TheAICommand: Your Command Centre for AI

TheAICommand Learning Library

Module TAIC-LM-G05

APRA CPS 230

Operational Risk Management

A learning module for Australian financial services practitioners

Foundation – Practitioner – Leader

Module ID	TAIC-LM-G05
Title	APRA CPS 230 – Operational Risk Management
Audience tier	Foundation, Practitioner, Leader
Estimated reading time	Approximately 24 minutes (calculated at 220 words per minute)
Prerequisites	TAIC-LM-G01 Corporations Act, TAIC-LM-G02 Privacy Act, working familiarity with the APRA prudential framework
Format	Self-paced module plus 30 question MCQ assessment (25 to 30 minutes)
Last updated	April 2026

Learning outcomes

On completing this module learners will be able to:

Describe the four pillars of CPS 230 and the in-force and transitional dates that apply to APRA regulated entities.
Identify a critical operation, document a tolerance level, and explain the rationale that supports each.
Apply the service provider risk management requirements, including tiering and contractual content, to a vendor scenario.
Evaluate the maturity of an operational risk framework against the standard and prioritise improvement actions.
Design an AI assisted workflow that supports CPS 230 obligations under appropriate governance and privacy controls.
Construct a Board ready attestation pack that links framework artefacts, testing evidence, and incident learnings.

TheAICommand. Intelligence, At Your Command.

1. Executive summary

APRA Prudential Standard CPS 230 Operational Risk Management is the most consequential operational risk reform for Australian financial services in a generation. It consolidates and strengthens previous expectations on operational risk, business continuity, and outsourcing, and it elevates Board accountability for resilience. The standard came into force on 1 July 2025, with a transitional arrangement that allows existing material service provider contracts to continue under the prior framework until 1 July 2026. Practitioners now operate under a single, integrated set of obligations covering operational risk management, critical operations and tolerance levels, the management of material service providers, and Board oversight.

This matters because Australian financial services firms increasingly run on networks of cloud platforms, fintech partners, and shared service centres that sit outside the regulated entity. When any of these fail, customers and members lose access to payments, claims, advice, or savings. APRA expects regulated entities to identify what truly cannot fail, define the maximum disruption that members and customers can tolerate, prove that the operation can recover within that tolerance, and hold the Board accountable when it cannot.

By the end of this module you will be able to read the standard, identify a critical operation, set and justify a tolerance level, build a service provider tier, draft a Board attestation, and design an AI assisted workflow that strengthens these activities without creating new privacy or model risk exposures. You will be able to:

Map your entity to the four pillars of CPS 230 and identify the practical artefacts each pillar requires.
Run an operational resilience self-assessment that is defensible against APRA review.
Operate a documented, audit-ready CPS 230 working rhythm using AI assistance and clearly defined human-in-the-loop controls.

2. Regulatory and strategic context

Issuer and statutory authority

CPS 230 is issued by the Australian Prudential Regulation Authority under section 11AF of the Banking Act 1959, section 32 of the Insurance Act 1973, section 230A of the Life Insurance Act 1995, and section 34C of the Superannuation Industry (Supervision) Act 1993. It applies to authorised deposit-taking institutions, general insurers, life insurers, private health insurers, registrable superannuation entity licensees, and the authorised non-operating holding companies above them. Foreign branch operations and subsidiary structures are captured in the consolidated application of the standard.

Scope, key dates, and transitional arrangements

The standard came into effect on 1 July 2025. APRA confirmed a one year transitional arrangement that allows existing material service provider contracts entered into prior to that date to remain on legacy terms until 1 July 2026, after which all such arrangements must be uplifted to comply. This is not a deferral of CPS 230 itself. The core obligations covering the operational risk management framework, critical operations identification, tolerance levels, business continuity testing, and Board accountability all began on 1 July 2025. Entities still relying on legacy outsourcing contracts in 2026 should treat the runway as a remediation deadline rather than a comfort window.

Interplay with adjacent prudential standards

CPS 230 does not stand alone. It replaces CPS 231 Outsourcing and CPS 232 Business Continuity Management and consolidates parts of CPS 220 Risk Management, while reinforcing CPS 234 Information Security and CPS 511 Remuneration. Practitioners should treat the prudential standards as a connected operating model, not a stack of independent obligations.

