Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CB4 > Defining Operational Risk > Flashcards

Defining Operational Risk Flashcards

1
Q

What is Business Risk and what may affect it?

A

Business Risk is the risk that a firm may not be able to trade in a manner that provides a profitable return

  1. Political – an election may bring in a regime that makes trading conditions unfavourable
  2. Competitive Environment – new entrants into the market may increase competition
  3. Social and Market Forces – changes in public mood to business practices and behaviours
  4. Technology – technological pressures can make equipment and processes obsolete
  5. Shocks and Natural Events – events linked to the climate, weather, or acts of god
  6. External Stakeholders – Stakeholders can exercise influence on the business decisions that are taken
  7. Third Parties – a firm can become dependent on suppliers of goods and services
  8. Economic – e.g. if oil prices soar an airline may become unprofitable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Loss Events according to Basel?

A
  1. Internal Fraud – acts to defraud, misappropriate property or circumvent regs, the law or company policy by an internal party
  2. Employment and Workplace Safety – acts inconsistent with employment, health and safety laws or agreements
  3. Clients, Products and Business Practices – losses arising from unintentional or negligent failure to meet a professional obligation
  4. Damage to Physical Assets – from natural disasters or other events
  5. Execution, Delivery and Process Management – losses from failed transaction processing
  6. Business Disruption and System Failures – of systems and IT infrastructure
  7. External Fraud – acts intended to defraud, misappropriate property or circumvent the law, by a third party
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What other risks do Operational Risks influence?

A
  1. Reputational Risk – operational risk losses send a negative signal to the market, damaging a firm’s rep
  2. Regulatory Risk – operational risk losses are likely to cause regulatory breaches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the Risk Management and Control Principles?

A
  1. Business management is accountable
  2. An independent control process should be in place
  3. Risk disclosure
  4. Protection of earnings
  5. Protection of a firm’s rep
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Operational Risk Process?

A
  1. Operational Risk Policy
  2. Identify Risks
  3. Measure and Assess Risks
  4. Risk Mitigation
  5. Risk Monitoring
  6. Risk Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Risk Management Implementation Constraints?

A
  1. Data collection and management constraints - lack of standard language, limited industry wide data, lack of sharing, limited data on low frequency events
  2. Cultural constraints - need support and understanding
  3. Indicator constraints - some risk indicators are not completely fit for purpose, how much money should be spent on monitoring risk whilst being cost effective?
  4. Resource and cost constraints
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Give examples of Corporate Operational Failures

A
  • 1995 Barings Collapses
  • 1997 NatWest lose £90M due to options mis-pricing
  • 2002 Allied Irish lose $691M due to poor controls
  • 2002 Enron fails due to fraud
  • 2011 MF Global collapses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What Regulatory Initiatives have there been in the face of Operational Risk?

A
  • Basel I, II, III
  • Directives passed by the European Commission in the EU
  • PRA launched Internal Capital Adequacy Assessment Process (ICAAP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the Benefits of Operational Risk Management?

A
  1. Reduction of operating losses
  2. Lower compliance/auditing costs
  3. Early detection of unlawful activities
  4. Reduced risk exposure
  5. Lower capital charges
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Business Continuity Management?

A

Business Continuity Management is addressing and deciding how to keep a business operating and available to customers in case of adverse events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Process of Business Continuity Management?

A
  1. Plan should be documented and tested
  2. Obtain senior management commitment
  3. Establish a planning committee
  4. Perform a risk assessment
  5. Establish priorities for processing and operations
  6. Review dependencies and interdependencies
  7. Organise and document a written plan
  8. Develop testing criteria and procedures
  9. Test the plan
  10. Approve and update the plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the Regulatory Approaches to Business Continuity Management?

A
  1. PRA suggest that the plan should include:
    1. Resource requirements
    2. Operation recovery priorities
    3. Communication arrangements for internal and external parties
    4. Escalation and invocation plans
    5. Processes to validate the integrity of information
    6. Regular testing of the business continuity plan
  2. Basel Committee:
    1. Sound planning applies to all financial authorities and industry participants
    2. Firms should explicitly plan for disruptions
    3. Recovery objectives should reflect the risk they present to the financial system
    4. Plan should address internal and external communication
    5. Plan should address cross-border communications
    6. Periodic testing and updating
    7. Financial authorities should assess plans when assessing financial industry participants
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What types of Controls are there?

A
  1. Preventative Controls – prevent the risk or event from happening in the first place such as access codes to applications
  2. Detective Controls – take place after the event has occurred and are in place to identify and mitigate risk
  3. Directive Controls – take the form of policies, procedures, processes or manuals
  4. Corrective Controls – follow up on outstanding items or elements highlighted in risk monitoring and escalation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Checklist for Establishing a Controls Framework?

A
  1. Create a positive work environment
  2. Implement internal controls
  3. Employ honest people
  4. Educate employees
  5. Create an anonymous reporting system
  6. Perform regular and irregular audits
  7. Investigate every incident
  8. Lead by example
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Are Rules-Based methods Appropriate for Controls?

A
  1. Strategic Risks – not necessarily undesirable e.g. new technology platform risk
    • Cannot be managed by a rules-based model
    • Instead the risk-management system should work to reduce the probability of assumed risks from occurring
  2. Preventable Risks – internal risks that are controllable and should be eliminated/avoided
    • Typically covered by internal controls
    • Best controlled by active prevention
    • This can be achieved via rules-based compliance approaches
  3. External Risks – cannot be prevented
    • Methods need to be developed to lessen their impact should they occur
    • Brainstorming and scenario analysis are appropriate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Purpose of understanding Types of Risk and Risk Exposure?

A
  • Establish the chain of events, relationship between operational risks and where they occur in the firm
  • Set boundaries to differentiate between different type of risks and to assign responsibility
  • Develop a common language for discussing, assessing and managing risk
  • Provide information to management so they can take action to ensure a controlled environment
  • Provide a basis for risk management and assessment
17
Q

What else is critical for implementing Operational Risk Management?

A

Culture of the firm:

  • Establishing the Right Culture – awareness of risk, high levels of motivation, personal accountability and a commitment to improve
  • Individuals – a firm can only achieve a risk management culture when there is alignment between the goals of risk management, the firm and its employees
  • Senior Management – the Board must be committed to embed the culture of appropriate risk appetite across the firm and must lead by example with their attitude to risk
  • Challenge and Escalation – from top to bottom, employees should have the support to challenge their colleagues if something seems wrong
  • The Risk Function – take overall responsibility for the development and implementation of operational risk control principles, frameworks and processes across the firm
  • The Business – operational risk management is the product of good management
18
Q

What does Internal Audit do?

A
  1. Always acts independently from senior management
  2. Should have unrestricted access to records
  3. Report directly to the board
  4. Provide reports and follow up points that management can act on
19
Q

What are the 3 Lines of Defence?

A
  1. Controls in place to deal with day-to-day business
  2. Committees and functions to provide an oversight of the effective operation of the internal control framework
  3. Independent assurance provided by the board audit committee and the internal audit function
20
Q

What does External Audit do?

A
  1. Operates for the purpose of reporting to the members and shareholders of a firm
  2. They decide and declare if the records are materially correct and not misleading

External audit projects can be carried out on a risk and/or control basis

CB4 (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions