Chapter 2 MCQ

Question 1

Which of the following best describes the first line of defense in operational risk management?

A) Internal Audit
B) Risk Management Department
C) Business Line Managers
D) External Regulators

Answer 1

c

Question 2

What is the primary purpose of an operational risk governance framework?

A) To ensure compliance with external regulations
B) To outline the responsibilities for risk management within the organization
C) To provide a set of guidelines for financial reporting
D) To manage the firm’s investment strategies

Answer 2

b

Question 3

What is the primary purpose of an operational risk governance framework?

A) To ensure compliance with external regulations
B) To outline the responsibilities for risk management within the organization
C) To provide a set of guidelines for financial reporting
D) To manage the firm’s investment strategies

Answer 3

B

Question 4

Which of the following best describes the first line of defense in operational risk management?

A) Internal Audit
B) Risk Management Department
C) Business Line Managers
D) External Regulators

Answer 4

C

Question 5

Operational risk policy should NOT include which of the following?

A) Ethical and behavioral guidelines
B) Detailed personal information of all employees
C) Glossary of terms related to operational risk
D) Roles and responsibilities related to operational risk management

Answer 5

B

Question 6

Risk culture in an organization is primarily established by which body?

A) External Auditors
B) The Governing Body
C) First Line Managers
D) Third Line of Defense

Answer 6

B

Question 7

The ‘use test’ in the context of operational risk management refers to:

A) The frequency of audit tests
B) The practical application of risk assessments in decision-making
C) A legal requirement for operational risk policies
D) The validation of external data sources

Answer 7

B

Question 8

Who is responsible for providing independent oversight and challenge to the first line of defense?

A) Internal Audit
B) Business Line Managers
C) Risk Management Function
D) External Consultants

Answer 8

C

Question 9

What role does the third line of defense play in operational risk management?

A) Implementing operational risk controls
B) Providing assurance on the effectiveness of the risk management framework
C) Developing the operational risk policy
D) Directly managing identified risks

Answer 9

B

Question 10

Continuous review and change in operational risk management is important for:

A) Meeting annual financial targets
B) Adapting to changes in the external environment
C) Fulfilling employee performance evaluations
D) Ensuring the stability of IT systems

Answer 10

B

Question 11

Which of the following is NOT a component of the operational risk management framework?

A) Risk and Control Self-Assessment (RCSA)
B) Annual leave policy
C) Scenario analysis
D) Key Risk Indicators (KRIs)

Answer 11

B

Question 12

The operational risk function’s independence is crucial for:

A) Facilitating risk transfer agreements
B) Ensuring unbiased oversight and challenge
C) Implementing new IT systems
D) Conducting employee training programs

Answer 12

B

Question 13

External stakeholders in operational risk management include all EXCEPT:

A) Regulators
B) Investors
C) Competitors
D) Customers

Answer 13

C

Question 14

Which statement best reflects the importance of risk culture in an organization?

A) It determines the organization’s stock price
B) It influences behavior towards risk management across the organization
C) It is relevant only to the risk management department
D) It has no impact on operational risk management

Answer 14

B

Question 15

Operational risk policies should be:

A) Kept confidential from junior employees
B) Communicated clearly to all relevant staff
C) Updated only when there is a significant loss event
D) Developed without input from the governing body

Answer 15

B

Question 16

In the ‘three lines of defense’ model, who provides independent assurance on risk management?

A) The governing body
B) Business line managers
C) Internal audit
D) Risk management function

Answer 16

C

Question 17

A key role of the second line of defense is to:

A) Directly manage operational risks
B) Provide independent oversight and challenge
C) Execute day-to-day operations
D) Audit financial statements

Answer 17

B

Question 18

Operational risk management is successful only if:

A) It is isolated within a single department
B) External auditors are involved in daily operations
C) Set within a robust governance framework
D) Focused solely on financial risks

Answer 18

C

Question 19

What does an effective risk and control environment within the business require?

A) Only automated control systems
B) Strict external regulation
C) Adequate resources, tools, and training
D) A focus on financial reporting

Answer 19

C

Question 20

Which of the following best describes the role of external stakeholders in operational risk management?

A) They are responsible for setting the firm’s risk appetite
B) Their needs and expectations must be recognized and addressed
C) They directly manage the firm’s operational risks
D) They provide day-to-day risk oversight

Answer 20

B

Question 21

The purpose of the operational risk management policy includes all EXCEPT:

A) Defining the firm’s definition of operational risk
B) Outlining the detailed financial goals of the firm
C) Communicating roles and responsibilities in risk management
D) Describing the operational risk management framework

Answer 21

B

Question 22

Which statement is true regarding the ‘three lines of defense’ model?

A) It clearly separates operational risk management from other risk types
B) It is a rigid structure with no overlap between the lines
C) It involves shared responsibilities across the organization for managing risk
D) Only the first line is involved in risk identification and mitigation

Answer 22

C

Question 23

Risk appetite statements are important because they:

A) Detail the exact financial targets of the firm
B) Define the level of risk the organization is willing to accept
C) Are required for legal compliance in all jurisdictions
D) Specify IT security protocols

Answer 23

B

Question 24

Risk appetite statements are important because they:

A) Detail the exact financial targets of the firm
B) Define the level of risk the organization is willing to accept
C) Are required for legal compliance in all jurisdictions
D) Specify IT security protocols

Answer 24

D

Question 25

Which best explains the significance of continuous review and change in operational risk management?

A) It ensures policies remain unchanged over time
B) It helps adapt to the dynamic nature of the external environment
C) It minimizes the need for internal audits
D) It allows for the outsourcing of the internal audit function

Answer 25

B

Question 26

The ‘use test’ in operational risk management ensures that:

A) Risk assessments are only used for regulatory purposes
B) Risk management practices are integrated into business processes
C) External audits are conducted annually
D) Policies are reviewed only when significant losses occur

Answer 26

B

Question 27

What role do external stakeholders (e.g., regulators, investors) play in operational risk management?

A) They are directly involved in day-to-day risk management activities
B) They set the firm’s operational risk management policies
C) Their needs and expectations influence the firm’s operational risk management approach
D) They provide independent assurance on the firm’s risk management

Answer 27

C