How is your operational resilience maturity


Operational resilience in all organisations is critical to strategic and operational business success. Understanding your organisational maturity with respect to operational risk, including the management of service providers and business continuity is great leadership.

To support this APRA have recently issued a proposed new standard for operational risk management for all APRA-regulated organisations. APRA proposes to introduce a cross-industry Prudential Standard CPS 230 Operational Risk Management (CPS 230). This standard will set out minimum standards for managing operational risk, including updated requirements for business continuity and service provider management. APRA is working towards a 1 January 2024 implementation date. Specifically, APRA has highlighted that the purpose of this standard is to bring together the key elements of operational resilience into one standard. In addition, the focus is on clear accountability for the business operators to own and manage the risks in relation to resilience, not the risk function.

A simple and practical way to understand your organisation with respect to operational resilience is to undertake a maturity assessment.

A maturity assessment is not focused on pure compliance but rather focuses on your strengths and weaknesses. It helps to maintain focus on the key activities in managing risk over time.

Think of a maturity assessment as a supporting mechanism to help you see your growth and development. Very much like the marks on a door frame as you watch your children grow and mature with time.

We have developed a simple and easy to use maturity assessment tool that can assist you in your assessment against the standard.

Through utilising a maturity assessment model, you move beyond pure compliance to an engaging way to support everyone on their understanding of managing their business and their risks.

The critical approach to then ensuring compliance, and implementing CPS230 in your organisation, is to create or update frameworks, systems and processes. Through this process, you also must embed the activity within your front-line business.

Key ways to deliver these requirements are:
a) Undertake workshops which each business area, undertaking a maturity assessment against the elements of CPS230;
b) Ensuring activity occurs within the business lines rather than through a centralised team (the central team, if required, should facilitate the engagement of each business area); and
c) Engage the Board and the Executive from the start of the initiative, through to completion – this should include education/training sessions across the whole organisation.

If you wish to know more and receive access to this tool for your self-assessment purposes please contact us.

Scott North has extensive executive and board experience in risk management, internal audit, operational risk and compliance, governance, risk strategy, scenario planning, technology risk, technology architecture, systems design, financial accounting, and management accounting. With Chief Risk Officers roles across financial services in Australia, Scott is an accomplished and experienced senior risk executive with extraordinary results in leading risk management teams. An innovative and process-focused leader, with an entrepreneurial style. Scott has a passion for innovation and digital. Scott is an experienced project leader across multiple disciplines including risk, finance and enterprise systems.