292 Questions
What is the purpose of NNPC Limited's risk appetite?
To determine how much risk is acceptable
Which of these is not a key objective of risk management within NNPC Limited?
To eliminate risk in NNPC activities
What is the role of ERM in NNPC Limited?
To be an integral part of strategic and operational planning
According to the text, which of the following is NOT a parameter considered when determining the risk appetite for NNPC Limited and its subsidiaries?
Safety
Who is responsible for developing and reviewing the risk appetite statements in consultation with the Senior Management Committee?
Head of Risk Management
According to the text, when does NNPC Limited's risk appetite need to be re-evaluated?
All of the above
What are the broad corporate objectives on which NNPC Limited would base its risk appetite?
All of the above
Which of the following is NOT considered when re-evaluating NNPC Limited's risk appetite?
Changes to the Company's strategic objectives and risk preferences
What does a strong risk culture within NNPC Limited lead to?
Effective management of risks
What is one of the key objectives of risk management within NNPC Limited?
To achieve the Company's mission and vision
Which of the following is NOT a key pillar of risk management within NNPC Limited and its subsidiaries?
Compliance
Based on the text, which of the following is NOT a component of NNPC Limited's risk governance structure?
ERM stakeholder relationships
Which model does NNPC Limited's risk governance structure follow?
Three lines of defense
Who is authorized to grant exceptions to the application of NNPC Limited's risk management policy?
The GCEO
What are the four key pillars that NNPC Limited and its subsidiaries shall adhere to in terms of risk management?
a) Leadership, b) Ownership, c) Transparency, d) Compliance
What is the role of the Governance, Risk and Compliance Function within NNPC Limited?
To monitor compliance with laws, regulations, and organizational policies
Who is authorized to grant exceptions to the application of NNPC Limited's risk management policy?
The GCEO
Which of the following is NOT a component of NNPC Limited's risk governance structure?
The risk management committees
Who is responsible for overseeing the risk management activities at NNPC Limited and its subsidiaries?
The Chief Compliance Officer
What is the role of the Heads of Risk Management at NNPC Limited and its subsidiaries?
To provide risk oversight on their respective risk areas
What is the purpose of NNPC Limited's risk reporting structure?
To report on the status of risk profiles to the ERM Function
What is the role of Functional Heads in NNPC Limited's risk management activities?
Act as a communication channel between the ERM Function and risk owners
Based on the text, what is the responsibility of the ERM Function at NNPC Limited and its subsidiaries?
Educate members of their team on the use of the control self-assessment questionnaires
What is one of the key responsibilities of the Second Line of Defence in NNPC Limited's risk management?
Foster a corporate risk culture through adequate training and serving as an internal ambassador and resource centre for ERM
Who is responsible for implementing an effective risk management system and instilling the right culture throughout NNPC Limited and its subsidiaries for effective risk governance?
Management Risk Committee
Based on the text, what is the role of the Board Audit Committee (BAC) in relation to risk management?
Oversee the effectiveness of risk management and controls
What is the responsibility of the Functional Heads in relation to risk management?
Adhere to NNPC Limited's process for identifying and managing risks
Based on the text, what is the responsibility of the Management Risk Committee in relation to risk management?
Review and validate key risk indicators & threshold limits
Which committee is responsible for reviewing the framework for managing risks and recommending it to the Board for approval?
Board Audit Committee (BAC)
What is one of the responsibilities of the Management Risk Committee?
Develop and implement a sound system of internal controls and mitigating strategies
What is the role of the ERM Function at NNPC Limited and its subsidiaries?
To implement an effective risk management system and instil the right culture throughout the organization
Which of the following is NOT a category used for categorizing risks in NNPC Limited's risk management process?
External risks
What is one of the activities involved in the ERM function at NNPC Limited and its subsidiaries?
Administering questionnaires and surveys
Which document is NOT reviewed during the ERM process at NNPC Limited?
Risk event reports
What is the purpose of populating the risk register and mapping risks to the relevant business process in the ERM process at NNPC Limited?
To identify duplicated risks
Which of the following is NOT a policy related to risk identification within NNPC Limited?
Management shall put systems in place to ensure that enterprise risks are reviewed at least annually and on a continuous basis.
Who is responsible for gathering and reviewing information on project risks within NNPC Limited?
The Heads of Departments
Which of the following is NOT a component of NNPC Limited's risk management process?
Risk Reporting
Who is responsible for overseeing the risk management activities at NNPC Limited's subsidiaries?
The Subsidiary Executive Director of the GRC
Which of the following is NOT a responsibility of the Functional Heads in relation to risk management?
Implementing policies and procedures developed to manage risks
Which of the following is NOT a responsibility of the ERM Function at NNPC Limited and its subsidiaries?
