CRA - Certified Risk Architect Operational Risk Management Questions and Answers

Question 1

A financial institution is implementing the 'Three Lines of Defense' model for operational risk governance. Which of the following correctly describes the primary responsibility of the Second Line of Defense?

Accepted Answer

Developing the risk management framework and overseeing its implementation by the first line.

Answer

The Second Line of Defense (e.g., Risk Management and Compliance functions) is responsible for providing oversight and expertise. This includes developing the risk management frameworks, policies, and tools, and monitoring the First Line's adherence to them. The First Line owns the risk, the Third Line (Internal Audit) provides independent assurance, and the board/senior management establishes risk appetite.

Question 2

A manufacturing company's risk management team facilitates quarterly meetings where business unit managers identify potential operational failures in their processes and assess the adequacy of existing controls. This collaborative activity is a core component of which operational risk management tool?

Accepted Answer

Risk and Control Self-Assessment (RCSA)

Answer

A Risk and Control Self-Assessment (RCSA) is a process where management and staff of a business unit collaboratively identify and evaluate risks and associated controls within their own operations. This proactive approach empowers the business lines to take ownership of their risk environment. Scenario Analysis models potential future events, RCA investigates past incidents, and BIA focuses on the consequences of a disruption.

Question 3

According to the Basel II framework, operational risk events are categorized into seven distinct types. A significant loss resulting from a power grid failure that halts a bank's data center operations would be classified under which event type?

Accepted Answer

Business Disruption and System Failures

Answer

The Basel II framework defines 'Business Disruption and System Failures' as losses arising from the disruption of business or system failures. This category explicitly includes utility outages, telecommunications problems, and hardware/software failures. The other categories relate to fraud, process errors, or misconduct in business dealings.

Question 4

A risk architect is designing a monitoring dashboard for the operational risk of a customer service center. They want to include a forward-looking metric that can provide an early warning of potential increases in customer complaints. Which of the following would be the MOST effective Key Risk Indicator (KRI)?

Accepted Answer

Percentage of new hires who have not completed product training.

Answer

A Key Risk Indicator (KRI) should be a leading or predictive indicator of potential future risk events. A high percentage of untrained new hires is a leading indicator of potential future errors and customer complaints. The number of complaints and the CSAT score are lagging indicators, as they measure events that have already occurred. Average call handle time is a performance metric (KPI) that doesn't directly indicate rising risk.

Question 5

An online retailer suffers a major data breach where customer credit card information is stolen by an external hacking group. Within the Basel operational risk event typology, this loss event would be classified as:

Accepted Answer

External Fraud

Answer

The Basel framework defines 'External Fraud' as losses due to acts by a third party intended to defraud, misappropriate property, or circumvent the law. This category includes events like theft of information and hacking damage. Internal Fraud involves employees, Business Disruption relates to system failures, and Damage to Physical Assets involves events like natural disasters.

(CRA) Certified Risk Architect Practice Test

(CRA) Certified Risk Architect Practice Test

CRA - Certified Risk Architect Operational Risk Management Questions and Answers