Adjacent standard	Connection to CPS 230	What to align
CPS 220 Risk Management	Operational risk is one of the risk types managed under the broader risk management framework. CPS 230 specifies how operational risk must be controlled, tested, and reported.	Risk appetite statement, RCSA program, and Board risk reporting cadence.
CPS 234 Information Security	Information security incidents are one of the principal causes of operational risk events and disruptions to critical operations.	Information asset register, incident notification, and joint scenario testing.
CPS 511 Remuneration	Failure to deliver on operational resilience obligations can adjust variable remuneration outcomes for accountable persons.	Risk and conduct gateways, malus and clawback triggers, consequence management evidence.
CPS 232 BCM (replaced)	CPS 232 obligations are absorbed into the business continuity pillar of CPS 230 with a higher bar around critical operations and tolerance levels.	Re-baseline BCPs against critical operations rather than business units.
CPS 231 Outsourcing (replaced)	CPS 231 obligations are absorbed and broadened. CPS 230 covers all material service providers, not only outsourcing of material business activities.	Service provider register, materiality criteria, and contractual content.

Strategic implications

The strategic shift in CPS 230 is the move from compliance based business continuity to outcome based operational resilience. APRA expects entities to demonstrate, with evidence, that critical operations can keep running within stated tolerances even when severe but plausible events occur. Boards must own the resilience agenda, including the choice of tolerance levels and the residual risk that follows. Heads of Operational Risk, Heads of Resilience, and Chief Risk Officers should expect direct engagement with APRA supervisors on the credibility of tolerance levels, the realism of scenario testing, and the depth of fourth party visibility. The reform also creates new requirements for incident notification to APRA and for end to end accountability over service provider performance, both of which carry reputational and supervisory consequences when missed.

Visual 1: Regulatory authority map for CPS 230

The diagram below shows the layered authority structure that produces CPS 230 and the actors that operate under it. It is rendered in descriptive table form for readability, and is also suitable for designer rendering in Lucidchart or Whimsical.

Layer	Actor or instrument	Role under CPS 230
Statutory authority	Banking Act 1959, Insurance Act 1973, Life Insurance Act 1995, SIS Act 1993	Empower APRA to issue prudential standards binding on regulated entities.
Regulator	Australian Prudential Regulation Authority (APRA)	Issues, supervises, and enforces CPS 230. Sets reporting expectations and conducts targeted reviews.
Standard	CPS 230 Operational Risk Management	Establishes the four pillar regime: framework, business continuity, service providers, Board accountability.
Co-regulator	ASIC, AUSTRAC, OAIC	Adjacent obligations on conduct, AML/CTF, and privacy that intersect with operational events and notifications.
Industry body	AFMA, FSC, ABA, COBA, AIST, ASFA	Industry guidance, peer benchmarking, and policy advocacy.
Regulated entity	ADI, insurer, super trustee, AFSL holder operating within a CPS 230 entity	Implements the operational risk framework, sets tolerances, oversees service providers, attests at Board.
Material service provider	Cloud, claims platform, custodian, administrator, fintech partner	Subject to risk based oversight, contractual obligations, and direct entity testing.

3. Core concepts and defined terms

CPS 230 introduces a tightly defined vocabulary. Practitioners must use these terms exactly as APRA does. Slippage in language often signals slippage in control.

