RSK2602 Assignment 1 2025
Question 1
Evaluate each statement as True or False and justify.
1.1
True – Operational failures caused by staff can indeed be driven by error (unintentional
mistakes), fraud (deliberate deception for personal gain), and data theft (unauthorised
access and removal of information). These are recognised internal sources of
operational risk in most frameworks, such as Basel II/III.
1.2
False – Technology and systems are generally classified as internal drivers of
operational risk, not external. They relate to an organisation’s own infrastructure,
software, and IT processes, which are under its direct control.
1.3
False – Operational risk is the risk of loss from inadequate or failed internal processes,
people, and systems, or from external events. It generally excludes strategic and
reputational risk, which are treated as separate risk categories, though they may be
affected by operational incidents.
1.4
False – Being “risk-indifferent” means having no preference regarding the balance
between risk and reward; such an attitude could result in taking unnecessary risks or
missing opportunities. The statement incorrectly assumes risk-indifferent attitudes are
not conducive to risk-taking, but in practice they may lead to uncalculated risk-taking.
, 1.5
True – Self-insurance can be achieved through captives, which are insurance
companies established and wholly owned by a parent company to insure its own risks,
allowing for internal risk financing.
1.6
False – Risk appetite is the amount and type of risk an organisation is willing to
pursue or retain in order to achieve its objectives, not the amount it is “not prepared to
lose.” The latter would be closer to “risk tolerance” or “risk limits.”
1.7
True – Qualitative impact ratings often use categories such as “probable,” “possible,”
and “remote” to describe the likelihood of risk events occurring.
1.8
False – Risk transfer does not mean the physical transfer of risk; rather, it refers to
shifting the financial consequences of a risk to a third party (e.g., through insurance or
outsourcing).
1.9
True – A top-down approach to risk management involves senior management setting
the risk strategy, policies, and appetite, which then cascades down. It is primarily driven
by top management, though operational input may follow.
1.10
False – Value-at-Risk (VaR) is a statistical measure estimating the potential loss in
value of a portfolio over a given time period under normal market conditions, not
necessarily under extreme conditions. Stress testing and scenario analysis are used for
extreme events.
Question 1
Evaluate each statement as True or False and justify.
1.1
True – Operational failures caused by staff can indeed be driven by error (unintentional
mistakes), fraud (deliberate deception for personal gain), and data theft (unauthorised
access and removal of information). These are recognised internal sources of
operational risk in most frameworks, such as Basel II/III.
1.2
False – Technology and systems are generally classified as internal drivers of
operational risk, not external. They relate to an organisation’s own infrastructure,
software, and IT processes, which are under its direct control.
1.3
False – Operational risk is the risk of loss from inadequate or failed internal processes,
people, and systems, or from external events. It generally excludes strategic and
reputational risk, which are treated as separate risk categories, though they may be
affected by operational incidents.
1.4
False – Being “risk-indifferent” means having no preference regarding the balance
between risk and reward; such an attitude could result in taking unnecessary risks or
missing opportunities. The statement incorrectly assumes risk-indifferent attitudes are
not conducive to risk-taking, but in practice they may lead to uncalculated risk-taking.
, 1.5
True – Self-insurance can be achieved through captives, which are insurance
companies established and wholly owned by a parent company to insure its own risks,
allowing for internal risk financing.
1.6
False – Risk appetite is the amount and type of risk an organisation is willing to
pursue or retain in order to achieve its objectives, not the amount it is “not prepared to
lose.” The latter would be closer to “risk tolerance” or “risk limits.”
1.7
True – Qualitative impact ratings often use categories such as “probable,” “possible,”
and “remote” to describe the likelihood of risk events occurring.
1.8
False – Risk transfer does not mean the physical transfer of risk; rather, it refers to
shifting the financial consequences of a risk to a third party (e.g., through insurance or
outsourcing).
1.9
True – A top-down approach to risk management involves senior management setting
the risk strategy, policies, and appetite, which then cascades down. It is primarily driven
by top management, though operational input may follow.
1.10
False – Value-at-Risk (VaR) is a statistical measure estimating the potential loss in
value of a portfolio over a given time period under normal market conditions, not
necessarily under extreme conditions. Stress testing and scenario analysis are used for
extreme events.
