Fall SemeSter 2025 – rSK4801 OperatiOnal riSK
management | nOvember/December pOrtFOliO
cOmplete anSWerS | UpDateD 2025/2026 eDitiOn
| veriFieD UniSa StUDy gUiDe | DUe 12 December
2025 | 100% exam-reaDy reSOUrce FOr
UniverSity OF SOUth aFrica StUDentS
Question 1:
What is the primary objective of Operational Risk Management (ORM)?
• A) To maximize profit by minimizing costs
• B) To identify, assess, and mitigate risks that can impede an organization's
operations
• C) To ensure compliance with legal regulations
• D) To enhance customer satisfaction through service improvement
Correct Option: B
Rationale: The primary objective of Operational Risk Management (ORM) is to identify,
assess, and mitigate risks that can hinder the operational capabilities of an
organization. This involves understanding potential operational failures and
implementing controls to minimize their impact.
Question 2:
Which of the following is NOT considered an operational risk?
• A) Fraud
• B) System failure
• C) Market volatility
• D) Supply chain disruptions
Correct Option: C
Rationale: Market volatility is classified as a financial risk rather than an operational
risk. Operational risks are typically associated with internal processes, people, and
systems, while market risks pertain to fluctuations in market conditions affecting asset
prices.
Question 3:
,In the context of ORM, which of the following tools is primarily used for risk
assessment?
• A) Risk Matrix
• B) Profit and Loss Statement
• C) Balance Sheet
• D) Performance Appraisal
Correct Option: A
Rationale: A Risk Matrix is a tool commonly used in Operational Risk Management for
assessing risks based on their likelihood and impact. It helps organizations prioritize
risks and develop appropriate mitigation strategies.
Question 4:
What role does the "Three Lines of Defense" model play in ORM?
• A) It focuses solely on internal audit functions.
• B) It delineates responsibilities across operational management, risk
management, and internal audit.
• C) It replaces the need for compliance functions.
• D) It emphasizes only external risk factors.
Correct Option: B
Rationale: The "Three Lines of Defense" model establishes a clear framework for risk
management roles within an organization. It includes operational management (first
line), risk management functions (second line), and internal audit (third line), ensuring
comprehensive oversight of operational risks.
Question 5:
Which of the following is a key component of a robust ORM framework?
• A) Ignoring minor risks to focus on major threats
• B) Continuous monitoring and reporting of risks
• C) Only addressing risks after they occur
• D) Relying solely on external audits for risk assessment
Correct Option: B
,Rationale: Continuous monitoring and reporting of risks are critical components of an
effective Operational Risk Management framework. This proactive approach allows
organizations to identify emerging risks and respond promptly, thereby reducing the
likelihood and impact of operational failures.
Question 6:
Which method is commonly used to quantify operational risk exposure?
• A) Value at Risk (VaR)
• B) Loss Distribution Approach (LDA)
• C) Capital Asset Pricing Model (CAPM)
• D) Discounted Cash Flow (DCF)
Correct Option: B
Rationale: The Loss Distribution Approach (LDA) is a statistical method used to
quantify operational risk exposure by analyzing historical loss data and modeling the
distribution of potential future losses.
Question 7:
In ORM, what is the primary purpose of Key Risk Indicators (KRIs)?
• A) To provide early warning signs of potential risk events
• B) To assess the financial performance of the organization
• C) To communicate with stakeholders
• D) To replace internal controls
Correct Option: A
Rationale: Key Risk Indicators (KRIs) are metrics used to provide early warning signs of
potential risk events, allowing organizations to take proactive measures before risks
materialize.
Question 8:
What is the main focus of a risk control self-assessment (RCSA)?
• A) To evaluate financial performance
• B) To identify and assess risks and controls within business processes
• C) To conduct external audits
• D) To analyze market trends
, Correct Option: B
Rationale: The risk control self-assessment (RCSA) process focuses on identifying and
assessing risks and the effectiveness of controls within business processes, allowing
organizations to manage risks more effectively.
Question 9:
Which of the following is a qualitative risk assessment technique?
• A) Monte Carlo Simulation
• B) Value at Risk
• C) Brainstorming
• D) Regression Analysis
Correct Option: C
Rationale: Brainstorming is a qualitative risk assessment technique that encourages
team members to identify potential risks based on their experiences and insights,
without relying on numerical data.
Question 10:
Operational risk can arise from which of the following sources?
• A) Human error
• B) Market fluctuations
• C) Interest rate changes
• D) Currency exchange rates
Correct Option: A
Rationale: Human error is a common source of operational risk, encompassing
mistakes made in processes, decision-making, and system usage, which can lead to
significant operational failures.
Question 11:
What is the significance of a "Risk Appetite Statement"?
