8020 PDF Dumps | Oct 17, 2025 Recently Updated Questions
8020 Exam Questions – Valid 8020 Dumps Pdf
PRMIA 8020 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION # 28
ISO 27000 relates to what topic / area?
- A. Information Security Systems.
- B. Environmental, social, and governance (ESG) investing.
- C. International Risk Management.
- D. Auditing of financial controls.
Answer: A
Explanation:
Step 1: Definition of ISO 27000
ISO 27000 is a global standard for information security management systems (ISMS), issued by the International Organization for Standardization (ISO).
It provides a framework for protecting sensitive information through policies, controls, and risk management practices.
Step 2: Why Option B Is Correct
ISO 27001 (part of ISO 27000 series) is one of the most widely recognized certifications for information security governance.
It sets guidelines on risk assessment, incident response, and data protection.
Step 3: Why the Other Options Are Incorrect
Option A ("ESG investing")
Incorrect because ISO 27000 deals with cybersecurity, not environmental, social, and governance (ESG) issues.
Option C ("International Risk Management")
Incorrect because ISO 27000 focuses on information security, not general risk management.
Option D ("Auditing of financial controls")
Incorrect because financial auditing standards (e.g., SOX, COSO) are separate from information security standards.
PRMIA Risk Reference Used:
ISO 27000 Series Documentation - Defines cybersecurity risk management practices.
PRMIA IT Risk Governance Framework - Reference ISO 27001 as a cybersecurity standard.
NEW QUESTION # 29
Which of the Basel Accords, published in 2004, introduced operational risk as a risk subjected to a capital charge?
- A. Basel III
- B. Basel IV
- C. Basel I
- D. Basel II
Answer: D
Explanation:
Introduction of Operational Risk in Basel Accords
Basel I (1988) → Focused only on credit risk and market risk; operational risk was not yet included.
Basel II (2004) → Introduced operational risk as a separate category, subject to capital requirements.
Basel III (2010) → Strengthened capital and liquidity requirements but did not introduce operational risk.
Basel IV (2017, still evolving) → Adjusts Basel III reforms but does not introduce operational risk as a new category.
Why Answer B is Correct
Basel II (2004) was the first to introduce operational risk as a risk requiring a capital charge.
Why Other Answers Are Incorrect
Option
Explanation:
A . Basel I
Incorrect - Basel I focused on credit risk and market risk, with no capital requirements for operational risk.
C . Basel III
Incorrect - Basel III strengthened Basel II but did not introduce operational risk.
D . Basel IV
Incorrect - Basel IV refines Basel III but does not introduce operational risk as a new capital charge.
PRMIA Reference for Verification
Basel II (2004) Operational Risk Framework
PRMIA Operational Risk Management Guidelines
NEW QUESTION # 30
How can a chief risk officer encourage the governing body and executive management team to create a stronger risk culture?
- A. Discourage personal accountability to avoid a blame culture.
- B. Having a vision of achievable but not excessive ambition.
- C. Establish a set of objectives that the board and executive team must adhere to.
- D. Balance rewarding success in profitability goals with punishment when there is a failure to achieve goals.
Answer: B
Explanation:
A Chief Risk Officer (CRO) plays a crucial role in shaping and strengthening the risk culture within an organization. PRMIA defines risk culture as the shared values, beliefs, knowledge, and understanding about risk that drive behaviors within an institution.
Setting a Clear Vision
The CRO should communicate a vision of risk management that aligns with organizational goals while ensuring that risk-taking remains within acceptable limits.
The vision should be achievable and realistic, rather than overly ambitious, which could incentivize reckless risk-taking.
Embedding Risk Awareness into Decision-Making
A strong risk culture ensures that risk considerations are embedded into business decision-making rather than treated as a separate compliance exercise.
This is supported by PRMIA's Enterprise Risk Management (ERM) Framework, which stresses integrating risk management into strategy and operations.
Avoiding a Blame Culture
A risk-aware organization promotes accountability without fear, enabling employees to report risks without retribution.
