Operational Risk

Question 1

Top Down approach

Answer 1

Senior Managment focuses on large exposure and strategic threats that could impact teh organisations, high level review

Question 2

Bottom up Approach

Answer 2

Looks at risks at teh busienss process level focusing on local vulerabilities

Question 3

Operational Risk

Answer 3

Incl;udes everything not credit or market risk

Question 4

Exposures

Answer 4

Includes key clients , pricnipal distribution channels, critical systems, priamryt revenuye sources, regulatory exposure and brand value

Question 5

Vulnerabilities

Answer 5

The weakest links within the organisatiosn such as weak and fragile systems unmaintained processes

Question 6

Risk Wheel

Answer 6

Tool used to spark creativity during risk identification brainstorming sessions

Question 7

Risk Cause Analysis

Answer 7

Finding cause of risk, using 5 whys methoid to find root of problem

Question 8

Scenario Anaylsis

Answer 8

Essential for calculating regulatory capital (AMA)

Question 9

AMA

Answer 9

Advanced Meassurment Approach

Question 10

Mitigation Biases

Answer 10

Myopia(receny bias), excesive foucs on extenral events. Bring in oustiders to avoid

Question 11

Preventative

Answer 11

Reduce likelihood of risk materliazing

Question 12

Detective

Answer 12

Early recognision of ongoing risks

Question 13

Corrective

Answer 13

Reduces imapct of incidents

Question 14

Directive

Answer 14

Guidlines and proceudres taht structure mode of operations to reduce risk

Question 15

Taxonomy

Answer 15

Provides a structered framework for identifying and managing risks, for easier organisation and communication across teh business

Question 16

Risk Connectivity

Answer 16

Interdependencies between diffrent risks

Question 17

Risk networks

Answer 17

Visual Representation oif conenctiosn ebtween diffrent risks

Question 18

Casual Loop Diagrams

Answer 18

Cause and effect relationship

Question 19

Bow Tie Anaylsis

Answer 19

Visualise pathway and control measures

Question 20

Network Anlysis Software

Answer 20

Software like Gephi adn UNCINET to map risk netwroks

Question 21

Benefits of Risk network

Answer 21

Provide holistic view, enhances predictive capabilities

Question 22

Challanges of risk networks

Answer 22

Complexity, continued collection/analysis, needs to be regulaur updated, inforamtion overload

Question 23

Risk Appetite

Answer 23

Refers to amount of risk an organisation is willing to take to achieve objectives

Question 24

Risk Tolerance

Answer 24

Metrics translating appetite into value at risk indicators

Question 25

Key Controls

Answer 25

Internal controls and process

Question 26

Risk Limits

Answer 26

Key indicators and thresholds which are monitored

Question 27

Governance

Answer 27

Risk owner and accountability

Question 28

Risk Capacity

Answer 28

Max amount of risk the organisation can take

Question 29

Chllanges in Setting Risk Appetite

Answer 29

Balancing risk and oppertuntiy, quantifying, adapting to change

Question 30

RCSA

Answer 30

Risk and Control Self assesment

Question 31

Scale of RCSA

Answer 31

heatmap combing liklehood and imapct of issue, rating them from green to amber to red

Question 32

Qualative assesment

Answer 32

Subject judgements

Question 33

Quantatuive

Answer 33

Numericla data

Question 34

Operational Risk Governance

Answer 34

Policies and structural used to manage operational risk

Question 35

1st line of defence

Answer 35

Operational risk managment

Question 36

2nd line of defence

Answer 36

Risk managment and compliance function

Question 37

3rd line of defence

Answer 37

Internal audit

Question 38

1.5 line of defence

Answer 38

Risk champion

Question 39

Board of Directors Role

Answer 39

Sets tone at top adn approves risk amangment framework in line with strategic objectives

Question 40

Senior Managment

Answer 40

Impliments risk managment framework

Question 41

Risk Committee

Answer 41

Handles operational risk identification and managment and reviews effectivness

Question 42

Audit Committe

Answer 42

Provides indipendnat oversight of the risk managment function

Question 43

Risk policies

Answer 43

Define organsitions appraoch to risk managmentR

Question 44

isk procedures

Answer 44

provide detailed steps for identifying assesing mitgation and monitoring risks for consitency

Question 45

Risk indicators

Answer 45

Key risk indicators based of key perforamnce indicators

Question 46

Reporting Mechanisms

Answer 46

Regaulr reporting to seniour managment, with real time dashboard and incident report systems

