Part 2 Flashcards

1
Q

What are the 5 types of risk assessment and quantification tools?

A

1) risk assessments
2) loss event database
3) KRI
4) risk analytical models
5) economic capital models

Economic capital modelling and aggregation of risks

Lam - ERM Textbook - pg. 369

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 3 main reasons that operational risk management is important?

A

1) Investigations of major financial disasters over the past few decades have identified operational risk issues as the main culprits in most cases.
2) Operational risks are often correlated with credit and market risks. Operational failures during stressed market conditions can be very costly.
3) If operational risk is not managed as a distinct discipline of risk, it tends to be managed differently across the company. This leads to inconsistencies and inaccurate information fed to senior leaders.

Risk measurement and assessment

Lam - ERM Textbook - pg. 238

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What 3 benefits are achieved with successful operational risk management?

A

In short, it helps management achieve business objectives.
1) Reduce day-to-day losses and potential losses for major incidents.
2) Frees management’s time to focus on revenue-generating activities instead of dealing with operational crises.
3) Strengthens the enterprise risk management system. Incorporates correlation between operational, credit, and market risks.

Risk measurement and assessment

Lam - ERM Textbook - pg. 240

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 risks that make up operational risk?

A

1) process risk
2) people risk
3) system risk
4) event risk
5) business risk

Risk measurement and assessment

Lam - ERM Textbook - pg. 241

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is process risk?

A

An element of operational risk that arises from ineffective and inefficient processes. The key is to balance efficiency and effectiveness of business processes.

Risk measurement and assessment

Lam - ERM Textbook - pg. 241

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is people risk?

A

An element of operational risk that arises from staff constraints, incompetence, dishonesty, and a corporate culture that does not cultivate risk awareness.

Risk measurement and assessment

Lam - ERM Textbook - pg. 243

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is system risk?

A

An element of operational risk that arises from system availability, data integrity, systems capacity, data security, business recovery from contingencies, faulty financial models, programming errors, etc.

Risk measurement and assessment

Lam - ERM Textbook - pg. 244

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is event risk?

A

An element of operational risk that arises from single, unlikely, major incidents like natural disasters.

Risk measurement and assessment

Lam - ERM Textbook - pg. 245

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is business risk (within the operational risk context)?

A

An element of operational risk that arises from unexpected…
1) changes in the competitive environment
2) trends that damange the franchise and/or operating economics of a business.
It is the risk that revenue will not cover costs within a given period of time.

Risk measurement and assessment

Lam - ERM Textbook - pg. 246

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the steps to managing operational risk?

A

1) risk policy and organization
2) risk identification and assessment
3) capital allocation and performance measurement
4) risk mitigation and control
5) risk transfer and finance

Risk measurement and assessment

Lam - ERM Textbook - pg. 246

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What should be included in an operational risk management policy?

A

1) Management principles for operational risk
2) Definitions and taxonomy
3) Objectives and goals
4) Processes and tools
5) Organizational structure
6) Roles and responsibilities

Risk measurement and assessment

Lam - ERM Textbook - pg. 247

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In an operational risk management policy, roles and responsibilities should be defined for…

A

1) Operational risk management overall to ensure the framework is established
2) Strategic planning to ensure risks are addressed in plans and reviews
3) Finance and accounting to ensure accuracy of records and profitability models
4) Legal to ensure activities are in compliance
5) IT to ensure information security
6) Corporate security to ensure corporate assets are protected

Risk measurement and assessment

Lam - ERM Textbook - pg. 248

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a key issue to consider when assigning roles and responsibilities in an operational risk management policy?

A

Determine which groups are consultants, checkers, or both. For example, typically, operational risk management groups are consultants, audit groups are checkers, and legal groups are both.

Risk measurement and assessment

Lam - ERM Textbook - pg. 248

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the 4 main risk identification and assessment tools used for managing operational risk?

A

1) Loss-incident database. Every loss and incident represents a learning opportunity. The database supports root-cause analysis and risk mitigation strategies.
2) Control self-assessment. Each business unit assesses their own key risks, controls, and management implications which fosters ownership and an idea of how to proceed.
3) Risk mapping. Management ranks key risk exposures with respect to probability and severity (supported by the control self-assessments).
4) Risk indicators and performance triggers

Risk measurement and assessment

Lam - ERM Textbook - pg. 249

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does MAP mean?

A

minimum acceptable performance

Risk measurement and assessment

Lam - ERM Textbook - pg. 250

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the most common methodologies for the capital allocation and performance measurement step of operational risk management?

