Speakers
Synopsis
APRA CPS230 – Can you be ready?
Compliance is not the end state; reducing risk/breaches is the key goal in securing any enterprise. APRA CPS230 - Operational Resiliency Requirements have pioneered the way for enterprise to think holistically around overall operational risk across the value chain.
But are we prepared? While organization have time till July 2025 to achieve this requirement, we see that there is a fundamental problem in meeting the deadline.
WHO is responsible – Accountability while at a board level must be passed on to risk executives. The current mandate revolves around Operational Risk, Cyber Risk Team, and Third-Party Risk Team i.e. who is more powerful among CRO, COO, CISO and CPO
WHAT all needs to be managed – Line of business have business processes which are dependent on system which is built on collection of Assets. These systems and Assets can be managed internally, Co-Sourced or Outsourced. To add to that Asset unless homegrown is a third-party product. Finally, Third party depend on 4th and 5th Party to support the key systems.
HOW do we assess from multi-risk requirements – Each of the components in the supply chain have to be evaluated from risk perspective i.e. Cyber Risk, Operational Risk, Resiliency arrangements, legal risk and data protection.
WHERE do we collect and correlate the data – Even if we assume that we have an ability to evaluate each of the component, where do we process this information for making meaningful risk decisions?
WHEN do we start – This is the key question, should we go back to the drawing board allocate responsibilities, identify what needs to be manage, plan what needs to be assessed and evaluate tools to correlate, or should we stitch up existing siloed operations to meet the CPS230 requirements?
Our discussion will center on debunking the hype surrounding CPS230 and addressing fundamental challenges and misconceptions that organizations face in meeting its requirements. We will explore key topics such as accountability dynamics among board members and executives, the complexity of operational risk management across the supply chain, practical considerations in multi-risk assessment, effective data management practices, and strategic preparedness efforts.
By engaging in candid dialogue and offering critical insights, our aim is to provoke thought, stimulate debate, and empower attendees to navigate the complexities of CPS230 compliance with clarity and confidence.
