What's new

P1.T1.512. Principles for risk data aggregation: capabilities and reporting

Nicole Seaman

Chief Admin Officer
Staff member
Learning outcomes: Identify the data architecture and IT infrastructure features that can contribute to effective risk data aggregation and risk reporting practices. Describe characteristics of a strong risk data aggregation capability and demonstrate how these characteristics interact with one another. Describe characteristics of effective risk reporting practices.


512.1. About risk data aggregation capabilities, the Committee says "[35.] Banks should develop and maintain strong risk data aggregation capabilities to ensure that risk management reports reflect the risks in a reliable way (ie meeting data aggregation expectations is necessary to meet reporting expectations). Compliance with these Principles should not be at the expense of each other. These risk data aggregation capabilities should meet all Principles below ..." Which are the four principles?

a. Governance; and Data architecture & IT infrastructure
b. Accuracy and integrity; Completeness; Timeliness; Adaptability
c. Comprehensiveness; Clarity and usefulness; Frequency
d. Comprehensiveness; Clarity and usefulness; Distribution

512.2. About risk reporting practices, the Committee says "[51.] Accurate, complete and timely data is a foundation for effective risk management. However, data alone does not guarantee that the board and senior management will receive appropriate information to make effective decisions about risk. To manage risk effectively, the right information needs to be presented to the right people at the right time. Risk reports based on risk data should be accurate, clear and complete. They should contain the correct content and be presented to the appropriate decision-makers in a time that allows for an appropriate response. To effectively achieve their objectives, risk reports should comply with the following principles. Compliance with these principles should not be at the expense of each other ...".

Each of the following EXCEPT which is not a risk reporting principle?

a. Accuracy
b. Comprehensiveness
c. Clarity and usefulness
d. Manual workarounds

512.3. Consider the following set of definitions used in "Principles for effective risk data aggregation and risk reporting:"
  • Distribution: Ensuring that the adequate people or groups receive appropriate risk reports.
  • Frequency: The rate at which risk reports are produced over time.
  • Integrity: Freedom of risk data from unauthorized alteration and unauthorized manipulation that compromise its accuracy, completeness and reliability.
  • Risk tolerance/appetite: The level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business and obligations to stakeholders; it is generally expressed through both quantitative and qualitative means.
  • Risk Data aggregation: Defining, gathering, and processing risk data according to the bank’s risk reporting requirements to enable the bank to measure its performance against its risk tolerance/appetite; this includes sorting, merging or breaking down sets of data.
  • Timeliness: Availability of aggregated risk data within such a time frame as to enable a bank to produce risk reports at an established frequency.
  • Validation: The process of comparing items or outcomes and explaining the differences.
The process by which the correctness (or not) of inputs, processing, and outputs is identified and quantified. Each is stated accurately, EXCEPT which is incorrect?

a. Integrity
b. Risk tolerance
c. Timeliness
d. Validation

Answers here:
Last edited by a moderator: