational risk policy?
- Purpose and scope,
- definitions,
- risk appetite statement,
- roles and responsibilities,
- overview of ORM framework and
- processes, ethical and behavioral guidelines,
- glossary.
(Section 2.1.2)
What are the indicators of a robust and weak risk culture?
- Robust: tone at the top, clear communication of values, clarity of roles and responsibilities, aligned incentives.
- Weak: lack of commitment from leadership, poor communication, misaligned incentives.
(Section 2.1.3)
What does the concept of “use test” cover and how it can be applied to operational risk management?
It tests that operational risk tools and processes are actually embedded and used, not just developed to satisfy regulatory needs. This can be evidenced through meeting minutes, risk reporting, control assessments, etc
How should changes to the internal and external business environment be considered for the management of operational risk?
Changes should be continually identified and risks reassessed accordingly on an ongoing basis, with review frequency based on risk criticality
(Section 2.1.5)
What are the key responsibilities and accountabilities of the governing body in management of operational risk?
Establishing strategy, risk appetite and culture; approving policies and roles; overseeing operational risk framework; holding management accountable.
(Section 2.3.1)
What are the key responsibilities and accountabilities of the risk committee in management of operational risk?
Primary risk oversight on behalf of board; advises on risk strategy, appetite and culture.
(Section 2.3.2)
What are the key responsibilities and accountabilities of the audit committee in management of operational risk?
Ensures appropriateness of financial reporting and controls; oversees internal audit.
Section 2.3.3)
What are the key responsibilities and accountabilities of the risk management function in management of operational risk?
Oversight and challenge of risk management framework and policies; independent of business lines.
(Section 2.3.4)
What are the key responsibilities and accountabilities of the chief risk officer in management of operational risk?
Leadership and direction setting for risk management; policy development; establish risk framework and oversight infrastructure; advise management.
(Section 2.3.5)
What are the key needs and expectations of regulators in relation to a firm’s management of operational risk?
Adoption of principles around operational risk culture, governance, appetite, identification and assessment, change management, monitoring, control and mitigation, resilience and continuity.
(Section 2.4.1)
What are the key needs and expectations of investors from a firm towards management of operational risk?
Communication on risk approach, process and exposures to provide assurance and enable comparison across firms.
(Section 2.4.2)
What are the key needs and expectations of customers from a firm towards management of operational risk?
Fair treatment, appropriate products, clear information, products/services that meet expectations.
(Section 2.4.3)