NNPCL GRC quiz

Questions and Answers

What is the purpose of NNPC Limited's risk appetite?

To guide the determination of risk appetite

To establish a proactive ERM model

To reduce operational surprises and losses

To determine how much risk is acceptable (correct)

Which of these is not a key objective of risk management within NNPC Limited?

To integrate risk management into the decision-making process

To develop a risk culture

To eliminate risk in NNPC activities (correct)

To improve stakeholders' confidence and trust

What is the role of ERM in NNPC Limited?

To reduce operational surprises and losses

To develop and implement effective strategies

To be an integral part of strategic and operational planning (correct)

To integrate risk management into the decision-making process

According to the text, which of the following is NOT a parameter considered when determining the risk appetite for NNPC Limited and its subsidiaries?

Safety

Who is responsible for developing and reviewing the risk appetite statements in consultation with the Senior Management Committee?

Head of Risk Management

According to the text, when does NNPC Limited's risk appetite need to be re-evaluated?

All of the above

What are the broad corporate objectives on which NNPC Limited would base its risk appetite?

All of the above

Which of the following is NOT considered when re-evaluating NNPC Limited's risk appetite?

Changes to the Company's strategic objectives and risk preferences

What does a strong risk culture within NNPC Limited lead to?

Effective management of risks

What is one of the key objectives of risk management within NNPC Limited?

To achieve the Company's mission and vision

Which of the following is NOT a key pillar of risk management within NNPC Limited and its subsidiaries?

Compliance

Based on the text, which of the following is NOT a component of NNPC Limited's risk governance structure?

ERM stakeholder relationships

Which model does NNPC Limited's risk governance structure follow?

Three lines of defense

Who is authorized to grant exceptions to the application of NNPC Limited's risk management policy?

The GCEO

What are the four key pillars that NNPC Limited and its subsidiaries shall adhere to in terms of risk management?

a) Leadership, b) Ownership, c) Transparency, d) Compliance

What is the role of the Governance, Risk and Compliance Function within NNPC Limited?

To monitor compliance with laws, regulations, and organizational policies

Who is authorized to grant exceptions to the application of NNPC Limited's risk management policy?

The GCEO

Which of the following is NOT a component of NNPC Limited's risk governance structure?

The risk management committees

Who is responsible for overseeing the risk management activities at NNPC Limited and its subsidiaries?

The Chief Compliance Officer

What is the role of the Heads of Risk Management at NNPC Limited and its subsidiaries?

To provide risk oversight on their respective risk areas

What is the purpose of NNPC Limited's risk reporting structure?

To report on the status of risk profiles to the ERM Function

What is the role of Functional Heads in NNPC Limited's risk management activities?

Act as a communication channel between the ERM Function and risk owners

Based on the text, what is the responsibility of the ERM Function at NNPC Limited and its subsidiaries?

Educate members of their team on the use of the control self-assessment questionnaires

What is one of the key responsibilities of the Second Line of Defence in NNPC Limited's risk management?

Foster a corporate risk culture through adequate training and serving as an internal ambassador and resource centre for ERM

Who is responsible for implementing an effective risk management system and instilling the right culture throughout NNPC Limited and its subsidiaries for effective risk governance?

Management Risk Committee

Based on the text, what is the role of the Board Audit Committee (BAC) in relation to risk management?

Oversee the effectiveness of risk management and controls

What is the responsibility of the Functional Heads in relation to risk management?

Adhere to NNPC Limited's process for identifying and managing risks

Based on the text, what is the responsibility of the Management Risk Committee in relation to risk management?

Review and validate key risk indicators & threshold limits

Which committee is responsible for reviewing the framework for managing risks and recommending it to the Board for approval?

Board Audit Committee (BAC)

What is one of the responsibilities of the Management Risk Committee?

Develop and implement a sound system of internal controls and mitigating strategies

What is the role of the ERM Function at NNPC Limited and its subsidiaries?

To implement an effective risk management system and instil the right culture throughout the organization

Which of the following is NOT a category used for categorizing risks in NNPC Limited's risk management process?

External risks

What is one of the activities involved in the ERM function at NNPC Limited and its subsidiaries?

Administering questionnaires and surveys

Which document is NOT reviewed during the ERM process at NNPC Limited?

Risk event reports

What is the purpose of populating the risk register and mapping risks to the relevant business process in the ERM process at NNPC Limited?

To identify duplicated risks

Which of the following is NOT a policy related to risk identification within NNPC Limited?

Management shall put systems in place to ensure that enterprise risks are reviewed at least annually and on a continuous basis.

Who is responsible for gathering and reviewing information on project risks within NNPC Limited?

The Heads of Departments

Which of the following is NOT a component of NNPC Limited's risk management process?

Risk Reporting

Who is responsible for overseeing the risk management activities at NNPC Limited's subsidiaries?