Defined terms

Term	CPS 230 meaning	Implication for practitioners
Operational risk	The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events. Includes legal risk but excludes strategic and reputational risk in isolation.	Anchor your taxonomy to this definition. Reputational impacts are captured as consequences, not standalone risks.
Critical operation	A process or activity whose failure would have a material adverse impact on the financial soundness of the entity or on its members, customers, or beneficiaries.	Identify a tight, defensible list. APRA will probe both inclusions and omissions.
Tolerance level	The maximum level of disruption to a critical operation that the entity is willing to accept. Expressed in time, volume, or another quantitative measure.	Each tolerance must be Board approved, evidence based, and testable.
Material service provider	A service provider on which the entity relies to undertake a critical operation, or that exposes it to material operational risk.	Tiering must be documented and refreshed at least annually.
Fourth party	A subcontractor of a material service provider that supports the same critical operation.	Map fourth parties to the same standard you apply to material service providers.
Severe but plausible scenario	A disruption that is more extreme than routine, yet realistic enough to plan against.	Use scenario libraries that reflect Australian threat landscape and recent events.
Operational risk profile	The current view of inherent and residual operational risks, controls, incidents, and emerging issues.	Update at the cadence specified in the framework, never less than annually.
Board attestation	A formal Board affirmation that the operational risk management framework meets the standard.	Tie attestation to evidence packs and documented assurance work, not management assertion alone.
Operational risk event	An incident that has caused, or could have caused, operational loss, control failure, or disruption.	Capture near misses. APRA reviews near miss data as an indicator of control health.
Recovery time objective	The target duration within which a critical operation must be restored after disruption.	RTO must align with the tolerance level, never exceed it.

Pillar 1: Operational risk management framework

The operational risk management framework must include risk identification and assessment, controls and mitigation, monitoring and reporting, internal controls testing, change management, and lessons learned from incidents and near misses. APRA expects the framework to be embedded in business as usual, refreshed at least annually, and stress tested through scenario analysis. The framework must connect to the broader risk management framework under CPS 220 and to the information security framework under CPS 234.

Pillar 2: Business continuity, critical operations, and tolerance levels

Entities must identify critical operations, set tolerance levels, and maintain a business continuity plan that can deliver continuity within the tolerance. The plan must be tested at least annually using severe but plausible scenarios, and it must be refreshed when material changes occur. Tolerance levels are not aspirations. They are commitments that the Board must be able to defend with evidence and that the executive must be able to deliver against.

Pillar 3: Management of material service providers

Entities must maintain a current register of material service providers, perform pre-contract due diligence, embed minimum contractual terms, manage concentration risk, and notify APRA of material developments. Material service providers cover the full scope of providers relied on for critical operations, not only legacy outsourcing arrangements. Fourth parties must be visible to the entity.

Pillar 4: Roles, responsibilities, and Board accountability

The Board is ultimately accountable for the operational risk management framework, including approval of risk appetite, tolerance levels, and material outsourcing decisions. Senior management is accountable for execution. The three lines model applies, with assurance over the framework provided by the second and third lines and reported to the Board at a defined cadence.

Visual 2: Business continuity lifecycle under CPS 230

The lifecycle below shows how a critical operation moves from identification to closure of an event and back into improvement. It is rendered as a structured table specification that a designer can convert directly to Lucidchart or Whimsical.

Stage	Activity	Output artefact
1. Identify	Identify critical operations, dependencies, and supporting service providers.	Critical operations register, dependency map.
2. Tolerate	Set tolerance level for each critical operation. Approve at Board.	Tolerance level statement, Board minute.
3. Plan	Build BCP that delivers continuity within tolerance. Map workarounds and recovery paths.	BCP, RTO and RPO matrix, contact tree.
4. Test	Test the plan annually using severe but plausible scenarios. Document gaps.	Scenario test report, residual gap log.
5. Detect	Monitor leading indicators and incident triggers. Activate response if disruption occurs.	KRI dashboard, incident log, activation log.
6. Recover	Execute the BCP. Communicate to customers, regulators, and the Board within required timeframes.	Incident timeline, communications, regulator notice.
7. Learn	Conduct post incident review. Update controls, plans, and tolerances.	Post incident review, action register, framework update.

4. Practical application in Australian financial services

CPS 230 reads similarly across regulated entities, but the practical implementation differs by sector. The four worked examples below illustrate how the same standard plays out for an ADI, an insurer, a superannuation trustee, and an AFSL holder operating under a regulated parent. Each example follows the same structure: trigger event, obligation activated, artefact produced, and audit trail expected.

Example A: ADI – retail payments outage

Trigger event. The card scheme switch operated by a material service provider degrades for ninety minutes during peak retail hours, blocking authorisations on a major card portfolio.

