Unit 2: Risk Management Frameworks

Question 1

What are the three responsibilities of the board and executive in terms of risk management?

Answer 1

1. Set the tone for risk management
2. Approve risk management strategy and framework
3. Monitor its effectiveness

Question 2

What will the board normally delegate to the Risk and Compliance functions (and their committees)?

Answer 2

Oversight, governance, and assessment of daily operational impacts.

Question 3

What does a Risk Appetite Statement (RAS) do?

Answer 3

Provides direction to senior management on the type of activity the board feels is appropriate to engage in, and what constitutes appropriate limits, or tolerances, for such activities.

Question 4

Who requires that all ADIs maintain a clear and concise Risk Appetite Statement (RAS) ?

Answer 4

APRA

Question 5

What is risk appetite?

Answer 5

The amount and type of risk that a bank is willing to take in order to meet strategic objectives.

Question 6

How does risk appetite operate?

Answer 6

Risk appetite is a key framework for a bank that enables communication of risk culture, controls the amount of risk taken, and ensures consistent risk decisions are made throughout the bank.

Question 7

What is the boards role in setting and communicating risk appetite?

Answer 7

They can specify different levels of appetite for specific risks, and appropriate key risk indicators which will be monitored. These are detailed in the RAS.

Question 8

What are the ‘three lines of defense’?

Answer 8

1LOD: Business Operations
2LOD: Risk and Control Functions
3LOD: Internal Audit

Question 9

What are two responsibilities of the 1st Line of Defense?

Answer 9

1. Maintain effective internal controls
2. Execute risk and control procedures on a day-to-day basis

Question 10

What are three common roles of the 1st Line of Defense?

Answer 10

1. Risk Owner
2. Risk Manager
3. Control Owner

Question 11

Why do operational managers naturally serve as the first line of defence?

Answer 11

Because controls are designed into systems and processes under their guidance, thus ensuring compliance and highlighting control breakdown, inadequate processes and unexpected events.

Question 12

What does the second line of defence do, in essence?

Answer 12

Ensure that the first line of defence is properly designed, in place, and operating as intended.

Question 13

Why do we need the third line of defence?

Answer 13

The second line cannot offer truly independent analyses to governing bodies regarding risk management and internal controls.

Question 14

What does the third line of defense do?

Answer 14

Internal audit provides assurance on the effectiveness of governance, risk management, and internal controls.