F106-Part3

Question 1

Definition: Risk Tolerances

Answer 1

A subjective / cultural decision about where the firm wants to be on the risk spectrum

Question 2

Definition: Operationalising Risk Appetite

Answer 2

Reflecting the setting of targets & limits across the org & the breakdown of high-level risk appetite statements into more detailed risk tolerances

Question 3

Definition: Risk Limits

Answer 3

A group of guidelines that set limits on acceptable actions that might be taken today

Question 4

Definition: Risk Capacity

Answer 4

The volume of risk an org can take as measured by some consistent measure, such as economic capital

Question 5

Definition: Utility Function

Answer 5

A measure of happiness / satisfaction expressed as a function of wealth, w

Question 6

List: Properties of Realistic Utility Functions (2)

Answer 6

1. Monotonically Increasing - Investors are non-satiated i.e. U’(w)>0
2. Concave: Exhibit diminishing marginal utility since investors value incremental increases in wealth less as wealth increases i.e. U’‘(w)<0

Question 7

Definition: Increasing Absolute Risk Aversion

Answer 7

Investors become more risk averse as wealth increases

Question 8

Definition: Increasing Relative Risk Aversion

Answer 8

Investors would invest a smaller proportion of their wealth in risky assets as wealth increases

Question 9

Definition: Prospect Theory (3)

Answer 9

Behavioural alternative to expected utility theory:
1. Loss Aversion - Losses are felt more strongly than equivalent gains (roughly 2x)
2. Reference Dependence - Outcomes evaluated relative to a reference point, not absolute wealth
3. Diminishing Sensitivity - The marginal impact of gains/losses decreases as they get larger (concave for gains, convex for losses)

Question 10

Definition: RM Policy

Answer 10

Sets out how an org will manage each category of risk to which it is exposed

Question 11

List: Board-approved RM Policy Inclusions (3)

Answer 11

1. Objectives & definitions
2. RM org structure
3. RM processes & benchmarks

Question 12

List: Monitoring Requirements (4)

Answer 12

1. Data & resources
2. Documentation
3. Information
4. Communication

Question 13

List: Types of Communications (5)

Answer 13

1. Internal (Management Info) - Info about what is happening inside the business
2. External (Inwards) - Collecting relevant info about what is happening outside the company
3. External (Outwards) - Distributing info about the company to interested parties
4. Informal - By word-of-mouth or social media
5. Formal - Through a corporate intranet or management info system

Question 14

List: KRI Design Considerations (5)

Answer 14

1. Policies & regulations
2. Strategies & objectives
3. Past losses & incidents
4. Stakeholder requirements
5. Risk assessments

Question 15

List: Desirable KRI Features (11)

Answer 15

1. Based on consistent methodology & standards
2. Incorporates key risk drivers
3. Tracked over time
4. Tied to objectives
5. Linked to accountable individuals
6. Useful in decision making
7. Able to be benchmarked externally
8. Timely
9. Cost effective
10. Simple
11. Quantifiable

Question 16

List: Desirable Risk Report Features (8)

Answer 16

1. Clear, relevant, timely & reliable
2. Role-based summary with the ability to drill down into more detail
3. Link clearly to decision-making
4. Single point of access
5. Mixture of external / internal & qualitative / quantitative data (KRI’s)
6. Tabular or graphic formats for understanding
7. Traffic light system to highlight priority areas
8. Provide opportunity for comments / analysis

Question 17

List: Balanced Scorecard Assessment Areas (4)

Answer 17

1. Finance - Financial performance measures
2. Stakeholders - Customer satisfaction & engagement
3. Internal Processes - Efficiency of business operations
4. Growth & Learning - Innovation, training & development

Question 18

Definition: Stakeholders

Answer 18

Someone who supports & participates in the survival & success of a company

Question 19

List: Role of Government (4)

Answer 19

1. Setting regulations & legislation
2. Intervene
3. Lender of last resort
4. Force nationalisation

Question 20

List: Key Risks Faced by Professional Advisers (3)

Answer 20

1. Reputational risk
2. Risk of litigation
3. Conflict of interest

Question 21

List: Reasons to Separate Ownership from Management (3)

Answer 21

1. Those with expertise in running a business to have decision-making responsibilities, without being required to invest capital
2. Individuals or institutions to invest without getting involved in the day-to-day running
3. Continuity of management despite frequent changes in ownership

Question 22

List: Key Responsibilities of the CRO (12)

Answer 22

1. Providing overall leadership & direction for ERM
2. Overseeing the dev / implementation / maintenance of an ERM framework
3. Managing the RM function
4. Ongoing risk policy dev & monitoring adherence
5. Reporting on risk to internal decision-makers & external decision makers
6. Challenging & overseeing areas of the business w.r.t. risk
7. Managing / optimising the risk portfolio
8. Appropriate allocation of capital to business activities
9. Dev data systems & risk models to carry out high-quality analysis, monitoring & management of risk
10. Safeguarding the company’s financial & reputational assets
11. Maintaining expertise & advising on matters of RM
12. Supporting an appropriate risk culture across the business

Question 23

List: Key CRO Skills (5)

Answer 23

1. Leadership
2. Evangelism
3. Advising / Consulting
4. Stewardship
5. Technical Competence

Question 24

List: Selection Criteria for a RM Expert (6)

