A serious data breach does not automatically mean governance failed.
The more important question is whether an organisation can demonstrate that it understood the risks, assessed the third party, monitored its controls and responded effectively...
APRA has released final targeted amendments to CPS 230 Operational Risk Management. The item is current and sits within APRA’s prudential framework, so boards and risk teams should treat it as a live governance and…
The Eagle S tanker's severing of the Estlink 2 power cable, Allianz's 2026 Risk Barometer finding that only 3% of firms see their supply chains as "very resilient," and the Bank of England PRA's move to incident-level reporting all show the same thing: macro and geopolitical risk stops being theoretical the moment it forces a real business decision. Here's what a mature operating model needs to prove.
The better question is whether the organisation can show how conflicts are identified, declared, challenged, escalated and evidenced before an external inquiry, regulator or media story exposes the gap.
Coles, Woolworths and IAG each faced regulatory action over pricing for the same reason: a gap between what customers were told and what the pricing system actually did. This post uses those cases to ask whether your organisation can show how pricing decisions are owned, challenged and tested for customer outcomes — before a regulator does it for you.