Operational Risk

The Qantas privacy finding: a positive lesson in third-party oversight

A serious data breach does not automatically mean governance failed. The more important question is whether an organisation can demonstrate that it understood the risks, assessed the third party, monitored its controls and responded effectively...

APRA’s CPS 230 Tweaks: Small Amendment, Big Governance Signal

APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…

“Cheap and Out of Date”, a Board-Level Resilience Question

A practical risk maturity article using a current event to test ownership, evidence, controls, challenge and decision quality.

When Macro Risk Reaches the Operating Model

The Eagle S tanker's severing of the Estlink 2 power cable, Allianz's 2026 Risk Barometer finding that only 3% of firms see their supply chains as "very resilient," and the Bank of England PRA's move to incident-level reporting all show the same thing: macro and geopolitical risk stops being theoretical the moment it forces a real business decision. Here's what a mature operating model needs to prove.

Governance risk is not theoretical

The better question is whether the organisation can show how conflicts are identified, declared, challenged, escalated and evidenced before an external inquiry, regulator or media story exposes the gap.

Pricing governance is a customer trust control, not just a marketing decision

Coles, Woolworths and IAG each faced regulatory action over pricing for the same reason: a gap between what customers were told and what the pricing system actually did. This post uses those cases to ask whether your organisation can show how pricing decisions are owned, challenged and tested for customer outcomes — before a regulator does it for you.

Good governance is not a burden, it is how leaders succeed.

A practical risk management article using a current source event to test ownership, evidence, controls and maturity.

AI related employee claims are the result of a lack of maturity impacting your employee experience

A practical risk management article using a current source event to test ownership, evidence, controls and maturity.

Recent posts

Popular categories