The Subsidiary Executive Director of the GRC

Which of the following is NOT a responsibility of the Functional Heads in relation to risk management?

Implementing policies and procedures developed to manage risks

Which of the following is NOT a responsibility of the ERM Function at NNPC Limited and its subsidiaries?

Consulting with process owners to identify and propose key risk indicators, threshold limits and mitigating strategies

Which of the following is NOT a role of the Audit Function in NNPC Limited's risk management?

Performing periodic scans of the operating environment for emerging risks

Which of the following is NOT a component of NNPC Limited's risk governance structure?

Functional Heads

Which of the following is NOT a component of NNPC Limited's risk governance structure?

ERM Function

What is the responsibility of the Functional Heads in relation to risk management?

Granting exceptions to risk management policy

What is the role of the Governance, Risk and Compliance Function within NNPC Limited?

Ensuring compliance with risk management policy

Which of the following is NOT a factor considered by NNPC Limited in assessing/ranking identified risks?

The frequency of the risks occurring

Which of the following is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?

Almost Certain

What is the likelihood factor for a risk to occur if it is expected to happen at least once in every 3 years according to NNPC Limited's risk ranking criteria?

Possible

According to the text, which of the following is NOT a level of risk in NNPC Limited's risk map?

Extreme

According to the text, which of the following is NOT a parameter considered when determining the financial impact of an event/risk in NNPC Limited?

Extreme impact

According to the text, which of the following is NOT a risk category in NNPC Limited's risk management process?

Financial

According to the text, which of the following is NOT a responsibility of middle level management in relation to risk management at NNPC Limited?

Mitigating or exploiting high risks

Which of the following methods is NOT mentioned as a way to assess risks within NNPC Limited's risk management process?

Desktop-based assessment

What is the purpose of a control assessment within NNPC Limited's risk management process?

To evaluate the effectiveness of controls designed by management

What is the description of a control rating of 'Fair' within NNPC Limited's risk management process?

There is room for some improvement

What is the responsibility of the ERM Function in collaboration with business and risk owners within NNPC Limited's risk management process?

To establish and agree on the criteria for assessing risks

Which of the following is NOT a factor considered by NNPC Limited in assessing/ranking identified risks?

The frequency of occurrence in a 3-year period

What is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?

Almost Certain

What is the potential non-financial consequence of an event/risk occurring if a risk were to crystallise?

Impact

Which of the following is NOT a type of document reviewed during the ERM process at NNPC Limited?

Performance measure basis

What is the frequency at which the risk assessment pack is inputted in the ERM process at NNPC Limited?

As required

Who are the recipients of the risk heat map output in the ERM process at NNPC Limited?

Board & Executive Management

Which of the following is NOT a risk category used for categorizing risks in NNPC Limited's risk management process?

Market risks

According to the text, which of the following is NOT a responsibility of the Management Risk Committee?

Identifying and assessing risks

What is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?

Almost Certain

According to the text, what does a strong risk culture within NNPC Limited lead to?

Improved risk management

Which of the following methods is NOT mentioned as a way to assess risks within NNPC Limited's risk management process?

Desktop-based assessment

What is the frequency at which the risk assessment pack is inputted in the ERM process at NNPC Limited?

Annually

What is the highest likelihood factor for a risk to occur according to NNPC Limited's risk ranking criteria?

High

According to the text, what is the role of ERM in NNPC Limited?

Oversee risk management activities

Which of the following is NOT a risk treatment approach adopted by NNPC Limited and its subsidiaries?

Avoid

Under which risk treatment approach does NNPC Limited accept the risks inherent in the exposure?

Tolerate

In which instances would NNPC Limited adopt the Tolerate risk treatment approach?

When the risks are low/minimal

Which of the following is NOT a responsibility of the Risk Management Team at NNPC Limited?

Implementing risk mitigation plans

What is the purpose of the Risk Management Framework (RMF) at NNPC Limited?

To consider the relevant risk mitigation approach for decision-making

Which document is NOT an input to the ERM Function and Risk Process Owner at NNPC Limited?

Risk and Control Register

What is the highest impact level according to the risk map illustration in the text?

Extreme

Which of the following is NOT a component of NNPC Limited's risk monitoring and reporting process?

Status of mitigation plans

Which of the following is NOT a frequency at which risk monitoring and review should be performed at NNPC Limited and its subsidiaries?

Biennially

What is the purpose of key risk indicators (KRIs) in NNPC Limited's risk monitoring and reporting process?

To provide early signals of increasing risk exposures

Which of the following is NOT a key component of NNPC Limited's risk register?

Level of risk

What is the purpose of the external risk review within NNPC Limited's risk management process?

To identify emerging risks

What information should be included in the risk event documentation within NNPC Limited's risk management process?

Description of event, root cause, severity of impact

What is the responsibility of every support unit within NNPC Limited in relation to risk management?