Consulting with process owners to identify and propose key risk indicators, threshold limits and mitigating strategies
Which of the following is NOT a role of the Audit Function in NNPC Limited's risk management?
Performing periodic scans of the operating environment for emerging risks
Which of the following is NOT a component of NNPC Limited's risk governance structure?
Functional Heads
Which of the following is NOT a component of NNPC Limited's risk governance structure?
ERM Function
What is the responsibility of the Functional Heads in relation to risk management?
Granting exceptions to risk management policy
What is the role of the Governance, Risk and Compliance Function within NNPC Limited?
Ensuring compliance with risk management policy
Which of the following is NOT a factor considered by NNPC Limited in assessing/ranking identified risks?
The frequency of the risks occurring
Which of the following is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?
Almost Certain
What is the likelihood factor for a risk to occur if it is expected to happen at least once in every 3 years according to NNPC Limited's risk ranking criteria?
Possible
According to the text, which of the following is NOT a level of risk in NNPC Limited's risk map?
Extreme
According to the text, which of the following is NOT a parameter considered when determining the financial impact of an event/risk in NNPC Limited?
Extreme impact
According to the text, which of the following is NOT a risk category in NNPC Limited's risk management process?
Financial
According to the text, which of the following is NOT a responsibility of middle level management in relation to risk management at NNPC Limited?
Mitigating or exploiting high risks
Which of the following methods is NOT mentioned as a way to assess risks within NNPC Limited's risk management process?
Desktop-based assessment
What is the purpose of a control assessment within NNPC Limited's risk management process?
To evaluate the effectiveness of controls designed by management
What is the description of a control rating of 'Fair' within NNPC Limited's risk management process?
There is room for some improvement
What is the responsibility of the ERM Function in collaboration with business and risk owners within NNPC Limited's risk management process?
To establish and agree on the criteria for assessing risks
Which of the following is NOT a factor considered by NNPC Limited in assessing/ranking identified risks?
The frequency of occurrence in a 3-year period
What is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?
Almost Certain
What is the potential non-financial consequence of an event/risk occurring if a risk were to crystallise?
Impact
Which of the following is NOT a type of document reviewed during the ERM process at NNPC Limited?
Performance measure basis
What is the frequency at which the risk assessment pack is inputted in the ERM process at NNPC Limited?
As required
Who are the recipients of the risk heat map output in the ERM process at NNPC Limited?
Board & Executive Management
Which of the following is NOT a risk category used for categorizing risks in NNPC Limited's risk management process?
Market risks
According to the text, which of the following is NOT a responsibility of the Management Risk Committee?
Identifying and assessing risks
What is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?
Almost Certain
According to the text, what does a strong risk culture within NNPC Limited lead to?
Improved risk management
Which of the following methods is NOT mentioned as a way to assess risks within NNPC Limited's risk management process?
Desktop-based assessment
What is the frequency at which the risk assessment pack is inputted in the ERM process at NNPC Limited?
Annually
What is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?
High
According to the text, what is the role of ERM in NNPC Limited?
Oversee risk management activities
Which of the following is NOT a risk treatment approach adopted by NNPC Limited and its subsidiaries?
Avoid
Under which risk treatment approach does NNPC Limited accept the risks inherent in the exposure?
Tolerate
In which instances would NNPC Limited adopt the Tolerate risk treatment approach?
When the risks are low/minimal
Which of the following is NOT a responsibility of the Risk Management Team at NNPC Limited?
Implementing risk mitigation plans
What is the purpose of the Risk Management Framework (RMF) at NNPC Limited?
To consider the relevant risk mitigation approach for decision-making
Which document is NOT an input to the ERM Function and Risk Process Owner at NNPC Limited?
Risk and Control Register
What is the highest impact level according to the risk map illustration in the text?
Extreme
Which of the following is NOT a component of NNPC Limited's risk monitoring and reporting process?
Status of mitigation plans
Which of the following is NOT a frequency at which risk monitoring and review should be performed at NNPC Limited and its subsidiaries?
Biennially
What is the purpose of key risk indicators (KRIs) in NNPC Limited's risk monitoring and reporting process?
To provide early signals of increasing risk exposures
Which of the following is NOT a key component of NNPC Limited's risk register?
Level of risk
What is the purpose of the external risk review within NNPC Limited's risk management process?
To identify emerging risks
What information should be included in the risk event documentation within NNPC Limited's risk management process?
Description of event, root cause, severity of impact
What is the responsibility of every support unit within NNPC Limited in relation to risk management?
Conduct risk and control self-assessment
Which of the following is NOT included in NNPC Limited's risk management training and awareness plan?
Providing an efficient methodology for evaluating risks in the business environment
What is the responsibility of the Head of Risk Management at NNPC Limited?
