Chapter 2 MCQ Flashcards

1
Q

Which of the following best describes the first line of defense in operational risk management?

A) Internal Audit
B) Risk Management Department
C) Business Line Managers
D) External Regulators

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the primary purpose of an operational risk governance framework?

A) To ensure compliance with external regulations
B) To outline the responsibilities for risk management within the organization
C) To provide a set of guidelines for financial reporting
D) To manage the firm’s investment strategies

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary purpose of an operational risk governance framework?

A) To ensure compliance with external regulations
B) To outline the responsibilities for risk management within the organization
C) To provide a set of guidelines for financial reporting
D) To manage the firm’s investment strategies

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following best describes the first line of defense in operational risk management?

A) Internal Audit
B) Risk Management Department
C) Business Line Managers
D) External Regulators

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Operational risk policy should NOT include which of the following?

A) Ethical and behavioral guidelines
B) Detailed personal information of all employees
C) Glossary of terms related to operational risk
D) Roles and responsibilities related to operational risk management

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk culture in an organization is primarily established by which body?

A) External Auditors
B) The Governing Body
C) First Line Managers
D) Third Line of Defense

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The ‘use test’ in the context of operational risk management refers to:

A) The frequency of audit tests
B) The practical application of risk assessments in decision-making
C) A legal requirement for operational risk policies
D) The validation of external data sources

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who is responsible for providing independent oversight and challenge to the first line of defense?

A) Internal Audit
B) Business Line Managers
C) Risk Management Function
D) External Consultants

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What role does the third line of defense play in operational risk management?

A) Implementing operational risk controls
B) Providing assurance on the effectiveness of the risk management framework
C) Developing the operational risk policy
D) Directly managing identified risks

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Continuous review and change in operational risk management is important for:

A) Meeting annual financial targets
B) Adapting to changes in the external environment
C) Fulfilling employee performance evaluations
D) Ensuring the stability of IT systems

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is NOT a component of the operational risk management framework?

A) Risk and Control Self-Assessment (RCSA)
B) Annual leave policy
C) Scenario analysis
D) Key Risk Indicators (KRIs)

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The operational risk function’s independence is crucial for:

A) Facilitating risk transfer agreements
B) Ensuring unbiased oversight and challenge
C) Implementing new IT systems
D) Conducting employee training programs

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

External stakeholders in operational risk management include all EXCEPT:

A) Regulators
B) Investors
C) Competitors
D) Customers

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which statement best reflects the importance of risk culture in an organization?

A) It determines the organization’s stock price
B) It influences behavior towards risk management across the organization
C) It is relevant only to the risk management department
D) It has no impact on operational risk management

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Operational risk policies should be:

A) Kept confidential from junior employees
B) Communicated clearly to all relevant staff
C) Updated only when there is a significant loss event
D) Developed without input from the governing body

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In the ‘three lines of defense’ model, who provides independent assurance on risk management?

A) The governing body
B) Business line managers
C) Internal audit
D) Risk management function

A

C

17
Q

A key role of the second line of defense is to:

A) Directly manage operational risks
B) Provide independent oversight and challenge
C) Execute day-to-day operations
D) Audit financial statements

A

B

18
Q

Operational risk management is successful only if:

A) It is isolated within a single department
B) External auditors are involved in daily operations
C) Set within a robust governance framework
D) Focused solely on financial risks

A

C

19
Q

What does an effective risk and control environment within the business require?

A) Only automated control systems
B) Strict external regulation
C) Adequate resources, tools, and training
D) A focus on financial reporting

A

C

20
Q

Which of the following best describes the role of external stakeholders in operational risk management?

A) They are responsible for setting the firm’s risk appetite
B) Their needs and expectations must be recognized and addressed
C) They directly manage the firm’s operational risks
D) They provide day-to-day risk oversight

A

B

21
Q

The purpose of the operational risk management policy includes all EXCEPT:

A) Defining the firm’s definition of operational risk
B) Outlining the detailed financial goals of the firm
C) Communicating roles and responsibilities in risk management
D) Describing the operational risk management framework

A

B

22
Q

Which statement is true regarding the ‘three lines of defense’ model?

A) It clearly separates operational risk management from other risk types
B) It is a rigid structure with no overlap between the lines
C) It involves shared responsibilities across the organization for managing risk
D) Only the first line is involved in risk identification and mitigation

A

C

23
Q

Risk appetite statements are important because they:

A) Detail the exact financial targets of the firm
B) Define the level of risk the organization is willing to accept
C) Are required for legal compliance in all jurisdictions
D) Specify IT security protocols

A

B

24
Q

Risk appetite statements are important because they:

A) Detail the exact financial targets of the firm
B) Define the level of risk the organization is willing to accept
C) Are required for legal compliance in all jurisdictions
D) Specify IT security protocols

A

D

25
Q

Which best explains the significance of continuous review and change in operational risk management?

A) It ensures policies remain unchanged over time
B) It helps adapt to the dynamic nature of the external environment
C) It minimizes the need for internal audits
D) It allows for the outsourcing of the internal audit function

A

B

26
Q

The ‘use test’ in operational risk management ensures that:

A) Risk assessments are only used for regulatory purposes
B) Risk management practices are integrated into business processes
C) External audits are conducted annually
D) Policies are reviewed only when significant losses occur

A

B

27
Q

What role do external stakeholders (e.g., regulators, investors) play in operational risk management?

A) They are directly involved in day-to-day risk management activities
B) They set the firm’s operational risk management policies
C) Their needs and expectations influence the firm’s operational risk management approach
D) They provide independent assurance on the firm’s risk management

A

C