Conduct risk and control self-assessment

Which of the following is NOT included in NNPC Limited's risk management training and awareness plan?

Providing an efficient methodology for evaluating risks in the business environment

What is the responsibility of the Head of Risk Management at NNPC Limited?

Developing a comprehensive training and awareness plan on an annual basis

Which of the following is NOT covered in NNPC Limited's risk management training and awareness plan?

Developing a comprehensive risk management framework

Which of the following options is NOT mentioned as a potential method for conducting risk management training at NNPC Limited and its subsidiaries?

Publication of quarterly bulletin highlighting ERM events

What is the purpose of the risk awareness program established by the Head of Risk Management at NNPC Limited?

To raise staff awareness of the risk management policy and processes

Which of the following is NOT a potential frequency for risk monitoring and review at NNPC Limited and its subsidiaries?

Quarterly

Which of the following is NOT mentioned as an option for risk management training and awareness at NNPC Limited?

Regular departmental/unit chat or discussion on ERM

What is the purpose of the risk awareness program established by the Head of Risk Management at NNPC Limited?

To raise staff awareness of the risk management policy and processes

Which of the following is NOT a component of NNPC Limited's risk governance structure?

Functional Heads

Which of the following is NOT a risk management objective mentioned in the text?

Accepting beyond specification delivery of products

What is the maximum acceptable deviation from specified requirements in any given operation or project per year?

XX%

What is the maximum tolerance for financial crime and non-compliance to regulatory standards mentioned in the text?

XX% on any balance sheet or P&L account

What is one of the key objectives of NNPC Limited's risk management process?

To meet all financial and non-financial obligations to stakeholders

What is the maximum number of instances of negative media exposure that NNPC Limited will tolerate in a year?

2

What is the maximum number of instances of asset destruction that NNPC Limited will tolerate in a year?

Less than XX

What is the maximum occupational accident frequency rate (AFR) that NNPC Limited will tolerate?

Less than XX%

Which of the following risk reports is prepared and issued by the Risk Management (RM) team at NNPC Limited?

Key risk indicator report

Who is the recipient of the Risk Assessment report prepared by the Risk Management (RM) team at NNPC Limited?

MD/GCEO

Which of the following risk reports is prepared and issued by the Risk Management (RM) team on a monthly basis at NNPC Limited?

Status of mitigation plan report

Which department within NNPC Limited is responsible for monitoring and reporting on the risk control self-assessment (RCSA) within their respective business units?

Business Assurance Department

According to the text, what is the purpose of the Quality Assurance Improvement Program (QAIP) at NNPC Limited?

To monitor and review risk management activities

What is the meaning of the term 'GRC' in the context of NNPC Limited?

Governance, Risk, and Compliance

Which of the following is NOT mentioned as a key objective of the Quality Assurance and Monitoring Function at NNPC Limited?

Enhancing the performance management metrics

Which of the following models does the QA Function at NNPC Limited adopt for resourcing talents?

In-sourcing

What is the purpose of the peer-to-peer review model in the QA Unit at NNPC Limited?

To bridge manning gaps

How often does the GRC Function at NNPC Limited need to conduct an external assessment?

Once every three years

What is the role of the QA Unit in the capacity building of GRC staff at NNPC Limited?

Monitoring execution of the training plan

Which of the following is NOT one of the three major elements of the Quality Assurance and Improvement Program at NNPC Limited?

Quality Assurance Planning

What is the purpose of the annual internal self-assessment conducted by the QA Unit at NNPC Limited?

To appraise the overall effectiveness of the GRC Function

What does the QA Unit consider in developing the annual QA plan for ongoing internal assessments at NNPC Limited?

The outcome of the ongoing internal assessments

What is the basis for selecting GRC reviews for quality assurance in the QA plan at NNPC Limited?

Risk-based approach

According to the text, what is the mission of the Quality Assurance (QA) unit within the GRC Function of NNPC Limited and its subsidiaries?

To ensure compliance with the Quality Assurance Policies and procedures

What is the structure of the Quality Assurance Policies and procedures?

What is the vision of the Quality Assurance and Monitoring Function within NNPC Limited and its subsidiaries?

To be regarded as a reliable business advisor to NNPC Limited and its subsidiaries

What is the scope of the QA Unit within NNPC Limited and its subsidiaries?

To support the management of the GRC Function

Which of the following is NOT a key performance indicator (KPI) for the People category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?

Minimum training hours per GRC staff

Which of the following is NOT a key performance indicator (KPI) for the Processes category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?

% of reviews with cycle time from kick-off meeting to issuance of draft report within the threshold of the approved timeline

Which of the following is NOT a key performance indicator (KPI) for the Plan (Efficiency) category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?