Obligation activated. Retail card authorisations are a critical operation with a Board approved tolerance of forty five minutes of full unavailability in any twenty four hour period. The disruption breaches tolerance and triggers the operational risk event policy, the retail payments BCP, and the APRA notification protocol.

Artefact and audit trail. The event is logged with severity, customer impact estimate, and recovery timeline. The Board receives same day notification, APRA receives notice consistent with reporting requirements, and the post incident review updates the service provider risk assessment, refreshes the tolerance rationale, and adjusts joint scenario testing. APRA review will look for the Board approved tolerance, the BCP, the live decision log, customer communications, the regulator notice, and traceable post incident actions.

Example B: General insurer – catastrophe claims surge

Trigger event. A severe weather event in Queensland generates a tenfold increase in claims volume over four days, with the third party claims platform showing intermittent latency.

Obligation activated. Catastrophe claims handling is a critical operation with a tolerance set on claims throughput per hour, not on availability alone. The BCP surge plan pre-positions internal claims teams to support the third party platform. The service provider register tiers the platform as Tier 1. The event triggers the surge plan and the material service provider escalation protocol.

Artefact and audit trail. The surge activation log, daily Board update, throughput monitoring report, service provider performance log, and post event tolerance review. APRA review tests whether the tolerance reflects what matters to policyholders, whether the surge plan was tested in the prior twelve months, whether fourth party dependencies were mapped, and whether lessons converted into framework updates.

Example C: Superannuation trustee – administrator unit pricing failure

Trigger event. The fund administrator publishes incorrect unit prices for two trading days. Some members switch investment options on the basis of the incorrect prices.

Obligation activated. Accurate unit pricing and member transactions are critical operations. The administrator is a Tier 1 material service provider. The event triggers the operational risk event policy, member remediation protocols, APRA notification, and a materiality assessment under the trustee's breach reporting framework.

Artefact and audit trail. Member impact register, remediation methodology, member communications, APRA notification, administrator root cause report, and updated joint testing schedule. APRA review tests the trustee's independent challenge of the administrator's root cause and evidence of remediation. ASIC interest is likely because of the conduct dimension.

Example D: AFSL holder – advice platform technology incident

Trigger event. An advice platform used by financial advisers within an AFSL holder loses access to client risk profiling for an afternoon during a volatile market session.

Obligation and audit trail. Where the AFSL holder sits within an APRA regulated group, CPS 230 applies through the group framework. Adviser access to risk profiling supports a critical operation tied to advice quality and best interests obligations. The artefact set covers adviser advisory note, manual workaround procedure, client impact assessment, post incident review with a conduct lens, and updated control test plan. APRA review will focus on the framework while ASIC may engage on the conduct outcome.

Visual 3: CPS 230 benchmarked against adjacent operational resilience frameworks

Practitioners frequently encounter a question from Boards and offshore parents: how does CPS 230 compare to other operational resilience regimes? The table below sets out the principal points of comparison.

Dimension	APRA CPS 230	UK PRA SS1/21 – Operational Resilience	EU DORA
Effective date	1 July 2025, transitional MSP arrangements to 1 July 2026	31 March 2022, with full implementation by 31 March 2025	17 January 2025
Scope	All APRA regulated entities and authorised NOHCs	PRA regulated firms and FMIs in the UK	EU financial entities and ICT third party providers
Resilience anchor	Critical operations and tolerance levels	Important business services and impact tolerances	Critical or important functions and ICT risk
Service provider regime	Material service providers, including non-outsourcing reliance	Outsourcing under SS2/21 and operational resilience	ICT third party risk under DORA, including subcontractors
Board accountability	Express Board accountability and attestation	Senior management function accountability	Management body accountability and oversight
Testing expectation	Severe but plausible scenarios at least annually	Scenario testing within tolerance, mapped end to end	Threat led penetration testing for systemically important entities
Incident reporting	Notification to APRA on material operational risk events	PRA and FCA notification under existing rules	Major ICT related incident reporting to authorities
Penalty exposure	Supervisory action, enforceable undertakings, licence conditions	Supervisory action and PRA fines	Fines up to two percent of annual worldwide turnover for ICT third parties

Visual 4: Material service provider tiering matrix and RACI

The matrix below combines the tiering rule with the RACI for ongoing oversight. It is the artefact most often requested by APRA during a thematic review.

