Explain how the components of a risk governance framework interact.
The key components that interact within a risk governance framework are:
* The governing body (e.g. board) which has ultimate responsibility for risk governance.
* Risk owners in the business lines and support functions. They are responsible for day-to-day risk management.
* Risk oversight functions like risk management and compliance, which provide independent oversight over the first line.
* Risk assurance through internal audit, which reviews the effectiveness of the framework.
These comprise the three lines of defence model for risk governance. There are clear segregations of duty but also significant interaction, communication and reporting flows between the components to ensure accountability.
(Section 2.1.1)
Describe the roles and responsibilities of the operational risk function
The operational risk function, typically sitting within the second line of defence:
* Develops and implements the risk management framework firm-wide
* Ensures consistent risk assessment standards and reporting
* Provides oversight advice to the first line
* Assesses risk levels against appetite
* Designs and implements risk reporting and analytics
* Embeds risk awareness across the firm
* Reviews risks in strategic initiatives and transactions
To be effective, it requires adequate authority, independence and resources.
(Section 2.2)
Describe the accountabilities, roles and responsibilities in the management of operational risk
- The governing body has ultimate accountability. It sets strategy and appetite, approves policies, oversees framework implementation, and ensures management is held accountable.
- Sub-committees like risk and audit support governing body oversight. Audit is fully independent, while risk committee advises on risk strategy and culture.
- The risk management function, headed by the CRO, provides firm-wide oversight and challenge around risk governance and policies. It directly manages risks.
- The business lines and support functions have day-to-day accountability for risk decisions and managing risk exposures.
- There are also risk teams dedicated to domains like compliance, HR and IT
(Sections 2.3.1 to 2.3.6)
Explain the needs and expectations of external stakeholders in relation to operational risk
- Regulators expect adoption of sound risk management principles spanning culture, governance, ID/assessment, monitoring/reporting, resilience as per global standards.
- Investors want clear communication on risk approach, framework, exposures for assurance and comparison.
- Customers expect fair treatment, products suiting their needs, clear information and service reliability.
- Third parties like suppliers require strong contracts, reporting, adequate resourcing and governance of partnerships.
- Rating agencies do assessments based on quality of risk management including culture, beyond financials
(Section 2.4.1 to 2.4.5)
-
Chapter 1 Flash Cards34
-
Chapter 1 Key Learning Questions13
-
Chapter 1 Learning Outcomes7
-
Chapter 2 - Key Learning Questions17
-
Chapter 2 Learning Outcomes4
-
Chapter 2 Flash Cards28
-
Chapter 2 MCQ27
-
Chapter 1 MCQs25
-
Chapter 3 Learning Outcomes8
-
Chapter 3 Key Learning Questions11
-
Chapter 3 Flashcards30
-
Chapter 4 Flash Cards30
-
Chapter 4 Learning Outcomes5
-
Chapter 4 Key Learning Questions7
-
Chapter 4 MCQs30
-
Chapter 5 Learning Outcomes12
-
Chapter 5 Key Learning Questions8
-
Chpt 5 Flashcards26
-
Chapter 5 MCQs30
-
Chapter 6 Learning Outcomes8
-
Chapter 6 Key Learning4
-
Chapter 6 Flashcards28
-
Chapter 6 MCQs30
-
Chapter 7 Learning Outcomes9
-
Chapter 7 Key Learning Questions11
-
Chapter 7 Flashcards30
-
Chapter 8 Learning Outcomes9
-
Chapter 8 Key Learning Questions11
-
Chapter 8 Flashcards30
-
Chapter 8 MCQs30
-
Chapter 9 Learning Outcomes5
-
Chapter 9 Key Learning Questions3
-
Chapter 9 MCQs30
