Play an Essential Role

Written By Kate Gannon
enterprise risk consultant

In a speech from #APRA yesterday to the COBA CEOs, I was impressed by the transparency from the regulator:

"As part of the (...) project, we developed a compilation of references for ADI directors designed to make it easier to understand their obligations. This led to a bit of a lightbulb moment for us when we found that it was 87 pages! This revelation led us to prioritise the review of our governance standard which is now more than a decade old."

As I traverse working across multiple clients in multiple industries, I have the same recurring thought with respect to internal policy frameworks.

πŸŒͺπŸŒͺπŸŒͺ How do we help business areas/owners navigate the vast array of policies and procedures through some overarching connected view? πŸŒͺπŸŒͺπŸŒͺ

It just sometimes does not feel fair or reasonable to expect people to be across what is sometimes a disconnected or stale set of policies. And, in a world focussed on accountability #FAR, this makes it hard to hold firm (from a consequence management perspective) on internal standards.

It occurs to me that there was a test applied when I was working in the Advanced Basel space which I think, by extension, would prove very helpful when designing or reviewing policies - THE USE TEST (link for the curious below). The use test is based on the concept that supervisors can take additional comfort in the advanced risk rating models where such components β€œplay an essential role” in how banks measure and manage risk in their businesses. This test made sure that the design of (in this case) risk rating model, considered how it would be used. By extension, this concept could apply to ensuring the design of a policy is absolutely informed by how it would be practically used or complied with.

As a policy owner, or reviewer, when was the last time you thought "How will we make sure this policy plays an essential role in managing this risk for our organisation?"

βœ‚βœ‚βœ‚ And, super cynically, doing a quick scan of external regulations for change and a grammar check before chucking it on the intranet probably doesn't cut it. βœ‚βœ‚βœ‚

August Advisory #HumanCentredRisk #CPS230 #OperationalRisk #FAR

Kate Gannon
Previous

CPS 230 Compliance Update
Next

CPS 230 Milestones