Tier	Definition	Owner	Risk function	Internal Audit	Board
Tier 1 – Critical	Supports a critical operation directly. Failure breaches tolerance.	R	C	C	I and approve
Tier 2 – Material non-critical	Material operational risk exposure but not directly tied to a critical operation.	R	C	I	I
Tier 3 – Material support	Material reliance, no direct tolerance breach pathway.	R	I	I	I
Tier 4 – Non-material	Routine vendor. Manage under standard procurement controls.	R	I	I	Not required

R = Responsible, A = Accountable for the framework rests with the Board, C = Consulted, I = Informed.

Visual 5: Illustrative operational resilience indicators

The figures below are illustrative only and are not drawn from any single regulated entity. They are intended to show the cadence and shape of metrics that an Operational Resilience function should be reporting to the Board.

Quarter	Critical operations identified	Tolerance breaches (illustrative)	Severe but plausible tests run (illustrative)	Material service providers under review (illustrative)
Q1	12	1	3	8
Q2	12	0	4	10
Q3	13	2	5	12
Q4	13	1	6	14

Visualise as a stacked column chart with quarters on the x axis and the four metrics layered. Confirm the illustrative label is on every export.

5. AI workflow: operating CPS 230 with AI

AI is most useful in CPS 230 work when it accelerates document heavy, pattern matching tasks under firm human-in-the-loop control. The workflow below is built for an Operational Resilience function. It assumes an enterprise grade AI environment, de-identified inputs, and documented governance.

5.1 Use cases at scale

AI can compress effort and improve consistency across the following CPS 230 tasks:

Mapping operational processes to critical operations and identifying candidate inclusions and omissions for human review.
Drafting tolerance level rationale memos using a structured template, evidence base, and Board ready language.
Generating control narratives and gap analyses from RCSA outputs and incident data.
Distilling Board pack content from raw working documents while preserving cited evidence.
Triaging regulator queries to the correct artefact, owner, and response template.
Producing first draft service provider risk assessments from due diligence inputs and threat intelligence.
Building scenario test scripts and tabletop facilitator notes from severe but plausible scenarios.
Maintaining a living glossary that aligns CPS 230, CPS 234, CPS 220, and CPS 511 vocabulary across the entity.

5.2 Project space setup

ChatGPT (Projects and Custom GPT)

Create a Project named CPS 230 Operational Resilience and apply enterprise tenancy controls so that data does not train a foundation model.
Configure a system prompt scaffold that includes the entity name, the regulator, the four pillars, the controlled vocabulary, and the human-in-the-loop rule.
Upload reference files: the public CPS 230 standard, your operational risk management framework, your critical operations register, your tolerance level statements, your service provider register, the BCP, and the most recent Board operational resilience report (de-identified).
Create file naming conventions: CPS230-ART-{ArtefactType}-{Owner}-{YYYYMMDD}-v{##}.
Build a Custom GPT for repeatable artefacts, for example a Tolerance Memo Drafter that always returns Role, Context, Evidence, Recommendation, and Open Questions.

Claude (Projects and Skills)

Create a Claude Project named CPS 230 Operational Resilience with file based memory, retention disabled where the entity’s policy requires it.
Add the system prompt scaffold and the controlled vocabulary as a project document.
Upload the same reference files as above. Add the post incident review template, the regulator response playbook, and the joint testing methodology.
Build a Claude Skill named cps230-resilience-architect with reference files for tolerance memos, control narratives, and Board attestations. Include a quality rubric and a pushy trigger description.
Add a companion red team Skill named cps230-red-team that stress tests draft outputs against APRA review questions before the human approves them.

5.3 Prompt library

Each prompt below follows the Role, Context, Task, Constraints, Output, Quality Bar pattern. Use them as starting points and adapt to your entity vocabulary.

