Chapter 5 Key Learning Questions Flashcards

1
Q

Examine the nature of risk and control self-assessments in the management of operational risk

A

Risk and Control Self-Assessment (RCSA) is a process for identifying, recording and assessing risks and controls. It enables firms to proactively manage key risks to avoid impacting objectives.
It involves identifying, assessing, monitoring and reporting on risks and controls. RCSA can be undertaken at various organizational levels and is more effective when integrated into the operational risk framework, with clear governance and senior management engagement.

(Introduction, 5.1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the benefits of risk and control self-assessments

A

Benefits include: cultural change with operational risk management embedded across the organization; alignment of risk management to strategy and performance; open discussion and consensus building on risks; clear accountability through assigned owners; anticipating threats; process efficiencies and improvements.

(5.2, Table)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain the role of risk and control self-assessments in identifying operational risk.

A

RCSA has a key role in proactively identifying operational risks, both new/emerging risks and existing risks. Failure to identify risks prevents understanding of likelihood and impact. Information sources for identifying risks include the risk categorization scheme, internal/external loss data, indicators, objectives, complaints, planning outputs and upcoming changes.

(5.3, 5.3.1, 5.3.2, 5.3.3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Consider the advantages and disadvantages of different methods for undertaking risk and control self-assessments.

A

Methods include workshops, questionnaires, interviews, hybrid approaches. Relative advantages/disadvantages of each cover aspects such as time, participation, consensus building, consistency, bias. Need to consider governance, culture, size and complexity when selecting approach.

(Table 5.4)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain the concepts of likelihood and impact in assessing operational risk and controls.

A

Assessing risks involves judging likelihood (possibility) of occurring and expected impact (consequences) if it does occur. Impacts cover financial/non-financial, direct/indirect. Likelihood and impact are combined on a matrix showing level of exposure. Assess before and after controls to understand exposures and reliance on controls.

(5.5, 5.5.1, 5.5.2, Fig 5.5.3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Examine the nature and role of controls

A

Controls aim to reduce likelihood or impact. Types include preventative, detective, corrective and directive. Key controls provide most defence. Assessing design and operating effectiveness determines if controls are effective overall.

(5.6, 5.6.1-5.6.4, Fig 5.6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain the roles and relationships between risk owners and control owners.

A

Risk owner manages identification, assessment and reporting of risks. Control owner designs and operates controls and monitors effectiveness. Close communication needed to align mitigation with risk exposure.

(5.7, 5.7.1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe common methods of reporting risk and control self-assessments.

A

Reporting includes executive summary, scope, changes in profile, assessments, actions, heat maps. Should be relevant, guide decisions, timely and evolve to meet needs. Present data and interpretation. (5.8, 5.8.1-5.8.6)

(5.8, 5.8.1-5.8.6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly