Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
CISI – Managing Operational Risk in Financial Institutions – Joshua – Quiz 3
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Identify 3 steps you would make use of to develop a Governance, Risk management and compliance-oriented culture (Select all that applies)
Correct
There are seven steps, or the seven Cs, for developing a GRC-orientated culture:
a.*Consumer insight
b.*Corporate values
c.*Change management
d.Communication
e.Consumer-grade experience
f.Community
g.ContinuityIncorrect
There are seven steps, or the seven Cs, for developing a GRC-orientated culture:
a.*Consumer insight
b.*Corporate values
c.*Change management
d.Communication
e.Consumer-grade experience
f.Community
g.Continuity -
Question 2 of 10
2. Question
What are the three most widely used techniques for helping companies engage risk? (Select all that applies)
Correct
There are a variety of tools and tactics that can be employed to help
increase user engagement. We focus here on three of the most widely used techniques for helping companies engage risk.
GRC reporting and dashboards are a great mechanism for helping find the “needle in the haystack” quickly. They can allow users to participate with GRC information in an intuitive and business-friendly way. They are the front end of an effective technology infrastructure that helps the right information to get to the right people in a timely fashion.
Adobe interactive forms are an effective way to interact with users in order to “crowdsource” their risk intelligence using technology (i.e., Adobe PDFs) that many are familiar with. Crowdsourcing is the practice of obtaining ideas or content by soliciting contributions from a large group of people, especially from an online community.
Mobile applications (or apps) are increasingly being developed for business use. Gartner predicts that, by 2017, half of the employers will require workers to use their own devices for work. It also believes that over 38% will stop providing devices to workers by 2016.Incorrect
There are a variety of tools and tactics that can be employed to help
increase user engagement. We focus here on three of the most widely used techniques for helping companies engage risk.
GRC reporting and dashboards are a great mechanism for helping find the “needle in the haystack” quickly. They can allow users to participate with GRC information in an intuitive and business-friendly way. They are the front end of an effective technology infrastructure that helps the right information to get to the right people in a timely fashion.
Adobe interactive forms are an effective way to interact with users in order to “crowdsource” their risk intelligence using technology (i.e., Adobe PDFs) that many are familiar with. Crowdsourcing is the practice of obtaining ideas or content by soliciting contributions from a large group of people, especially from an online community.
Mobile applications (or apps) are increasingly being developed for business use. Gartner predicts that, by 2017, half of the employers will require workers to use their own devices for work. It also believes that over 38% will stop providing devices to workers by 2016. -
Question 3 of 10
3. Question
Internal auditor must convey the process of risk assessment to the management in a way and manner that can be understood and through the method of analysis of the cost/benefit or comparisons operations in numbers, but some risk assessment can be subjected to evaluation in numbers especially the financial risks, while others can be evaluated digitally as the fame risks. What two important factors must the Internal auditor consider with reference to the risk assessment process? (Select all that applies)
Correct
The role of the internal auditors in the process of assessment is the efficiency of risk management is an advisory role in terms of helping the entity to identify, evaluate and apply appropriate methodologies for risk management through the examination and evaluation of risk management processes and make recommendations for improving the efficiency of these processes. The risk assessment process is based on two important factors:
1. The accurate information that the internal auditor had gathered.
2. Time: Where the assessment process must be conducted in a timely manner as well as the output of the assessment process must be submitted to senior management in a timely manner to take appropriate decision at the appropriate time and there are more risks can be controlled if the time is provided to assess and determine its outcome.Incorrect
The role of the internal auditors in the process of assessment is the efficiency of risk management is an advisory role in terms of helping the entity to identify, evaluate and apply appropriate methodologies for risk management through the examination and evaluation of risk management processes and make recommendations for improving the efficiency of these processes. The risk assessment process is based on two important factors:
1. The accurate information that the internal auditor had gathered.
2. Time: Where the assessment process must be conducted in a timely manner as well as the output of the assessment process must be submitted to senior management in a timely manner to take appropriate decision at the appropriate time and there are more risks can be controlled if the time is provided to assess and determine its outcome. -
Question 4 of 10
4. Question
The following are the key elements that must be achieved for risk assessment to achieve efficiency except?
