Week 5

Question 1

What is Incident Data Collection

Answer 1

gathering information about
incidents and events that may pose risks to the organization

Question 2

Purpose of Incident Data Collection

Answer 2

create a comprehensive database that aids in risk assessment and management.

Question 2

Importance of Incident Data Collection

Answer 2

identifying patterns, understanding root causes, improves risk management

Supports compliance with regulatory requirements

Question 2

4 Incident Data Collection Methods

Answer 2

Automated Systems
Manual Reporting
Audits
Existing Sources

Question 3

What existing sources can provide incident data

Answer 3

general ledger,
customer complaints,
IT logs,
legal provisions

Question 4

4 Benefits of Comprehensive Data Collection

Answer 4

Trend Analysis
Risk Assessment
Compliance
Improvement

Question 5

What is the Importance of Loss Reporting

Answer 5

Incident data collection
Data beyond regulation
Regulatory capital
Pillar 2 Compliance
BCBS Data Quality Requirements

Question 6

What are BCBS Data Quality Requirements

Answer 6

Must maintain a 10-year history, a €20,000
threshold

Question 7

What is a major driver of capital requirements under Basel regulations

Answer 7

Loss Data

Question 8

what are Near Misses

Answer 8

Avoided losses by luck or accident outside of normal controls

Question 9

Indirect vs. Direct Losses

Answer 9

Direct: Immediate financial consequences

Indirect: Resulting impacts - loss customers, reputational, compliance costs, lower morale.

Question 10

What is Non-Financial Impacts Fallacy

Answer 10

That “non-financial impacts have real financial consequences

Question 11

What is used to ensure consistency in
reporting the incident data

Answer 11

drop down menus

Question 12

How to to avoid over-reporting incident data

Answer 12

Stick to essential core data fields

Question 13

What does net loss reported show

Answer 13

net includes reimbursements

Question 14

what does gross loss reported show

Answer 14

Total impact

Question 15

What do loss reporting thresholds vary between

Answer 15

0-20k, must be justified

Question 16

What Key Dates should be recorded to avoid discrepancies

Answer 16

discovery, occurrence, reporting, and accounting dates

Question 17

Within what timeframe should material incidents be reported

Answer 17

2-5 days

Question 18

Minor incidents reporting timeline

Answer 18

summarized periodically

Question 19

How should severity be judged

Answer 19

Use potential impact, not just actual losses, Near misses and unintentional gains should be treated like actual losses

Question 20

How is severity rated for ease

Answer 20

severity bands (e.g., >10k, >100k)

Question 21

Steps of the incident data collection process

Answer 21

Reporting
Recording
Reviewing
Analyzing
Send reports

Question 22

Who do incident data collection reports go to

Answer 22

management and regulatory bodies

Question 23

3 Types of Incident Data

Answer 23

Internal, External, NEar misses

Question 24

Types of internal incident data

Answer 24

Operational failures, process breakdowns, human errors

Question 25

Types of external incident data

Answer 25

Market disruptions, regulatory changes, competitor failures

Question 26

What is the process of incentivising timely reporting

Answer 26

Incentive Practices Self-Reporting Requirements Risk Metrics in Scorecards Economic Capital Allocation

Question 27

What is a Boundary Event

Answer 27

when the impact materializes in a different risk class than the cause

Question 28

what is the Basel Committee Approach to boundary event reporting

Answer 28

Basel suggests recording events where they materialize

Question 29

benefit fo integrated Data Collection

Answer 29

leverage existing databases instead of standalone systems, reducing effort, duplication, and improving data quality

Question 30

Which data sources lead into opRisk incident data

Answer 30

- BO issue logs - General Ledger - LEgal provisions - IT Logs P!, P2 - PRess/media - Customer complaints

Question 31

How to ensure Incident Data Quality and Accuracy

Answer 31

Standardized Reporting Training Verification Confidentiality Assurance

Question 32

what are the Challenges in incident Data Collection

Answer 32

Underreporting Data Quality Integration Timeliness

Question 33

Why is underreporting a risk of incident data

Answer 33

Fear of blame or repercussions

Question 34

What are the Future Trends in Incident Data Collection

Answer 34

EMERGING TECH - BLOCKCHAIN, BIG DATA, IOT PREDICTIVE ANALYTICS GLOBAL TRENDS

Question 35

what are Key Risk Indicators (KRIs)