Average customer satisfaction score for all processes reviewed during the year

Which of the following is a key performance indicator (KPI) for the Stakeholder Management category in the Quality Assurance Unit's monitoring of the GRC Function at NNPC Limited?

Average customer satisfaction score for all processes reviewed during the year

Which of the following is NOT a responsibility of the Quality Assurance Manager within NNPC Limited?

To implement and monitor compliance with the internal quality management system for enhancing the value of GRC services provided by GRC to business units.

What is the objective of consolidating and standardizing the tasks and responsibilities within NNPC Limited's Quality Assurance function?

To ensure effective execution of QA reviews in line with the standards and stakeholder expectations.

What is one of the overall responsibilities of the QA Unit within NNPC Limited?

To standardize GRC activities by ensuring that the policies and procedures are adequate and aligned with leading best practices.

What is the responsibility of the Systems and Strategy sub-unit under QA within NNPC Limited?

To coordinate the development an annual plan highlighting the various activities to be conducted by the department.

Which tool is the key tool designed to aid the quality assurance checks mentioned in the text?

QA Unit Quality Assurance Review

What is the purpose of the completed QA checklist mentioned in the text?

To fill out and attach relevant documents

Who is expected to make inputs into the evaluation of all teams who conducted the various GRC engagements?

QA Manager

Which of the following tools is the key tool designed to aid quality assurance checks in NNPC Limited?

NNPC Quality Assurance Review

What should be documented in the Quality Assurance Checklist according to the text?

Next steps for each GRC team involved in the reviews

Who is expected to make inputs into the evaluation of all teams who conducted the various GRC engagements?

Manager, QA

Which of the following is NOT a consideration during the planning stage of an investigation?

Confidentiality

According to the text, what critical questions can a clear plan for an investigation help answer?

All of the above

According to the text, why is it important for the investigation team to be flexible and prepared to address changes during the investigation?

To maintain track of the overall purpose of the investigation

Which party is responsible for providing the Investigation Team with all available information regarding the case in question?

Head of Business Ethics/Relevant Function

Which party is responsible for reviewing the work plan for adequacy and updating it, where applicable?

Head of Investigation Team

Which party is responsible for assigning roles and responsibilities to the Investigation team members based on knowledge and expertise?

Head of Investigation Team

Which party is responsible for establishing the timeframe for completing the investigation?

Head of Investigation Team

According to the text, what is the purpose of a work plan in an investigation?

To detail the specific tasks and activities to be carried out in the investigation

Who should be involved in the investigation team for a reported incident?

All of the above

What is the recommended level of seniority for the personnel responsible for heading the investigation team?

At least one grade level higher than any individual potentially involved in the reported issue

Which departments within the company may be required to provide resources for an investigation team?

Finance, Legal, Internal Audit, Human Resources Division, Information Technology

According to the text, what is the responsibility of the Chief Compliance Officer in the event of a conflict of interest involving a GRC Manager?

Appoint an alternative staff to carry out the responsibilities of the GRC Manager

What is one of the reasons for appointing independent investigators in an investigation?

A need for absolute confidentiality and objectivity

According to the text, what should be considered when selecting external investigators for an investigation?

Reputation, integrity, capability, and experience of the investigators

What is the responsibility of the Chief Compliance Officer or Head of Business Ethics in planning an investigation?

Understanding and considering professional and regulatory/legal standards

Which of the following is NOT a type of information that could be required for an investigation, according to the text?

Approval documents

According to the text, investigators should be cautious when gathering information for investigations because:

Information obtained from various sources may sometimes be incomplete or unreliable

According to the text, investigations should be based on:

Factual findings noted during analysis of relevant information

Which of the following measures should be implemented when interviewing alleged fraud perpetrators or witnesses who are employees according to the text?

Explain the allegation or reason for the interview to the employee and allow him/her to make his defense if any (i.e. fair hearing).

What types of parameters can be used to analyze information gathered during an investigation according to the text?

Financial, non-financial, and visual parameters.

Which of the following is NOT a component of a risk governance structure according to the text?

Bias and prejudice.

Which party is responsible for conducting interviews to gather information from individuals in a position to have relevant knowledge or facts on the investigation?

The Investigation Team

What should be captured per information received by the Investigation Team?

Title of information received, Time of receipt, From whom the information was received, Where the information is maintained

What should be done with original documents received by the Investigation Team?

Maintain them as received without any alterations

What should be done if there is non-availability of information or lack of cooperation from staff during the investigation?

Escalate to the Chief Compliance Officer

Which of the following is NOT a tip for conducting interviews according to the NNPC Limited Investigation Processes and Procedures?

Take notes but do not be carried away by attempting to write all that the interviewee says.

Which of the following is NOT a procedure for handling evidence according to the NNPC Limited Investigation Processes and Procedures?

Store electronic evidence in its original state at the point of obtaining it.

According to the NNPC Limited Investigation Processes and Procedures, when should forced entry into premises be made?

