CORES CORES Operational Risk Governance & Framework Design

Question 1

Which body is primarily responsible for setting the overall tone and oversight of operational risk governance at the enterprise level?

Accepted Answer

The board of directors

Answer

The internal audit department

Answer

The compliance team

Answer

The IT security division

Question 2

In the three lines of defense model, which line is responsible for owning and managing operational risk in day-to-day business activities?

Accepted Answer

First line — business units

Answer

Third line — internal audit

Answer

Second line — risk management function

Answer

External auditors

Question 3

What is the primary purpose of a Risk Appetite Statement (RAS) in an operational risk framework?

Accepted Answer

To define the amount and type of risk the organization is willing to accept

Answer

To list all past operational losses

Answer

To assign liability for risk events to specific employees

Answer

To replace the need for internal controls

Question 4

Which operational risk framework component ensures that risk management policies are consistently applied across all business lines?

Accepted Answer

Risk governance structure

Answer

Loss event database

Answer

Capital adequacy ratio

Answer

Stress testing model

Question 5

Under the CORES framework, what distinguishes a 'risk owner' from a 'risk manager'?

Accepted Answer

Risk owners are accountable for the risk outcome; risk managers provide oversight and tools

Answer

Risk owners set capital buffers; risk managers approve them

Answer

Risk owners report to external regulators; risk managers report internally

Answer

Risk owners handle cyber risk only; risk managers handle all other risks

Question 6

Which governance document formally defines the scope, objectives, and methodology of an organization's operational risk management program?

Accepted Answer

Operational risk management policy

Answer

Business continuity plan

Answer

Annual report

Answer

IT disaster recovery plan