Risk Management Quiz1

What are the two basic components used to measure risk?

Impact versus Probability.

The idea that risk can never be completely eliminated suggests it can only be _, controlled, or transferred.

mitigated

What is 'Financial Risk'?

It is the probability of a company suffering losses in its financial operations.

What is the fundamental objective of financial institutions regarding risk and return?

To maximize returns while minimizing risk.

What is Comprehensive Risk Management (Administración Integral de Riesgos)?

The process of identifying, measuring, monitoring, controlling, preventing, and mitigating the various risks inherent to a business.

What is Credit Risk (Riesgo Crédito)?

The probability of losses resulting from a borrower or counterparty failing to meet their obligations under the agreed-upon terms.

What is Market Risk (Riesgo Mercado)?

The probability of losses in on- and off-balance sheet positions due to movements in market prices.

What is Liquidity Risk (Riesgo Liquidez)?

The possibility that an institution may not have the necessary monetary resources to cover its operating expenses or depositor withdrawals.

What is Operational Risk (Riesgo Operacional)?

The probability of losses due to inadequate or failed internal processes, people, and systems, or from external events.

What is Strategic Risk (Riesgo Estratégico)?

The probability that an organization will fail to achieve its long-term objectives due to inadequate strategic decisions, poor execution, or unmanaged environmental changes.

Financial risks include credit, market, and liquidity, while non-financial risks include _, technological, reputational, and legal risks.

operational

According to the ISO 31000:2009 definition, what is 'Risk Appetite'?

The amount and type of risk that an institution is prepared to accept or tolerate.

How does COSO define 'Risk Appetite'?

The risk that one is willing to accept in the pursuit of the entity's mission and vision.

What is 'Risk Culture' within an organization?

The collective norms of behavior that determine the ability to identify, understand, discuss, and act on current and future risks.

What is the term for the risk an organization is willing to accept to achieve its objectives, often monitored with KRIs?

Risk Appetite.

What is 'Risk Tolerance'?

The acceptable level of variation or maximum risk limits relative to an objective; exceeding it means the institution is unprepared.

What is 'Risk Capacity'?

The maximum level of risk that an institution can withstand, often determined by the amount of available capital.

What is the first step in the process of defining risk appetite?

Establishing the Strategic Framework (Marco Estratégico).

The second step in defining risk appetite, involving analyzing strategy against quantitative projections to determine risks, is called _.

Risk Analysis (Análisis de Riesgos)

What is the third step in defining risk appetite, which involves proposing limits and tolerance levels linked to KPIs?

Assignment of Risk Levels (Asignación de Niveles de Riesgo).

What is the fourth step in defining risk appetite, where the framework is submitted to a committee or board for approval?

Risk Appetite Proposal (Propuesta de Apetito al Riesgo).

What is the fifth step in the risk appetite definition process, which involves informing internal and external stakeholders?

Communication (Comunicación).

What is the sixth and final step in the risk appetite definition process?

Control and Follow-up (Control y Seguimiento).

Why is risk appetite considered dynamic and not static?

Because strategy, risks, and the business environment are constantly changing, requiring continuous updates to the framework.

What is a primary operational advantage of having a defined risk appetite?

It improves the cost-benefit analysis of decisions and allows for more efficient resource allocation.

What is a primary compliance advantage of having a defined risk appetite?

It helps comply with legislation and best practices, improves transparency, and fosters a risk management culture.

In the 'Three Lines of Defense' model, which line is represented by the business and operational areas?

The first line of defense.

In the 'Three Lines of Defense' model, which functions typically constitute the second line?

Control units such as Risk Management and Compliance.

In the 'Three Lines of Defense' model, what function serves as the third line?

Audit.

What is the primary responsibility of the Board of Directors regarding risk management?

To define the level of risk to be assumed based on the strategic plan and to review the risk appetite framework at least annually.

What is a key responsibility of the 'Risk Areas' (second line of defense)?

To provide guidance on acceptable risk levels and create internal reporting systems for monitoring risk.

What is a key responsibility of the 'Business and Operational Areas' (first line of defense)?

To implement controls and alert systems to comply with established risk limits and tolerance levels.

When was the Basel Committee on Banking Supervision created?

It was created in 1974.

What are the three pillars of the Basel framework?

Pillar I: Capital Requirements; Pillar II: Supervisory Review; Pillar III: Market Discipline.

What major risk was incorporated into capital requirements under Basel 1.5 in 1993?

Market risk.

What major risk was incorporated into capital requirements under Basel II in 2004?

Operational risk.

What key standards were introduced under Basel III in 2010 in response to the 2008 financial crisis?

Liquidity risk standards and a leverage ratio.

What is the primary purpose of the COSO framework?

To provide a framework for organizations to establish and evaluate effective internal control systems.

What are the five components of the COSO framework?

Internal Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities.

The _ component of the COSO framework involves identifying and analyzing risks that could affect the organization's objectives.

Risk Assessment

What is the purpose of the ISO 37000 standard?

To provide principles, a framework, and a process for managing risks in any type of organization.

How does the regulatory character of Basel differ from that of COSO and ISO 37000?

Basel is mandatory in member countries, while COSO and ISO 37000 are voluntary frameworks based on best practices.

The comparison table shows that COSO's emphasis is on internal control and fraud prevention, while Basel's emphasis is on _ and regulatory capital.

solvency

According to the audio transcript, inflation is an example of what kind of operational risk factor?

An external event that is outside the company's control.

What is meant by the phrase "riesgos emergentes" in the context of risk analysis?

Emerging risks that may not have been present or identified in the past.

What is the term for indicators used to monitor internal risk limits and provide early warnings?

Key Risk Indicators (KRIs).

The audio transcript mentions that risks are often _, meaning an operational risk can affect credit risk, which can in turn affect liquidity risk.

correlated

A bank that is so large its failure could destabilize the entire financial system is referred to as a _ bank.

systemic

In the financial company example, what activity represented the company's risk tolerance level?

Investing in local government and foreign bonds, which could increase the monthly VaR up to 5% of capital.

In the financial company example, what represented the maximum risk capacity?

Investing in speculative securities that could result in a monthly VaR of up to 10% of capital, threatening regulatory minimums.

For a non-financial company, what is one of the most critical risks to manage to avoid catastrophe?

Liquidity risk.

In the non-financial company example, the risk appetite was defined as not allowing profit in relation to capital to fall below what percentage?

8% (half of the expected profit).

In the Basel framework, what is the purpose of Pillar III: Market Discipline?

To promote transparency by requiring banks to disclose information about their risk profiles and capital adequacy to the public.

The process where a bank receives deposits from the public and uses them to make loans is known as _.

financial intermediation

What are 'covenants' in the context of a bank loan to a company?

Conditions or restrictions placed on the borrower, such as prohibiting the distribution of dividends, to protect the lender's interests.

Why is it important for the risk appetite definition process to be long-term (e.g., 3-5 years) rather than short-term?

A short-term view can miss risks that materialize over time, such as equipment failure or system obsolescence.

Who are considered the 'experts' for identifying risks within an organization, according to the audio?

The people who are involved in the day-to-day processes, not an isolated risk department.

The decision to implement a control, such as a security guard versus an advanced inventory system, is primarily based on a _ analysis.

cost-benefit

A key benefit of a formal risk appetite framework is that it transforms hidden operational losses, often buried in administrative expenses, into visible data for better ____.

decision-making

According to the source material, what is the definition of a 'Risk'?

An event, action, or omission that could adversely affect an organization's ability to achieve its business objectives and execute its strategies successfully.