Only within the ambits of the law, upon obtainment of the requisite lawful Order to back such entry.

According to the NNPC Limited Investigation Processes and Procedures, what are the key aspects of surveillance procedures?

All of the above.

Which of the following practices should be adopted during investigations to safeguard the rights of employees at NNPC Limited?

Preventing harassment or intimidation of employee during the interview

What should be done when interviewing alleged fraud perpetrators or witnesses who are employees at NNPC Limited?

Explain the possible outcomes of the investigation

What types of analysis can be conducted on the gathered information during an investigation at NNPC Limited?

Financial, non-financial, and visual analysis

Which type of analysis involves reviewing financial information to identify anomalies and potential risk areas?

Financial Analysis

What is the purpose of non-financial analysis in an investigation?

To identify patterns and trends

How can visual analysis aid investigators in identifying irregular trends and relationships?

By using charts and graphs

When should an escalation matrix be used in an investigation?

When the investigation team is not receiving required support

According to the text, who is responsible for providing an update on the outcome of the investigation to the party who reported the suspicious incident?

Head, Investigation Team

According to the text, who is responsible for preparing a weekly summary report of all investigations outstanding and completed in the previous week?

GRC Manager

According to the text, what is the purpose of the Investigation file in NNPC Limited's Investigation Processes and Procedures?

To store all relevant information regarding the investigation

Which of the following questions should be answered in an investigation report according to the text?

All of the above

What should the Investigation Team do with information received during the course of an investigation, according to the text?

Handle it with utmost confidentiality

Who is responsible for taking disciplinary action based on the factual findings captured in the investigation report, according to the text?

The Disciplinary Committee

Which of the following is NOT a step in the reporting and recommendation process of an investigation, according to the text?

Reviewing the investigation report to ensure all information has been considered

Who is responsible for reviewing the investigation report and updating recommendations on action(s) to take in response to the findings, according to the text?

Chief Compliance Officer

Which party is responsible for updating the investigation database with the summary of internal recipients for reviews and inputs, according to the text?

Legal department

Which of the following is NOT a key performance indicator (KPI) for the closure of an investigation, according to the text?

Accuracy of the investigation report

According to the text, who is authorized to grant exceptions to the application of the policy and seek ratification from the NNPC Limited Board?

The GCEO

How often is the NNPC Limited Policy Management Processes and Procedures manual intended to be updated, unless there is a specific requirement for an immediate revision?

Every two years

Who does the NNPC Limited Policy Management Processes and Procedures manual apply to?

All employees of NNPC Limited

Which of the following is NOT a component of NNPC Limited's policy management processes and procedures?

Governance and accountability structures

What does the SIPOC model stand for in NNPC Limited's policy management processes and procedures?

Supplier-Input-Process-Output-Customers

What is the purpose of the Relationship Map for the Efficiency Function in NNPC Limited's policy management processes and procedures?

To show the relationship between different processes and functions

Which department is responsible for drafting the policy and presenting it to the Efficiency Unit and Board Committee?

User department/Process owner

What is the timeframe for measuring the performance indicator 'Existence of the drivers of policy formulation'?

As required

What is the basis of measurement for the performance indicator 'Use appropriate template'?

Alignment with policy template

Which department is responsible for managing NNPC Limited's policies within the company?

The GCEO and Management of NNPC Limited

Who has the overall responsibility for Corporate Policies in NNPC Limited?

The Board

What is the objective of the policy formulation process in NNPC Limited?

All of the above

Which party is responsible for driving policy implementation within the relevant business processes, according to the text?

Efficiency unit (with support of Process Owner)

Who is responsible for reviewing the policy for adequacy and strategic alignment, according to the text?

Business Unit/Efficiency unit/GRC

What is the minimum frequency at which the risk assessment pack is inputted in the ERM process at NNPC Limited, according to the text?

Annually

Who is responsible for preparing a presentation summarizing the policy and its benefits, according to the text?

Efficiency unit (with support of Process Owner)

What is the responsibility of the Head of Efficiency unit in relation to policy changes in NNPC Limited?

Review and approve draft changes to the policy template

Which of the following triggers may lead to the update or renewal of NNPC Limited's policies?

All of the above

Who is responsible for approving policy changes that involve any change in or impact the implementation of Company strategy in NNPC Limited?

Board and/or Approving authority

Which department is responsible for drafting and presenting policies to the Efficiency Unit and Board Committee?

Business Unit

How often are periodic reviews of policies conducted at NNPC Limited?

Bi-annually

What is the role of the Efficiency Unit in the policy management process at NNPC Limited?

Disseminating policies

What is the responsibility of the Process Owner in the policy modification process at NNPC Limited?

Preparing the business case

Which of the following is NOT a purpose of NNPC Limited's Business Continuity Policy?