Option B (Discourage personal accountability to avoid a blame culture) is incorrect because personal accountability is essential for a healthy risk culture.
Avoiding a Strict, Prescriptive Approach
A set of rigid objectives that must be followed by the executive team (Option C) does not foster a dynamic, evolving risk culture.
Instead, risk culture should be flexible and adaptive to emerging risks.
Balancing Incentives and Consequences
While balancing rewards with penalties (Option D) is part of governance, a strong risk culture is not built solely through fear of punishment.
PRMIA emphasizes positive reinforcement, such as linking risk management behaviors to performance evaluations and incentives.
PRMIA Reference for Verification
PRMIA Risk Governance Framework - Discusses the role of leadership in shaping risk culture.
PRMIA Standards on Enterprise Risk Management (ERM) - Covers best practices for embedding risk culture within organizations.
NEW QUESTION # 31
Ideally, the facilitator of a risk assessment workshop should:
- A. Guide the workshop toward a pre-determined conclusion, based upon known industry identified risks.
- B. Remind the attendees that they can override the results of the workshop once the risks are tallied.
- C. Attend via a video connection to allow proper distance.
- D. Remain objective and refrain from expressing his or her own opinions.
Answer: D
Explanation:
Step 1: Role of a Risk Assessment Facilitator
The facilitator's main role is to guide discussions without bias, ensuring objective risk identification.
PRMIA's Risk Governance Framework highlights neutral facilitation as key to effective risk workshops.
Step 2: Why Option C Is Correct
Objectivity ensures unbiased risk assessment.
Expressing personal opinions can influence risk ratings, leading to distorted outcomes.
Step 3: Why the Other Options Are Incorrect
Option A ("Guide the workshop toward a pre-determined conclusion")
Incorrect because risk workshops should discover risks, not confirm pre-set beliefs.
Option B ("Attendees can override results")
Incorrect as risk results should be evidence-based, not subject to override.
Option D ("Attend via video connection")
Incorrect as facilitators must engage actively, making remote facilitation less effective.
PRMIA Risk Reference Used:
PRMIA Risk Governance Framework - Stresses objectivity in risk assessment facilitation.
PRMIA Risk Identification Best Practices - Encourages unbiased workshops.
Final Conclusion:
Facilitators must remain neutral and objective, making Option C the correct answer.
NEW QUESTION # 32
Which of the follow is not included in PRMIA's 10 principles of good governance?
- A. Risk appetite.
- B. Clear accountability.
- C. Holding the PRM Designation.
- D. External validation.
Answer: C
Explanation:
PRMIA's 10 Principles of Good Governance
PRMIA outlines 10 key principles that focus on risk governance, accountability, transparency, and risk management effectiveness.
These principles ensure strong risk governance structures for financial institutions.
Why Answer B is Correct
Holding the PRM Designation (Professional Risk Manager certification) is NOT a governance principle.
While PRMIA promotes risk education, governance principles focus on organizational risk structures, not individual certifications.
Why Other Answers Are Incorrect
Option
Explanation:
A . Risk appetite.
Correct - PRMIA governance principles include establishing a clear risk appetite.
C . External validation.
Correct - External audits and validation improve governance and risk transparency.
D . Clear accountability.
Correct - Governance principles emphasize clear accountability at all levels of management.
PRMIA Reference for Verification
PRMIA 10 Principles of Good Governance
Basel Corporate Governance Guidelines for Financial Institutions
NEW QUESTION # 33
Process mapping is:
- A. All of the above.
- B. A useful tool for understanding process intensive activities.
- C. A helpful tool for understanding where control gaps may exist.
- D. A good visualization tool for understanding where hand-offs and hand-ins may occur.
Answer: A
Explanation:
Process Mapping is a risk management tool used to visualize workflows, identify inefficiencies, and detect control gaps. PRMIA defines process mapping as an essential operational risk management tool.
Step 1: Understanding Process Mapping
Helps analyze complex, process-intensive activities (Option A).
