REVISION Flashcards
What is a maturity model in Operational Risk Management?
A tool used to assess the performance of risk management frameworks on a 4-5 point scale (e.g. “beginner” to “expert”)
What does ORM stand for?
Operational Risk Management
What is the main challenge faced by risk managers when implementing ORM?
Risk managers often struggle to prove the value of their work and gain acceptance within the business
What is the recommended approach for firms new to non-financial risk management?
Focus on top risks first before deploying an ORM framework across all departments
What are the three key business benefits of effective Operational Risk Management?
Improved business stability, improved profitability, and increased productivity
What metric can measure business stability in Operational Risk Management?
Peer comparisons of tail risk losses, count of large incidents, P&L volatility, or share price volatility
What is more effective than regulatory compliance in motivating businesses to adopt risk management?
Demonstrating the tangible value of risk management through business benefits
How long does it typically take for a firm to reach an operational risk steady state?
Several years, as it’s a long-term process
What is one of the “golden rules” for risk managers to be effective?
Being accepted by the business to gain access to information, risks and incidents
What types of areas should be prioritized when identifying high-risk areas in a firm?
Areas with high money flows and transaction volumes, such as back-office operations, IT, and finance functions
When should a firm implement IT ORM solutions?
Only after reaching ORM maturity and ensuring it integrates with existing systems
What is Project Risk Management?
The process of identifying
What is a common cause of project failures?
Invalid business case, insufficient quality attention, undefined outcomes, or lack of stakeholder communication
At what stage should the risk function become involved in project management?
Initial stage before project kick-off to act as a gatekeeper
What are path dependencies in project management?
Dependencies where a project relies on deliverables from another project which can compound delays if the deliverables are late
What is a key distinguishing feature of mature organizations regarding project completion?
Systematic debriefing and maintaining a database of lessons learned from project evaluations
What are the three main categories of information that project reporting focuses on?
Time, budget, and quality of deliverables
What is a key risk indicator (KRI) for IT projects that serves as a crucial control?
Reduced time or resources for testing
What are the three aspects of information security that risks can threaten?
Confidentiality, integrity, and availability of data
What percentage of data leaks are insider-related according to the McAfee 2017 study?
43% of data leaks are insider-related with half being unintentional
What are the four quadrants of the risk taxonomy for information security?
Internal data theft, external data theft, internal data loss, external data loss
How are information assets typically categorized in an information security context?
Highly confidential, confidential, internal, or public
What technique is used to model rare events like data breaches?
Fault trees or Bayesian networks through scenario analysis
What type of simulation is used to estimate loss distributions in cyber scenarios?
Monte Carlo simulations
