Chapter 6: Operational Risk Management Framework Flashcards
What are Maturity Models used for in ORM?
To assess the firm’s ORM framework on a 4- or 5-point scale
Examples include assessing from Beginner to Expert levels.
How do firms assess ORM maturity?
Based on their objectives, prioritizing certain areas rather than aiming for ‘expert’ in all
Self-assessment allows for tailored evaluation.
What is an alternative to Maturity Models in ORM?
A list of quality criteria for each part of ORM
This allows firms to evaluate specific aspects of their ORM.
What is a major challenge ORM professionals face?
Proving their value, as compliance alone is not a strong motivator
ORM must be framed as a business investment.
What are key business benefits of ORM?
- Reduced Large Losses
- Improved Profitability
- Increased Productivity
These benefits contribute to a more stable business environment.
What metrics are used to measure reduced large losses in ORM?
- Incident count
- Tail risk losses
- P&L volatility
- Share price fluctuations
These metrics help quantify the impact of ORM.
How does ORM improve profitability?
By reducing expected losses, which increases profitability
This can be tracked through trends in loss frequency and severity.
What should ORM be justified with?
Hard evidence, such as:
* Success rate of internal projects
* Reduction in operational losses
* Cost-to-income ratio trends
Evidence supports the business case for ORM.
What is a key principle in a Risk-Based Approach to ORM?
Focus on top risks first before rolling ORM out firm-wide
Addressing significant risks is crucial for effective ORM.
What is the importance of prioritization in ORM?
To focus on pressing risks first before routine issues
This ensures resources are allocated effectively.
What are the Golden Rules in ORM?
- ORM must gain business acceptance
- Focus on major risks
- Support decision-making
These rules guide effective ORM practices.
What are the Deadly Sins in ORM?
- Ignoring ORM teams
- Wasting resources on minor issues
These pitfalls can undermine the effectiveness of ORM.
What stages are involved in the Project Risk Lifecycle?
- Risk Identification & Planning
- Ongoing Risk Monitoring
- Closure & Lessons Learned
Each stage requires specific ORM involvement.
What is a common cause of project failures?
Invalid Business Case
A lack of clear justification can lead to project failure.
What is a simple project rating criterion related to project scale?
Budget Size
Budget serves as a proxy for assessing project scale.
What are advanced risk rating factors?
- Regulatory Impact
- Customer Impact
- Reputational Risk
- Project Dependencies & Portfolio Risks
These factors provide a more comprehensive risk assessment.
What types of security risks are identified in Information Security Risk Management?
- Cyber Risks
- Physical Risks
- Internal Risks
- External Threats
Each type presents unique challenges to security.
What was the cause of the Equifax Data Breach?
External intrusion via unpatched vulnerability
This breach exposed 145.5M customer records.
What is ISO/IEC 27001:2013?
An international standard for information security governance & risk assessment
It provides a framework for managing sensitive information.
What are the components of a risk-based protection strategy?
- Categorizing Information Assets
- Prioritizing Protection
- Implementing Behavioral & Technical Controls
This strategy helps manage information security risks effectively.
What are Key Risk Indicators (KRIs) for Information Security?
- Exposure KRIs
- Control Failure KRIs
- Stress KRIs
- Causal KRIs
These indicators help monitor security risk levels.
What is a final takeaway regarding ORM?
ORM must prove its business value beyond compliance
This is crucial for ongoing support and investment in ORM initiatives.
