Your Board of Directors wants a comprehensive review of each business units' operational risk activities. As the head of the corporate operational risk unit, you know that little has been done to implement an operational risk process at the business unit level and that you need to immediately come up with a framework. Which of the following statements offers the best strategy?
I. The audit committee of the Board should first define its objectives to ensure that all the firm's business units' operational risk programs are providing required information
II. The auditing department is to be charged with developing an operational risk program for each business unit, with the business unit being made clearly aware that they will be held accountable for its implementation
III. That your department immediately assess the operational risk for each business unit using independent data feeds to ensure the information fed into the assessment cannot be manipulated
IV. A senior manager from each profit center is to be charged with developing their own operational risk self assessment program based on guidelines you provide.
A. I only
B. I and IV only
C. I and III only
D. IV only
Answer:D
I is incorrect. I is not the responsibility of the Audit Committee of the Board.
II is incorrect. The auditing department is not the best assessor of an individual business unit's risk, in fact many audit staff do not fully understand the risks of many of a firm's activities.
III is incorrect. III is duplicative and should not come from the corporate department. IV is correct.
The best strategy for developing an operational risk framework is to empower business units with the responsibility, accountability and authority to manage their own operational risks. The business units know their risks the best.

 
关注公众号
快扫码关注
公众号吧
FRM公众号
54