To establish a framework for risk management

What is the purpose of NNPC Limited's Business Continuity Policy?

To ensure business continuity during disruptions

What is the general approach to Business Continuity Management (BCM) described in NNPC Limited's Business Continuity Policy?

Monitoring the effectiveness of business continuity management

What is the purpose of NNPC Limited's Business Continuity (BC) Policy?

To ensure the continuity of business operations during and after disruptions

What does NNPC Limited's Business Continuity Policy aim to minimize?

The potential damage caused by disruptive incidents

What does NNPC's general approach to Business Continuity Management (BCM) include?

All of the above

Which of the following triggers may lead to the renewal or update of NNPC Limited's policies?

All of the above

Who is responsible for reviewing and approving draft changes to the policy template at NNPC Limited?

Head of Efficiency unit

Which level of seniority is recommended for the personnel responsible for updating and renewing NNPC Limited's policies?

Senior management

Which department is responsible for retiring corporate policies at NNPC Limited?

Board Audit Committee

Who is responsible for evaluating proposed updates to policies at NNPC Limited?

Efficiency unit

What is the role of the Board Audit Committee (BAC) in the policy retirement process at NNPC Limited?

Approve retirement of corporate policies

When should a policy at NNPC Limited be reviewed to ascertain if any modification is required?

All of the above

Which of the following is NOT a component of NNPC Limited's Business Continuity Policy?

Framework for managing disruptive incidents

What is the purpose of NNPC Limited's Business Continuity Policy?

To establish guidelines for business resilience and risk management measures

Which department is responsible for drafting NNPC Limited's Business Continuity Policy?

Efficiency Unit

Which of the following is NOT covered by the scope of NNPC Limited's Business Continuity Policy?

Financial transactions

What is the purpose of Business Continuity Management at NNPC Limited?

To ensure time-sensitive operations are resumed and recovered

Which of the following events may have regional or nationwide impact, rendering multiple NNPC facilities inaccessible?

Pandemics

Which of the following is NOT a goal of NNPC Limited's Business Continuity Management (BCM) program?

Ensure that BC plans are regularly tested and updated to meet the changing needs of the company

What is the purpose of providing awareness on business continuity to all employees and relevant external parties?

To ensure that all employees and relevant external parties are aware of the importance of business continuity

What is the responsibility of the Systems and Strategy sub-unit under Quality Assurance (QA) within NNPC Limited?

To evaluate the relevance and effectiveness of business continuity programs

What is the responsibility of the Crisis Management Team (CMT) at NNPC Limited?

Develop, review, and update the crisis management plan

What is one of the key responsibilities of the Incident Management Team at NNPC Limited?

Monitor and detect early signs of an emergency

What is the purpose of defining and assessing key roles and responsibilities in establishing a business continuity programme?

To establish a successful business continuity programme

Which of the following is NOT a responsibility of the Business Continuity Manager at NNPC Limited?

Implement emergency measures and contingency plans

What is the role of the Business Continuity Champions (Emergency Response/Business Recovery Team) at NNPC Limited?

Support the implementation and adoption of business continuity requirements within their departments

What is the responsibility of the Information Technology Team (Technical Recovery Team) at NNPC Limited?

Management of related processes such as incident and change management

What is the responsibility of the Department Managers in relation to business continuity at NNPC Limited?

Review and manage staff competencies and training needs to enable staff to perform their roles effectively within the business continuity area

Which of the following is NOT a reason for updating the Business Continuity Plans?

Acquisition of new oil and gas reserves

Who is responsible for reviewing and updating the Business Continuity Plans annually?

Business Continuity Manager

What should be done after identifying changes in business arrangements that have not yet been reflected in the Business Continuity Plan?

Update the plan

Which of the following is NOT a responsibility of NNPC in relation to its Business Continuity Plan?

Conducting a risk assessment to identify potential interruptions

Who are considered key stakeholders in NNPC's Business Continuity Management (BCM) program?

Group Chief Executive Officer

What is the purpose of the Business Impact Analysis (BIA) process?

To identify and rank critical business processes and downtime costs

What is the frequency of reviewing and updating the Business Impact Analysis (BIA) and Risk Assessment (RA) processes?

Every year

Which of the following is the primary objective of NNPC's Business Continuity Policy?

To reduce or address substantial business disruptions affecting its critical business operations

What is the purpose of the Competency and Training Requirements mentioned in the text?

To identify training needs and maintain a plan to ensure necessary competencies are in place

What is the purpose of the NNPC Business Continuity Policy?

To reduce or address substantial business disruptions affecting its critical business operations

Which of the following is NOT a component of the business continuity planning process mentioned in the text?

Contact lists of all suppliers, external dependencies, and personnel identified with roles and responsibilities, as well as alternate and escalation contacts.

What is the purpose of testing the Business Continuity Plans (BCPs) according to the text?

