Risk Assessment

Question 1

Give examples of Risk Measurement Approaches.

Answer 1

• Expected Loss – avg loss expected from an activity that can be budgeted
• Statistical (unexpected) Loss – estimate of how much the actual loss can exceed the expected loss over a time horizon
• Stress Loss – the loss that can arise from extreme events

Question 2

What are the benefits of Risk Assessment?

Answer 2

1. Establishes quantitative baseline of potential risks
2. Establishes accountability and responsibility for risks
3. Helps establish the right culture towards risk
4. Establishes risk appetite
5. Necessary for regulation

Question 3

What is the Risk Assessment Process?

Answer 3

1. Review actual operational losses
2. Consider the effectiveness of controls
3. Undertake internal risk assessment of controls
4. Consider other risk indicators
5. Consider reported external operational losses
6. Review changes in the operational environment

Question 4

What is the Chain of Effect?

Answer 4

1. Cause – the underlying problems that lead to the risk event
2. Events – the symptoms surrounding the risk event
3. Effects – the losses resulting from the risk event

Question 5

What is the Risk Register?

Answer 5

The risk register summarises risk and the approach to managing risk. It lies at the centre of the risk management system. The approach is:

1. Description of the risk
2. When the risk might occur
3. The impact of the risk if it occurs
4. Assessment of the probability of occurrence
5. Priority rating – based on the impact and probability assessment
6. Management strategy on how the risk will be addressed
7. Containment strategy defining what will happen if the risk occurs
8. Back to 1.

Question 6

What is the definition of Risk, Certainty and Uncertainty in probability?

Answer 6

• Risk – the chance that adverse events may occur
• Certainty – an absolute fact
• Uncertainty – something that cannot be accurately predicted

Question 7

How can risk be visually represented?

Answer 7

• RAGB indicators
• Probability v Impact plot
• Heat Map

Question 8

How does Probability Risk Assessment work?

Answer 8

Probability risk assessment uses uncertainty analysis at each step of the process:

1. Initiating event selection – what can go wrong? – definition of scenarios
2. Scenario modelling & Scenario frequency evaluation – how frequently does it happen?
3. Consequence modelling – what are the quantifiable consequences?

Question 9

What quantitative/qualitative methods are used to assess operational risk?

Answer 9

1. Ranking – gathers managements opinion regarding operational risk by using:
   
   • Questionnaires
   • Looking at key risks and assessing the adequacy of the control environment using high/med/low.
2. Scenario Analysis – takes key external loss data and assesses if the events could happen within the firm.
   
   • Often used in conjunction with loss data.
   • It’s a subjective method that relies on the experience and judgement of staff
3. Bottom Up Analysis – builds a detailed profile of the risks that occur in each area and then aggregates them to provide total risk
   
   • Process-centric view that requires a sound foundation of categorisation
   • Uses the experience of staff coupled with loss data
4. Key Risk Indicators – objective criteria used to measure the ongoing risk status:
   
   • Measure the effects (rather than cause) of risk at set control points
   • Statistics and/or metrics which provide insights into a firm’s risk position
   • Act as a health check on the performance of the firm and ensure risk is controlled
   • Typically reported in a dashboard format
5. Historical Loss Data – creates an operational loss database that includes internal and external loss data
   
   • Once data has been collected it can be used for benchmarking and statistical models
   • Loss distributions can be created to quantify normal losses and to model unexpected losses
   • Allows firms to understand the size of losses associated with particular risks