A focused course, tailored for you
CPS 230 Operational Risk: From Gap List to Board Pack
Build the critical-operations register, scenario library, and APRA-ready reporting artefacts your Board Risk Committee needs to see.
The CPS 230 gap register keeps expanding because the critical-operations boundary hasn't been drawn precisely enough to anchor the scenario library, vendor-dependency register, and tolerance statements underneath it. Every downstream artefact inherits that ambiguity.
Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.
Why this course
APRA's CPS 230 is not a compliance checklist. It is a systems-thinking exercise: map what is critical, define what severe but plausible means for each operation, identify which third parties sit inside that boundary, and produce tolerances a Board can actually hold. For a large, diversified financial group the complexity multiplies: multiple business lines, shared-service providers, global technology platforms, and a Board Risk Committee that expects a consolidated view, not a spreadsheet of business-unit submissions. The gap list grows because teams work bottom-up on individual processes without a top-down critical-operations taxonomy to constrain them. This course fixes that sequence.
What you walk away with
- Define and document a critical-operations taxonomy your Board, CRO, and APRA reviewer will all accept without material challenge.
- Build a severe-but-plausible scenario library anchored to your specific critical operations, not a generic sector template.
- Produce a third-party and technology dependency register that maps directly to your critical-operations boundary and survives prudential scrutiny.
- Draft operational risk tolerances at the right level of specificity for Board Risk Committee sign-off and ongoing monitoring.
- Structure the CPS 230 Board pack so the narrative, heat map, and gap-closure tracking all tell one coherent story.
- Set up a repeatable annual review cycle so the gap register closes rather than expands each cycle.
The 12 modules
How this addresses your situation
Specific modules that map to what you said you are dealing with.
What you get with this course
- Twelve written modules delivered in the Art of Service learning environment.
- Downloadable critical-operations decision matrix and classification template.
- Severe-but-plausible scenario construction template with calibration guidance.
- Third-party and technology dependency register template with APRA-review notes.
- Operational risk tolerance-setting template with example thresholds.
- Board Risk Committee CPS 230 reporting pack template with worked examples.
- Hand-built implementation playbook for a second-line risk function in a large financial group, delivered alongside course access.
What you will have in hand by Day 1, Week 1, Month 1
Course access provisioned within 24 hours of purchase.
Hand-built implementation playbook delivered alongside course access.
Each module is self-paced; most participants complete the full course across two to three working weeks.
Before and after
The CPS 230 gap register expands each cycle. Critical-operations boundaries vary across business units. Scenarios feel generic. The Board pack is a digest of first-line submissions rather than a second-line view.
A locked critical-operations taxonomy anchors every downstream artefact. The scenario library is plausible and defensible. The Board Risk Committee receives a consolidated, independently assessed view. APRA supervisory dialogue moves from challenge to confirmation.
What happens if you do not address this
APRA's prudential supervision timeline does not pause for programme complexity. An immature CPS 230 posture at the point of a supervisory review produces findings that become public on APRA's breach register and require remediation under supervisory scrutiny. The cost of a Board-quality gap register built reactively under regulatory pressure is an order of magnitude higher than building it to methodology now.
Who it is for
Senior managers and managers in second-line risk functions at large Australian authorised deposit-taking institutions and diversified financial groups. You own or contribute to the CPS 230 programme, the ICAAP operational risk section, or the Board Risk Committee pack. You have the domain knowledge but need a repeatable methodology that produces APRA-quality artefacts without rebuilding the approach from scratch each reporting cycle.
How it arrives
Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.
Time investment. Approximately 90 minutes per module. Full course is 15-18 hours of focused reading and template work, typically spread across two to three weeks alongside a normal working schedule.
Why $199 is the right number
APRA publishes guidance notes and industry associations run CPS 230 workshops that cover the standard's requirements at a high level. Neither produces the operational artefacts your second-line function needs to deliver: the critical-operations register, the scenario library, the Board pack. External consultants who build these artefacts charge $50,000 or more and produce outputs calibrated to their methodology, not your group's governance structure. This course gives your function the methodology to build them in-house, with templates and a hand-built playbook specific to your role.
FAQ
30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.