Answer 35

metrics that monitor risk levels and effectiveness of controls

Question 36

purpose of KRIs

Answer 36

provide early warning signs of potential risk events and to support proactive risk management

Question 37

Importance of KRIs

Answer 37

* identifyies/mitigates risks * Supports regulatory compliance and enhances decision-making

Question 38

4 categories of KRI indicators

Answer 38

Exposure Stress Failure Causal

Question 39

what are stress indicators

Answer 39

The stretch in organizational resources

Question 40

what are casual indicators

Answer 40

the root causes and drivers of key risks

Question 41

Role of KRIs

Answer 41

* Monitor risk and it's potential impacts *Translate risk appetite, defined at board level

Question 42

what do LEading Indicators (KRIs) do

Answer 42

Focus on risk drivers

Question 43

what are lagging kris

Answer 43

Track events that have already occurred, identifying weaknesses in the control system that need correction

Question 44

what makes leading KRIs effective?

Answer 44

* Early Warning Devices * Risk-Specific * Business-Relevant * Data-Driven * Owned by Business Units

Question 45

what are the Factors of Reflecting BEICF

Answer 45

be risk sensitive provide management with risk profile represent exposure drivers used across the entire organization

Question 46

4 steps to Implementation of KRIs

Answer 46

Identify Relevant Metrics Set Thresholds Assign Responsibilities Regular Review and Update

Question 47

Exposure KRI example in financial services

Answer 47

Market volatility affecting trading volumes

Question 48

Stress KRI example in financial services

Answer 48

Overtime hours

Question 49

Failure KRI example in financial services

Answer 49

% failed trans recs

Question 50

Causal KRI example in financial services

Answer 50

internal fraud

Question 51

what are KRIs

Answer 51

Metrics tracking exposure to operational risk, in likelihood or impact.

Question 52

What are KPIs

Answer 52

Measure performance

Question 53

What are KCIs

Answer 53

Measure control effectiveness, signaling control weaknesses or failures

Question 54

Who should KRIs be used and owned by

Answer 54

business leaders

Question 55

How often should IT KRIs be monitored

Answer 55

real time

Question 56

How often should HR KRIs be monitored

Answer 56

quarterly

Question 56

How can KRIs be made cost efficient

Answer 56

Use metrics already monitored; automate data

Question 57

characteristics of Effective KRIs

Answer 57

*Capture a risk cause. * Use available/easily collectible data. * Measure a vulnerability.

Question 58

Why should you Avoid Commercial KRI Databases

Answer 58

Too broad, instead network w peers or use risk associations

Question 59

over what period are historical trends observed

Answer 59

over 3–18 months depending on the activity

Question 60

Cluster-based KRI Design

Answer 60

a jump in data may constitute a natural threshold.

Question 61

KRI RAG Rating meaning

Answer 61

*Green: No action *Amber: Monitor (some firms act) *Red: Act

Question 62

How do KRI thresholds vary

Answer 62

by department or business unit based on risk appetite, but governance must be uniform

Question 63

When must Roles and actions be defined

Answer 63

before an indicator turns red

Question 64

who are KRIs designed collaboratively between

Answer 64

the business and the risk function

Question 65

who is responsible for actions when thresholds are breached

Answer 65

*Every KRI has an owner responsible

Question 66

How to prevent manipulation of KRIs/ conflict of interest

Answer 66

KRI values should ideally be automatically captured or objectively observable

Question 67

What are the 3 Golden Rules of Reporting

Answer 67

Value > Cost Clear purpose - influence decisions Purposeful reporting

Question 68

Challenges in Risk Reporting

Answer 68

Balancing info Preventing oversimplification filtering properly Aggregating data without losing any Maintaining engagement

Question 69

Where does risk monitoring occur

Answer 69

at operational level

Question 70

Which 'top risks' are reported

Answer 70

the top ten risks reported to the board and risk committee

Question 71

How are top risks reported

Answer 71

Actionable insights, not just status updates

Question 72

What is reported in incident reporting

Answer 72

Number and size of events. Trends and top loss events.

