AIM 1: List, identify, and summarize the eight principles for an operational risk management framework in the “Sound Practices” study published by BIS in February 2003 relevant to banks.
1、Which of the following statements regarding the eight principles for an operational risk management framework is (are) CORRECT?
The “Sound Practices” study, 2003, was published by the Bank for International Settlements (BIS).
The “Sound Practices” study, 2003, develops eight key principles for market risk management framework relevant to banks.
According to the “Sound Practices” study, 2003, the board of directors should not be involved in approval or periodic review of an operational risk management plan.
According to the “Sound Practices” study, 2003, an interest rate risk management plan must be subjected to scrutiny by internal auditors.
A) II and III only.
B) I only.
C) II, III, and IV only.
D) I, II, III, and IV.
The correct answer is B
The “Sound Practices” study, 2003, develops eight key principles for operational (op) risk management plans, and one of the principles recommends that the op risk plan must be scrutinized by internal auditors. The study also recommends an active participation, in terms of approval, review, and implementation, of the board of directors.
2、With respect to integration of the “Sound Practices” principles in a firm-wide operational risk management framework, all of the following are correct EXCEPT:
A) a list of key op risk events and preventive controls must be developed.
B) dependencies among various functional areas must be recognized.
C) control standards must be reviewed every three years for certification purposes.
D) roles and responsibilities across managers and functional areas must be identified.
The correct answer is C
Control standards must be reviewed periodically for certification purposes. Thus, there is no specific three-year review condition.
3、The key principles relevant to banks for operational risk management as established by the 2003 “Sound Practices” study include how many of the following?
Monitoring and reporting of potential op risk events.
Controlling and mitigating op risk policies.
Contingency strategies in the event of severe operational disruption.
Public disclosure of the details of the op risk management plan.
A) All of these.
B) None of these.
C) Two of these.
D) Three of these.
The correct answer is A
All of the above are key op risk management principles established by the 2003 “Sound Practices” study as published by the Bank for International Settlements.
4、All of the following statements regarding SOX and Basel are correct EXCEPT:
A) according to the Sarbanes-Oxley Act section 404, a firm must present in the annual report a certification report of the Board of Directors about the effectiveness of internal controls established by management.
B) one of the eight key principles, established by the 2003 “Sound Practices” study, states that an op risk plan should state the definition and principles for identification, assessment, mitigation, control, and ongoing monitoring of op risk.
C) one of the eight key principles, established by the 2003 “Sound Practices” study, states that op risk inherent in all activities, systems, processes, and material products must be identified and assessed.
D) according to the Sarbanes-Oxley Act section 404, a firm must disclose in the annual report the weakness of its internal controls which can have bearing in preparation of financial statements.
The correct answer is A
A firm must present in the annual report a certification report of auditors (and not the board of directors) about the effectiveness of internal controls established by management.
AIM 2: List and summarize the overriding objective of the Sarbanes-Oxley Act section 404.
1、Implications for designing an internal control system compliant with the requirements of the Sarbanes-Oxley Act section 404 include which of the following?
Assessment mechanism.
Control design.
Design testing.
Fraud disclosure.
A) II, III, and IV only.
B) I, II, and III only.
C) I, II, III, and IV.
D) I and II only.
The correct answer is C
Management must identify the mechanism of assessing the effectiveness of the control system, and must provide sufficient information about the design of controls related to significant accounts. In addition, management should offer an explanation regarding its decision as to which controls need to be tested. Finally, management must disclose any fraud, material or nonmaterial, committed by all those involved in establishing internal control processes over financial reporting.
2、Sarbanes-Oxley Act section 404 establishes requirements for internal control over financial reporting so that a firm must:
develop a process for ensuring reliability of financial statements.
ensure compliance with internationally accepted accounting principles.
disclose in the annual report the material weakness of its internal controls.
incorporate in the annual report a certification report of auditors concerning the effectiveness of internal controls.
A) I, III, and IV only.
B) I, II, and IV only.
C) II, III, and IV only.
D) I, II, and III only.
The correct answer is A
Sarbanes-Oxley Act section 404 requires a firm to ensure compliance with generally accepted accounting principles (GAAP) and not necessarily internationally accepted accounting principles. Although there have been ongoing attempts to bring harmony between U. S. accounting principles and international accounting principles, but to this point, they are not the same. For example, the books in the U. S. are still prepared on historical cost basis, whereas many countries use market value accounting systems.
3、How many of the following statements regarding SOX and Basel are correct?
An op risk management plan must collect and analyze internal, as well as external, data to identify the occurrence of op risk events and potential loss.
An op risk management plan must be reviewed, updated, validated, and improved, enhancing its strengths and minimizing its weaknesses.
One of the compliance implications of the Sarbanes-Oxley Act section 404 requires the management to disclose any fraud, material or non-material, committed by all those involved in establishing internal control processes over financial reporting.
One of the compliance implications of the Sarbanes-Oxley Act section 404 requires the management to disclose internal control shortcomings, weaknesses, and deficiencies to the external auditor’s audit committee and the general public through annual financial reports.
