Skip to main content
Image coming soon

Operational Resilience Delivery for Consulting Practitioners

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

Operational Resilience Delivery for Consulting Practitioners

Build the client-facing resilience artefacts that survive a PRA or DORA regulatory review, not just the engagement.

The engagement closes with a polished deck. Six months later the client's PRA supervisor asks for the service mapping methodology, the tolerance-setting rationale, and the scenario test log. The deck cannot answer those questions. The practitioner who ran the engagement has moved on. This course is about closing that gap before the engagement closes.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Operational resilience consulting has a documentation problem. Practitioners build frameworks, facilitate workshops, and produce slide-based summaries. Regulators want artefacts: a critical business service register with mapped dependencies, a tolerance register that shows how each threshold was derived, scenario exercise logs with stated assumptions and remediation actions, and board attestation packs that demonstrate oversight. The gap between a consulting deliverable and a regulatory artefact is not a quality issue. It is a format issue. This course addresses the format.

What you walk away with

  • Map a client's critical business services against PRA SS1/21 and DORA Article 5 criteria, producing a register a supervisor can interrogate.
  • Set impact tolerances with documented rationale, not just agreed numbers, so the client can defend the threshold under supervisory challenge.
  • Design and log scenario exercises that meet the FCA and PRA expectation of testing end-to-end, not just IT recovery.
  • Build a board attestation pack that demonstrates meaningful oversight rather than a sign-off formality.
  • Structure the entire engagement file so it is audit-ready on handoff, not after a six-month remediation sprint.
  • Recognise the specific artefact gaps that recur across PRA Dear CEO letters and ECB DORA readiness assessments, and address them in the initial engagement scope.

The 12 modules

Module 1. The Regulatory Artefact Standard
What the PRA, FCA, ECB, and DNB actually ask for when they examine an operational resilience programme. This module maps the specific artefact types named in PRA SS1/21, the FCA consultation responses, and the DORA regulatory technical standards. Practitioners leave with a clear picture of the gap between a consulting deliverable and a regulatory examination standard, and what it takes to close it.
Module 2. Critical Business Service Identification
The methodology for identifying which services qualify as critical under each regulatory framework. Covers the PRA's customer-harm test, the DORA materiality threshold, and the BCBS principles' systemic-risk lens. Includes a structured elicitation process for facilitated workshops and a worked example of a register that passed PRA supervisory review, showing the fields, the rationale column, and the dependency mapping.
Module 3. Mapping Processes, People, and Technology
Constructing the dependency map behind each critical business service. This module covers the mapping methodology at process level, the technology-layer inventory that regulators expect to see, the third-party and intragroup dependencies that recurrently surface in PRA findings, and the format of the map artefact. Worked example uses a payments processing service at a mid-size bank, tracing all layers from customer action to ledger entry.
Module 4. Setting Impact Tolerances That Hold
The difference between a tolerance that was agreed in a workshop and a tolerance that can be defended under supervisory challenge. Covers the PRA's expectation of a documented rationale, the quantitative and qualitative approaches permitted under DORA, the most common challenge points (customer-harm metric selection, time window definition, intragroup vs. external service splits), and a template tolerance register with rationale column that mirrors PRA-reviewed client formats.
Module 5. Scenario Design for Regulatory Exercises
How to design a scenario exercise that meets the FCA and PRA expectation of testing end-to-end, not just IT recovery time. This module covers scenario selection criteria (plausible, severe, capable of breaching tolerances), the structured scenario narrative format, the assumption register that documents what was held constant, and the difference between a tabletop exercise log and a full simulation log. Includes a completed scenario log from a payments disruption exercise.
Module 6. Documenting Exercise Outcomes and Remediation
The output of a scenario exercise is not the exercise itself. It is the documented findings, the remediation actions, the owners, and the timelines. This module covers the format regulators expect when they ask for evidence of testing, the common gap where remediation actions are recorded but never closed, the link between exercise findings and the tolerance register, and how to structure a findings log that feeds directly into the next board attestation cycle.
Module 7. Third-Party and Intragroup Resilience
DORA and PRA SS1/21 both explicitly require the resilience assessment to extend to material third parties and intragroup entities. This module covers the identification of in-scope third parties, the contractual and operational evidence a regulator expects to see, the specific DORA requirements under Chapter V on ICT third-party risk, and how to structure the third-party resilience section of the client file so it is coherent with the main service register rather than an appendix afterthought.
Module 8. Building the Board Attestation Pack
The board pack for operational resilience is not a summary slide deck. It is the documented record that the board has reviewed the service map, challenged the tolerances, received exercise findings, and approved the remediation plan. This module covers the PRA's governance expectations under SS1/21, the board-level questions a supervisor will ask, the format of a board paper that demonstrates substantive oversight rather than a sign-off formality, and the attestation wording that satisfies the regulatory record.
Module 9. Cross-Framework Alignment (DORA, PRA, FCA, BCBS)
Clients operating across multiple jurisdictions need a single engagement file that satisfies DORA Article 5, PRA SS1/21, FCA PS21/3, and the BCBS principles. This module maps the common artefact requirements and the genuine differences, identifies where a single service register satisfies all four and where a separate jurisdiction annex is needed, and shows how to scope a multi-jurisdiction engagement without duplicating work or producing contradictory documentation.
Module 10. The Engagement File Structure
How to structure the complete engagement file so it is usable by the client's own resilience team, survives staff turnover, and can be handed directly to a supervisor on request. Covers the file structure that mirrors PRA examination expectations, the version-control and review-date conventions that demonstrate an active programme rather than a one-off exercise, the cross-referencing between the service register, the tolerance register, and the exercise log, and the handoff checklist for closing an engagement.
Module 11. Common Supervisory Findings and How to Prevent Them
A review of the recurring findings in PRA Dear CEO letters on operational resilience, ECB DORA readiness assessments, and FCA multi-firm reviews. Each finding is mapped to the specific artefact gap that caused it (shallow service mapping, tolerance thresholds without rationale, exercises that did not test the full service chain, board governance that was nominal rather than substantive). For each finding, the module provides the artefact-level fix that prevents the same outcome on a current engagement.
Module 12. Scoping the Next Engagement
How to scope a new operational resilience engagement so the artefacts meet the regulatory standard from the outset rather than requiring a remediation phase. Covers the scoping conversation with the client, the quick-read diagnostic of the existing programme, the engagement structure that delivers a regulatory-ready file within a realistic timeline, and the change-request process when the client's initial scope is too narrow to produce defensible output. Includes a scoping template used on PRA-focused engagements.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Engagement is in the identification phase and the service register looks thin: Modules 2 and 3 show how to structure the register and dependency map to meet regulatory criteria.
Client has set tolerances but cannot explain the rationale: Module 4 provides the documented-rationale approach and template.
Scenario exercise ran but the log will not satisfy a supervisor: Modules 5 and 6 cover the exercise design and output format.
Board governance section of the file is a slide pack, not an attestation record: Module 8 rebuilds it as a supervisory-ready board paper.