To ensure that NNPC is adequately prepared to execute a credible recovery in the event of a real incident.

How often should the Business Continuity Plans (BCPs) be reviewed?

Annually

What is the responsibility of the owners of the appropriate business resources or processes involved in the business continuity planning process?

To be responsible for emergency procedures, manual fallback plans, and resumption plans.

Which of the following is NOT a term/abbreviation mentioned in the glossary of terms in the text?

BCP

Which of the following is NOT a stakeholder mentioned in NNPC Limited's due diligence policy?

Competitors

Which of the following is NOT a purpose of NNPC Limited's due diligence processes?

Enhancing customer satisfaction

Who is responsible for overseeing the due diligence review process at NNPC Limited?

Chief Compliance Officer

Who administers the due diligence process at NNPC Limited?

GRC Manager

Who makes recommendations to approve or reject the business relationship at NNPC Limited?

GRC Manager

Who performs the initial risk categorization at NNPC Limited?

LOD 1

Which organization is responsible for the lift and sale of royalty oil and tax oil on behalf of the Nigerian Upstream Regulatory Commission and the Federal Inland Revenue Service?

NNPC Limited

What is the purpose of the Frontier Exploration Fund?

To manage the proceeds of the sales of profit oil and profit gas

Who is responsible for carrying out test marketing to ascertain the value of crude oil?

NNPC Limited

What is the role of NNPC Limited in promoting the domestic use of natural gas?

To develop and operate large-scale gas utilisation industries

Which of the following is considered a Third Party in the context of NNPC Limited's Due Diligence Policy?

Counterparties

What is the objective of NNPC Limited's Due Diligence Policy?

To assess and mitigate risks in business decisions

What is the definition of 'Beneficial Owner' according to NNPC Limited's Due Diligence Policy?

The natural person(s) who ultimately owns or controls a legal entity

What does 'KYC' stand for in the context of NNPC Limited's Due Diligence Policy?

Know Your Customer

Which of the following factors is NOT considered when determining the risk rating of an employee's job role at NNPC Limited?

The employee's level of education

Which of the following is responsible for performing the initial risk categorization based on the General IDD and EDD at NNPC Limited?

LOD 1

What are the possible risk categories at NNPC Limited?

High, Medium, or Low

Which of the following is NOT a requirement for Level C due diligence according to the text?

Negative findings and litigation

What is one of the factors considered when assessing the financial strength of a prospective partner according to the text?

Leverage and profitability ratios

What type of information is NOT mentioned as potentially required for an investigation according to the text?

Comprehensive credit report

Which type of due diligence is conducted on third parties providing services classified as low risk at NNPC Limited?

Level A

What is the risk classification that would require weighty reasons and an extensive EDD proportionate to the risk at NNPC Limited?

High Risk

Which risk classification at NNPC Limited may not move forward with the proposed activity unless there exist substantial reasons for continuing with the project?

High Risk

What does a high-risk counterparty at NNPC Limited being listed on a Sanctions List indicate?

The counterparty is/has been a subject of criminal investigations, charges, or convictions for serious wrong doings.

Which of the following is NOT a component of NNPC Limited's general integrity due diligence review?

Conducting a Level A general integrity review

What is the purpose of the general integrity due diligence review conducted by NNPC Limited?

To assess the purpose and economic rationale of the counterparty's dealings

What is the purpose of reviewing sanctions lists as part of the general integrity due diligence review conducted by NNPC Limited?

To identify individuals and entities involved in fraud, corruption, terrorism, human rights violations, money laundering, terrorist financing, tax evasion, etc.

According to the text, what is the purpose of pre-employment screening for potential or new employees of NNPC Limited?

To conduct reference and background checks

What is the basis of risk classification for existing or prospective customers of NNPC Limited?

Level of risk associated with the business relationship

What type of due diligence must be conducted on customers identified as medium to high risk before any business transaction?

Enhanced due diligence

What should the relevant unit establish, record, maintain, and operate procedures and controls for in respect of new customers or occasional transactions?

Obtaining information on the nature and intended purpose of the business relationship

Which of the following statements is true about NNPC Limited's due diligence procedure for doing business with third-party service providers and suppliers?

NNPC Limited conducts due diligence on potential third parties before commencing business relationships.

What is the purpose of NNPC Limited's due diligence procedure for doing business with third-party service providers and suppliers?

To evaluate and manage potential corruption risks associated with the business relationship.

What is the minimum required due diligence procedure for doing business with certain third-party service providers and suppliers at NNPC Limited?

Conducting background checks on potential third parties.

Which of the following is NOT a factor considered in the assessment of Politically Exposed Persons (PEPs) linked to the counterparty or the relevant NNPC Limited activity?

Recommendations from FATF

What is the purpose of conducting a contingency measures review at the outset of any business relationship?