Developing a comprehensive training and awareness plan on an annual basis
Which of the following is NOT covered in NNPC Limited's risk management training and awareness plan?
Developing a comprehensive risk management framework
Which of the following options is NOT mentioned as a potential method for conducting risk management training at NNPC Limited and its subsidiaries?
Publication of quarterly bulletin highlighting ERM events
What is the purpose of the risk awareness program established by the Head of Risk Management at NNPC Limited?
To raise staff awareness of the risk management policy and processes
Which of the following is NOT a potential frequency for risk monitoring and review at NNPC Limited and its subsidiaries?
Quarterly
Which of the following is NOT mentioned as an option for risk management training and awareness at NNPC Limited?
Regular departmental/unit chat or discussion on ERM
What is the purpose of the risk awareness program established by the Head of Risk Management at NNPC Limited?
To raise staff awareness of the risk management policy and processes
Which of the following is NOT a component of NNPC Limited's risk governance structure?
Functional Heads
Which of the following is NOT a risk management objective mentioned in the text?
Accepting beyond specification delivery of products
What is the maximum acceptable deviation from specified requirements in any given operation or project per year?
XX%
What is the maximum tolerance for financial crime and non-compliance to regulatory standards mentioned in the text?
XX% on any balance sheet or P&L account
What is one of the key objectives of NNPC Limited's risk management process?
To meet all financial and non-financial obligations to stakeholders
What is the maximum number of instances of negative media exposure that NNPC Limited will tolerate in a year?
2
What is the maximum number of instances of asset destruction that NNPC Limited will tolerate in a year?
Less than XX
What is the maximum occupational accident frequency rate (AFR) that NNPC Limited will tolerate?
Less than XX%
Which of the following risk reports is prepared and issued by the Risk Management (RM) team at NNPC Limited?
Key risk indicator report
Who is the recipient of the Risk Assessment report prepared by the Risk Management (RM) team at NNPC Limited?
MD/GCEO
Which of the following risk reports is prepared and issued by the Risk Management (RM) team on a monthly basis at NNPC Limited?
Status of mitigation plan report
Which department within NNPC Limited is responsible for monitoring and reporting on the risk control self-assessment (RCSA) within their respective business units?
Business Assurance Department
According to the text, what is the purpose of the Quality Assurance Improvement Program (QAIP) at NNPC Limited?
To monitor and review risk management activities
What is the meaning of the term 'GRC' in the context of NNPC Limited?
Governance, Risk, and Compliance
Which of the following is NOT mentioned as a key objective of the Quality Assurance and Monitoring Function at NNPC Limited?
Enhancing the performance management metrics
Which of the following models does the QA Function at NNPC Limited adopt for resourcing talents?
In-sourcing
What is the purpose of the peer-to-peer review model in the QA Unit at NNPC Limited?
To bridge manning gaps
How often does the GRC Function at NNPC Limited need to conduct an external assessment?
Once every three years
What is the role of the QA Unit in the capacity building of GRC staff at NNPC Limited?
Monitoring execution of the training plan
Which of the following is NOT one of the three major elements of the Quality Assurance and Improvement Program at NNPC Limited?
Quality Assurance Planning
What is the purpose of the annual internal self-assessment conducted by the QA Unit at NNPC Limited?
To appraise the overall effectiveness of the GRC Function
What does the QA Unit consider in developing the annual QA plan for ongoing internal assessments at NNPC Limited?
The outcome of the ongoing internal assessments
What is the basis for selecting GRC reviews for quality assurance in the QA plan at NNPC Limited?
Risk-based approach
According to the text, what is the mission of the Quality Assurance (QA) unit within the GRC Function of NNPC Limited and its subsidiaries?
To ensure compliance with the Quality Assurance Policies and procedures
What is the structure of the Quality Assurance Policies and procedures?
What is the vision of the Quality Assurance and Monitoring Function within NNPC Limited and its subsidiaries?
To be regarded as a reliable business advisor to NNPC Limited and its subsidiaries
What is the scope of the QA Unit within NNPC Limited and its subsidiaries?
To support the management of the GRC Function
Which of the following is NOT a key performance indicator (KPI) for the People category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?
Minimum training hours per GRC staff
Which of the following is NOT a key performance indicator (KPI) for the Processes category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?
% of reviews with cycle time from kick-off meeting to issuance of draft report within the threshold of the approved timeline
Which of the following is NOT a key performance indicator (KPI) for the Plan (Efficiency) category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?
Average customer satisfaction score for all processes reviewed during the year
Which of the following is a key performance indicator (KPI) for the Stakeholder Management category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?
Average customer satisfaction score for all processes reviewed during the year
Which of the following is NOT a responsibility of the Quality Assurance Manager within NNPC Limited?
To implement and monitor compliance with the internal quality management system for enhancing the value of GRC services provided by GRC to business units.
