Assignment 6 - Uncovering Operational Risks
Sixth National Bank stores all of its financial records in an electronic data base. Sixth National customers are able to access their accounts on-line with a user identification number and a password. Last weekend, a computer hacker was able to breach the firewall of the electronic database and gain access to customer account data. This operational risk for Sixth National Bank is Select one: A. A process risk. B. An external event risk. C. A credit risk. D. A systems risk.
A systems risk
One category of operational risk includes procedures and practices organizations use to conduct their business activities. This category is Select one: A. Systems risk. B. Process risk. C. Business complexity risk. D. Technological risk.
Process risk
The level of confidence an organization places in the organization's risk management culture, practices, and procedures is called Select one: A. Risk assurance. B. Tolerable uncertainty. C. Risk tolerance. D. Probable maximum loss.
Risk assurance.
Which one of the following statements about risk management monitoring and reporting is true? Select one: A. Risk reporting should give each risk faced by the organization equal treatment and avoid prioritizing risks. B. The silo reporting approach gives the board a more concise and useful picture than the integrated reporting approach. C. Risk reports should be limited to objective information and not include subjective assessments. D. The most important characteristic of a risk report format is that it is useful to the user.
The most important characteristic of a risk report format is that it is useful to the user.
Which one of the following statements is true regarding key risk indicators (KRI)? Select one: A. A KRI is the event or circumstance that directly led to a loss. B. A KRI is an effective predictor of external event risk. C. A KRI is a financial metric used to help define potential losses. D. A KRI must be leading, rather than lagging, to be effective.
A KRI must be leading, rather than lagging, to be effective.
Which one of the following is an example of a report that would most likely contain both quantitative and qualitative data? Select one: A. A profit and loss statement B. A disaster recovery plan C. A financial statement D. A customer satisfaction survey
A customer satisfaction survey
Which one of the following statements is true concerning robotic process automation (RPA)? Select one: A. RPA is more focused on the range of tasks that can be performed by a robot rather than the process of completing a task. B. RPA cannot be used as part of business process management. C. Although RPA can help control some organizational risks, use of RPA can create other risks. D. When RPA is employed, it always involves the use of robots.
Although RPA can help control some organizational risks, use of RPA can create other risks.
Which one of the following statements is true regarding an effective risk reporting system? Select one: A. Most organizations rely on reporting systems that provides quantitative data only. B. An effective reporting system provides efficient information flow up and down the lines of authority. C. An effective reporting system allows senior management to receive individual reports from each department. D. An effective reporting system should only include internal sources of information.
An effective reporting system provides efficient information flow up and down the lines of authority
The board of directors of Insurance Company wants assurance that the company's recently-instituted "commitment to risk management" has been communicated to and accepted by all company employees. Which one of the following would be the best method to determine if employees had been informed of the commitment to risk management and had accepted it? Select one: A. Ask senior management to prepare a report on the subject. B. Check employee absenteeism before and after the policy was instituted. C. Ask the internal audit department to administer a risk management questionnaire to employees. D. Use a measure such as sales per employee or net income per employee to track performance.
Ask the internal audit department to administer a risk management questionnaire to employees.
The process of comparing the key risk indicators of an organization with those of other organizations in the same industry is known as Select one: A. Root cause analysis. B. Trend analysis. C. Hedging. D. Benchmarking.
Benchmarking
Three HillsLaw is a legal firm specializing in multiple-plaintiff cases. One current case involves alleged birth defects caused by exposure to polluted groundwater. There are currently 78 plaintiffs represented in the pending legal action. Up-to-date records on the condition of each child is a critical operational concern. Three HillsLaw turned to a secured digital ledger system in which independent third parties (nurses, physicians, and parents) can update the status of individual children, and the record for the entire group is automatically updated. The latest update showed seven children have died, 14 have a terminal diagnosis, 27 have permanent disabilities, and 30 cases are listed as "developing" (awaiting definitive diagnosis). The secured distributed ledger system used by Three HillsLaw is called Select one: A. Robotic process automation. B. Cryptocurrency. C. Telematics. D. Blockchain.
Blockchain
Which one of the following statements about blockchain is true? Select one: A. While blockchain can reduce operational risks, it is easy to manipulate and hack. B. Blockchain stores a record of transactions across a network of servers. C. Although blockchain can increase efficiency of operating systems, the tradeoff is data inaccuracy. D. Blockchain centralizes control of transaction data on a single computer server.
Blockchain stores a record of transactions across a network of servers.
Insurance Company monitors key indicators of underwriting effectiveness. Some indicators they monitor include: percentage of business quoted that was written, application processing time, premium volume handled by underwriters, skill level of underwriters, and benchmarking between different underwriting offices. The indicators of underwriting performance Insurance Company uses are called Select one: A. Control indicators. B. System indicators. C. Process indicators. D. Exposure indicators.
Control indicators.
Which one of the following statements is true regarding operational risk? Select one: A. Operational risk is integrated in every activity of an organization. B. Financial institutions and their regulators typically define operational risk to include market risk and credit risk. C. Operational risk is best managed during the course of business by an organization's front-line managers. D. Most current methods of managing operational risk are informal.
Operational risk is integrated in every activity of an organization
Risk indicators such as experience and authority levels apply to which one of the following operational risk classes? Select one: A. People B. Process C. Systems D. External events
People
Chuck is Vice President of Claims for Insurance Company. The company has 37 adjusters in the field, and needs to hire four new adjusters. Chuck is curious about the relationship between prior experience of the adjuster and policyowner complaints. He collected data on the number of complaints for each adjuster on staff over time. Then he used a statistical technique to analyze the relationship between adjuster experience and complaints, and the trend of the relationship over time. The statistical analysis confirmed that that there were significantly fewer complaints with more experienced adjusters, and that the relationship grew stronger with more years of experience. The technique Chuck used to relate indicators to outcomes is called Select one: A. Regression analysis. B. Analysis of variance. C. Central tendency analysis. D. SWOT analysis.
Regression analysis.
Local Petroleum Distributors (LPD) sells gas and diesel fuel to 72 independent gas stations and convenience stores. Receiving accurate data on the fuel needs of its customers is a critical operational concern. LPD installed sensors in the fuel storage tanks owned by each customer. At 11 PM each evening, the sensors send fuel data electronically to LPD. LPD receives the data, and a computer enters each record. The data are analyzed, and the analysis determines which retailers require a fuel shipment in the next three days. The electronic system has increased operational efficiency as shipments can be better coordinated, and retailers are no longer required to measure the fuel level and report manually. LPD's use of a computer to enter the data reported by the sensors is an example of Select one: A. Robotic process automation. B. Monte Carlo simulation. C. Blockchain. D. Data analytics.
Robotic process automation
Which one of the following commonly used categories of operational risk includes risks associated with technology and equipment? Select one: A. People B. Systems C. External events D. Process
Systems