Operational resilience in all organisations is critical to strategic and operational business success. Understanding your organisational maturity with respect to operational risk, including the management of service providers and business continuity is great leadership.
To support this APRA have recently issued a proposed new standard for operational risk management for all APRA-regulated organisations. APRA proposes to introduce a cross-industry Prudential Standard CPS 230 Operational Risk Management (CPS 230). This standard will set out minimum standards for managing operational risk, including updated requirements for business continuity and service provider management. APRA is working towards a 1 January 2024 implementation date. Specifically, APRA has highlighted that the purpose of this standard is to bring together the key elements of operational resilience into one standard. In addition, the focus is on clear accountability for the business operators to own and manage the risks in relation to resilience, not the risk function.
A simple and practical way to understand your organisation with respect to operational resilience is to undertake a maturity assessment.
A maturity assessment is not focused on pure compliance but rather focuses on your strengths and weaknesses. It helps to maintain focus on the key activities in managing risk over time.
Think of a maturity assessment as a supporting mechanism to help you see your growth and development. Very much like the marks on a door frame as you watch your children grow and mature with time.
We have developed a simple and easy to use maturity assessment tool that can assist you in your assessment against the standard.
Through utilising a maturity assessment model, you move beyond pure compliance to an engaging way to support everyone on their understanding of managing their business and their risks.
The critical approach to then ensuring compliance, and implementing CPS230 in your organisation, is to create or update frameworks, systems and processes. Through this process, you also must embed the activity within your front-line business.
Key ways to deliver these requirements are:
a) Undertake workshops which each business area, undertaking a maturity assessment against the elements of CPS230;
b) Ensuring activity occurs within the business lines rather than through a centralised team (the central team, if required, should facilitate the engagement of each business area); and
c) Engage the Board and the Executive from the start of the initiative, through to completion – this should include education/training sessions across the whole organisation.
If you wish to know more and receive access to this tool for your self-assessment purposes please contact us.
