Federal Budget 2026-27: expert insights on spending, tax reform and policy impacts. Visit hub.
The guidance reflects heightened regulatory expectations following APRA’s CPS 230 Operational Risk Management standard, reinforcing the need for stronger operational resilience, governance and third-party oversight.
The Guidance Note promotes a risk-based approach to due diligence, requiring funds to scale their assessments based on the materiality and complexity of investment manager relationships. It also emphasises that due diligence should be evidence-led, moving beyond ‘tick-the-box’ processes to more robust, defensible assessments of how controls operate in practice.
The framework outlines a comprehensive review across key operational domains, including governance, personnel, trading processes, valuations (particularly for unlisted assets), IT systems and cybersecurity, business continuity, service provider oversight and ESG considerations. This reflects a more holistic view of operational risk, recognising that vulnerabilities can arise across the full investment ecosystem – not just within investment decision-making.
A key theme is operational resilience, with a focus on whether systems, controls and governance frameworks can withstand disruption in practice. This aligns with CPS 230’s expectation that entities must be able to maintain critical operations during stress events, including cyber incidents or service provider failures. Importantly, the Guidance Note reinforces that due diligence should be ongoing, with continuous monitoring and reassessment rather than a one-off approval exercise.
For superannuation funds, the Guidance Note raises the bar for demonstrating robust and defensible due diligence practices, likely requiring enhancements to governance frameworks, documentation and specialist capabilities. For investment managers and service providers, it signals increased expectations for transparency and demonstrable operational effectiveness, with more detailed and consistent scrutiny across controls, systems and governance.
The release of the Guidance Note underscores a broader industry shift: operational due diligence is becoming a central pillar of investment governance, not a secondary consideration. As regulatory expectations continue to evolve, funds and investment managers will need to ensure their frameworks are not only compliant, but capable of supporting resilience and protecting member outcomes in an increasingly complex risk environment.
We can support trustees and managers to uplift ODD frameworks, align to CPS 230 expectations, and strengthen the depth and defensibility of operational risk assessments – drawing on our risk, cyber and governance expertise to embed a more structured, evidence-based approach.
In this episode of Beyond the Numbers with Grant Thornton, we speak with Payroll Compliance experts Katherine Shamai and David Mintz to discuss the shifting payroll compliance landscape in Australia, understand how businesses should mitigate risk and the importance of proactive, continuous improvement in payroll processes.
Enterprise Resource Planning systems automate and integrate core business processes across HR, finance, supply chain, inventory and operations and like any major technology, they evolve over time. Sometimes this is through incremental upgrades, and other times it is through large‑scale transformation projects that introduce an entirely new platform.
As debate intensifies ahead of the Federal Budget, this insight examines why incremental tax changes are no longer sufficient for Australia. It argues for meaningful, productivity‑focused tax reform that addresses growing reliance on personal income tax, system complexity and long‑term budget sustainability, while carefully considering broader reforms such as the GST to ensure fairness and economic resilience.