• A) To define the organizational structure
• B) To outline the level of risk an organization is willing to accept
management | nOvember/December pOrtFOliO
cOmplete anSWerS | UpDateD 2025/2026 eDitiOn
| veriFieD UniSa StUDy gUiDe | DUe 12 December
2025 | 100% exam-reaDy reSOUrce FOr
UniverSity OF SOUth aFrica StUDentS
Question 1:
What is the primary objective of Operational Risk Management (ORM)?
• A) To maximize profit by minimizing costs
• B) To identify, assess, and mitigate risks that can impede an organization's
operations
• C) To ensure compliance with legal regulations
• D) To enhance customer satisfaction through service improvement
Correct Option: B
Rationale: The primary objective of Operational Risk Management (ORM) is to identify,
assess, and mitigate risks that can hinder the operational capabilities of an
organization. This involves understanding potential operational failures and
implementing controls to minimize their impact.
Question 2:
Which of the following is NOT considered an operational risk?
• A) Fraud
• B) System failure
• C) Market volatility
• D) Supply chain disruptions
Correct Option: C
Rationale: Market volatility is classified as a financial risk rather than an operational
risk. Operational risks are typically associated with internal processes, people, and
systems, while market risks pertain to fluctuations in market conditions affecting asset
prices.
Question 3:
,In the context of ORM, which of the following tools is primarily used for risk
assessment?
• A) Risk Matrix
• B) Profit and Loss Statement
• C) Balance Sheet
• D) Performance Appraisal
Correct Option: A
Rationale: A Risk Matrix is a tool commonly used in Operational Risk Management for
assessing risks based on their likelihood and impact. It helps organizations prioritize
risks and develop appropriate mitigation strategies.
Question 4:
What role does the "Three Lines of Defense" model play in ORM?
• A) It focuses solely on internal audit functions.
• B) It delineates responsibilities across operational management, risk
management, and internal audit.
• C) It replaces the need for compliance functions.
• D) It emphasizes only external risk factors.
Correct Option: B
Rationale: The "Three Lines of Defense" model establishes a clear framework for risk
management roles within an organization. It includes operational management (first
line), risk management functions (second line), and internal audit (third line), ensuring
comprehensive oversight of operational risks.
Question 5:
Which of the following is a key component of a robust ORM framework?
• A) Ignoring minor risks to focus on major threats
• B) Continuous monitoring and reporting of risks
• C) Only addressing risks after they occur
• D) Relying solely on external audits for risk assessment
Correct Option: B
,Rationale: Continuous monitoring and reporting of risks are critical components of an
effective Operational Risk Management framework. This proactive approach allows
organizations to identify emerging risks and respond promptly, thereby reducing the
likelihood and impact of operational failures.
Question 6:
Which method is commonly used to quantify operational risk exposure?
• A) Value at Risk (VaR)
• B) Loss Distribution Approach (LDA)
• C) Capital Asset Pricing Model (CAPM)
• D) Discounted Cash Flow (DCF)
Correct Option: B
Rationale: The Loss Distribution Approach (LDA) is a statistical method used to
quantify operational risk exposure by analyzing historical loss data and modeling the
distribution of potential future losses.
Question 7:
In ORM, what is the primary purpose of Key Risk Indicators (KRIs)?
• A) To provide early warning signs of potential risk events
• B) To assess the financial performance of the organization
• C) To communicate with stakeholders
• D) To replace internal controls
Correct Option: A
Rationale: Key Risk Indicators (KRIs) are metrics used to provide early warning signs of
potential risk events, allowing organizations to take proactive measures before risks
materialize.
Question 8:
What is the main focus of a risk control self-assessment (RCSA)?
• A) To evaluate financial performance
• B) To identify and assess risks and controls within business processes
• C) To conduct external audits
• D) To analyze market trends
, Correct Option: B
Rationale: The risk control self-assessment (RCSA) process focuses on identifying and
assessing risks and the effectiveness of controls within business processes, allowing
organizations to manage risks more effectively.
Question 9:
Which of the following is a qualitative risk assessment technique?
• A) Monte Carlo Simulation
• B) Value at Risk
• C) Brainstorming
• D) Regression Analysis
Correct Option: C
Rationale: Brainstorming is a qualitative risk assessment technique that encourages
team members to identify potential risks based on their experiences and insights,
without relying on numerical data.
Question 10:
Operational risk can arise from which of the following sources?
• A) Human error
• B) Market fluctuations
• C) Interest rate changes
• D) Currency exchange rates
Correct Option: A
Rationale: Human error is a common source of operational risk, encompassing
mistakes made in processes, decision-making, and system usage, which can lead to
significant operational failures.
Question 11:
What is the significance of a "Risk Appetite Statement"?
• A) To define the organizational structure
• B) To outline the level of risk an organization is willing to accept
