Free GARP FRM-Part-2 Exam Questions

An operational risk analyst at a large bank is preparing a year-end report of thebank’s operational loss events. The analyst uses the Basel operational risktaxonomy to classify different events into Level 1, Level 2, and Level 3. As part ofthis process, the analyst considers the following four events that occurred during the year:• A sales representative in the lending department forged a senior manager’ssignature to approve an application for a large commercial loan that defaulted.• The bank failed to deliver sufficient collateral to support a swap position,which was later terminated at a loss.• Several managers in the bank’s wealth management group were found tohave misused confidential customer information by sharing this informationwith other employees and a third-party vendor representative.• Some personal customer information was stolen in a cyber-attack in whichan external hacker broke into a database stored in the cloud.In classifying the four events and considering the Basel taxonomy in general, whichof the following actions would be most appropriate for the analyst to take?

The CRO of a regional bank expresses concern in a meeting of the risk team thatthe bank’s internal risk models are not adequately assessing potential randomextreme losses. A risk analyst asks if implementing a model based on extremevalue theory (EVT) would address the CRO’s concern. Which of the following iscorrect when applying EVT and examining distributions of losses exceeding a threshold value?

A bank employee has been manipulating suspense (transitory) accounts for a prolonged time, and this event was determined to be a significant operational incident. Which of the following time intervals in terms of the operational incident date is most likely to be the longest?

The board of directors of a fast-growing US-based bank is discussing a report offindings and recommendations issued after a recent regulatory review of the bank’srisk management framework. A board member notes that the regulators haveidentified deficiencies in the bank’s model validation process, and recommends thatthe CRO develop a plan for improvement in this area. The CRO consults theFederal Reserve guidelines for examples of best practices, and identifies ways thatthe bank can improve its validation approaches to conform with the guidelines.Which of the following recommendations is appropriate for the CRO to make?

Sovereign Bank has an internal audit department, but the bank CEO hires an external auditor to review their financial statements and assess their internal control system. The audit firm is most likely considered to be which line of defense?