What is the objective of consolidating and standardizing the tasks and responsibilities within NNPC Limited's Quality Assurance function?
To ensure effective execution of QA reviews in line with the standards and stakeholder expectations.
What is one of the overall responsibilities of the QA Unit within NNPC Limited?
To standardize GRC activities by ensuring that the policies and procedures are adequate and aligned with leading best practices.
What is the responsibility of the Systems and Strategy sub-unit under QA within NNPC Limited?
To coordinate the development an annual plan highlighting the various activities to be conducted by the department.
Which tool is the key tool designed to aid the quality assurance checks mentioned in the text?
QA Unit Quality Assurance Review
What is the purpose of the completed QA checklist mentioned in the text?
To fill out and attach relevant documents
Who is expected to make inputs into the evaluation of all teams who conducted the various GRC engagements?
QA Manager
Which of the following tools is the key tool designed to aid quality assurance checks in NNPC Limited?
NNPC Quality Assurance Review
What should be documented in the Quality Assurance Checklist according to the text?
Next steps for each GRC team involved in the reviews
Who is expected to make inputs into the evaluation of all teams who conducted the various GRC engagements?
Manager, QA
Which of the following is NOT a consideration during the planning stage of an investigation?
Confidentiality
According to the text, what critical questions can a clear plan for an investigation help answer?
All of the above
According to the text, why is it important for the investigation team to be flexible and prepared to address changes during the investigation?
To maintain track of the overall purpose of the investigation
Which party is responsible for providing the Investigation Team with all available information regarding the case in question?
Head of Business Ethics/Relevant Function
Which party is responsible for reviewing the work plan for adequacy and updating it, where applicable?
Head of Investigation Team
Which party is responsible for assigning roles and responsibilities to the Investigation team members based on knowledge and expertise?
Head of Investigation Team
Which party is responsible for establishing the timeframe for completing the investigation?
Head of Investigation Team
According to the text, what is the purpose of a work plan in an investigation?
To detail the specific tasks and activities to be carried out in the investigation
Who should be involved in the investigation team for a reported incident?
All of the above
What is the recommended level of seniority for the personnel responsible for heading the investigation team?
At least one grade level higher than any individual potentially involved in the reported issue
Which departments within the company may be required to provide resources for an investigation team?
Finance, Legal, Internal Audit, Human Resources Division, Information Technology
According to the text, what is the responsibility of the Chief Compliance Officer in the event of a conflict of interest involving a GRC Manager?
Appoint an alternative staff to carry out the responsibilities of the GRC Manager
What is one of the reasons for appointing independent investigators in an investigation?
A need for absolute confidentiality and objectivity
According to the text, what should be considered when selecting external investigators for an investigation?
Reputation, integrity, capability, and experience of the investigators
What is the responsibility of the Chief Compliance Officer or Head of Business Ethics in planning an investigation?
Understanding and considering professional and regulatory/legal standards
Which of the following is NOT a type of information that could be required for an investigation, according to the text?
Approval documents
According to the text, investigators should be cautious when gathering information for investigations because:
Information obtained from various sources may sometimes be incomplete or unreliable
According to the text, investigations should be based on:
Factual findings noted during analysis of relevant information
Which of the following measures should be implemented when interviewing alleged fraud perpetrators or witnesses who are employees according to the text?
Explain the allegation or reason for the interview to the employee and allow him/her to make his defense if any (i.e. fair hearing).
What types of parameters can be used to analyze information gathered during an investigation according to the text?
Financial, non-financial, and visual parameters.
Which of the following is NOT a component of a risk governance structure according to the text?
Bias and prejudice.
Which party is responsible for conducting interviews to gather information from individuals in a position to have relevant knowledge or facts on the investigation?
The Investigation Team
What should be captured per information received by the Investigation Team?
Title of information received, Time of receipt, From whom the information was received, Where the information is maintained
What should be done with original documents received by the Investigation Team?
Maintain them as received without any alterations
What should be done if there is non-availability of information or lack of cooperation from staff during the investigation?
Escalate to the Chief Compliance Officer
Which of the following is NOT a tip for conducting interviews according to the NNPC Limited Investigation Processes and Procedures?
Take notes but do not be carried away by attempting to write all that the interviewee says.
Which of the following is NOT a procedure for handling evidence according to the NNPC Limited Investigation Processes and Procedures?
Store electronic evidence in its original state at the point of obtaining it.
According to the NNPC Limited Investigation Processes and Procedures, when should forced entry into premises be made?
Only within the ambits of the law, upon obtainment of the requisite lawful Order to back such entry.
According to the NNPC Limited Investigation Processes and Procedures, what are the key aspects of surveillance procedures?
All of the above.