Prompt 1: Critical operation identification workshop

Tolerance Workshop Prompt Role: You are a senior operational resilience consultant supporting an APRA regulated entity. Context: We are running a critical operations identification workshop for the {Business Line}. Source materials are the de-identified RCSA, the BCP register, the customer journey map, and the incident log. Task: Propose a candidate list of critical operations, with reasoning grounded in CPS 230 paragraph references. For each candidate, note the population affected, the soundness implication, and a draft tolerance level metric and unit. Constraints: Use APRA defined terms only. Do not invent metrics. Flag any input that appears to contain personal information. Output: A table with columns Candidate operation, Affected population, Soundness implication, Tolerance metric, Tolerance unit, Reasoning, Open question. Quality bar: Every row must cite a source artefact and a CPS 230 reference. The list should be defensible at APRA review.

Prompt 2: Tolerance level rationale memo

Tolerance Memo Drafter Role: You are an operational resilience writer drafting a Board ready memo. Context: We need to set the tolerance level for {Critical operation}. The current proposal is {Metric} of {Value}. Source evidence is {Evidence pack}. Task: Draft a 600 word rationale memo covering the metric, the value, the basis of evidence, the impact on members or customers, the Board accountable person, and the residual risk. Constraints: No em dashes. Australian English. No personal data. Cite each evidence point. Output: A structured memo with Heading, Recommendation, Evidence, Risk and Mitigation, Decision sought, Sign-off block. Quality bar: A reviewer should be able to defend the proposal in a Board meeting using only this memo.

Prompt 3: Service provider risk assessment

Service Provider Risk Assessor Role: You are a third party risk analyst familiar with CPS 230. Context: {Vendor} is being onboarded as a candidate Tier {1 or 2} material service provider. Inputs are due diligence pack, the SOC 2 report (de-identified), and the customer impact assessment. Task: Produce the first draft risk assessment covering inherent risk, control reliance, residual risk, fourth party exposure, concentration risk, and contractual gaps. Constraints: Do not include client lists or personal data. Do not invent figures. Output: A risk assessment artefact with sections Inherent risk, Controls, Residual risk, Fourth parties, Contractual gaps, Recommendation, Open questions. Quality bar: The artefact must be ready for human review and challenge before going to the procurement committee.

Prompt 4: Maturity assessment and gap analysis

CPS 230 Maturity Assessor Role: You are an internal audit lead conducting a maturity assessment. Context: Inputs are the operational risk framework, the policy stack, and the Board pack from the last twelve months. Task: Score each pillar of CPS 230 on a five level maturity scale (Initial, Developing, Defined, Managed, Optimised). Cite the evidence behind each score. Constraints: No fabrication. If evidence is missing, score the pillar as Initial and identify the gap. Output: A pillar by pillar table with score, evidence, gap, and recommended action ranked by impact. Quality bar: An external reviewer should accept the scoring without rework.

Prompt 5: Board attestation pack distillation

Board Pack Distiller Role: You are a chief of staff to the CRO. Context: Inputs are the operational resilience working papers, the testing log, the incident register, and the service provider register. Task: Distill the inputs into a 1,500 word Board attestation pack covering framework health, tolerance breaches, testing outcomes, service provider issues, and the proposed attestation language. Constraints: No personal data. No internal nicknames. Refer to incidents by reference number. Output: Sections Framework health, Critical operations, Tolerance breaches, Testing outcomes, Service providers, Attestation language, Open issues for the Board. Quality bar: The CRO should be able to walk into the Board meeting using only this pack.

Prompt 6: Regulator response drafter

APRA Response Drafter Role: You are a regulatory affairs specialist drafting a response to APRA. Context: The supervisor has requested information on {Topic}. Inputs are the supervisor letter, the relevant artefacts, and the entity’s prior responses on the topic. Task: Draft a structured response that addresses each question, cites the supporting evidence, and flags any open issues honestly. Constraints: Do not include personal data. Do not speculate beyond the evidence. No em dashes. Output: A draft letter with numbered responses, an evidence index, and a covering note for the CRO. Quality bar: The response should not require rewriting before legal review.