Reveals control weaknesses that could lead to operational risks (Option B).
Improves hand-offs and collaboration between teams (Option C).
Step 2: Why "All of the Above" is Correct
Process mapping serves multiple risk management purposes, making all listed options valid.
PRMIA Risk Reference Used:
PRMIA Operational Risk Management Guidelines - Recommends process mapping to identify inefficiencies and control gaps.
PRMIA Risk Governance Framework - Encourages visualization tools for process improvement.
Final Conclusion:
Process mapping improves risk awareness, identifies control gaps, and enhances operational workflows, making Option D the correct answer.
NEW QUESTION # 34
For which of the following reasons did the Turnbull Report have a significant impact on risk governance?
- A. It was a report that led to the establishment of the US Federal Reserve.
- B. It was the first report to require a board to take specific account of risks and control systems for risks.
- C. It was the first report to list the board as a proposed governance structure.
- D. It defined the concept of risk governance for the insurance industry.
Answer: B
Explanation:
Step 1: What Is the Turnbull Report?
The Turnbull Report (1999) was a UK corporate governance report that set risk management expectations for boards.
It required companies to assess and manage risks effectively as part of corporate governance.
Step 2: Why Option C is Correct
Turnbull was the first report to mandate that boards must consider risk management in corporate governance.
This report established risk assessment as a board-level responsibility.
Step 3: Why the Other Options Are Incorrect
Option A ("Defined risk governance for insurance") → Incorrect because Turnbull applied to all sectors, not just insurance.
Option B ("First report to propose board structure") → Incorrect because corporate boards existed long before Turnbull.
Option D ("Led to the US Federal Reserve") → Incorrect because the Federal Reserve was established in 1913, long before Turnbull.
PRMIA Risk Reference Used:
PRMIA Corporate Governance Guidelines - Highlights Turnbull's role in board-level risk oversight.
UK Corporate Governance Code - Turnbull contributed to defining board risk responsibilities.
Final Conclusion:
The Turnbull Report was the first to require boards to consider risks in corporate governance, making Option C the correct answer.
NEW QUESTION # 35
An example of Credit Risk events with an Operational Risk component included?
- A. Rogue Trading.
- B. Ponzi Schemes.
- C. Ponzi Schemes & Rogue Trading.
- D. Failure in loan approval process leading to erroneously approved loans.
Answer: C
Explanation:
Step 1: Understanding Credit Risk with an Operational Risk Component
Credit Risk: Risk of loss due to borrower default.
Operational Risk: Risk of loss due to failed internal processes, fraud, or misconduct.
Step 2: Why Option D is Correct
Ponzi Schemes: Fraudulent investment scams disguise credit risk as legitimate lending but collapse when new funds dry up.
Rogue Trading: Traders take unauthorized risks that can lead to credit defaults or massive financial losses.
Step 3: Why the Other Options Are Incorrect
Option A ("Failure in loan approval process") → This is an Operational Risk issue, but does not always create Credit Risk.
Option B ("Ponzi Schemes") → Partially correct, but does not include Rogue Trading, which is also a credit risk-related operational failure.
Option C ("Rogue Trading") → Partially correct, but does not include Ponzi Schemes, which are another key example.
PRMIA Risk Reference Used:
PRMIA Operational Risk Framework - Highlights fraud-based Credit Risk events.
Basel II/III Operational Risk Guidelines - Discusses trading misconduct and credit risk misrepresentation.
Final Conclusion:
Both Ponzi Schemes and Rogue Trading involve credit risk failures caused by operational misconduct, making Option D the correct answer.
NEW QUESTION # 36
Which of the following is a correct statement about control rating scales?
- A. A control rating scale should consider neither control effectiveness or control performance.
- B. A control rating scale should consider both control effectiveness and control performance.
- C. A control rating scale should consider control effectiveness but not control performance.
- D. They are enhanced by the use of software that includes inherent risk.
Answer: B
Explanation:
Definition of Control Rating Scales
Control rating scales measure the effectiveness and performance of risk management controls.