Which of the following practices should be adopted during investigations to safeguard the rights of employees at NNPC Limited?
Preventing harassment or intimidation of employee during the interview
What should be done when interviewing alleged fraud perpetrators or witnesses who are employees at NNPC Limited?
Explain the possible outcomes of the investigation
What types of analysis can be conducted on the gathered information during an investigation at NNPC Limited?
Financial, non-financial, and visual analysis
Which type of analysis involves reviewing financial information to identify anomalies and potential risk areas?
Financial Analysis
What is the purpose of non-financial analysis in an investigation?
To identify patterns and trends
How can visual analysis aid investigators in identifying irregular trends and relationships?
By using charts and graphs
When should an escalation matrix be used in an investigation?
When the investigation team is not receiving required support
According to the text, who is responsible for providing an update on the outcome of the investigation to the party who reported the suspicious incident?
Head, Investigation Team
According to the text, who is responsible for preparing a weekly summary report of all investigations outstanding and completed in the previous week?
GRC Manager
According to the text, what is the purpose of the Investigation file in NNPC Limited's Investigation Processes and Procedures?
To store all relevant information regarding the investigation
Which of the following questions should be answered in an investigation report according to the text?
All of the above
What should the Investigation Team do with information received during the course of an investigation, according to the text?
Handle it with utmost confidentiality
Who is responsible for taking disciplinary action based on the factual findings captured in the investigation report, according to the text?
The Disciplinary Committee
Which of the following is NOT a step in the reporting and recommendation process of an investigation, according to the text?
Reviewing the investigation report to ensure all information has been considered
Who is responsible for reviewing the investigation report and updating recommendations on action(s) to take in response to the findings, according to the text?
Chief Compliance Officer
Which party is responsible for updating the investigation database with the summary of internal recipients for reviews and inputs, according to the text?
Legal department
Which of the following is NOT a key performance indicator (KPI) for the closure of an investigation, according to the text?
Accuracy of the investigation report
According to the text, who is authorized to grant exceptions to the application of the policy and seek ratification from the NNPC Limited Board?
The GCEO
How often is the NNPC Limited Policy Management Processes and Procedures manual intended to be updated, unless there is a specific requirement for an immediate revision?
Every two years
Who does the NNPC Limited Policy Management Processes and Procedures manual apply to?
All employees of NNPC Limited
Which of the following is NOT a component of NNPC Limited's policy management processes and procedures?
Governance and accountability structures
What does the SIPOC model stand for in NNPC Limited's policy management processes and procedures?
Supplier-Input-Process-Output-Customers
What is the purpose of the Relationship Map for the Efficiency Function in NNPC Limited's policy management processes and procedures?
To show the relationship between different processes and functions
Which department is responsible for drafting the policy and presenting it to the Efficiency Unit and Board Committee?
User department/Process owner
What is the timeframe for measuring the performance indicator 'Existence of the drivers of policy formulation'?
As required
What is the basis of measurement for the performance indicator 'Use appropriate template'?
Alignment with policy template
Which department is responsible for managing NNPC Limited's policies within the company?
The GCEO and Management of NNPC Limited
Who has the overall responsibility for Corporate Policies in NNPC Limited?
The Board
What is the objective of the policy formulation process in NNPC Limited?
All of the above
Which party is responsible for driving policy implementation within the relevant business processes, according to the text?
Efficiency unit (with support of Process Owner)
Who is responsible for reviewing the policy for adequacy and strategic alignment, according to the text?
Business Unit/Efficiency unit/GRC
What is the minimum frequency at which the risk assessment pack is inputted in the ERM process at NNPC Limited, according to the text?
Annually
Who is responsible for preparing a presentation summarizing the policy and its benefits, according to the text?
Efficiency unit (with support of Process Owner)
What is the responsibility of the Head of Efficiency unit in relation to policy changes in NNPC Limited?
Review and approve draft changes to the policy template
Which of the following triggers may lead to the update or renewal of NNPC Limited's policies?
All of the above
Who is responsible for approving policy changes that involve any change in or impact the implementation of Company strategy in NNPC Limited?
Board and/or Approving authority
Which department is responsible for drafting and presenting policies to the Efficiency Unit and Board Committee?
Business Unit
How often are periodic reviews of policies conducted at NNPC Limited?
Bi-annually
What is the role of the Efficiency Unit in the policy management process at NNPC Limited?
Disseminating policies
What is the responsibility of the Process Owner in the policy modification process at NNPC Limited?
Preparing the business case
Which of the following is NOT a purpose of NNPC Limited's Business Continuity Policy?
To establish a framework for risk management
What is the purpose of NNPC Limited's Business Continuity Policy?
To ensure business continuity during disruptions
What is the general approach to Business Continuity Management (BCM) described in NNPC Limited's Business Continuity Policy?
