Chapter 5: Risk Appetite

Question 1

What is risk appetite?

Answer 1

The amount of risk an organization is ready to take in pursuit of its strategic objectives.

Question 2

Since when has the concept of risk appetite been included in corporate governance codes?

Answer 2

Since the 1990s.

Question 3

Who is responsible for ensuring that a firm operates within its risk appetite?

Answer 3

The board.

Question 4

What significant event increased attention to the concept of risk appetite?

Answer 4

The financial crisis of 2008.

Question 5

What does defining a risk appetite involve?

Answer 5

Assessing possible risks, establishing boundaries for acceptable and unacceptable incidents, and creating necessary controls.

Question 6

What is a common alternative term for ‘risk appetite’?

Answer 6

Risk tolerance.

Question 7

Why do some organizations dread defining risk appetite?

Answer 7

It may uncover inner contradictions between what is officially stated and what is happening in reality.

Question 8

What is the role of the risk function in relation to risk appetite?

Answer 8

To provide conceptual and methodological assistance to define risk appetite and monitor risk exposure.

Question 9

True or False: Operational risks are perceived as purely downside risks.

Answer 9

True.

Question 10

What is the relationship between risk and reward in investment portfolios?

Answer 10

The bigger the volatility, the larger the possible upside and downside.

Question 11

What are the two types of risks that have well-defined returns?

Answer 11

• Credit risk
• Market risk

Question 12

What is often ignored by financial firms regarding operational risk?

Answer 12

The revenues generated by operational risk.

Question 13

What are some examples of significant operational risk incidents?

Answer 13

• Barings
• Arthur Andersen
• MF Global
• Knight Capital

Question 14

What must be balanced in operational risk management?

Answer 14

The benefits of operational risk and the potential for damage.

Question 15

What analogy is used to describe managing risk?

Answer 15

Handling a rebellious child.

Question 16

What is a common flaw in risk appetite statements?

Answer 16

They often express what is not wanted without specifying how to avoid those events.

Question 17

What are the five elements of a comprehensive risk appetite framework?

Answer 17

• Risk appetite statements
• Risk tolerance
• Key controls
• Risk limits
• Governance

Question 18

How do some firms categorize their risk appetite levels?

Answer 18

• Averse
• Cautious
• Open
• Seeker/Hungry

Question 19

What does the COSO approach suggest about risk tolerance?

Answer 19

It is the quantitative expression of risk appetite.

Question 20

What is the concept of ALARP?

Answer 20

As Low As Reasonably Practicable.

Question 21

What is essential for effective risk appetite structures?

Answer 21

Governance.

Question 22

What should monitoring tools provide management?

Answer 22

Relevant information and assurance that the business operates as it should.

Question 23

Fill in the blank: Risk appetite is often expressed through maximum ______ for events.

Answer 23

tolerance

Question 24

What is risk appetite?

Answer 24

The amount and type of risk that an organization is willing to take in order to achieve its objectives.

Question 25

What does ALARP stand for?

Answer 25

As Low As Reasonably Practicable.

Question 26

How do large banks express their risk appetite?

Answer 26

Through internal controls to limit certain losses at certain probabilities of occurrence.

Question 27

What is the difference between risk appetite statements and risk tolerance statements?

Answer 27

Risk appetite statements express the level of risk an organization is willing to accept, while risk tolerance statements define the specific limits of risk exposure.

Question 28

True or False: A market infrastructure firm has a minimum appetite for failures in its core business process.

Answer 28

True.

Question 29

Fill in the blank: A retail bank has ______ for intentional breaches of conduct in its sales process.

Answer 29

no tolerance.

Question 30

What is the accepted threshold for isolated conduct breaches in the retail bank example?

Answer 30

0.2% of the sales force.

Question 31

What does the legal and compliance risk statement aim to minimize?

Answer 31

Legal and compliance risks in all business operations and countries of operation.

Question 32

What happens if there is a known deviation from rules and regulations in the example provided?

Answer 32

It must be escalated within five working days and resolved within 20 working days.

Question 33

In the governance structure of risk appetite, who designates risk owners?

Answer 33

The organization.

Question 34

What is the top-down approach to defining risk appetite?

Answer 34

Risk appetite is defined by the board and allocated to different businesses.

Question 35

What is the bottom-up approach to defining risk appetite?

Answer 35

It reflects the accepted level of risk-taking in a firm based on observed business practices.

Question 36

True or False: Comparing top-down and bottom-up risk appetite statements can reveal discrepancies.

Answer 36

True.

Question 37

What are some examples of top-down statements related to risk appetite?

Answer 37

* The organization has no appetite for data breaches * The board will not tolerate any violation of ethics * The institution has no appetite for physical security incidents.

Question 38

What reflects risk appetite at the board level?

Answer 38

The level of capital the firm holds compared to minimum regulatory requirements.

Question 39

Fill in the blank: The risk appetite is expressed as a tolerance level for ______.

Answer 39

losses.

Question 40

What is a key indicator of a firm taking too much risk?

Answer 40

When risk exposure exceeds the firm's capacity to absorb loss.

Question 41

What are the top four key risk indicators for operational risk in firms?

Answer 41

* Aggressive profit growth targets * Under-investment in infrastructure and people * Regulatory negligence * Wishful risk appetite statements not tied to actual controls.

Question 42

What is a potential consequence of willful blindness in risk assessment?

Answer 42

Excessive risk-taking.