A

1) Top-down models
2) Implied-capital model
3) Income-volatility model
4) Economic pricing model
5) Analog model
6) Bottom-up (Loss Distribution) Model

Risk measurement and assessment

Lam - ERM Textbook - pg. 250

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a top-down model in regards to operational risk management?

A

1) A model for capital allocation and performance measurement.
2) It involves leveraging sophisticated methodologies already developed for credit and market risk to calculate the overall implied operational risk by using data that is usually readily available.
3) Examples are the implied-capital model, the income-volatility model, the economic-pricing model, and the analog model

Risk measurement and assessment

Lam - ERM Textbook - pg. 250

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is an implied-capital model in regards to operational risk management?

A

1) A model for capital allocation and performance measurement.
2) Capital allocated to operational risk = total risk capital - credit risk capital - market risk capital

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the 3 disadvantages of the implied-capital model?

A

1) Total risk capital must be estimated
2) It ignores the interrelationships between operational risk and market and credit risk
3) It doesn’t capture cause-and-effect scenarios for operational risk (it is accounted for only implicitly)

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

20
Q

What is an income-volatility model in regards to operational risk management?

A

1) A model for capital allocation and performance measurement.
2) Operational risk capital depends on income volatility. Volatility due to operational risk = total income volatility - that due to credit risk - that due to market risk.

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

21
Q

What are the pros and cons of the income-volatility model?

A

Pro: It considers the primary determinant of capital allocation: income volatility.
Pro: Data is typically readily available for this method.
Con: It ignores the rapid evolution of industries.
Con: It fails to capture opportunity costs and reputation damage

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

22
Q

What is an issue with all of the top-down model for capital allocation and performance measurement of operational risk?

A

They all fail to capture the low-probability, high-consequence risks

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

23
Q

What is an economic pricing model in regards to operational risk management?

A

1) A model for capital allocation and performance measurement.
2) Assume all market info is captured in the share price. Stock price volatility due to operational risk = total stock price vol - that due to credit risk - that due to market risk

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

24
Q

What does CAPM mean?

A

Capital-asset pricing model. The most widely used economic model for capital allocation and performance measurement of operational risks.

Risk measurement and assessment

Lam - ERM Textbook - pg. 251

25
Q

What are the pros and cons of the CAPM?

A

Pro: It incorporates opportunity costs and reputation damage
Con: It doesn’t provide information about specific operational risks, only an aggregate view of capital adequacy.
Con: Operational risk exposure is not affected by controls and business risk characteristics in this model, so there is not motivation to improve operations
Con: It does not account for the fact that a major incident could completely bankrupt the business (best it does is incorporate tail-end risks)

Risk measurement and assessment

Lam - ERM Textbook - pg. 252

26
Q

What is an analog model in regards to operational risk management?

A

1) A model for capital allocation and performance measurement.
2) Use data on other companies with similar business structures and operations to derive operational risk measures for one’s own company. (This includes analyzing cause and effect of operational losses)

Risk measurement and assessment

Lam - ERM Textbook - pg. 252

27
Q

What are the pros and cons of an analog model?

A

Pro: it is useful for companies that do not yet have a robust database of operational risk losses
Con: It assumes that the data on another company can accurately measure the operational risk of another which is a large assumption

Risk measurement and assessment

Lam - ERM Textbook - pg. 252

28
Q

What is a bottom-up (or loss distribution) model in regards to operational risk management?

A

1) A model for capital allocation and performance measurement.
2) Apply loss and/or causal factors to derive predicted loss expectancies for each category of operational risk that the company faces.

Risk measurement and assessment

Lam - ERM Textbook - pg. 252

29
Q

What are the pros and cons of the bottom-up (loss distribution) model?

A

Pro: the data needed for this model can also be used to derive a business’ risk profile
Pro: Operational risk categories can be tracked over time, increasing awareness and giving opportunities for improvements
Con: Executing the model is complicated. It requires mapping company loss data with industry loss data.
Con: It uses statistical and scenario analysis to make predictions, so it does not perform well on low-probability, high-consequence events. (Few data points)

Risk measurement and assessment

Lam - ERM Textbook - pg. 253

30
Q

What does EVT mean?

A

Extreme value theory: focuses on the extreme event data rather than all the data to make more reliable estimates

Risk measurement and assessment

Lam - ERM Textbook - pg. 253

31
Q

What is scenario analysis in regards to operational risk management?

A

It involves gathering opinions, concerns, and experience of managers and presenting them in a business model. It captures both quantitative and qualitative data.

Risk measurement and assessment

Lam - ERM Textbook - pg. 254

32
Q

What are the pros and cons of scenario analysis in regards to operational risk management?