Monitoring the effectiveness of business continuity management
What is the purpose of NNPC Limited's Business Continuity (BC) Policy?
To ensure the continuity of business operations during and after disruptions
What does NNPC Limited's Business Continuity Policy aim to minimize?
The potential damage caused by disruptive incidents
What does NNPC's general approach to Business Continuity Management (BCM) include?
All of the above
Which of the following triggers may lead to the renewal or update of NNPC Limited's policies?
All of the above
Who is responsible for reviewing and approving draft changes to the policy template at NNPC Limited?
Head of Efficiency unit
Which level of seniority is recommended for the personnel responsible for updating and renewing NNPC Limited's policies?
Senior management
Which department is responsible for retiring corporate policies at NNPC Limited?
Board Audit Committee
Who is responsible for evaluating proposed updates to policies at NNPC Limited?
Efficiency unit
What is the role of the Board Audit Committee (BAC) in the policy retirement process at NNPC Limited?
Approve retirement of corporate policies
When should a policy at NNPC Limited be reviewed to ascertain if any modification is required?
All of the above
Which of the following is NOT a component of NNPC Limited's Business Continuity Policy?
Framework for managing disruptive incidents
What is the purpose of NNPC Limited's Business Continuity Policy?
To establish guidelines for business resilience and risk management measures
Which department is responsible for drafting NNPC Limited's Business Continuity Policy?
Efficiency Unit
Which of the following is NOT covered by the scope of NNPC Limited's Business Continuity Policy?
Financial transactions
What is the purpose of Business Continuity Management at NNPC Limited?
To ensure time-sensitive operations are resumed and recovered
Which of the following events may have regional or nationwide impact, rendering multiple NNPC facilities inaccessible?
Pandemics
Which of the following is NOT a goal of NNPC Limited's Business Continuity Management (BCM) program?
Ensure that BC plans are regularly tested and updated to meet the changing needs of the company
What is the purpose of providing awareness on business continuity to all employees and relevant external parties?
To ensure that all employees and relevant external parties are aware of the importance of business continuity
What is the responsibility of the Systems and Strategy sub-unit under Quality Assurance (QA) within NNPC Limited?
To evaluate the relevance and effectiveness of business continuity programs
What is the responsibility of the Crisis Management Team (CMT) at NNPC Limited?
Develop, review, and update the crisis management plan
What is one of the key responsibilities of the Incident Management Team at NNPC Limited?
Monitor and detect early signs of an emergency
What is the purpose of defining and assessing key roles and responsibilities in establishing a business continuity programme?
To establish a successful business continuity programme
Which of the following is NOT a responsibility of the Business Continuity Manager at NNPC Limited?
Implement emergency measures and contingency plans
What is the role of the Business Continuity Champions (Emergency Response/Business Recovery Team) at NNPC Limited?
Support the implementation and adoption of business continuity requirements within their departments
What is the responsibility of the Information Technology Team (Technical Recovery Team) at NNPC Limited?
Management of related processes such as incident and change management
What is the responsibility of the Department Managers in relation to business continuity at NNPC Limited?
Review and manage staff competencies and training needs to enable staff to perform their roles effectively within the business continuity area
Which of the following is NOT a reason for updating the Business Continuity Plans?
Acquisition of new oil and gas reserves
Who is responsible for reviewing and updating the Business Continuity Plans annually?
Business Continuity Manager
What should be done after identifying changes in business arrangements that have not yet been reflected in the Business Continuity Plan?
Update the plan
Which of the following is NOT a responsibility of NNPC in relation to its Business Continuity Plan?
Conducting a risk assessment to identify potential interruptions
Who are considered key stakeholders in NNPC's Business Continuity Management (BCM) program?
Group Chief Executive Officer
What is the purpose of the Business Impact Analysis (BIA) process?
To identify and rank critical business processes and downtime costs
What is the frequency of reviewing and updating the Business Impact Analysis (BIA) and Risk Assessment (RA) processes?
Every year
Which of the following is the primary objective of NNPC's Business Continuity Policy?
To reduce or address substantial business disruptions affecting its critical business operations
What is the purpose of the Competency and Training Requirements mentioned in the text?
To identify training needs and maintain a plan to ensure necessary competencies are in place
What is the purpose of the NNPC Business Continuity Policy?
To reduce or address substantial business disruptions affecting its critical business operations
Which of the following is NOT a component of the business continuity planning process mentioned in the text?
Contact lists of all suppliers, external dependencies, and personnel identified with roles and responsibilities, as well as alternate and escalation contacts.
What is the purpose of testing the Business Continuity Plans (BCPs) according to the text?
To ensure that NNPC is adequately prepared to execute a credible recovery in the event of a real incident.
How often should the Business Continuity Plans (BCPs) be reviewed?