Question 47

Risk Mitigation

Answer 47

Involves implimenting measures to reduce the likelihood and impact of identified risks

Question 48

Avoidance

Answer 48

Eliminating activities or conditions that expose the organisation to risk

Question 49

Reduction

Answer 49

Implimenting controls to reduce liklehood or impact of risks

Question 50

Sharing

Answer 50

Trasnfering risk with other parties

Question 51

Acceptance

Answer 51

Acknowledge the risk and choosing to accept it without additional controls

Question 52

Preventative controls

Answer 52

Reduce liklehood of event happening

Question 53

Detective Controls

Answer 53

Detect events during or after they occur

Question 54

Directive controls

Answer 54

Directions for handerling risk, prcoedures/manual

Question 55

Crrective Controls

Answer 55

mitigate impacts of a risk, e.g. back ups

Question 56

Control testing

Answer 56

Self certification/ examination/observation/reperformance

Question 57

Reporformance

Answer 57

Replicating control process on sample transactions. Most thorough control test

Question 58

Optimistic Controls

Answer 58

Exceptional ability or motivation often become superficial tick box tasks

Question 59

Duplicative Controls

Answer 59

"Four eye check" where more than one person reviews information. Dilutes accountability and reduce focus

Question 60

More of the same controls

Answer 60

Adding more controls of teh same design after failure

Question 61

Rule based misatkes

Answer 61

Caused by flawed or conflicting rules

Question 62

Knowledged based mistakes

Answer 62

Resulting unformilarity or lack of training

Question 63

Violations

Answer 63

Deliberate disregard for rules

Question 64

Active error

Answer 64

Direct operator actions

Question 65

Latent errors

Answer 65

Flawed processes or systems that only manifest later

Question 66

Best practices for implimentation

Answer 66

Prioritise based on risk, allocate sufficient resources, traininga dn awrness adn document mitigation measures

Question 67

RCA

Answer 67

Root Cause Analysis

Question 68

Purpsoe of RCA

Answer 68

Helps pinpoint why an issue occured and prevent its reoccurance

Question 69

5 Whys

Answer 69

Root cause analysis of asking why 5 times to find root cause

Question 70

Fishbone Diagram

Answer 70

Visual tool that ctagorizes poetntial causes of problems

Question 71

Pareto Analysis

Answer 71

Focuses on identifying the most signficiant cuases using 80/20 rule

Question 72

FMEA

Answer 72

Failure mode and effect Analysis, systemic method for evaluting processe to identify where and how they might fail

Question 73

Conduct

Answer 73

Refers to behaviour of individuals within an organisation

Question 74

Culture

Answer 74

Encompases the shared value beliefs and norms that influence how employees interactwithin an orgaisation

Question 75

Keys to Change

Answer 75

Willingness and ability

Question 76

Achieving change

Answer 76

Personal Motivation, Social motivation(peer pressure), Sturctural motivation( Formal rewards, incentive schmemes)

Question 77

Influencing Envrioemt

Answer 77

Consult Influencers sucha s senioru managment and look to lead by example

Question 78

Propinquity

Answer 78

proximity fosters and anhances collaberationa dn communication

Question 79

Negative reinforcements

Answer 79

For repeated or international rule violations, predictable adn consitent toa void blame culture

Question 80

Positive reinforcement

Answer 80

Underutilized but highly effective, reward good conduct

Question 81

Incident Data collection

Answer 81

Process of gatehring detailed ifnormation about incidents and events taht may pose risks to teh organisation

Question 82

Automated system

Answer 82

Use software to capture and log incidents in real time

Question 83

Audits and rviews

Answer 83

Conduct regular audits and review sto ensure all incidents are recorded accuratly

Question 84

Manaul Reproting

Answer 84

Encorage staff to report incidents through structured forms and channels

Question 85

Basel Committe data quality requirment

Answer 85

Must maintain a 10 year history, 20 million EUR threhold event type

Question 86

Direct losses

Answer 86

Immediate financial consequences

Question 87

Indirect losses

Answer 87

Resulting impacts like loss of customer reputational damage increase compliance costs and lower employee moral

Question 88

Non financial impacts fallacy

Answer 88

Wille vntually have fincial impacts on teh company

Question 89

Loss reporting

Answer 89

Net vs gross reporting, net reimbursment. Gross is total impact

Question 90

Threshold reporting

Answer 90

Vary from zero to 20,000. Must be justified and not manipulaterd

Question 91

Grouped Losses

Answer 91

Combine multiple events from teh same failure into one loss for accurate reflections