They help organizations evaluate control strength and identify weaknesses.
Key Components
Control effectiveness → Measures how well the control mitigates risks.
Control performance → Assesses whether the control operates as designed in practice.
Why Answer C is Correct
Both effectiveness and performance are crucial for assessing control reliability.
A control may be designed effectively but fail in execution, making both factors essential.
Why Other Answers Are Incorrect
Option
Explanation:
A . They are enhanced by the use of software that includes inherent risk.
Incorrect - Software can improve ratings, but control scales are based on evaluation criteria, not just software tools.
B . A control rating scale should consider control effectiveness but not control performance.
Incorrect - Ignoring performance could lead to misjudging actual control reliability.
D . A control rating scale should consider neither control effectiveness nor control performance.
Incorrect - This would render the control rating scale useless.
PRMIA Reference for Verification
PRMIA Governance and Control Framework
Basel Operational Risk Management Guidelines
NEW QUESTION # 37
In relation to financial crime. OFAC is a definition for which organization?
- A. Office of Foreigner and other Control.
- B. Office of Foreign Asset Control.
- C. Office of Financial Asset Control.
- D. Office for Asset Control.
Answer: B
Explanation:
Step 1: Understanding OFAC
OFAC (Office of Foreign Assets Control) is a U.S. Treasury Department agency responsible for enforcing economic and trade sanctions based on U.S. foreign policy and national security goals.
It prevents financial crime by restricting transactions with sanctioned individuals, entities, and countries.
Step 2: Role of OFAC in Financial Crime Prevention
OFAC administers sanctions to prevent money laundering, terrorism financing, and other illicit activities.
Financial institutions must comply with OFAC regulations to avoid heavy fines and reputational damage.
PRMIA's Financial Crime Risk Guidelines emphasize the importance of OFAC compliance in risk management.
Step 3: Why the Other Options Are Incorrect
Option A ("Office of Financial Asset Control") - Incorrect wording; OFAC deals with foreign assets, not just financial assets.
Option B ("Office of Foreigner and Other Control") - OFAC does not regulate foreigners broadly; it targets specific foreign assets and transactions.
Option C ("Office for Asset Control") - Missing "Foreign", which is critical to OFAC's function.
PRMIA Risk Reference Used:
PRMIA Financial Crime Risk Management Guidelines - Emphasizes regulatory compliance with OFAC.
PRMIA Compliance and Sanctions Risk Standards - Stresses the role of OFAC in preventing illicit financial activities.
Final Conclusion:
OFAC stands for the Office of Foreign Assets Control, making Option D the correct answer.
NEW QUESTION # 38
Two of the four key resources that are regarded as critical to maintain confidence and calibrate Risk Appetite to are?
- A. Net earnings and capital.
- B. Quality human resources and reputation.
- C. Capital expenditure and liquidity.
- D. Strong regulatory assessment and net earnings.
Answer: A
Explanation:
Key Resources for Calibrating Risk Appetite
Risk appetite defines how much risk an organization is willing to accept to achieve its objectives.
Two of the most critical resources for maintaining confidence and setting risk appetite are net earnings and capital.
Why Net Earnings and Capital are Critical
Net earnings reflect profitability and financial stability, influencing risk-taking capacity.
Capital ensures that the institution can absorb losses and meet regulatory requirements.
Basel III emphasizes capital adequacy as a core measure of financial resilience.
Why Answer B is Correct
Net earnings support operational stability, while capital determines how much risk an institution can bear.
Both are used to define and calibrate risk appetite levels.
Why Other Answers Are Incorrect
Option
Explanation:
A . Capital expenditure and liquidity.
Incorrect - Capital expenditure is an investment measure, not a direct risk appetite determinant.
C . Strong regulatory assessment and net earnings.
Incorrect - Regulatory assessments are important but do not directly set risk appetite.
D . Quality human resources and reputation.
Incorrect - HR and reputation are important for governance but do not directly influence risk capital and earnings stability.