Correct
There are five key elements that must be achieved for risk assessments to achieve efficiency, which are:
• Identify and prioritize risks arising from the entity strategy and its activities.
• The board of directors and the senior management determine the level of acceptable
risk for the entity.
• Design the methods of risk reduction and apply them to reduce the risk at an acceptable level of the board of directors and senior management.
• Periodic assessment of the risk through continuous monitoring of activities in order to
judge the efficiency of control in risk management.
• Submitting periodic reports to the board of directors and senior management revealing
the results of risk management processes and to inform shareholders about the risks and their strategic plan to control them.Incorrect
There are five key elements that must be achieved for risk assessments to achieve efficiency, which are:
• Identify and prioritize risks arising from the entity strategy and its activities.
• The board of directors and the senior management determine the level of acceptable
risk for the entity.
• Design the methods of risk reduction and apply them to reduce the risk at an acceptable level of the board of directors and senior management.
• Periodic assessment of the risk through continuous monitoring of activities in order to
judge the efficiency of control in risk management.
• Submitting periodic reports to the board of directors and senior management revealing
the results of risk management processes and to inform shareholders about the risks and their strategic plan to control them. -
Question 5 of 10
5. Question
The procedures followed by the internal auditor in gathering evidence to judge whether the above five objectives have been achieved are (Select all that applies):
Correct
The procedures followed by the internal auditor in gathering evidence to judge whether the above five objectives have been achieved, these are:
• Study and audit the developments and the current trends to obtain any information
available to identify the risks that may affect the entity and its potential exposure and control procedures used in the risk management process and then evaluate them.
• Review the entity’s policies and decisions of the Board of Directors and the audit
committee notes about its reports submitted to identify the entity’s strategy, philosophy and methodology of risk management and the level and acceptance of risk tolerance.
• Audit previous reports of risk assessment prepared by the management and the internal
and external auditors and any other regulatory authority that issued such reports.
• Conduct interviews with different administrative levels to determine the objectives of
each business unit and related risks and how to manage and reduce risk and identify ongoing control activities.
• Assess the doers of operating activities to reduce risk and continuous supervision.
• Audit the impact of efficiency on the results of risk management and deliver reports in a timely manner.Incorrect
The procedures followed by the internal auditor in gathering evidence to judge whether the above five objectives have been achieved, these are:
• Study and audit the developments and the current trends to obtain any information
available to identify the risks that may affect the entity and its potential exposure and control procedures used in the risk management process and then evaluate them.
• Review the entity’s policies and decisions of the Board of Directors and the audit
committee notes about its reports submitted to identify the entity’s strategy, philosophy and methodology of risk management and the level and acceptance of risk tolerance.
• Audit previous reports of risk assessment prepared by the management and the internal
and external auditors and any other regulatory authority that issued such reports.
• Conduct interviews with different administrative levels to determine the objectives of
each business unit and related risks and how to manage and reduce risk and identify ongoing control activities.
• Assess the doers of operating activities to reduce risk and continuous supervision.
• Audit the impact of efficiency on the results of risk management and deliver reports in a timely manner. -
Question 6 of 10
6. Question
The following are the principles from best practices on the subject of compliance except?
Correct
Even though a lot of work has been done by the industry to respond to regulatory requirements and its changes over time, the industry needs a more structural answer that will allow banks to effectively and efficiently mature their risk-and-control frameworks to make them more robust and sustainable over time. So below are presented some main principles from best practices on the subject of compliance.
The Board of Directors must oversee the management of compliance risk. It must
approve the bank’s strategy. It must be informed at least once a year of the bank’s
compliance policy and the arrangements for its implementation.
Senior management must establish a compliance policy, ensuring that it is
observed and reported to the board of directors on its ongoing implementation.
Senior management must establish a permanent and effective compliance
function.
The compliance function must be given formal status through a charter or other
document approved by the board of directors that sets out the function’s standing, authority and its position in the hierarchical structure.
