CISI Risk - Chapter 3 Flashcards

1
Q

BIS Definition of operational risk

A

The risk of loss resulting from inadequate or failed internal process, people and
systems or from external events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2 common methods to to remain vigilant to changes in their risk profile

A

1 - Creation of Key Risk Indictors
2- Capture and analysis of loss data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Does the BIS definition of operational risk include legal risk?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Does the BIS definition of operational risk include reputation risk?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

7 Elements of a effective operational risk management framework

A

Clear risk oversight
Strong operational risk culture
Strong internal culture
Clear lines of responsibility
Segregation of duties
Effective internal reporting
Contingency planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is covered under internal fraud

A

Employee theft, insider trading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is covered under external fraud?

A

Robbery, forgery, hacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is covered under employment practices and workplace safety?

A

Health and safety and discrimation claims

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is covered under Clients, products and business practices

A

Misue of confidential information and money laundering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is covered under Damage to physical assets

A

Natural disasters, terroism, war

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is covered under Business disruption and system filures

A

Hardware, software and telecommunictions outages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is covered under Execution, delivery and system failure

A

losses from failed transaction processig or process management outsourcing vendor disruptions/failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an operational risk policy?

A

A document which outlines a firms strategy and objectives for operational risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who sets the operational risk policy?

A

The board

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an operational risk framework?

A

Independent centralized risk management department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Areas addressed by an operational risk policy (4)

A

Identification of key officers
Roles and Responsibilities
Segregation of duties
Cross-Functional involvement & Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

3 objectives of an ORM (Operational Risk Management)

A

Identify, measure and assess operational risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What will a ORM look to do to operational risks?

A

Reduce cost of losses
Reduce Likelihood of risk events occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

6 key ways of Identifying and assessing risks

A

Self assessment
KRI
Workshops
Loss data casual trend analysis
External loss data
Audit reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

3 key ways to reduce the likelihood of a risk materializing is to?

A

Clearly identify risk before it occurs
Establish clear ownership of the risk
Set u and monitor KRI’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

3 key ways to reduce the impact of a risk should it occour?

A

Speedy escalation
Owner has been assigned to fix the issue
Appropriate insurance policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the 7 stages in a risk management framework?

A

Identification
Measurement and assessment
management and control
Monitoring
Reporting
Policy & Appetite setting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Risk Management Framework - What is Risk Identification

A

Clearly identify the firms risks using methods such as:

Self assessment
KRI
Workshops
Loss data casual trend analysis
External loss data
Audit reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Risk Management Framework - What is Risk Measurement & Assessment

A

Score the impact and likelihood of the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Risk Management Framework - What is Risk Management and Control

A

Appropriate controls in place to mitigate risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Risk Management Framework - What is Risk Monitoring

A

Monitor the KRIs and act before they reach the pre-defined limits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is actual losses associated with?

A

Historical loss data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is historical loss data?

A

Historical loss data analysis maps actual losses experienced by a firm to a
sensible categorisation system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Risk Management Framework - What is Risk Reporting

A

Reporting losses and near misses

29
Q

What is risk assessment

A

Evaluating measurement data & estimating impact on business
Subjective

30
Q

Risk Management Framework - What is Risk Operational Policy

A

Lessons learned are used to update the risk policy

31
Q

What is risk measurement?

A

Quantitative technique to understand size of risks
Objective (Factual)

31
Q

2 limitations of Self-Assessment Rik identifcation

A

Subjective by managers - To fix this it should be independently validated
Difficult to apply consistently across multiple functions and locations

32
Q

What is the main difficulty in Measuring & Assessing operational risk ?

A

Lack of relevant and objective data

32
Q

Is risk assessment objective or subjective?

A

Subjective

32
Q

Is risk measurement objective or subjective

A

Objective

33
Q

How have banks tackled not having enough historic data to accurately monitor and assess risks?

A

Anomalously sharing their losses with other firms in the same industry

34
Q

How is the risk score calcualted?

A

Risk score = Likelihood X impact score

35
Q

2 disadvantages to likelihood assessment?

A

Tends to be subjective
May be over-simplified

35
Q

2 ways all subjective assessment should be validated by?

