CRA - Certified Risk Architect Operational Risk Management Questions and Answers

Question 1

A financial institution is implementing the 'Three Lines of Defense' model for operational risk governance.
Which of the following correctly describes the primary responsibility of the Second Line of Defense?

Accepted Answer

Developing the risk management framework and overseeing its implementation by the first line.

Answer

Owning and managing operational risks as part of day-to-day business activities.

Answer

Providing independent and objective assurance on the effectiveness of risk management and internal controls.

Answer

Establishing the overall risk appetite and strategic direction for the institution.

Question 2

A manufacturing company's risk management team facilitates quarterly meetings where business unit managers identify potential operational failures in their processes and assess the adequacy of existing controls. This collaborative activity is a core component of which operational risk management tool?

Accepted Answer

Risk and Control Self-Assessment (RCSA)

Answer

Scenario Analysis

Answer

Root Cause Analysis (RCA)

Answer

Business Impact Analysis (BIA)

Question 3

According to the Basel II framework, operational risk events are categorized into seven distinct types. A significant loss resulting from a power grid failure that halts a bank's data center operations would be classified under which event type?

Accepted Answer

Business Disruption and System Failures

Answer

Internal Fraud

Answer

Execution, Delivery, and Process Management

Answer

Clients, Products, and Business Practices

Question 4

A risk architect is designing a monitoring dashboard for the operational risk of a customer service center. They want to include a forward-looking metric that can provide an early warning of potential increases in customer complaints. Which of the following would be the MOST effective Key Risk Indicator (KRI)?

Accepted Answer

Percentage of new hires who have not completed product training.

Answer

Number of customer complaints per month.

Answer

Average call handle time.

Answer

Customer satisfaction score (CSAT).

Question 5

An online retailer suffers a major data breach where customer credit card information is stolen by an external hacking group. Within the Basel operational risk event typology, this loss event would be classified as:

Accepted Answer

External Fraud

Answer

Business Disruption and System Failures

Answer

Internal Fraud

Answer

Damage to Physical Assets

Question 6

Which statement best describes the primary difference between a Key Performance Indicator (KPI) and a Key Risk Indicator (KRI) in the context of operational risk management?

Accepted Answer

KPIs measure historical performance against objectives, while KRIs are forward-looking and signal potential future problems.

Answer

KPIs are quantitative and KRIs are qualitative.

Answer

KRIs are only used for financial risks, while KPIs are used for all business areas.

Answer

KPIs are set by business units, whereas KRIs are exclusively set by the internal audit function.