Answer 24

1. Understanding of RM & governance
2. Knowledge of relevant regulation & legislation
3. Experience ID, assessing & managing risks
4. Ability to lead, advise the Board & challenge management on risk strategies & plans
5. Experience in RM tools & applications
6. Understanding of usefulness & limitations of RM strategies

Question 25

Definition: 1st Line of Defence

Answer 25

Line management staff in the business units - Accountable for measuring & managing risk in the individual business units daily

Question 26

Definition: 2nd Line of Defence (1-3)

Answer 26

The CRO, RM Function & Compliance Team: 1. Accountable for establishing risk & compliance programs & policies 2. Supporting & monitoring the line management 3. Reporting to the board

Question 27

Definition: 3rd Line of Defence

Answer 27

The Board & Audit Function - Accountable for effective governance of the RM process, setting RM strategy, approving policies & ensuring ERM is effective

Question 28

List: Role of the CRF (7)

Answer 28

1. Giving advice to the Board on risk 2. Assessing the overall risks being run by the business 3. Making comparisons of the overall risks being run with its appetite 4. Acting as a central focus point for staff to report new & enhanced risks 5. Giving guidance to line managers about the ID & management of risks, making suggestions for risk responses 6. Monitoring progress on RM 7. Pulling the whole picture together

Question 29

Definition: Offence vs Defence

Answer 29

First 2 lines set up to oppose each other - Business units focus on maximising income & RM focuses on minimising losses

Question 30

Definition: Policy & Policing

Answer 30

Business units operate within rules, set by the RM function & policed by the RM, Audit & Compliance Functions

Question 31

List: Problems with the Policy & Policing Model (4)

Answer 31

1. Policies quickly go out-of-date as RM function not in touch with day-to-day operations 2. Audit & compliance reviews do not occur continuously, so may fail to ID issues 3. Friction between line managers & RM 4. Line management have little incentive to report problems, policy violations & issues where it is uncertain whether it has occurred

Question 32

Definition: Partnership Model

Answer 32

RM staff are integrated in a client-consultant type relationship to manage risk

Question 33

List: Skills Required with a Risk Function (5)

Answer 33

1. Project management 2. Change management 3. Relationship management 4. Technical expertise 5. Implementation skills

Question 34

List: Considerations for RM Plans (4)

Answer 34

1. Business strategy 2. New product / business dev 3. Pricing 4. Risk & Incentive compensation

Question 35

List: Responsibilities of the Audit Function (5)

Answer 35

1. Monitoring compliance with laws & regs 2. Checking for system errors 3. Looking for non-observance of internal governance codes 4. Examination of key spreadsheets to ensure that they do not contain errors which might emerge occasionally but with devastating effect 5. Examination of procedures for paying insurance premiums on time, & observing insurance conditions

Question 36

List: Process to Produce & Maintain a Comprehensive ID & Assessment of Risks | (6 - BIAL PR)

Answer 36

1. Business analysis 2. ID the risks the company faces in a structured way 3. Obtain agreement on risks faced, the relationship between them & ID individuals who will be responsible for each risk & its management 4. Evaluate the risks i.t.o. their likelihood & impacts 5. Produce a risk register to record the results 6. Review the register regularly

Question 37

List: Key Components of a Business Plan (8)

Answer 37

1. Statement of business objectives 2. Description of business, products & services 3. Description of economic environment 4. ID of perceived key risks including upside risks 5. Description of strategy 6. Description of org structure 7. Forecast of expected financial outcomes 8. Statements of key assumptions & sensitivity of expected outcomes

Question 38

List: Lam's 4-Stage Risk ID & Assessment Process (4) | FIRE

Answer 38

1. Foundation setting 2. Risk ID, assessment & prioritisation 3. Deep dives, risk quantification & management 4. Business & ERM integration

Question 39

List: Tools Used During Risk ID Process (6)

Answer 39

1. SWOT analysis 2. Risk checklist 3. Risk prompt list 4. Risk taxonomy 5. Case studies 6. Process analysis

Question 40

List: Qualitative Techniques Used During Risk ID Process (7)

Answer 40

1. Brainstorming 2. Independent group analysis 3. Surveys 4. Gap analysis 5. Delphi technique 6. Interviews 7. Working groups

Question 41

List: Key Elements of a Risk Register (7-4)

Answer 41

1. Risks easily ID'd 2. Risk categories 3. Clear risk descriptions 4. Initial assessments of: a. Likelihood of occurence b. Impact c. Timeframe d. Relationship with other risks 5. Risk response action & its cost, expected residual 6. Individuals involved in monitoring & managing the risk 7. Document control info

Question 42

Definition: Emerging Risks

Answer 42

Developing or already known risks which are subject to uncertainty & ambiguity & are therefore difficult to quantify using traditional risk assessment techniques

Question 43

List: Characteristics of Emerging Risks (6)

Answer 43

1. Greater uncertainty 2. Uncertain time horizon 3. Difficult to quantify 4. Generally external to an org 5. Often significant in size & scale 6. Often arise because of global trends

Question 44

Definition: Cyber Risk

Answer 44

Any risk of financial loss, disruption or damage to the reputation of an org from some sort of failure of its IT systems

Question 45

List: Cyber Risk Controls (4)

Answer 45

1. Strong IT security 2. Clear policies & governance for users 3. Incident management processes 4. Regular review

Question 46

Definition: Climate Change Risk

Answer 46

Risks arising from adverse changes in the physical environment & secondary impacts in the economy at a regional or global scale