A) None of these.
B) One of these.
C) Two of these.
D) All of these.
The correct answer is D
All the statements are correct.
AIM 4: List, identify, and summarize the implications Sarbanes-Oxley Act section 404 has on compliance framework.
1、Examples of material distortions in financial reporting, classified as op risk events or internal control events, arising as a consequence of control failures include:
forgery.
data entry errors.
hardware system failure.
software system failure.
A) II, III, and IV only.
B) I, II, III, and IV.
C) I, II, and III only.
D) I and II only.
The correct answer is B
Control failures can easily produce material distortions in financial reporting. All of the above are examples of material distortions. Whether we classify these distortions as op risk events or internal control events makes no difference because the end result is the same, financial misreporting.
2、How many of the following statements are CORRECT? Missing elements from the integrated risk management plan which need to be incorporated include:
evaluation of firm-level controls.
evaluation of contingency plans.
capital requirements quantification.
risk control decisions.
A) None of these.
B) Two of these.
C) Three of these.
D) All of these.
The correct answer is D
An integrated plan offers an effective device for risk management; nevertheless, there are still various elements (including all of the above) of both SOX 404 and Basel II that are missing and need to be incorporated.
AIM 6: Analyze, in light of the requirements in Sarbanes-Oxley Act section 404 and the Basel II Accord, the operational risk framework implemented by UBS.
1、Operational risk framework implemented by UBS, in light of the requirements in Sarbanes-Oxley Act section 404 and the Basel II Accord, requires that a functional area:
state its tasks and responsibilities clearly.
provide a plan with respect to identification and management of op risk events.
identify key early warning indicators of an increased risk.
offer additional information of the control plan for specific op risk events.
A) I, II, and III only.
B) II and III only.
C) I and II only.
D) I, II, III, and IV.
The correct answer is D
All the statements are key ingredients of the UBS integrated operational risk framework, which combines the requirements in both Sarbanes-Oxley Act section 404 and the Basel II Accord.
2、An integrated risk management plan connecting op risk control standards to financial reporting disclosures:
allows a firm to quickly identify op risk control failures.
enables a firm to assess the extent of misreporting of financial statements.
offers an effective device for risk management.
still misses various elements of both SOX 404 and Basel II that need to be incorporated in a cross-functional risk management plan.
A) I, II, and III only.
B) I, II, III, and IV.
C) II and III only.
D) I and II only.
The correct answer is B
All the statements regarding an integrated risk management plan are correct.
3、UBS operational risk management framework:
incorporates the eight principles of the 2003 “Sound Practices” study.
has been implemented on a firm-wide basis.
was instituted in 1997.
is a well tested program successfully operating across all parts of the investment bank.
A) I, II, and III only.
B) I only.
C) I, II, III, and IV.
D) I and II only.
The correct answer is C
All statements are correct.
4、Which of the following statements is NOT correct?
A) The UBS integrated plan requires periodic reviews to assess whether the control system is working effectively.
B) The UBS single integrated operational risk management plan is aimed to combine the requirements of both SOX 404 and the Basel II Accord.
C) Potential synergies exist between the Sarbanes-Oxley Act section 404 and the Basel II Accord.
D) The overriding objective of the Basel II Accord is to establish requirements for “internal control over financial reporting.”
The correct answer is D
Establishing requirements for internal control over financial reporting is the focus of the Sarbanes-Oxley Act section 404.
5、How many of the following statements regarding Basel and SOX are CORRECT?
The SEC recognizes the linkage between the (Basel) op risk plan and internal control over financial reporting (SOX 404) via its reference to the report on internal control generated by the Committee of Sponsoring Organizations of the Treadway Commission.
The SOX 404 does not state anything specific about op risk beyond identification of strengths and weaknesses of the control system.
Basel II does not state anything specific about financial reporting.
UBS operational risk management requires a functional area to list the specific expectations about achievements in the implementation of control standards.
A) None of these.
B) Two of these.
C) All of these.
D) Three of these.
The correct answer is C
All the statements are correct.
AIM 7: Analyze, in light of the requirements in Sarbanes-Oxley Act section 404 and the Basel II Accord, linkages that can streamline implementation.
1、In order to establish linkages that can streamline implementation of an integrated risk management plan in light of the requirements of both SOX 404 and Basel II:
an op risk plan must be instituted within a firm.
each op risk control standard must be linked to SOX internal controls for financial reporting.
each op risk control standard, relevant for financial disclosure, must be identified by one or more of five assertions specified in the rules and one or more of five transaction stages.
each op risk control standard is linked to various items of the financial statements, ensuring a connection is developed to encompass a major portion of the balance sheet and profit and loss disclosures.
A) I, II, III, and IV.
B) I, II, and III only.
C) II, III, and IV only.
D) I, II, and IV only.
The correct answer is A
All statements are correct.
欢迎光临 CFA论坛 (http://forum.theanalystspace.com/) | Powered by Discuz! 7.2 |