PRMIA Reference for Verification
PRMIA Risk Appetite Framework
Basel III Capital and Earnings Management Guidelines
NEW QUESTION # 39
In operational resilience, material customer detriment or significant harm to the customer is which of the following?
- A. This is when disruption to a service results in an inconvenience to a customer and damage to the firm's reputation.
- B. This is the ability of a financial system to continue to function, even in the face of significant disruption or financial shocks.
- C. This is when disruption to a service results in not just an inconvenience to a customer, but a material cost or hardship.
- D. This has a low threshold and refers to any inconvenience to a customer that results in a complaint.
Answer: C
Explanation:
Step 1: Definition of Material Customer Detriment
Material customer detriment refers to service disruptions that cause financial loss, inability to access essential services, or significant hardship.
PRMIA and UK FCA Operational Resilience Standards define "significant harm" as going beyond inconvenience to include monetary or operational distress.
Step 2: Why Option D is Correct
Significant harm occurs when customers face tangible financial or service losses, not just reputational inconvenience.
Regulatory frameworks (e.g., Basel, FCA, PRMIA) require banks to protect customers from material disruptions.
Step 3: Why the Other Options Are Incorrect
Option A ("Low threshold, any complaint") → Incorrect because not all complaints indicate material detriment.
Option B ("Inconvenience and reputational damage") → Incorrect because true material harm is more than just inconvenience.
Option C ("Financial system resilience") → Incorrect because this describes systemic financial stability, not customer impact.
PRMIA Risk Reference Used:
PRMIA Operational Resilience Framework - Defines material customer detriment.
UK FCA Operational Resilience Guidelines - Requires firms to minimize severe harm to customers.
Final Conclusion:
Material customer detriment involves actual financial hardship, not just inconvenience, making Option D the correct answer.
NEW QUESTION # 40
For the TSB case what was the cause of the outage at the heart of the case?
- A. Their IT models did not work if prices were discontinuous.
- B. A failed attempts to move customers to a new IT system left millions of people locked out of their accounts for weeks.
- C. Sub-standard risk pricing and risk management left millions of people locked out of their accounts for weeks.
- D. A liquidity squeeze by a major hedge-fund via margin calls on trading positions resulted in the collapse of their website.
Answer: B
Explanation:
Step 1: Understanding the TSB Case
The TSB outage in 2018 was caused by a failed IT migration from its old banking system to a new one.
The transition locked millions of customers out of their accounts for weeks, resulting in financial losses and reputational damage.
Step 2: Why Option C Is Correct
TSB attempted to move customer data to a new banking platform, but serious defects in the migration process led to service failures.
PRMIA and UK Financial Conduct Authority (FCA) reports confirmed that poor IT risk management was a key failure.
Step 3: Why the Other Options Are Incorrect
Option A ("Liquidity squeeze by hedge-fund")
Incorrect because TSB's failure was due to IT migration issues, not a liquidity crisis.
Option B ("Sub-standard risk pricing and risk management")
Incorrect because pricing models were not the cause-it was an IT system failure.
Option D ("IT models did not work if prices were discontinuous")
Incorrect as this issue is more common in high-frequency trading failures, not banking system outages.
PRMIA Risk Reference Used:
UK FCA Investigation on TSB Incident - Confirms IT migration failure as root cause.
PRMIA IT Risk Management Framework - Highlights risks of major IT transitions.
Final Conclusion:
The TSB outage was caused by a failed IT migration, making Option C the correct answer.
NEW QUESTION # 41
Governance can be defined as which of the following?
- A. Governance is a structure specifying the policies, principles, and procedures for making decisions about corporate direction.
- B. Governance is a structure specifying the daily operation of a firm.
- C. Governance is being replaced by management in all firms that are regulated.
- D. Governance is a structure specifying the ways in which reporting is made to the primary regulator.
Answer: A
Explanation:
Definition of Governance
Governance refers to the framework of policies, principles, and processes used to guide corporate decision-making and strategic direction.
It ensures accountability, transparency, and risk oversight within an organization.
