Interest in operational resilience has no doubt boomed among your clients, whether they’re in a heavily regulated industry or not. But an OpRes program won’t happen without the right governance structures.
Who, then, is in charge of effective governance of operational resilience? Read on to find out.
What is corporate governance?
Well, corporate governance itself refers to the broader system of rules, practices, and processes by which a company is directed and controlled. Various stakeholders are likely to be involved in that system.
And whether it’s for shareholders, Boards, senior leadership, line managers, regular employees, or customers, the goal of corporate governance is to manage the business to maximize long-term value while safeguarding the interests of all those stakeholders.
Effective governance of operational resilience
In the case of operational resilience, though, effective governance is meant to keep the firm operating in a safe and sound manner, in compliance with applicable laws and regulations.
Who should get involved to ensure the effective governance of OpRes, though?
The same stakeholders are likely to be involved, only to slightly different ends and with slightly different purposes. Indeed, the main players are likely to be:
- The Board of Directors
- Senior leadership/management
The role of the Board of Directors in the effective governance of operational resilience
What is the role of the Board in the governance of operational resilience? Most importantly, the Board is likely to be on the hook for complying with OpRes statutes such as APRA 230.
However, they play a far more fundamental role than just compliance. What’s that?
The firm’s Board is the group that approves and periodically reviews the firm’s risk appetite for weathering disruption from operational risks, both at the enterprise level and for the firm’s critical operations and core business lines, as well.
In setting the firm’s risk appetite, the Board also articulates tolerance for disruption considering the firm’s risk profile and the capabilities of its supporting operational environment.
What else?
The Board also oversees the firm’s management of operational risk in its business line operations, independent operational risk management function, and independent internal (or external) audit function.
The role of senior management in the effective governance of operational resilience
At a slightly removed perched as it tends to be, the Board is unlikely to operate alone in the governance of OpRes. With whom does the Board work?
The Board works closely with senior management to (a.) confirm that operational resilience practices are led and staffed by individuals with relevant expertise, (b.) approve appropriate budgets and resources, and (c.) promote a culture of effective risk management.
For what else is senior management accountable? Senior management is responsible for the following:
- Ensuring that the firm’s management of operational risk in its business line operations, independent operational risk management function, and independent internal (or external) audit function adheres to the established tolerance for disruption
- Maintaining a detailed, accurate, and regularly updated overview of the firm’s organizational and legal structure that identifies the critical operations and core business lines of the firm and its material entities
- Developing, implementing, and managing effective and resilient information systems and controls, as appropriate, to maintain critical operations and core business lines consistent with the firm’s tolerance for disruption
Finally, clients are likely clamoring to kickstart OpRes programs. But they will need effective governance arrangements to ensure everything gets done as it should and in accordance with the law.
What other challenges should clients anticipate? Download our guide, Operational Resilience: Overcoming Setup Challenges, to find out.