Financial Risk Management Operational Risk Management 2

Question 1

The 'three lines of defense' model in operational risk management assigns risk management roles as:

Accepted Answer

Business units, risk and compliance functions, and internal audit

Answer

The first line (business units) owns risk, the second line (risk/compliance) oversees it, and the third line (internal audit) independently assesses both.

Question 2

Which operational risk event type would a data breach involving customer information fall under?

Accepted Answer

External fraud

Answer

A data breach resulting from an external cyberattack is classified as external fraud under Basel's seven operational risk event categories.

Question 3

Scenario analysis in operational risk is primarily used to:

Accepted Answer

Replace internal loss data when historical losses are insufficient for tail estimation

Answer

Scenario analysis captures low-frequency, high-severity tail risks where limited internal loss data exists, supplementing historical loss databases.

Question 4

What is 'model risk' in the context of operational risk?

Accepted Answer

The risk of adverse consequences from decisions based on flawed or misused models

Answer

Model risk arises when a model has errors, is used outside its intended scope, or produces outputs that are misinterpreted, leading to poor decisions.

Question 5

An operational risk loss that has a very low probability but extremely large magnitude is called:

Accepted Answer

A low-frequency, high-severity (LFHS) event

Answer

LFHS events, such as major fraud or catastrophic IT failures, are rare but can cause disproportionately large losses requiring capital buffer.

Financial Risk Management Practice Test

Financial Risk Management Practice Test

Financial Risk Management Operational Risk Management 2