Operational Resilience Minimise operational disruptions to your organisation Advancements in technology create both opportunities and vulnerabilities. The sophistication of cyber threats will continue to increase. Systems will fail. Outsourcing to vendors and third-party contractors will provide efficiencies and reduce costs, but also create concentration and supply chain risks.In this challenging landscape, having a firm understanding of how to minimise the impact of a disruption to your external stakeholders and the broader economy, and knowing where your organisation’s vulnerabilities lie will help you recover more quickly and minimise customer harm.Our operational resilience framework helps organisations identify vulnerabilities, understand the root cause and create solutions to address them. We review cyber resilience program governance, enhance existing technologies, and oversee operational processes and controls to improve your operational resilience. CPS 230 – APRA’s new standard to improve operational risk and resilience The Australian Prudential Regulation Authority (APRA) released the final new prudential standard that sets minimum operational resilience requirements to always be maintained to ensure that any disruptions minimise consumer harm. Read more Our operational resilience services Protiviti’s operational resilience consulting includes: Pro Document Consent Program development Cyber resilience program designed for the size and complexity of your business. We leverage industry leading operational resilience frameworks, with a focus on governance and alignment with foundational elements. Pro Building office Program assurance Assess the firm’s current practices with regard to operational resilience, including an assessment of the foundational elements. Pro Legal Briefcase Resilience scenario testing Challenge existing resilience practises through enterprise wide scenario testing to simulate “extreme but plausible” scenarios impacting important business services of the firm. Pro Rightmark Square Maturing foundation elements Address known deficiencies in foundational elements of operational resilience: business resilience, cyber resilience, third-party resilience, technology resilience. Operational Resilience experts at Protiviti help organisations demonstrate, enhance and improve their resilience The Protiviti advantage Operational resilience experts at Protiviti help organisations demonstrate, enhance and improve their resilience.We help organisations demonstrate and improve resilience, building on existing business continuity management activities, IT disaster recovery and cybersecurity incident response. Our experts bring a breadth of knowledge across the four domain areas of operational resilience: business, technology, cyber and third-party.Business resilience: We help build and enhance existing business continuity programs to more closely align to evolving best practice under resilience.Technology resilience: We help our clients most difficult technology risk challenges, such as data architecture, cloud strategy, data centers and identity and access management.Cyber resilience: We offer a leading cyber resilience practice and help with challenges such as NIST framework and ISO 27001 implementation, penetration testing and PCI compliance.Third-party resilience: We help our clients manage supplier oversight challenges such as strategy and framework design, assessment operations, implementation solutions and remediation efforts.We work with and report to executive leaders and the board to address and assist organisations with:Current state assessment & setupImportant business service and process formalisationImpact tolerance developmentFront-to-back mappingScenario testing and simulation exercise developmentProgram implementationMature foundational elementsIndependent assurance of program deliverySecond or third line supportDevelopment and strengthen existing internal audit planCybersecurity programBCP support & reviewTechnology strategy review and enhancementOur operational resilience expertise is complimented by strong, active relationships with our clients and regulators. Our resilience services team continues to work closely with trade associations, including Global Financial Markets Associations (AFME, ASIFMA and SIFMA), of which we have co-authored publications with both SIFMA – Quantum Dawn VII and Quantum Dawn VI – and AFME – Cloud Risk and Resiliency. Operational Resilience experts at Protiviti help organisations demonstrate, enhance and improve their resilience Risk management and regulatory compliance go hand-in-hand. Find out more about Protiviti's regulatory compliance services. Click here Leadership Hirun Tantirigama Hirun is a managing director with 15 years’ experience in providing risk and regulatory advisory services across a variety of clients and industries. He has led complex, transformational programs across areas such as operational risk, regulatory remediation, operational ... Learn More Mark Burgess Mark is a managing director and Protiviti’s risk and compliance solution lead. With over 17 years of risk and regulatory compliance experience in the financial services industry, he has a proven track record delivering deep insights for his clients.Mark has spent a ... Learn More Matthew Pirera Matt is a managing director in Protiviti Australia’s risk and compliance team and is responsible for leading the delivery of best practice solutions across Protiviti’s key clients. Matt is the national financial services industry lead, also leading the Protiviti ... Learn More Premium associate memberships Protiviti is a Premium Associate Member of SIFMA, AFME and ASIFMA, collectively part of the Global Financial Markets Association (GFMA). Protiviti actively engages with the associations, committees and working groups, sharing insights and expertise on crucial industry developments, speaking at conferences an events, and contributing to advocacy efforts for effective and resilience capital markets. Our membership allows us to contribute our deep understanding of the continued evolving and competitive financial services industry landscape. Survey December 22, 2023 2024 Top Risks in the Financial Services Industry Protiviti and NC State University’s ERM Initiative have been conducting our Top Risks Survey for the past 12 years. This journey began just as financial markets around the world were starting their long, slow recovery from the global financial crisis, and has since covered the worst global pandemic in 100 years as well as near record-low interest rates followed... Learn more Featured insights INSIGHTS PAPER Top compliance challenges facing the technology industry in 2025 In the fast-paced world of technology, both regulators and companies face challenges applying existing laws to new and rapid developments. Given the high stakes of non-compliance, which may lead to business restrictions, technology companies’ senior... WHITEPAPER Reframing Regulatory Change: Adapting to Win Regulations continue to expand in number and scope, driven by a variety of sources. As a result, the industry must deal with regulatory change on an ongoing basis. Some companies take an ‘adapting to win’ approach, which benefits not just how they... INSIGHTS PAPER Part 2: Risk transformation and the intersection with business transformation Risk maturity is a measure of an organisation’s risk management capabilities and culture. As organisations raise their risk maturity, it enhances elements across governance and framework, processes, people and organisations, methodologies, systems... INSIGHTS PAPER Part 1: Value chain mapping for risk transformation in