Annually
What is the responsibility of the owners of the appropriate business resources or processes involved in the business continuity planning process?
To be responsible for emergency procedures, manual fallback plans, and resumption plans.
Which of the following is NOT a term/abbreviation mentioned in the glossary of terms in the text?
BCP
Which of the following is NOT a stakeholder mentioned in NNPC Limited's due diligence policy?
Competitors
Which of the following is NOT a purpose of NNPC Limited's due diligence processes?
Enhancing customer satisfaction
Who is responsible for overseeing the due diligence review process at NNPC Limited?
Chief Compliance Officer
Who administers the due diligence process at NNPC Limited?
GRC Manager
Who makes recommendations to approve or reject the business relationship at NNPC Limited?
GRC Manager
Who performs the initial risk categorization at NNPC Limited?
LOD 1
Which organization is responsible for the lift and sale of royalty oil and tax oil on behalf of the Nigerian Upstream Regulatory Commission and the Federal Inland Revenue Service?
NNPC Limited
What is the purpose of the Frontier Exploration Fund?
To manage the proceeds of the sales of profit oil and profit gas
Who is responsible for carrying out test marketing to ascertain the value of crude oil?
NNPC Limited
What is the role of NNPC Limited in promoting the domestic use of natural gas?
To develop and operate large-scale gas utilisation industries
Which of the following is considered a Third Party in the context of NNPC Limited's Due Diligence Policy?
Counterparties
What is the objective of NNPC Limited's Due Diligence Policy?
To assess and mitigate risks in business decisions
What is the definition of 'Beneficial Owner' according to NNPC Limited's Due Diligence Policy?
The natural person(s) who ultimately owns or controls a legal entity
What does 'KYC' stand for in the context of NNPC Limited's Due Diligence Policy?
Know Your Customer
Which of the following factors is NOT considered when determining the risk rating of an employee's job role at NNPC Limited?
The employee's level of education
Which of the following is responsible for performing the initial risk categorization based on the General IDD and EDD at NNPC Limited?
LOD 1
What are the possible risk categories at NNPC Limited?
High, Medium, or Low
Which of the following is NOT a requirement for Level C due diligence according to the text?
Negative findings and litigation
What is one of the factors considered when assessing the financial strength of a prospective partner according to the text?
Leverage and profitability ratios
What type of information is NOT mentioned as potentially required for an investigation according to the text?
Comprehensive credit report
Which type of due diligence is conducted on third parties providing services classified as low risk at NNPC Limited?
Level A
What is the risk classification that would require weighty reasons and an extensive EDD proportionate to the risk at NNPC Limited?
High Risk
Which risk classification at NNPC Limited may not move forward with the proposed activity unless there exist substantial reasons for continuing with the project?
High Risk
What does a high-risk counterparty at NNPC Limited being listed on a Sanctions List indicate?
The counterparty is/has been a subject of criminal investigations, charges, or convictions for serious wrong doings.
Which of the following is NOT a component of NNPC Limited's general integrity due diligence review?
Conducting a Level A general integrity review
What is the purpose of the general integrity due diligence review conducted by NNPC Limited?
To assess the purpose and economic rationale of the counterparty's dealings
What is the purpose of reviewing sanctions lists as part of the general integrity due diligence review conducted by NNPC Limited?
To identify individuals and entities involved in fraud, corruption, terrorism, human rights violations, money laundering, terrorist financing, tax evasion, etc.
According to the text, what is the purpose of pre-employment screening for potential or new employees of NNPC Limited?
To conduct reference and background checks
What is the basis of risk classification for existing or prospective customers of NNPC Limited?
Level of risk associated with the business relationship
What type of due diligence must be conducted on customers identified as medium to high risk before any business transaction?
Enhanced due diligence
What should the relevant unit establish, record, maintain, and operate procedures and controls for in respect of new customers or occasional transactions?
Obtaining information on the nature and intended purpose of the business relationship
Which of the following statements is true about NNPC Limited's due diligence procedure for doing business with third-party service providers and suppliers?
NNPC Limited conducts due diligence on potential third parties before commencing business relationships.
What is the purpose of NNPC Limited's due diligence procedure for doing business with third-party service providers and suppliers?
To evaluate and manage potential corruption risks associated with the business relationship.
What is the minimum required due diligence procedure for doing business with certain third-party service providers and suppliers at NNPC Limited?
Conducting background checks on potential third parties.
Which of the following is NOT a factor considered in the assessment of Politically Exposed Persons (PEPs) linked to the counterparty or the relevant NNPC Limited activity?
Recommendations from FATF
What is the purpose of conducting a contingency measures review at the outset of any business relationship?
To identify exit risk indicators and assess possible contingency measures
Which of the following is NOT a mitigating measure that could be applied in the event of an identified risk?