5.4 Governance, audit, privacy, and risk appetite controls

AI assistance must be operated under documented controls. The minimum control set for a CPS 230 workflow includes:

Mandatory de-identification rules. Personal data, market sensitive information, sanctions data, and active claimant or member data must be removed before any input is sent to a model. Use placeholder fields such as {ENTITY_NAME}, {VENDOR}, and {INCIDENT_REF}.
Human-in-the-loop checkpoints. AI outputs are drafts. A named human owner must review, edit, and approve every artefact before it leaves the working environment. Approval is logged.
Prohibited inputs. Do not upload personal information, customer lists, advice files, claimant medical data, market sensitive deal documents, sanctions lists, or live incident telemetry.
Retention and logging. Maintain a log of every prompt, model used, file inputs, output artefact reference, and human approver. Retention should align with the operational risk records retention policy and APRA expectations on operational records.
Model selection guidance. Default to enterprise tenancy with no training on entity data. Consider on-prem or sovereign hosting for inputs that touch CPS 234 protected information assets. Avoid consumer model surfaces for any CPS 230 work.
CPS 230 critical operation considerations. The AI environment itself may be a Tier 2 or Tier 3 service in your service provider register. Document the dependency, the fallback if the model is unavailable, and the response if the provider experiences an incident.
Australian Privacy Principles alignment. Apply APP 1 governance, APP 6 use and disclosure, APP 8 cross border disclosure, and APP 11 security to every AI use case. Privacy impact assessments should be refreshed when prompts, models, or data flows change.

5.5 Quality assurance loop

Run the following five step QA rubric on every AI output before it is signed off:

Accuracy. Does every claim trace to a cited source artefact in the entity’s evidence base?
Compliance. Does the artefact use APRA defined terms exactly, and does it map to the correct CPS 230 pillar?
Privacy. Has personal information, market sensitive content, or sanctions data been removed?
Decision quality. Does the artefact support a decision or action, with the decision option, evidence, and risk made explicit?
Tone and language. Australian English, no em dashes, no marketing language, no defensive hedging that obscures the issue.

Then run the following red team prompt against the draft to stress test it:

CPS 230 Red Team Prompt Role: You are an APRA supervisor reviewing the attached draft. Task: Identify the three weakest points in the artefact. For each, state why a supervisor would challenge it and what evidence would resolve the challenge. Output: A short critique under headings Weak point, Why it fails, Evidence required, Recommended fix.

5.6 Scaling pattern

Operationalising the workflow across an Operational Resilience team requires a few patterns:

Templates and skills. Convert the prompt library into Claude Skills and ChatGPT Custom GPTs so every analyst uses the same scaffolds.
Version control. Store skills, prompts, and reference files in a Git repository with change logs. Tag major framework reviews.
Model evaluation cadence. Re-test the prompt library every quarter against a benchmark set of artefacts. Capture drift in a model performance log.
Key risk indicators. Track AI assist coverage by artefact type, human approval rate, time saved per artefact, and any near miss generated by an AI output. Report to the operational risk committee at least quarterly.
Change management. Treat any change to model, prompt library, or reference set as a controlled change under the entity’s change management framework.

Visual 6: Five things to remember about CPS 230

CPS 230 – the five lines you must hold 1. The Board owns operational resilience. Tolerance levels are Board approved. 2. Critical operations are defined by impact on members and customers, not by org chart convenience. 3. Tolerance levels are testable commitments, not ambitions. 4. Material service providers extend beyond legacy outsourcing. Fourth parties matter. 5. Severe but plausible scenarios drive testing. Document outcomes and act on findings.

6. Common pitfalls and watch-outs

Across recent APRA thematic reviews and industry CPS 230 implementation programs, the same set of pitfalls appears repeatedly. Each pitfall below is paired with a one line corrective action.

Pitfall 1: Too many critical operations. Entities list everything that matters, which dilutes the standard. Action: tighten the list to operations whose failure has a clear member or customer impact and a soundness pathway.
Pitfall 2: Tolerance levels set by reverse engineering capability. Action: set tolerances based on member impact, then build the capability to deliver, with a transparent residual risk position to the Board.
Pitfall 3: Vendor register limited to legacy outsourcing scope. Action: extend scope to all reliance that meets the materiality threshold, including SaaS, fintech partners, and intra-group services.
Pitfall 4: Scenario testing that defaults to a server outage. Action: design scenarios across cyber, third party, people, and external events. Document why each scenario is severe but plausible.
Pitfall 5: Fourth party blind spots. Action: require Tier 1 vendors to disclose subcontractors that touch the critical operation, and assess them under the same rigour.
Pitfall 6: Board pack that asserts compliance without evidence. Action: anchor the attestation in a documented evidence pack with traceable assurance work.
Pitfall 7: AI workflow used without a privacy impact assessment. Action: require a privacy review and a model selection memo for any AI use case that touches operational risk artefacts.
Pitfall 8: Lessons learned that never close. Action: every post incident action must have an owner, a date, and an assurance check on closure.