Key Elements of Governance
Risk oversight - Ensuring risks are properly identified and managed.
Accountability structures - Defining roles and responsibilities.
Decision-making frameworks - Establishing policies for long-term corporate success.
Why Other Answers Are Incorrect
Option
Explanation:
A . Governance is a structure specifying the daily operation of a firm.
Incorrect - Governance focuses on high-level corporate oversight, not day-to-day operations.
B . Governance is a structure specifying the ways in which reporting is made to the primary regulator.
Incorrect - Governance is broader than just regulatory reporting.
C . Governance is being replaced by management in all firms that are regulated.
Incorrect - Governance and management are separate but complementary; governance provides oversight, while management executes strategy.
PRMIA Reference for Verification
PRMIA 10 Principles of Good Governance
NEW QUESTION # 42
The The Task Force on Climate-related Financial Disclosures (TCFD) was founded by which body?
- A. The World Bank (WB).
- B. The Financial Stability Board (FSB).
- C. The United Nations (UN).
- D. The European Commission (EC).
Answer: B
Explanation:
Step 1: What is the TCFD?
The Task Force on Climate-related Financial Disclosures (TCFD) was established to develop climate-related financial risk disclosure recommendations to help investors, lenders, and regulators make informed decisions.
Step 2: Who Founded the TCFD?
The Financial Stability Board (FSB), an international organization that monitors and makes recommendations about the global financial system, founded the TCFD in 2015.
The FSB recognized climate risk as a financial stability issue and launched the TCFD to standardize reporting.
Step 3: Why the Other Options Are Incorrect
Option A ("World Bank") → Incorrect because the World Bank supports climate initiatives but did not create the TCFD.
Option B ("United Nations") → Incorrect because the UN has climate programs like the UNFCCC, but not the TCFD.
Option D ("European Commission") → Incorrect because the EC develops its own sustainability regulations (e.g., SFDR, CSRD), separate from the TCFD.
PRMIA Risk Reference Used:
PRMIA Climate Risk Guidelines - Cites FSB's role in founding the TCFD.
FSB Official Reports (2015) - Confirms that the FSB established the TCFD.
Final Conclusion:
The FSB founded the TCFD in 2015, making Option C the correct answer.
NEW QUESTION # 43
The acronym ESG can stand for:
- A. Extra Social Governance.
- B. Enhanced Social Governance.
- C. Environmental. Social and corporate Governance.
- D. Environmental. Strategy, and corporate Governance.
Answer: C
Explanation:
Step 1: Definition of ESG
ESG (Environmental, Social, and Corporate Governance) refers to the three core factors used to evaluate a company's sustainability and ethical impact.
ESG is now a key part of risk management, influencing investment decisions, regulatory compliance, and corporate strategy.
Step 2: Breakdown of ESG Components
Environmental (E): Climate change, carbon emissions, resource management.
Social (S): Diversity & inclusion, labor rights, community engagement.
Governance (G): Board structure, executive pay, corporate ethics.
Step 3: Why the Other Options Are Incorrect
Option A ("Environmental, Strategy, and Corporate Governance")
Incorrect because Strategy is not part of ESG.
Option C ("Enhanced Social Governance")
Incorrect because ESG covers more than just social governance.
Option D ("Extra Social Governance")
Incorrect as it does not align with the recognized ESG definition.
PRMIA Risk Reference Used:
PRMIA ESG Risk Management Guidelines - Defines ESG factors as Environmental, Social, and Governance.
PRI (Principles for Responsible Investment) - Aligns ESG with financial risk management.
NEW QUESTION # 44
In the Basel III standardized approach for operational risk, what is the Business Indicator?
- A. It is a scaling factor that is based on a bank's average historical losses.
- B. It is a proxy for operational risks that relate to near-miss events.
- C. It is a financial-statement-based proxy for operational risk.
- D. It is a non-financial-statement-based proxy for operational risk.
