Chapter 3: Risk Definition and Taxonomy

Question 1

Q: Is technology a risk?

Answer 1

A: No, technology is a resource. Risks linked to technology are potential incidents like system interruptions or application crashes.

Question 2

Q: What is manual processing in the context of risk?

Answer 2

A: Manual processing is a cause or risk driver, increasing the probability of risks like input errors and omissions.

Question 3

Q: How should compliance and regulatory change be viewed in risk management?

Answer 3

A: Compliance and regulatory change are obligations and constraints, not risks. They bring risks like compliance breaches due to oversight.

Question 4

Q: Are inadequate supervision and insufficient training considered risks?

Answer 4

A: No, they are control failures. They can lead to risks like internal fraud and errors but are not risks themselves.

Question 5

How do you perform risk management taxonomy?

Answer 5

Not only categorizing risks but also recording the causes, impacts and controls
as a MECE system: Mutually Exclusive and Collectively Exhaustive

Question 6

The Basel definition of operational risk?

Answer 6

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”

Question 7

What are the 4 categories of operational risk?

Answer 7

Financial loss
Reputational damage
Reg non-compliance
Customer detriment

Question 8

PPSE?

Answer 8

People, processes, systems, external events

Question 9

What are the four main categories of controls?

Answer 9

Preventative - Mitigate possible causes
Detective - Takes place during or after to detect the issue
Corrective - how loss is compensated
Directive - structure of ops