Reporting or audit requirements
When is an Enhanced Due Diligence (EDD) review carried out by the GRC team or an external provider?
If the integrity review indicates a High Risk
How often should recertifications be performed on vendors and third-party service providers in existing contracts at NNPC Limited?
Every two years
Which of the following is NOT a requirement for third parties that undertake regulated business on behalf of NNPC Limited?
Registration with a renowned professional organization
What types of processes may NNPC Limited use to perform ongoing monitoring of its counterparties?
All of the above
Which of the following is NOT a responsibility of the GRC Division/Chief Compliance Officer at NNPC Limited?
Reviewing and updating the Business Impact Analysis (BIA) and Risk Assessment (RA) processes
What is the minimum educational requirement for the GRC Manager or other relevant officers responsible for implementing the Due Diligence Policy at NNPC Limited?
Bachelors' Degree in Economics
How long should the findings of the Risk monitoring be archived for future reference?
Five (5) to ten (10) years
Who is responsible for reviewing the Due Diligence Policy at NNPC Limited every two (2) years and submitting recommendations to the Board of Directors for any necessary amendments or revisions?
Board Audit Committee
Study Notes
Risk Appetite and Objectives
- NNPC Limited's risk appetite is the amount of risk the organization is willing to accept to achieve its objectives.
- The key objective of risk management is to identify, assess, and mitigate risks that could impact the achievement of NNPC Limited's objectives.
- The broad corporate objectives on which NNPC Limited's risk appetite is based include strategic, financial, operational, and compliance objectives.
Risk Management Framework
- The Enterprise Risk Management (ERM) function is responsible for developing and implementing the risk management framework.
- The risk management framework is based on the three lines of defense model.
- The Governance, Risk and Compliance Function is responsible for overseeing the risk management activities at NNPC Limited and its subsidiaries.
Risk Governance Structure
- The risk governance structure consists of the Board of Directors, Management Risk Committee, Heads of Risk Management, and Functional Heads.
- The Board of Directors is responsible for reviewing and approving the risk management framework.
- The Management Risk Committee is responsible for reviewing the risk management framework and recommending it to the Board for approval.
Risk Management Process
- The risk management process involves identifying, assessing, and mitigating risks.
- The risk assessment process involves identifying and assessing risks, and prioritizing them based on their likelihood and impact.
- The risk treatment process involves selecting and implementing risk mitigation strategies.
Risk Monitoring and Reporting
- The risk monitoring and reporting process involves tracking and reporting on risk mitigation efforts.
- Key risk indicators (KRIs) are used to monitor and report on risks.
- The risk management framework is reviewed and updated annually.
Risk Management Training and Awareness
- The risk management training and awareness plan is designed to educate employees on risk management principles and practices.
- The plan includes training programs, workshops, and awareness campaigns.
- The risk awareness program is designed to promote a risk-aware culture within the organization.
Risk Management Roles and Responsibilities
- The Head of Risk Management is responsible for developing and implementing the risk management framework.
- The Heads of Risk Management at NNPC Limited and its subsidiaries are responsible for overseeing risk management activities.
- Functional Heads are responsible for implementing risk management practices within their respective departments.
- The ERM Function is responsible for developing and implementing the risk management framework.
- The Management Risk Committee is responsible for reviewing and approving the risk management framework.
Risk Management Policy
- The risk management policy outlines the organization's approach to risk management.
- The policy is reviewed and updated annually.
- The policy is approved by the Board of Directors.
Risk Management Exceptions
- The Board of Directors is authorized to grant exceptions to the application of the risk management policy.
- Exceptions are granted on a case-by-case basis.
Risk Management Categories
- Risks are categorized based on their likelihood and impact.
- The categories include high, medium, and low risks.
- Risks are prioritized based on their likelihood and impact.
Risk Management Parameters
- The risk management framework considers several parameters, including the organization's risk appetite, risk tolerance, and risk threshold.
- The parameters are used to determine the acceptable level of risk for the organization.
Risk Management Frequency
- Risk management activities are performed at various frequencies, including quarterly, bi-annually, and annually.
- The frequency of risk management activities depends on the organization's risk appetite and risk tolerance.
Risk Management Tools
- Several tools are used in the risk management process, including risk assessment templates, risk registers, and key risk indicators.
- The tools are used to identify, assess, and mitigate risks.
Risk Management Review
- The risk management framework is reviewed annually.
- The review is performed by the Management Risk Committee.
- The review is used to update the risk management framework and ensure it remains effective.
Test your knowledge on NNPC Limited's GRC processes and procedures! This quiz will cover the risk strategy and appetite, as well as the importance of establishing a proactive and effective risk model. Put your skills to the test and see how well you understand the coordination and management of risks within NNPC Limited.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