To identify exit risk indicators and assess possible contingency measures

Which of the following is NOT a mitigating measure that could be applied in the event of an identified risk?

Reporting or audit requirements

When is an Enhanced Due Diligence (EDD) review carried out by the GRC team or an external provider?

If the integrity review indicates a High Risk

How often should recertifications be performed on vendors and third-party service providers in existing contracts at NNPC Limited?

Every two years

Which of the following is NOT a requirement for third parties that undertake regulated business on behalf of NNPC Limited?

Registration with a renowned professional organization

What types of processes may NNPC Limited use to perform ongoing monitoring of its counterparties?

All of the above

Which of the following is NOT a responsibility of the GRC Division/Chief Compliance Officer at NNPC Limited?

Reviewing and updating the Business Impact Analysis (BIA) and Risk Assessment (RA) processes

What is the minimum educational requirement for the GRC Manager or other relevant officers responsible for implementing the Due Diligence Policy at NNPC Limited?

Bachelors' Degree in Economics

How long should the findings of the Risk monitoring be archived for future reference?

Five (5) to ten (10) years

Who is responsible for reviewing the Due Diligence Policy at NNPC Limited every two (2) years and submitting recommendations to the Board of Directors for any necessary amendments or revisions?

Board Audit Committee

Study Notes

Risk Appetite and Objectives

• NNPC Limited's risk appetite is the amount of risk the organization is willing to accept to achieve its objectives.
• The key objective of risk management is to identify, assess, and mitigate risks that could impact the achievement of NNPC Limited's objectives.
• The broad corporate objectives on which NNPC Limited's risk appetite is based include strategic, financial, operational, and compliance objectives.

Risk Management Framework

• The Enterprise Risk Management (ERM) function is responsible for developing and implementing the risk management framework.
• The risk management framework is based on the three lines of defense model.
• The Governance, Risk and Compliance Function is responsible for overseeing the risk management activities at NNPC Limited and its subsidiaries.

Risk Governance Structure

• The risk governance structure consists of the Board of Directors, Management Risk Committee, Heads of Risk Management, and Functional Heads.
• The Board of Directors is responsible for reviewing and approving the risk management framework.
• The Management Risk Committee is responsible for reviewing the risk management framework and recommending it to the Board for approval.

Risk Management Process

• The risk management process involves identifying, assessing, and mitigating risks.
• The risk assessment process involves identifying and assessing risks, and prioritizing them based on their likelihood and impact.
• The risk treatment process involves selecting and implementing risk mitigation strategies.

Risk Monitoring and Reporting

• The risk monitoring and reporting process involves tracking and reporting on risk mitigation efforts.
• Key risk indicators (KRIs) are used to monitor and report on risks.
• The risk management framework is reviewed and updated annually.

Risk Management Training and Awareness

• The risk management training and awareness plan is designed to educate employees on risk management principles and practices.
• The plan includes training programs, workshops, and awareness campaigns.
• The risk awareness program is designed to promote a risk-aware culture within the organization.

Risk Management Roles and Responsibilities

• The Head of Risk Management is responsible for developing and implementing the risk management framework.
• The Heads of Risk Management at NNPC Limited and its subsidiaries are responsible for overseeing risk management activities.
• Functional Heads are responsible for implementing risk management practices within their respective departments.
• The ERM Function is responsible for developing and implementing the risk management framework.
• The Management Risk Committee is responsible for reviewing and approving the risk management framework.

Risk Management Policy

• The risk management policy outlines the organization's approach to risk management.
• The policy is reviewed and updated annually.
• The policy is approved by the Board of Directors.

Risk Management Exceptions

• The Board of Directors is authorized to grant exceptions to the application of the risk management policy.
• Exceptions are granted on a case-by-case basis.

Risk Management Categories

• Risks are categorized based on their likelihood and impact.
• The categories include high, medium, and low risks.
• Risks are prioritized based on their likelihood and impact.

Risk Management Parameters

• The risk management framework considers several parameters, including the organization's risk appetite, risk tolerance, and risk threshold.
• The parameters are used to determine the acceptable level of risk for the organization.

Risk Management Frequency

• Risk management activities are performed at various frequencies, including quarterly, bi-annually, and annually.
• The frequency of risk management activities depends on the organization's risk appetite and risk tolerance.

Risk Management Tools

• Several tools are used in the risk management process, including risk assessment templates, risk registers, and key risk indicators.
• The tools are used to identify, assess, and mitigate risks.

Risk Management Review

• The risk management framework is reviewed annually.
• The review is performed by the Management Risk Committee.
• The review is used to update the risk management framework and ensure it remains effective.

Description

Test your knowledge on NNPC Limited's GRC processes and procedures! This quiz will cover the risk strategy and appetite, as well as the importance of establishing a proactive and effective risk model. Put your skills to the test and see how well you understand the coordination and management of risks within NNPC Limited.