A

Real loss data
An independent party

36
Q

6 Advantages of Impact and likelihood assessment:

A
  • Simple method
  • Focuses management attention on the most important risks
  • Minimal hard data required if historical data is not available
  • Captures wide range of risks
  • Used to anticipate loss by ranking potential risk of new situations
  • Forward-looking as well as backward-looking
  • Encourages a risk-aware culture
37
Q

What is bottom up analysis?

A

Analyse individual risks in each process and aggregate them to provide overall
measures of exposure.

37
Q

Is scenario analysis top down or bottom up?

A

Top down

38
Q

Disadvantage of scenario analysis

A

Depends on expertise of professionals involved

39
Q

5 Advantage of Bottom-up analysis

A

*Looks at process level
* Accountability/responsibility clearly
defined
* Encourages risk awareness at the
earliest opportunity
* Encourages continuous
improvement
* Improves quality of management
information

40
Q

5 Disadvantages of of Bottom-up analysis

A
  • Very time-consuming
  • Major undertaking especially
    where change is constant
  • Difficult to apply consistent rules
  • Process-focused so risks
    occurring at the process
    interface may be overlooked
  • Introspective – macro view
    ignored
41
Q

What are KRIs?

A

Key Risk Indicators -

  • KRIs are a ‘health check’ on the performance of the business.
  • KRIs allow companies to identify their risk status at any given time.
41
Q

What do the Process related KRIs revolve around?

A

Business procsess

42
Q

4 advantages of KRIs

A
  • Possible to monitor trends and
    anticipate problems
  • Limits of acceptability can be
    established
  • Basis of objective performance
    measurement
  • Acts as early warning system
43
Q

3 Disadvantges of KRIs

A
  • Can be misleading if used in
    isolation
  • Can be difficult to obtain
    automatically
  • Management of KRIs to enhance
    bonuses
44
Q

What do the Non-Process related KRIs revolve around?

A

Staff and resolution times

45
Q

What are Expected losses?

A

Occurs with reasonable frequency
Sit within the risk appetite of the firm

46
Q

What are Unexpected losses?

A

Low-frequency, high impact losses that cause SERIOUS issues

47
Q

Advantage of Historical loss data?

A

understand size of losses in monetary terms attributed to particular risks

48
Q

Disadvantage of Historical loss data?

A

Does not predict unexpected losses/Near misses. Not so great with small amounts of data

49
Q

What is the fine for breaking GDPR?

A

20 Milly or 4% of global revenue

50
Q

4 Practical constraints to implementing an operational risk management framework

A

Data collection constrains
Cultural constraints
Resource and cost constraints
Indicator constraints

51
Q

8 headers of a risk register (Risk Log)

A

Risk description
- Objective under threat
- Risk score or ranking
- Risk owner or lead person
- Action plan
- Completion dates
- Assurance and oversight
- Mitigating controls

52
Q

What is Risk Acceptamce

A

Continuing the business decsion even though a risk had been identified

53
Q

What is a preventative control?

A

Prevent errors occurring in the first place..

54
Q

3 types of preventative controls

A

maintenance of procedures
Use of training
Automation

55
Q

What is detective control?

A

Detect errors once they have occurred, quality assurance checks fall under this category

55
Q

What is Layering?

A

Moving money around the financial system to make it hard to track. Buying/selling financial instruments.

55
Q

3 stages to money laundering operation

A

Placement, Layering and Integration

56
Q

What is Intergration

A

The ultimate beneficiary is now holding clean money, even though it was once dirty

57
Q

What is Placement?

A

Introduction of dirty money into financial system. Deposit of ill-gotten gains into a bank account

58
Q

What 3 ways do the AML require firms to do to reduce money laundering

A

Identify customers
Record keeping
Report suspicious activity

58
Q

What is penetration testing?

A

Ethical hacking. Probing for vulnerabilities in a network/system

58
Q

What is a business continuity plan (BCP)

A

Deals with premises and people aspects post disaster

58
Q

What is a Disaster Recovery (DR)

A

IT and infrastructure post disaster

59
Q

What are escalation thresholds?

A

losses of predefined amounts have clear escalation processes to senior members at the firm

60
Q

What is Loss causal analysis

A

Identifying the underlying cause of a loss and ensuring history does not repeat itself.