Insights

CPS 230: When Operational Risk became everyone's problem: If there is one regulatory development that has fundamentally changed how APRA-regulated entities must think about operational risk, it is Prudential Standard CPS 230. It didn't introduce an entirely new concept, operational resilience has long been an expectation, but it did make the rules explicit, enforceable, and considerably harder to ignore.

A common mistake in data conversations is to treat governance and observability as interchangeable. They are not. D/I O11y overlaps with governance, compliance, management and strategy — but it is distinct from all four.

For most of human history, data was scarce. Our ancestors were “data foragers,” struggling to gather even a handful of observations to inform critical decisions. A farmer in 1900 relied on almanacs, folklore, and personal experience. Perhaps a few dozen data points, to decide when to plant crops.

Each quadrant of the uncertainty matrix splits into positive and negative scenarios — giving us eight distinct situations demanding different governance approaches. Traditional PMO works for four of them and actively harms the other four.

Gen AI projects reveal inadequacy of inherited frameworks. Learn why 95% of GenAI pilots fail not from technical risks, but from unvalidated assumptions about adoption, workflow fit, and business value—and how to navigate uncertainty rather than just manage risk.