Australia's new regulatory environment New regulations in Australia have created new priorities around governance, executive accountability, and operational resilience. The new rules raise pressure on firms to transform in multiple ways, including through value chain analysis. PODCAST Risky Women Radio | Women in Risk Management: Challenges and Opportunities Dive into the world of women in risk management. In this Risky Women podcast, Jenny Wong & Gayle Lacey discuss risk management challenges & opportunities. IN FOCUS Will CrowdStrike serve as a reboot on tech resiliency? Global IT systems are still in reboot and recovery after a software update by cybersecurity vendor CrowdStrike caused a massive worldwide outage of Windows computers. Global businesses, governments and organisations were impacted across several... WHITEPAPER Guide to business continuity & resilience Plan for the Unexpected. Build Resiliency. Instill your organisation with the advantage to endure company disruptions and consistently meet business goals with reduced financial, operational, cybersecurity, and efficiency losses. Assess your areas... WHITEPAPER CPS 230 – APRA’s new standard to improve operational risk and resilience On 17 July 2023, the Australian Prudential Regulation Authority (APRA) released the final new prudential standard CPS 230 Operational Risk Management, which is mostly aligned to requirements in other jurisdictions, including the United States, the... BLOGS How tech firms can prepare for new EU operational resilience rules on ICT risks A two-step indicator-based approach proposed by EU supervisory authorities will be used to assess ICT services providers to determine whether they should be designated as critical and subjected to oversight under the Digital Operational Resilience... BLOGS Building technology resilience: aspects and actions Building technology resilience is a continuous process. Technology resilience programs call for diligent monitoring, constant adaptation to evolving threats and continual evolution to respond to a shifting threat landscape. To begin with, they... WHITEPAPER Australia’s Critical Infrastructure Act Reforms — A Positive Step in Strengthening Industry-wide Resilience The existing Security of Critical Infrastructure Act 2018 (SOCI Act), which requires owners and operators to take steps to safeguard defined critical infrastructure assets, has recently been amended to broaden the scope of industry sectors. This has... Button Button Client Story September 24, 2024 Enhancing Cyber Resilience Strategies in Global Manufacturing with the FAIR Methodology Protiviti helps a global manufacturer enhance cyber resilience strategies with a Factor Analysis of Information Risk (FAIR) quantification programme. Read more Case Studies Global Bank Gains Protiviti Support in Second-Line Risk Transformation Client Challenge A regulatory agency informed a global banking institution that it must reform its second line of defence and embed operational resilience across the organisation. The immediate need was to challenge, improve and document the second-line target operating model for the newly created resilience risk function. The bank also required support and new insights to manage the target operating model rollout and deliver a communications strategy and internal and external engagement model. Approach Protiviti undertook the challenge by developing a project plan with workstreams and sub-workstreams, providing and experienced project management office (PMO) consultant to lead the team, recruiting its Operational Resilience Global Command Centre to provide regular briefings on regulatory expectations and peer insights to build into project strategy, and providing a clear handover highlighting potential roadblocks for future milestones and making remediation strategy. Value Delivered Protiviti developed a robust target operating model for the newly formed resilience risk function. The project team improved PMO and outputs meeting global transformation standards and methodology. Protiviti crafted a communications strategy and actively led outreach activities to maintain employee engagement and group buy-in. An engagement model was delivered for internal and external stakeholders in line with organisational redesign principles and an understanding of gaps and areas for improvement was collected in a risk and control library to manage resilience risk. Protiviti Helps Client Define and Create New Technology Risk Framework Client Challenge The EU arm of a large global asset management firm was struggling to meet the needs of a rapidly evolving business landscape with maintaining the grasp of key technology risks. The firm recognised that the evolving technology landscape and emerging threats required a reevaluation of strategy and approach within the second line technology risk function. Management sought a capable partner to review and enhance their technology risk framework and operating model. Approach The firm asked Protiviti to review and design a new strategy to support future needs. Actions include working with the client’s first, second and third lines of defence to understand their business and how technology risk needed to respond, defining a strategic model and outlining a new risk operating model, and boosting the performance and design of technology risk governance, risk analysis, stakeholder engagement, control compliance, cybersecurity, risk tooling and other relevant areas of involvement. Value Protiviti helped the client design a future target operating for technology risk and articulated its vision across the organisation. Efforts resulted in a clearly defined operating model with clear responsibilities for risk and control management. Production of a central suite of reports gave all stakeholders timely risk and control information and reduced the risk of duplicated efforts. Full integration of IT risk management and operational risk management enabled the business to effectively evaluate all technology risks impacting functions and business processes. Protiviti Helps Global Financial Firm Conduct Rigorous Operational Resilience Assessment Challenge A global financial institution was given a regulatory mandate to address operational resilience. Driven by the first line, it would assess planned initiatives against leading practises and enhance plans where necessary. It would help draft regulatory responses, develop a go-forward strategy for the first line, including criticality framework, resilience operating model and testing approach, and work with the second line to develop metrics to monitor resilience and challenge first-line efforts. Approach A Protiviti team embedded across the delivery workstreams, partnered with the client to align combined efforts with leading practises and expectations from a global set of regulators and to conduct the following operations – perform a current state assessment of operational resilience efforts, benchmarking against regulatory expectations and leading practises and create a go-forward plan that accounted for work efforts to date and organisational/system limitations to address resilience concern. Value Delivered Protiviti helped create a global resilience strategy and operating model to align the client organisation with the pending demands of regulators. Guiding principles, frameworks and industry and regulatory insights were provided, allowing for the advancement of resilience efforts and enhanced board and management reporting. A framework was created to address and validated the organisation’s critical business services, and a customised strategy and approach were developed for resilience capability testing.