Our latest insights

You may think that your business is too small to target – too insignificant to warrant the attention of the widely publicised cyber-criminal groups that chase multimillion dollar ransoms. In reality, a large number of criminal groups exist around the world, exploiting the entire spectrum of online activity.

The Australian Federal Government has passed major changes to the Privacy Act 1988 (Cth) in the form of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. These changes signal a call to action for organisations to review their privacy, security, and information handling practices.

With recent news of significant data breaches at major corporations, there are a number of questions being asked from Boardrooms to kitchen tables all across Australia. Some common questions include, what went wrong? Are we at risk? And how can we protect ourselves from similar events in the future?

In this episode we speak with Matthew Green, Partner and Controls Assurance Specialist and Chris Watson, Partner and previously a Detective in the Computer Crime Unit City of London Police.

On 10 November, APRA released their insights from their latest risk culture survey in an Insight, “No room for complacency on bank risk culture”. This survey was rolled out to 18 ADIs in late 2021. APRA’s analysis included matters for ADIs to consider, however in our experience these could equally be applied to insurers and Registerable Superannuation Entity Licences (RSELs).

One of the most common ways of managing operational risk is through a system of effective internal controls. Control failures however can lead to events as varied as mis-selling, data breaches and underpayments – as such in APRA's Prudential Standard CPS 230 they have strengthened the focus on operational risk management. In this second series of our CPS 230 technical guides we provide an overview of some necessary elements to achieve strong operational risk management and why it is the foundation of operational resilience.

Recently, the ATO has enforced the use of Single Touch Payroll (STP) and Superstream as their electronical tools to collect both tax and superannuation data from businesses and superannuation funds.

The 2022-23 Federal Budget committed over $20b towards renewable energy projects and initiatives in its push to cut carbon emissions by 43 per cent by 2030. Is it enough to aid the energy supply and demand challenge forecasted by the Australian Energy Market Operator (AEMO) in its recent 2022 Electricity Statement of Opportunities Report?

Last week the Australian Prudential Regulation Authority (APRA) released the key observations from its thematic review of related party outsourcing arrangements across a sample of 10 retail superannuation trustees with outsourcing contracts worth a combined $1.2 billion annually.

As we watch the ramifications of the recent widespread data breach continue to play out in the media and on the floor of Federal Parliament, I keep reflecting on the requirements of APRA Prudential Standards CPS 234: Information Security and the draft Prudential Standard CPS 230: Operational Risk Management. If ever there was any doubt in the minds of Boards or Management as to why the focus on cyber security and operational resilience, then the current situation brings this into stark focus.

APRA has released draft Prudential Standard CPS 230 Operational Risk Management for comment. CPS 230 will replace CPS 231: Outsourcing and CPS 232: Business Continuity, and the sector specific standards HPS 231, SPS 231 and SPS 232. What is operational resilience? Operational risk management analyses and defines risks associated with people, processes, and systems. Operational resilience defines the approach to managing operational risks.

Outrages around quality care shortfalls, COVID-19 outbreaks in residential aged care facilities, coupled with the recent Royal Commission into Aged Care Quality and Safety, have unfortunately painted a bad picture of the Australian aged care sector. This has affected the number of workers in the field and resulted in poor uptake of nursing degrees. That’s why many providers are relying on the approaching Federal Budget for investment to drive better outcomes in aged care by supporting its predominant capital – the workforce.