CISI Risk - Chapter 3 Flashcards
BIS Definition of operational risk
The risk of loss resulting from inadequate or failed internal process, people and
systems or from external events
2 common methods to to remain vigilant to changes in their risk profile
1 - Creation of Key Risk Indictors
2- Capture and analysis of loss data
Does the BIS definition of operational risk include legal risk?
Yes
Does the BIS definition of operational risk include reputation risk?
No
7 Elements of a effective operational risk management framework
Clear risk oversight
Strong operational risk culture
Strong internal culture
Clear lines of responsibility
Segregation of duties
Effective internal reporting
Contingency planning
What is covered under internal fraud
Employee theft, insider trading
What is covered under external fraud?
Robbery, forgery, hacking
What is covered under employment practices and workplace safety?
Health and safety and discrimation claims
What is covered under Clients, products and business practices
Misue of confidential information and money laundering
What is covered under Damage to physical assets
Natural disasters, terroism, war
What is covered under Business disruption and system filures
Hardware, software and telecommunictions outages
What is covered under Execution, delivery and system failure
losses from failed transaction processig or process management outsourcing vendor disruptions/failures
What is an operational risk policy?
A document which outlines a firms strategy and objectives for operational risk management
Who sets the operational risk policy?
The board
What is an operational risk framework?
Independent centralized risk management department
Areas addressed by an operational risk policy (4)
Identification of key officers
Roles and Responsibilities
Segregation of duties
Cross-Functional involvement & Agreement
3 objectives of an ORM (Operational Risk Management)
Identify, measure and assess operational risk
What will a ORM look to do to operational risks?
Reduce cost of losses
Reduce Likelihood of risk events occurring
6 key ways of Identifying and assessing risks
Self assessment
KRI
Workshops
Loss data casual trend analysis
External loss data
Audit reviews
3 key ways to reduce the likelihood of a risk materializing is to?
Clearly identify risk before it occurs
Establish clear ownership of the risk
Set u and monitor KRI’s
3 key ways to reduce the impact of a risk should it occour?
Speedy escalation
Owner has been assigned to fix the issue
Appropriate insurance policies
What are the 7 stages in a risk management framework?
Identification
Measurement and assessment
management and control
Monitoring
Reporting
Policy & Appetite setting
Risk Management Framework - What is Risk Identification
Clearly identify the firms risks using methods such as:
Self assessment
KRI
Workshops
Loss data casual trend analysis
External loss data
Audit reviews
Risk Management Framework - What is Risk Measurement & Assessment
Score the impact and likelihood of the risk
Risk Management Framework - What is Risk Management and Control
Appropriate controls in place to mitigate risks.
Risk Management Framework - What is Risk Monitoring
Monitor the KRIs and act before they reach the pre-defined limits
What is actual losses associated with?
Historical loss data
What is historical loss data?
Historical loss data analysis maps actual losses experienced by a firm to a
sensible categorisation system.