Answer: C
Explanation:
Step 1: Definition of the Business Indicator (BI) in Basel III
The Business Indicator (BI) is a financial-statement-based metric used in Basel III's Standardized Approach for Operational Risk.
It replaces previous approaches by using financial figures (e.g., revenue, fees, interest income) to estimate operational risk exposure.
Step 2: Why Option D Is Correct
The BI uses financial-statement data to calculate operational risk capital requirements.
It acts as a proxy for a bank's operational risk exposure by linking operational risk to its financial size and complexity.
Step 3: Why the Other Options Are Incorrect
Option A ("Proxy for near-miss events") → Incorrect because BI is based on financial data, not near-miss risk events.
Option B ("Non-financial-statement-based proxy") → Incorrect because BI is explicitly derived from financial statements.
Option C ("Scaling factor based on historical losses") → Incorrect because BI does not use historical losses directly-it relies on financial-statement inputs.
PRMIA Risk Reference Used:
Basel III Operational Risk Framework - Defines the Business Indicator as a financial-statement-based metric.
PRMIA Operational Risk Guidelines - Explains the BI's role in capital calculations.
NEW QUESTION # 45
How should Near Misses and Opportunity Costs be treated within Operational Risk?
- A. Reported. Recorded and Analyzed. Not Used in calculation of Operational Risk Capital.
- B. Recorded and Analyzed. Used in calculation of Operational Risk Capital.
- C. Ignored.
- D. Reported, Recorded and Analyzed, Used in calculation of Operational Risk Capital.
Answer: A
Explanation:
Near Misses in Operational Risk
A near miss is an event that could have led to a loss but was avoided or mitigated before actual financial impact occurred.
PRMIA emphasizes that near misses should be reported, recorded, and analyzed because they provide valuable insights into potential vulnerabilities in risk controls.
However, since they did not result in actual financial losses, they are not included in the calculation of Operational Risk Capital.
Opportunity Costs in Operational Risk
Opportunity costs refer to the loss of potential gains due to missed strategic opportunities.
These are not directly quantifiable as operational risk losses and are not included in Operational Risk Capital calculations.
PRMIA's Operational Risk Framework states that operational risk is about actual losses rather than theoretical costs.
Why Other Answers Are Incorrect
Option
Explanation:
A . Ignored.
Incorrect - Near misses and opportunity costs provide valuable insights into operational risk, so they should never be ignored.
B . Recorded and Analyzed. Used in calculation of Operational Risk Capital.
Incorrect - While they should be recorded and analyzed, they are not included in Operational Risk Capital calculations because they do not result in actual losses.
D . Reported, Recorded, and Analyzed, Used in calculation of Operational Risk Capital.
Incorrect - Reporting, recording, and analysis are correct, but they should not be included in capital calculations.
PRMIA Reference for Verification
PRMIA Operational Risk Management Standards - Defines near misses and opportunity costs.
Basel II & III Operational Risk Framework - Outlines the principles of operational risk capital calculations.
NEW QUESTION # 46
For the National Australia Bank - FX Options case study, which was the major cause of the loss event?
- A. Currency traders concealed losses using back office knowledge.
- B. Currency traders smoothed profits and concealed losses.
- C. Currency traders were able to complete a Management Buy Out (MBO).
- D. Currency traders were allowed access to the risk system by the CEO.
Answer: B
Explanation:
Overview of the National Australia Bank (NAB) FX Options Case Study
Traders at National Australia Bank (NAB) engaged in unauthorized foreign exchange (FX) options trading.
They smoothed profits and concealed losses using fictitious transactions and manipulated reporting.
This led to a major financial scandal and loss of investor confidence.
Key Findings of the Investigation
Traders artificially smoothed profits to avoid drawing attention to large fluctuations.
Losses were concealed from internal risk controls by manipulating trade records.
The bank's risk management and governance controls failed to detect and prevent these activities.
Why Other Answers Are Incorrect
Option
Explanation:
A . Currency traders were allowed access to the risk system by the CEO.
Incorrect - No evidence suggests CEO involvement in granting system access.
