FRM·P2 · FRM Part II·UnitP2 · Unit 03Access: Premium
Operational Risk and Resiliency
Prepare for Operational Risk and Resiliency with FRM practice questions covering 10 topics. Part of FRM Part II — build your knowledge and track your progress with Pass FRM.
What’s in it.
10 topics- Topic 01
Operational Risk Definition and Taxonomy
79 questions - Topic 02
Loss Data Collection and Management
75 questions - Topic 03
Risk and Control Self-Assessment (RCSA)
31 questions - Topic 04
Key Risk Indicators (KRIs)
30 questions - Topic 05
Scenario Analysis for Operational Risk
30 questions - Topic 06
Advanced Measurement Approach and SMA
30 questions - Topic 07
Operational Risk Regulation: Basel Framework
75 questions - Topic 08
Conduct Risk
54 questions - Topic 09
Cyber Risk
60 questions - Topic 10
Business Continuity and Resilience
60 questions
Sample questions
3 of manyA few questions from this unit, with the answer and a full explanation. The complete bank is available when you start practising.
What is the Internal Loss Multiplier (ILM) and state its formula, defining all variables?
- ILM = exp(LC / BIC), where LC is the current year's net operational loss and BIC is the three-year average business indicator component; ILM caps at a maximum of 3
- ILM = (LC / BIC)^0.8, where LC is the 10-year cumulative loss and BIC is the five-year average business indicator; ILM is always greater than 1
- ILM = 1 + (LC - BIC) / BIC, where LC is the Loss Component and BIC is the Business Indicator Component; the formula ensures ILM is never negative
- ILM = ln(exp(1) - 1 + (LC/BIC)^0.8), where LC is the Loss Component (15 x average annual operational losses over 10 years) and BIC is the Business Indicator Component; ILM scales BIC upward if loss history is above BIC and potentially downward if belowCorrect answer
ExplanationThe ILM formula specified in Basel IV is: ILM = ln(exp(1) - 1 + (LC/BIC)^0.8) where: LC = Loss Component = 15 x average annual operational losses over the most recent 10 years; BIC = Business Indicator Component = the alpha-weighted BI calculated using the bracket structure. When LC = BIC, the formula gives ILM = ln(exp(1) - 1 + 1) = ln(exp(1)) = 1. When LC > BIC, ILM > 1 (higher capital for loss-intensive banks). When LC < BIC, ILM < 1 (lower capital for low-loss banks, subject to national discretion). The logarithmic form ensures ILM is always positive and cannot be negative.
What is a Business Impact Analysis (BIA) and what are its key outputs?
- A BIA is a post-incident review conducted after a major disruption to assess the financial losses actually incurred and identify opportunities to improve the recovery time for future incidents.
- A BIA identifies critical business services and quantifies the financial, operational, and reputational impact of their disruption over time; its key outputs are prioritised recovery requirements including RTOs and RPOs for each critical process.Correct answer
- A BIA is a regulatory return submitted to the national supervisory authority listing all the firm's important business services and the associated impact tolerances approved by the board.
- A BIA is a cyber security assessment identifying vulnerabilities in critical IT systems that support business processes; it is the first step in the NIST Cybersecurity Framework Identify function.
ExplanationA Business Impact Analysis (BIA) is the foundational analytical step in the BCP process. It systematically: (1) identifies all business processes and services; (2) determines which are critical — those whose disruption would cause significant harm within a short timeframe; (3) quantifies the impact of disruption over time (e.g., financial loss per hour of downtime, regulatory consequences, reputational damage, customer attrition); (4) identifies dependencies (people, technology, third parties, premises) for each critical process; and (5) produces prioritised recovery requirements, including RTOs and RPOs for each process. The BIA output drives recovery strategy selection (which processes need hot site vs. warm site), investment prioritisation, and impact tolerance-setting. It is an internal planning document, not a regulatory return; it is forward-looking, not a post-incident review; and it covers all business processes, not just IT systems.
What is overconfidence bias in scenario analysis and how does it manifest specifically in confidence interval estimation?
- Overconfidence bias causes experts to provide confidence intervals that are too wide, resulting in scenarios that are insufficiently precise to be used for capital calibration
- Overconfidence bias is the tendency for experts to provide confidence intervals that are too narrow — they believe they know the true value more precisely than they do, resulting in actual outcomes frequently falling outside the stated confidence rangeCorrect answer
- Overconfidence bias refers to the tendency for scenario review committees to overconfidently approve expert estimates without independent challenge
- Overconfidence bias is the tendency for experts to overestimate the severity of scenarios, inflating the estimated loss amounts beyond plausible levels
ExplanationResearch consistently shows that experts' stated 90% confidence intervals contain the true value only about 50% of the time — experts are systematically overconfident in the precision of their knowledge. In operational risk scenarios, this means that experts believe their severity estimates are more precise than they are, and they set confidence intervals (e.g., '90% confident the loss would be between $50m and $150m') that are far too narrow. The actual range of plausible outcomes is much wider. This matters for capital: underestimating uncertainty leads to underestimated tail severity and consequently inadequate capital. Calibration training — providing historical feedback on experts' past accuracy — is one mitigation technique.