7. Decision frameworks and tools

Decision tree: is this operation a critical operation?

Question	Yes path	No path
Does failure of this operation have a material adverse impact on members or customers?	Continue.	Not a critical operation. Manage under operational risk framework.
Does failure threaten the financial soundness of the entity within a foreseeable horizon?	Continue.	Reconsider. Most critical operations have at least an indirect soundness pathway through reputation, customer remediation, or regulatory action.
Can we set a measurable tolerance level for the operation?	Critical operation. Move to tolerance setting.	Re-scope the operation until you can. If you cannot measure, you cannot tolerate.
Is the tolerance defensible at Board?	Approve and embed in the BCP and service provider tiering.	Iterate the metric, value, or evidence base.

Maturity ladder: where is your CPS 230 program today?

Level	Description
1 – Initial	Awareness of CPS 230. No critical operations register. Outsourcing only view of vendor risk.
2 – Developing	Critical operations identified. Tolerance levels drafted but not Board approved.
3 – Defined	Tolerance levels Board approved. BCPs aligned to critical operations. Service provider tiering in place.
4 – Managed	Annual severe but plausible testing with documented gaps and actions. Fourth parties mapped. AI workflow under controls.
5 – Optimised	Living framework with cross pillar telemetry, real time dashboards, and integrated learning across CPS 220, CPS 234, and CPS 511.

Self-check questionnaire

Can you produce, within thirty minutes, your current critical operations register and the Board minute that approved each tolerance level?
Do you have a severe but plausible scenario test report for each critical operation in the last twelve months?
Can you list all Tier 1 material service providers, the contractual coverage, and the next review date?
Are fourth parties for each Tier 1 vendor mapped, with at least one scenario tested across the chain?
Does the Board attestation pack reference traceable evidence rather than management assertion alone?
Is there a documented AI workflow with a privacy impact assessment and human-in-the-loop controls for CPS 230 artefacts?
Are CPS 230 KRIs reported to the operational risk committee at the cadence specified in the framework?

8. Further reading and authoritative sources

The references below are starting points only. They should be supplemented by your entity’s own framework, internal audit reports, and APRA correspondence.

APRA, Prudential Standard CPS 230 Operational Risk Management (effective 1 July 2025) and accompanying Prudential Practice Guide CPG 230.
APRA, Prudential Standard CPS 220 Risk Management.
APRA, Prudential Standard CPS 234 Information Security.
APRA, Prudential Standard CPS 511 Remuneration.
APRA, Information Paper, Implementing CPS 230, including transitional arrangements for material service provider contracts.
ASIC, Regulatory Guide 271 Internal dispute resolution and Regulatory Guide 78 Breach reporting where operational risk events have a conduct dimension.
OAIC, Australian Privacy Principles guidelines, particularly APP 1, APP 6, APP 8, and APP 11.
Bank for International Settlements, Principles for Operational Resilience (2021), Basel Committee on Banking Supervision.
UK Prudential Regulation Authority, Supervisory Statement SS1/21 Operational Resilience, for international benchmarking.
EU Digital Operational Resilience Act, Regulation (EU) 2022/2554, for cross-jurisdictional comparison.
AFMA, FSC, ABA, COBA, AIST, and ASFA member guidance on CPS 230 implementation.
Risk Management Institution of Australasia and Governance Institute of Australia practitioner guidance on operational resilience and Board oversight.

TheAICommand. Intelligence, At Your Command. End of module – TAIC-LM-G05 – APRA CPS 230

APRA CPS 230 — Operational Risk Management