What you get with this course

  • Twelve written modules covering the full resilience engagement lifecycle from service mapping to board attestation.
  • Downloadable templates: critical business service register, impact tolerance register with rationale columns, scenario exercise log, board attestation pack structure, engagement file checklist.
  • Worked examples drawn from PRA-reviewed engagement formats, showing the specific fields and rationale language that supervisors accept.
  • The hand-built implementation playbook, delivered alongside course access, covering your specific engagement context.

What you will have in hand by Day 1, Week 1, Month 1

Course access provisioned within 24 hours of purchase.

Hand-built implementation playbook delivered alongside course access, within 24 hours.

Before and after

Before

The engagement produces a polished framework deck. The client files it. Twelve months later a PRA review finds no testing evidence, no rationale for tolerances, and no board oversight record. The firm gets a Section 166 appointment.

After

The engagement closes with a structured file: service register with dependency maps, tolerance register with documented rationale, scenario exercise logs with findings and remediation actions, board attestation pack. The client's supervisor opens it and finds what they were looking for.

What happens if you do not address this

The PRA's supervisory programme for operational resilience is now in its examination phase. Clients who engaged consultants to build programmes are beginning to face supervisory reviews. Engagement files that do not meet the artefact standard are generating Section 166 skilled person reviews and follow-up remediation requirements. Practitioners whose work contributed to those files carry reputational risk regardless of what the engagement scope said.

Who it is for

Operational resilience leads and senior managers at advisory and assurance firms who run resilience engagements for financial services clients. Practitioners responsible for DORA implementation support, PRA SS1/21 advisory, and BCBS principles alignment. People who own the deliverable quality and need it to survive scrutiny from the PRA, FCA, ECB, or DNB long after the engagement has closed.

Who this is NOT for. Internal resilience managers building their own firm's programme. Technology consultants who want a general DORA primer. Anyone looking for a policy template rather than a practitioner delivery methodology.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Each module takes 20-35 minutes to read and work through. Most practitioners complete the full course across three to four focused sessions.

Why $199 is the right number

The alternative is to build the artefact standard from PRA policy statements, FCA consultation papers, and DORA regulatory technical standards directly. That takes several weeks of reading and produces a personal synthesis rather than a tested engagement format. This course compresses that into a structured delivery methodology with templates that reflect what supervisors actually accept.

FAQ

Is this relevant if my client is subject to DORA rather than PRA SS1/21?
Yes. Module 9 covers the cross-framework alignment in detail. Most of the artefact structure is common across DORA, PRA, and FCA. Where DORA requires specific additions (particularly on ICT third-party risk under Chapter V), the module covers those explicitly.
Does the course provide actual templates I can adapt for client work?
Yes. The downloadable templates are in editable format and are structured to mirror the field-level expectations in PRA examination guidance and DORA regulatory technical standards.
How is the implementation playbook tailored?
The playbook is hand-built for your engagement context based on the information you provide at purchase. It is not a generic template but a structured implementation guide specific to your practice area and client profile.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.