Article Posted date 18 January 2023
2 min read

Timeline | Key considerations | Key themes | Focus areas | Download guidance | How we can help



Strengthening your operational risk and resilience practices

KPMG is pleased to share information on The Australian Prudential Regulation Authority (APRA) release of draft cross-industry Prudential Standard CPS 230 Operational Risk Management which has been designed to strengthen the management of operational risk by all APRA-regulated entities.

The proposed standard underpins CPS 220 Risk Management and replaces several existing standards including CPS/SPS 232 Business Continuity management and CPS/SPS 231 Outsourcing.



CPS 230 timeline

July 2022 
Consultation open

21 October 2022
Consultation closes

Early 2023
CPS 230 finalised

1 January 2024
Effective date



Key considerations for CPS 230

In consideration of the proposed timeframe for implementation, APRA regulated entities should start considering the key components of the proposed standard now to ensure they are appropriately prepared. Whilst the construct of the draft prudential standard may change, the key themes are still features of APRA’s updated Corporate Plan, which indicates they are will remain as areas of regulatory focus regardless of the outcome of the consultation.



Key themes of CPS 230

  • Be prepared for risk events – Entities must ensure effective process to support the management and response to risk events, effectively reducing their impact
  • Be resilient – Entities must be able to continue to operate through the ever-increasing breadth of disruption, providing critical services to their customers.
  • Protect the entity and the community – Business Continuity Planning and exercising will be critical to ensure that the impact of disruptions is minimised to an acceptable/ tolerable level


CPS 230 areas of focus

  • Operating model
  • Critical operations
  • Material service providers
  • Business continuity
  • Incident management
  • Controls management


Download further guidance

Key elements of draft prudential standard CPS 230 – December 2022

CPS 230 Operational Risk Management

Opens in a new window

Aligning CPS 230 to existing regulatory architecture

CPS 230 Operational Risk Management

Opens in a new window

Considerations for a periodic assurance review

CPS 230 Operational Risk Management

Opens in a new window

Considerations for the Chief Operating Officer

CPS 230 Operational Risk Management

Opens in a new window


Strengthening your operational risk practices

The KPMG team has deep experience in supporting our Global Financial Services clients across Europe, the UK and ASPAC to respond to evolving regulation and framework changes and implement Operational Risk and Resilience practices.

Regular updates comprised of thoughts, insights and learnings about this important regulatory change will be rolled out. Please contact us for an individual briefing on what the changes will mean for you.



Contact our team

Mark Tims blog posts
Mark Tims
Partner, Technology Risk & Cyber
KPMG Australia
Profile | | Phone
Gavin Rosettenstein blog posts
Gavin Rosettenstein
National Leader, Third Party Risk Management
KPMG Australia
Profile | | Phone
Kathleen conner blog posts
Kathleen Conner
Partner, Risk, Strategy & Technology
KPMG Australia
Profile | | Phone
Campbell Logie-Smith blog posts
Campbell Logie-Smith
Director, Cyber Resilience, Technology Risk & Cyber
KPMG Australia
Profile | | Phone


Related content

Businesswoman with protective face mask checking financial trading data
Businesswoman with protective face mask checking financial trading data
Financial Services
Financial Services
Financial Services

We work with our financial services clients to help them thrive in a rapidly transforming industry.

We work with our financial services clients to help them thrive in a rapidly transforming industry.

We work with our clients to help them thrive in a rapidly transforming industry.

Banking and Capital Markets services
Banking and Capital Markets services
Banking & Capital Markets
Banking & Capital Markets
Banking & Capital Markets

Deep banking sector knowledge and a highly experienced team combine to assist clients navigate the complex challenges of today and into the future.

Deep banking sector knowledge and a highly experienced team combine to assist clients navigate the complex challenges of today and into the future.

We help clients to navigate the complex challenges facing the banking industry.

Risk Strategy & Technology
Risk Strategy & Technology
Risk Strategy & Technology
Risk Strategy & Technology
Risk Strategy & Technology

KPMG’s Risk Strategy & Technology team helps clients with the design and transformation of their governance and enterprise risk management frameworks.

KPMG’s Risk Strategy & Technology team helps clients with the design and transformation of their governance and enterprise risk management frameworks.

Our Risk Strategy & Technology team helps with governance and risk management frameworks.

Risk & Governance Insights Subscription
Risk & Governance Insights Subscription
Risk & Governance Subscription
Risk & Governance Subscription
Risk & Governance Subscription

Sign up for risk and governance insights – delivered direct to your inbox.

Sign up for risk and governance insights – delivered direct to your inbox.

Sign up for risk and governance insights – delivered direct to your inbox.