It must be independent of the operational side.Incorrect
Even though a lot of work has been done by the industry to respond to regulatory requirements and its changes over time, the industry needs a more structural answer that will allow banks to effectively and efficiently mature their risk-and-control frameworks to make them more robust and sustainable over time. So below are presented some main principles from best practices on the subject of compliance.
The Board of Directors must oversee the management of compliance risk. It must
approve the bank’s strategy. It must be informed at least once a year of the bank’s
compliance policy and the arrangements for its implementation.
Senior management must establish a compliance policy, ensuring that it is
observed and reported to the board of directors on its ongoing implementation.
Senior management must establish a permanent and effective compliance
function.
The compliance function must be given formal status through a charter or other
document approved by the board of directors that sets out the function’s standing, authority and its position in the hierarchical structure.
It must be independent of the operational side. -
Question 7 of 10
7. Question
Which of the following describes the main functions of the Compliance department or unit? (Select all that applies)
Correct
The main functions of the Compliance Department or Unit are as described below:
provides the compliance risk management guidelines and policies, for submission to the Chief Executive Officer, Board of Directors and to the Audit Committee of the Bank
it notifies the Audit Committee, Chief Executive Officer of the Bank regarding the
compliance issues and violations considered to be particularly significantIncorrect
The main functions of the Compliance Department or Unit are as described below:
provides the compliance risk management guidelines and policies, for submission to the Chief Executive Officer, Board of Directors and to the Audit Committee of the Bank
it notifies the Audit Committee, Chief Executive Officer of the Bank regarding the
compliance issues and violations considered to be particularly significant -
Question 8 of 10
8. Question
Which one of the option bests defines Risk awareness?
Correct
Risk awareness may also be defined as a capability of the organization to recognize risks before they threaten, mitigate them when they arise, and recover from the damages they may cause. Creating a risk-aware culture suggests that the capability is present throughout the organization and it is woven into the normal routines, rituals, and behaviours of all those involved. In creating a risk-aware culture you will need to bring together a collective group of individuals (the organization) to establish and maintain your culture for risk awareness.
Incorrect
Risk awareness may also be defined as a capability of the organization to recognize risks before they threaten, mitigate them when they arise, and recover from the damages they may cause. Creating a risk-aware culture suggests that the capability is present throughout the organization and it is woven into the normal routines, rituals, and behaviours of all those involved. In creating a risk-aware culture you will need to bring together a collective group of individuals (the organization) to establish and maintain your culture for risk awareness.
-
Question 9 of 10
9. Question
What three key points should you keep in mind when cultivating a risk-aware culture your organisation?
Correct
Risk awareness may also be defined as a capability of the organization to recognize risks before they threaten, mitigate them when they arise, and recover from the damages they may cause. Creating a risk-aware culture suggests that the capability is present throughout the organization and it is woven into the normal routines, rituals, and behaviours of all those involved. In creating a risk-aware culture you will need to bring together a collective group of individuals (the organization) to establish and maintain your culture for risk awareness.
Incorrect
-
Question 10 of 10
10. Question
Principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated are (Select all that applies)
Correct
Clear strategies adopted by the Board of Directors and oversight exercised by Senior Management (the President, Vice-Presidents and the Secretary-General),
ii) Strong internal operational risk culture (Internal operational risk culture is taken to mean the combined set of individual and corporate values, attitudes, competencies and behaviour that determine a firm’s commitment to and style of operational risk management) and internal control culture, emphasizing on dual controls,
iii) Effective monitoring and internal reporting,
iv) Contingency and business continuity plans,
v) High standards of ethics and integrityIncorrect
Clear strategies adopted by the Board of Directors and oversight exercised by Senior Management (the President, Vice-Presidents and the Secretary-General),
ii) Strong internal operational risk culture (Internal operational risk culture is taken to mean the combined set of individual and corporate values, attitudes, competencies and behaviour that determine a firm’s commitment to and style of operational risk management) and internal control culture, emphasizing on dual controls,
iii) Effective monitoring and internal reporting,
iv) Contingency and business continuity plans,
v) High standards of ethics and integrity