Chapter 3: Risk Definition and Taxonomy

Question 1

What is the definition of technology in the context of risk?

Answer 1

Not a risk itself, but a resource. Risks related to technology are potential incidents like system interruptions or application crashes.

Question 2

What is manual processing considered in risk management?

Answer 2

A risk driver, not a risk. It increases the likelihood of errors, such as valuation or accounting mistakes.

Question 3

How is compliance and regulatory change defined in risk management?

Answer 3

An obligation, not a risk. It introduces risks like compliance breaches due to complex regulations.

Question 4

What does inadequate supervision/training lead to in risk management?

Answer 4

Control failures, not risks. They can lead to risks like internal fraud or customer dissatisfaction.

Question 5

How should risks be defined?

Answer 5

Negative events, uncertainties, incidents, or accidents.

Question 6

What question can help define risks clearly?

Answer 6

‘What could go wrong?’

Question 7

What does risk management taxonomy refer to?

Answer 7

A classification scheme that organizes risks, causes, impacts, and controls into a MECE system.

Question 8

What is the Basel definition of operational risk?

Answer 8

The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events.

Question 9

List the common impact categories in risk management.

Answer 9

• Financial Loss
• Reputation Damage
• Regulatory Non-compliance
• Customer Detriment
• Service Disruption

Question 10

What are the categories of causes of operational risk according to Basel’s PPSE Framework?

Answer 10

• People
• Processes
• Systems
• External Events

Question 11

What are the types of controls in risk management?

Answer 11

• Preventive Controls
• Detective Controls
• Corrective Controls
• Directive Controls

Question 12

What do preventive controls aim to achieve?

Answer 12

Reduce the likelihood of risks by addressing potential causes before they materialize.

Question 13

What is the purpose of detective controls?

Answer 13

Focus on identifying risks during or shortly after they occur.

Question 14

What is the aim of corrective controls?

Answer 14

Mitigate the impacts of incidents by repairing damage or compensating for losses.

Question 15

What do directive controls provide?

Answer 15

Guidelines and procedures to structure operations and reduce risks.

Question 16

What is the structure of risk taxonomy anchored by?

Answer 16

The categories of impacts, causes, and controls.

Question 17

What do Level 1 Basel categories represent?

Answer 17

The highest-level category, providing a broad classification of risks.

Question 18

What is the characteristic of Level 2 Basel categories?

Answer 18

A more detailed version of Level 1, offering specific subcategories.

Question 19

What is the role of Level 3 Basel categories?

Answer 19

Provides examples and illustrations, not officially recognized for regulatory purposes.

Question 20

True or False: The Basel Committee recognizes three levels of regulatory categories.

Answer 20

False.

Question 21

What has contributed to the evolving risk landscape since the late 1990s?

Answer 21

Technological advancements and mass digitization have increased cybercrime risks.

Question 22

What new risks have emerged due to global business transformations?

Answer 22

Risks related to outsourcing, project management, and information management.

Question 23

What highlighted the need for improved regulation after 2008?

Answer 23

The 2008 financial crisis.

Question 24

What should firms consider when developing a risk taxonomy?

Answer 24

Current challenges and exposures, considering technological, regulatory, and operational changes.