Unit 2: Risk Management Frameworks Flashcards
What are the three responsibilities of the board and executive in terms of risk management?
- Set the tone for risk management
- Approve risk management strategy and framework
- Monitor its effectiveness
What will the board normally delegate to the Risk and Compliance functions (and their committees)?
Oversight, governance, and assessment of daily operational impacts.
What does a Risk Appetite Statement (RAS) do?
Provides direction to senior management on the type of activity the board feels is appropriate to engage in, and what constitutes appropriate limits, or tolerances, for such activities.
Who requires that all ADIs maintain a clear and concise Risk Appetite Statement (RAS) ?
APRA
What is risk appetite?
The amount and type of risk that a bank is willing to take in order to meet strategic objectives.
How does risk appetite operate?
Risk appetite is a key framework for a bank that enables communication of risk culture, controls the amount of risk taken, and ensures consistent risk decisions are made throughout the bank.
What is the boards role in setting and communicating risk appetite?
They can specify different levels of appetite for specific risks, and appropriate key risk indicators which will be monitored. These are detailed in the RAS.
What are the ‘three lines of defense’?
1LOD: Business Operations
2LOD: Risk and Control Functions
3LOD: Internal Audit
What are two responsibilities of the 1st Line of Defense?
- Maintain effective internal controls
- Execute risk and control procedures on a day-to-day basis
What are three common roles of the 1st Line of Defense?
- Risk Owner
- Risk Manager
- Control Owner
Why do operational managers naturally serve as the first line of defence?
Because controls are designed into systems and processes under their guidance, thus ensuring compliance and highlighting control breakdown, inadequate processes and unexpected events.
What does the second line of defence do, in essence?
Ensure that the first line of defence is properly designed, in place, and operating as intended.
Why do we need the third line of defence?
The second line cannot offer truly independent analyses to governing bodies regarding risk management and internal controls.
What does the third line of defense do?
Internal audit provides assurance on the effectiveness of governance, risk management, and internal controls.