Question 73

Frequency of incident reporting

Answer 73

Usually monthly, sometimes weekly in large banks.

Question 74

What happens with risk monitoring result/data

Answer 74

Alerts and summary data are escalated to management.

Question 75

How are KRI/issues monitored

Answer 75

Dashboard tables with thresholds, status, and colors.

Question 76

importance of Validation KRI Framework

Answer 76

Ensures KRIs remain reliable and valuable

Question 77

KRI Validation Method

Answer 77

track KRI colors in loss reporting databases

Question 78

What does a Green indicator during an incident suggest

Answer 78

the KRI may be ineffective

Question 79

What does a red indicator during an incident suggest

Answer 79

breakdown in governance if it didn’t prevent the incident

Question 80

4 Challenges in Using KRIs

Answer 80

Data Availability Threshold Setting Integration Continuous Improvement

Question 81

What are Preventive KRIs

Answer 81

Continuous refinement of KRIs helps to understand and mitigate operational risk.

Question 82

Benefits of Effective KRI Programs

Answer 82

Proactive Risk mgmt Enhanced Decisions Regulatory Compliance Improved Operational Resilience

Question 83

What are the Future Trends in KRI Development

Answer 83

Advanced Analytics - Big Data ERM Integration Dynamic KRIs Collaborative development

Question 84

What is risk reporting

Answer 84

COMMUNICATING INFO ABOUT RISK ENVIRONMENT, EXPOSURE, MANAGEMENT ACTIVITIES TO STAKEHOLDERS

Question 85

Risk reporting purpose

Answer 85

Inform decision making ensure compliance with regs

Question 86

Department Heads focus within risk reporting

Answer 86

Info requiring action, plus periodic summaries

Question 87

What is Risk Monitoring

Answer 87

Continuous tracking of risk metrics and control effectiveness

Question 87

what is worst case reporting when aggregating data

Answer 87

Report the worst score in a dataset conservatively.

Question 88

What does risk reporting focus on

Answer 88

"need to know" information

Question 89

How should RAG of aggregated data be reported

Answer 89

Report percentages of risk categories, Avoids misleading averages and provides a balanced view

Question 90

Process & Risk Management focus within risk reporting

Answer 90

All data needed to monitor

Question 91

what is Risk Reporting

Answer 91

Escalation of significant issues and summary data to higher management levels

Question 92

what type of information does risk reporting focus on

Answer 92

Focuses on decision-making information

Question 93

Best Practice of Risk reporting

Answer 93

* Focus on controls not risks alone. * balanced reporting: Report red and green * clear risk taxonomy to classify and report risks.

Question 94

Executive Committee focus within risk reporting

Answer 94

High-level data for decisions

Question 95

How should qualitative metrics be aggregated

Answer 95

Convert into monetary units for aggregation

Question 96

Conduct reporting metrics

Answer 96

missed training, disciplinary actions, and compliance breaches

Question 97

Can risk be averaged

Answer 97

No

Question 97

alternatives to averages in risk

Answer 97

median and quartiles averaging pitfalls Splitting Loss data

Question 98

What is splitting loss data

Answer 98

Data split into: Expected Losses (EL): Small, frequent Unexpected Losses (UL): Large, infrequent events- reported individually.

Question 99

Why use gross income as a benchmark for operational losses

Answer 99

Reporting losses as a percentage of gross income captures SM attention

Question 100

What does a 1.8-2.2% income:op risk loss ratio show

Answer 100

High-performing operational risk management

Question 101

What does a 2.2- 3% income:op risk loss ratio show

Answer 101

Common Range

Question 102

What does a 3%+ income:op risk loss ratio show

Answer 102

High losses

Question 103

What does a income:op risk loss ratio of less than 1.5% show

Answer 103

underreporting

Question 104

How can data be turned into stories

Answer 104

Deviations, Patterns

Question 105

How can data stories lead to positive risk management

Answer 105

Pay attention to positive deviations as much as negative ones

Question 106

Future Trends in Risk Reporting

Answer 106

Advanced Analytics Real time reporting Integrated reporting Enhanced visualization