ANY FOUR (4) questions in this section. [100 MARKS] QUESTION 1 (25 Marks) 1.1 In the context of your organisation and / or any organisation of your choice, define risk and differentiate between pure (hazard) risks and uncertainty (control) risks with the aid of examples. (10 marks) 1.2 Critically evaluate ANY TEN (10) risk description characteristics as postulated by Hopkins, 2005: 17. Which of these risk descriptions links to your organization? (15 marks) QUESTION 2 (25 Marks) In managing credit risk, one needs to create a system of interconnected and interdependent methods of deliberate action aimed at minimizing risk and uncertainty in crediting-related activities. Using the proposed model of credit risk assessment makes it possible to take a differentiated approach to credit risk management. Credit risk management can be represented as a process consisting of the following stages: i. Risk factor identification ii. Assessment of the potential consequences of an identified risk factor iii. Choice of managerial strategies aimed at counteracting the consequence of a given risk factor. iv. Supervision (monitoring) of the implementation of the chosen strategies aimed at minimising and neutralising the effect of a given risk factor. At the stage of credit risk identification, the potential risk is assessed in terms of its quantitative and qualitative parameters within the framework of the risk factor analysis adopted by the bank in order to determine the degree of the severity posed by the risk in question. Adapted: Konovalova, N., Kristovska, I., and Kudinska, M. (2016), Credit Risk Management in Commercial Banks. 2.1 Critically evaluate the risk management framework as postulated by Hopkins (2015) and comment on its relevance and applicability in any organisation / institution of your choice. (15 marks) 2.2 With the aid of relevant examples evaluate the terms, Treat and Transfer as used in Risk Management. (10 marks) QUESTION 3 (25 Marks) The main purpose of risk assessment is to determine whether the risk level is acceptable according to risk appetite. Risk level commonly determined through combination of consequences and likelihood. The consequence is an outcome of an event that affecting objectives and consequence can be certain or uncertain and can have positive or negative, direct or indirect effects on objectives. At the same time, consequences can be expressed qualitatively or quantitatively. Adapted: Ramly, E.F. and Osman, M.S. (2018), Development of Risk Management Framework Case Studies, Proceedings of the International Conference on Industrial Engineering and Operations Management Paris, France, July 26-27, 2018 3.1 Using examples explain what you understand by the term risk appetite and highlight why it is important to any organisation of choice and how it has practically helped the organisation achieve its objectives? (10 marks) 2 DD 3.2 Critically evaluate the typical definitions of likelihood and also the definitions of impact in Risk Management. In your own opinion do you agree or disagree with some of these definitions. (15 marks) QUESTION 4 (25 Marks) 4.1 One of the main reasons for poor risk management in many organisations if the failure to understand risk architecture and risk management strategy. Critically discuss whether you agree or disagree that lack of understanding of risk architecture and risk management strategy is the major cause of poor risk management in many organisation Motivate your answers with relevant examples (10 marks) 4.2 Critically evaluate the FOUR (4) broad types of risk management documentation and highlight whether these are applicable to your organisation. (15 marks) QUESTION 5 (25 Marks) An institution's internal control structure is critical to the safe and sound functioning of the institution generally and to its risk management system, in particular. Establishing and maintaining an effective system of controls, including the enforcement of official lines of authority and the appropriate separation of duties such as trading, custodial, and back-office is one of management's more important responsibilities. Indeed, appropriately segregating duties is a fundamental and essential element of a sound risk management and internal control system. Failure to implement and maintain an adequate separation of duties can constitute an unsafe and unsound practice and possibly lead to serious losses or otherwise compromise the financial integrity of the institution. Serious lapses or deficiencies in internal controls, including inadequate segregation of duties, may warrant supervisory action, including formal enforcement action. When properly structured, a system of internal controls promotes effective operations and reliable financial and regulatory reporting, safeguards assets, and helps to ensure compliance with relevant laws, regulations, and institutional policies. Ideally, internal controls are tested by an independent internal auditor who reports directly either to the institution's board of directors or its audit committee. Given the importance of appropriate internal controls, the results of audits or reviews, whether conducted by an internal auditor or by other personnel, should be adequately documented, as should management's responses to them. Adapted: Reserve Bank of Malawi (2007), Risk Management Guidelines for Banking Institutions, Supervision of Financial Institutions. 5.1 In this context, discuss the rationale for implementing internal controls and also highlight their importance in any organization of your choice. (15 marks) 5.2 Critically discuss the FOUR (4) techniques used for risk assessment and comment on their effectiveness in any organization of your choice. (10 marks) END OF PAPER