A

Pro: it captures details like exposure, severity, whether there are any controls, and the type of control (damage, preventative, detective)
Pro: Cause-and-effect relationships can be captured
Con: The model is subjective, so data may be recorded inconsistently
Con: Conclusions can be biased

Risk measurement and assessment

Lam - ERM Textbook - pg. 254

33
Q

What are the risk mitigation and control strategies for operational risk management?

A

The key is to understand the root causes of operational risks and focus on corrective actions.
1) Implement a process that identifies actions that will reduce operational losses. Ex: increasing training
2) Implement a process to evaluate and prioritize improvement ideas. (Cost/benefit and readiness assessments are useful here)
3) Establish reserves to cover expected operational losses
4) Adjust prices to incorporate operational risk

Risk measurement and assessment

Lam - ERM Textbook - pg. 255

34
Q

What are the risk transfer and finance strategies for operational risk management?

A

Use a combination of internal controls and risk transfer strategies because the cost of the former reduces the cost of the latter. Ex: implement workplace safety procedures and purchase worker’s compensation insurance.

Risk measurement and assessment

Lam - ERM Textbook - pg. 256

35
Q

What 5 things should a company do to manage operational risk?

A

1) Identify operational risk exposures and quantify their probabilities, severities, and economic capital requirements
2) Integrate operational, credit, and market risks to assess overall risk/return profile
3) Establish operational risk limits
4) Implement internal controls
5) Compare the cost of risk retention vs transfer

Risk measurement and assessment

Lam - ERM Textbook - pg. 256

36
Q

What is the difference between risk transfer and risk finance?

A

Transfer: a 3rd party insurance provider takes on the loss between the deductible and the cap
Finance: a 3rd party insurance provider provides funding, but is reimbursed over time

Risk measurement and assessment

Lam - ERM Textbook - pg. 256

37
Q

How can a company choose between different risk transfer options?

A

When transferring risk, the benefit is reduced expected loss and loss volatility. The cost is the insurance premium and higher counterparty credit risk (risk that the 3rd party will default). Therefore, the company is ceding risk and return, so a ceded RAROC can be calculated for each risk transfer option. Choosing a risk transfer strategy with a ceded RAROC below the firm’s cost of equity would add to shareholder value, and vice versa.

Risk measurement and assessment

Lam - ERM Textbook - pg. 257

38
Q

Describe the differences between basic, standard, and best practices for operational risk management.

A

Basic: the company tracks operational risk losses and reports risk indicators, audit/compliance groups act as checkers, an operational risk policy has been developed
Standard: goals and MAPs are established for the risk indicators, internal database is linked with and industry loss-event database, response plans are developed
Best: quantitative and qualitative tools are used to assess and measure, capital is allocated to operational, credit, and market risk to enable risk-adjusted performance measurement, a full set of early warning indicators is developed

Risk measurement and assessment

Lam - ERM Textbook - pg. 257

39
Q

What are some examples of external risk indicators for operational risk?

A

1) public opinion
2) political uncertainties
3) regulatory changes
4) technology trends

Risk measurement and assessment

Lam - ERM Textbook - pg. 258

40
Q

What are the 3 emerging IT risks?

A

1) cyber security
2) cloud computing
3) social media

Risk measurement and assessment

Lam - ERM Textbook - pg. 259

41
Q

What is the best method for firms to reduce the damage done from cyber attacks?

A

Cooperate with the public sector and other private firms. Transparent communication, revealing security breaches.

Risk measurement and assessment

Lam - ERM Textbook - pg. 260

42
Q

What does the DoD (department of defence) recommend private firms do to increase cyber security?

A

1) Continuously test and monitor IT. Nuclear systems should be isolated during testing to contain cyber attacks.
2) Use automated cyber defence systems
3) Train employees to recognize and react appropriately to cyber attacks
4) Incorporate cyber security frameworks to the entire firm

Risk measurement and assessment

Lam - ERM Textbook - pg. 261

43
Q

What are the pros and cons of cloud computing?

A

Pro: reduces the the capital needed to invest in physical and electronic storage
Con: a cyber attack on one network can make the entire cloud vulnerable to data leaks
Con: if a vendor cloud is used, the firm is exposed to the risks that the cloud service provider (CSP) and its other users are exposed to

Risk measurement and assessment

Lam - ERM Textbook - pg. 262

44
Q

What are the risks that a firm faces due to social media?

A

Risk of…
1) reduced employee productivity due to distractions
2) compounding employee loyalty issues, potentially leading to intentional data leaks
3) unintentional data leaks
4) cyber attacks
5) negative image of the firm in the public’s eye

Risk measurement and assessment

Lam - ERM Textbook - pg. 263

45
Q
A

Risk measurement and assessment

46
Q
A