Answer: The CRO should have the authority to make timely decisions regarding risk limit exceptions for each business line.

**B is correct.** The bank's senior risk committee delegates the power to make day-to-day decisions to the CRO. This includes the ability to approve risks exceeding preset limits imposed on the various business activities, provided these exceptions remain within the bounds of the overall board-approved limits. **A is incorrect.** The detailed risk appetite statement is usually an internal document that is subject to final approval by the board of directors. **C is incorrect.** Most banking entities set two types of limits. Tier 1 limits are specific and often include an overall limit by asset class, an overall stress-test limit, and a maximum drawdown limit. Tier 2 limits are more generalized and relate to areas of business activity as well as aggregated exposures categorized by credit rating, industry, maturity, region, and so on. **D is incorrect.** Best practice in risk management often employs analytical methodologies to measure risk. When analyzing credit risk, a bank's potential exposure can be analyzed by risk grade. Risk-sensitive methodologies (e.g., VaR) are useful in the assessment of risk for most typical portfolios under an assumption of relatively normal market conditions. However, they are less applicable in stressed circumstances or for more specialized portfolios. Accordingly, best practices call for scenario analysis and stress testing to be included in the risk analysis toolbox and incorporated within the limit framework in order to validate survivability under worst-case conditions.

Author: LeetQuiz .