B . Currency traders concealed losses using back-office knowledge.
Incorrect - While they concealed losses, they also smoothed profits to manipulate earnings trends.
D . Currency traders were able to complete a Management Buy Out (MBO).
Incorrect - This event was not related to a Management Buyout (MBO); it was a trading scandal.
PRMIA Reference for Verification
PRMIA Fraud and Risk Management Case Studies
Basel Principles on Market Risk and Internal Control Failures
NEW QUESTION # 47
When a control is found to be ineffective, which of the following steps should be take next?
- A. The controls should be re-assessed during the next cycle to determine if they are still ineffective.
- B. Risks should be re-assessed to determine if there can be an exception for the level of control assessment.
- C. An action plan should be designed to close the gap.
- D. Risks should be re-assessed to determine if there is the appropriate level of control assessment.
Answer: C
Explanation:
When a control is found to be ineffective, the primary objective is to remediate the deficiency by implementing corrective measures. PRMIA (Professional Risk Managers' International Association) guidance, aligned with best practices in risk governance, emphasizes a structured approach to handling control deficiencies. Below is a detailed breakdown based on PRMIA risk management principles:
Step 1: Identify and Assess the Ineffective Control
A control is deemed ineffective when it fails to mitigate the identified risks to an acceptable level.
The root cause of the failure must be determined through a Control Effectiveness Review (CER).
PRMIA recommends control testing and incident analysis to assess the severity of the control failure.
Step 2: Develop an Action Plan to Address the Control Deficiency
PRMIA best practices state that risk management should prioritize corrective actions rather than delaying remediation.
The organization must define an action plan to close the gap, which includes:
Revising or strengthening the control mechanisms.
Implementing new controls, if necessary.
Assigning responsibility for remediation to control owners.
Setting deadlines for resolution.
This step aligns with PRMIA's Risk Governance Framework, which emphasizes proactive risk management.
Step 3: Implement Corrective Measures and Monitor Progress
Once an action plan is designed, the organization should execute the corrective actions.
PRMIA's Risk Monitoring Guidelines require regular follow-ups and testing to ensure the control is functioning correctly.
The effectiveness of the remediation should be validated through post-implementation review and ongoing control testing.
Step 4: Re-Assess Risks and Control Effectiveness
Once corrective measures are in place, the organization should re-evaluate risks to confirm that the issue is resolved.
The risk assessment process should be updated to reflect the changes in the control environment.
Why the Other Options Are Incorrect?
Option A: "Risks should be re-assessed to determine if there is the appropriate level of control assessment." While risk re-assessment is a good practice, it does not directly address the ineffective control.
PRMIA guidelines prioritize closing the control gap first before reassessing risks.
Option C: "The controls should be re-assessed during the next cycle to determine if they are still ineffective." Waiting until the next assessment cycle delays remediation, which could expose the organization to unmitigated risks.
PRMIA risk frameworks recommend immediate corrective action when a control is found to be ineffective.
Option D: "Risks should be re-assessed to determine if there can be an exception for the level of control assessment." PRMIA does not support exceptions for ineffective controls unless there is a well-documented risk acceptance process.
A control failure should be remediated rather than seeking exceptions.
PRMIA Risk Reference Used:
PRMIA Risk Governance Framework - Defines the importance of immediate corrective actions for control failures.
PRMIA Risk Monitoring Guidelines - Stresses continuous monitoring and validation of controls.
PRMIA Risk Management Standards - Recommends a structured action plan for ineffective controls.
PRMIA Operational Risk Framework - Emphasizes the need to close control gaps to maintain a strong risk posture.
Final Conclusion:
According to PRMIA risk management best practices, when a control is found to be ineffective, the best course of action is to design and implement an action plan to remediate the issue (Option B). This approach ensures that the organization mitigates risk promptly and maintains a strong control environment.
NEW QUESTION # 48
......
8020 dumps Sure Practice with 62 Questions: https://guidetorrent.passcollection.com/8020-valid-vce-dumps.html