Question 92

Internal incident data

Answer 92

Operational Failures, proces sbreakdown, human error

Question 93

External Incident data

Answer 93

Market disruptions, regulatory changes, comp[eitors failures

Question 94

Near misses

Answer 94

Events that could have caused harm but did not

Question 95

Self reporting requirment

Answer 95

Often mandatory to report incidents, if not could have repercussions

Question 96

Boundary events

Answer 96

Occur where they materialize in a diffrent risk class than the cause. Basel suggest calssifying where materilised as long as credit losses are covered by riusk weighted capital

Question 97

Key Risk indicators

Answer 97

metrics used to monitor teh level of exposure to risk and teh effectivness of controls within an organization

Question 98

Exposure Indicators

Answer 98

Monitor changes in the organisations exposure to risk.

Question 99

Stress indicators

Answer 99

Capture the stretch in organisational resources

Question 100

Failure indicators

Answer 100

Indicate failure perofmrance or control weakness

Question 101

Causal Indicators

Answer 101

Focus on the root cuase and drivers of key risks

Question 102

Define KRIs

Answer 102

Uk corporate goivernance 2010, board defines risk appetite and ensures effective risk managment and internal controls.S houdl represent risk appetite

Question 103

KPI

Answer 103

key perofrmance indicators

Question 104

KCI

Answer 104

Key control Indicators

Question 105

Track KRIs

Answer 105

Use colour coding. Green, no action, amber monitor, red act

Question 106

Risk Reporting

Answer 106

Process of communicating information about teh risk enviroment

Question 107

Golden Rules of reporting

Answer 107

Value must exceed cost, clear purpose, influence decision making

Question 108

Top Risks

Answer 108

Top tenrisks reported to teh board and risk comittee

Question 109

Monitrong vs Reporting

Answer 109

OMonitoring at oeprational level, reporting on a need to know managment basis

Question 110

Alternatives to average

Answer 110

Medium and quartiles,

Question 111

Loss data Split

Answer 111

Expected losses vs unexpected loss

Question 112

Reporting loss % of Gross income

Answer 112

1.8-2.2%- high performance. 2.2-3% common range, above 3% higherr losses. Below 1.5% ussually under reproting

Question 113

Inforamtion Security Risks

Answer 113

Encompass thfreat to teh confidentiality integrity and avliability of data

Question 114

Cyber risk

Answer 114

having, virus, infection and phising attacks

Question 115

Physical Risks

Answer 115

theft of device, social engenerering atatcks

Question 116

Internal threats

Answer 116

Employee misconduct, mishandled exits with sensative inforamtion

Question 117

External Threats

Answer 117

Third aprty failures, system disruption

Question 118

ISO/IEC 27001:2013

Answer 118

Inforemation security standard

Question 119

Information asset inventory

Answer 119

To identify and categorize inforamtion assets for better risk managment. identify critical assets, determine confidential level, assign protection prioritise

Question 120

Behavioral Controls

Answer 120

Awaness campaigns, rules of conduct, monitoring and sanctions

Question 121

Technical Controls

Answer 121

Prevntative measures(Firewall)

Question 122

Detective measures

Answer 122

Data leak prevention and detection (DLPD), log in monitoring

Question 123

Mitigating measures

Answer 123

Regulaur backups, system redundencies

Question 124

Resilience

Answer 124

Capacity to recover quickly from difficulties toughness

Question 125

Reputation

Answer 125

Beliefs or opions that are genrealy held about someone or soemthing based on behaviours

Question 126

Reputation managment

Answer 126

Base on stakeholder perception, riskstems from uncertanty and random events

Question 127

Realtionship between resliance and reputation

Answer 127

Strong reputation provide foundations for reilience

Question 128

Response to crisis

Answer 128

Technical team, focus on restoring normal process, communication team: manages media and stakeholder communication

Question 129

Building Reilience

Answer 129

Godo crisi managment, strong stakeholders, robust busienss continuity plan, crisi managment practices

Question 130

Crisi Communication Stratergy

Answer 130

Regret, reason, remedy

Question 131

Measuring Reputation and resiliance

Answer 131

Metircs: Customer satisfaction and loyalty, media coverage and public perception, employee engagment and retention.

Question 132

Rising Operational Risk

Answer 132

Technological advnacment and digital transforamtions