305.1. Each of the following is accurate about a Risk Appetite Framework (RAF), according to the Senior Supervisors Group, EXCEPT which is not accurate?
a. An RAF establishes an explicit, forward-looking view of a firm’s desired risk profile in a variety of scenarios and sets out a process for achieving that risk profile
b. A risk profile is a point-in-time assessment of actual aggregate risks associated with a firm's exposures and business activities
c. Risk appetite is the level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business objectives and obligations to stakeholders
d. Risk capacity is the risk measurement domain engendered by the IT infrastructure ("what cannot be measured cannot be managed")
305.2. According to the Basel model for operational risk governance, "common industry practice for sound operational risk governance often relies on three lines of defense." Which of the following is not really one of the three lines of defense against operational risk?
a. Board of directors
b. Business line management
c. Corporation operational risk function (CORF)
d. Independent review
305.3. Stress testing has become an extremely popular, if not the de facto, tool for assessing both economic and regulatory capital adequacy. According to Schuermann, each of the following is true about stress testing EXCEPT for:
a. A key problem (challenge) is mapping from a few macro risk factors to many more intermediate risk factors; e.g., geographic heterogeneity
b. A key lesson from the crisis was that banks should NOT be allowed to develop their own internal, adverse scenarios: reliable comparability requires uniformity of the scenario
c. Coherence is a problem that tends to increase in high dimensional, multi-factor scenarios that include both real and financial factors
d. One solution to the "coherence problem" is to employ historical scenarios, although these have the drawback that they may not anticipate the future