Chapter 2 Learning Outcomes Flashcards

1
Q

Explain how the components of a risk governance framework interact.

A

The key components that interact within a risk governance framework are:
* The governing body (e.g. board) which has ultimate responsibility for risk governance.
* Risk owners in the business lines and support functions. They are responsible for day-to-day risk management.
* Risk oversight functions like risk management and compliance, which provide independent oversight over the first line.
* Risk assurance through internal audit, which reviews the effectiveness of the framework.

These comprise the three lines of defence model for risk governance. There are clear segregations of duty but also significant interaction, communication and reporting flows between the components to ensure accountability.

(Section 2.1.1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the roles and responsibilities of the operational risk function

A

The operational risk function, typically sitting within the second line of defence:
* Develops and implements the risk management framework firm-wide
* Ensures consistent risk assessment standards and reporting
* Provides oversight advice to the first line
* Assesses risk levels against appetite
* Designs and implements risk reporting and analytics
* Embeds risk awareness across the firm
* Reviews risks in strategic initiatives and transactions
To be effective, it requires adequate authority, independence and resources.

(Section 2.2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe the accountabilities, roles and responsibilities in the management of operational risk

A
  • The governing body has ultimate accountability. It sets strategy and appetite, approves policies, oversees framework implementation, and ensures management is held accountable.
  • Sub-committees like risk and audit support governing body oversight. Audit is fully independent, while risk committee advises on risk strategy and culture.
  • The risk management function, headed by the CRO, provides firm-wide oversight and challenge around risk governance and policies. It directly manages risks.
  • The business lines and support functions have day-to-day accountability for risk decisions and managing risk exposures.
  • There are also risk teams dedicated to domains like compliance, HR and IT

(Sections 2.3.1 to 2.3.6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain the needs and expectations of external stakeholders in relation to operational risk

A
  • Regulators expect adoption of sound risk management principles spanning culture, governance, ID/assessment, monitoring/reporting, resilience as per global standards.
  • Investors want clear communication on risk approach, framework, exposures for assurance and comparison.
  • Customers expect fair treatment, products suiting their needs, clear information and service reliability.
  • Third parties like suppliers require strong contracts, reporting, adequate resourcing and governance of partnerships.
  • Rating agencies do assessments based on quality of risk management including culture, beyond financials

(Section 2.4.1 to 2.4.5)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly