Operational Resilience

[OR] [BOK] [15] [P3] [S5] Conduct Independent Quality Review

Written by Moh Heng Goh | Aug 22, 2025 7:13:53 AM



Element

Description

Purpose

  • To ensure the Operational Resilience (OR) program is independently evaluated against regulatory expectations, industry standards, and internal requirements.
  • This assures stakeholders that the OR framework, practices, and outcomes are effective, consistent, and continuously improved.
Objectives
  • Validate the adequacy, completeness, and effectiveness of the OR program.
  • Provide independent assurance to senior management and the board on resilience capabilities.
  • Identify gaps, deficiencies, or weaknesses in governance, processes, and controls.
  • Benchmark against regulatory requirements (e.g., ISO 22316, supervisory guidelines).
  • Recommend improvements for continuous resilience strengthening.

Inputs

  • OR policies, governance framework, and program documentation.
  • Results of self-assessments and internal reviews.
  • Testing, exercising, and incident post-mortem reports.
  • Regulatory guidelines and supervisory requirements.
  • Industry best practices and audit frameworks.

Activities

  • Engage independent reviewers (internal audit, external auditors, or third-party consultants).
  • Define scope, methodology, and criteria for the assurance review.
  • Assess alignment of OR objectives with regulatory requirements and business strategy.
  • Review governance, roles, and accountability mechanisms.
  • Evaluate the robustness of testing, exercising, and lessons learned integration.
  • Conduct interviews, evidence gathering, and documentation review.
  • Issue findings, observations, and recommendations.
  • Present assurance results to the board, senior management, and regulators where required.

Outputs

  • Independent assurance report (audit or external review).
  • List of gaps, deficiencies, and non-conformities.
  • Recommendations and improvement roadmap.
  • Management action plan to address findings.
  • Assurance of alignment with regulatory and industry standards.

Linkages

  • P3-S1: Embed Governance and Oversight (assurance reinforces governance structures).
  • P3-S2: Continuous Monitoring and Reporting (provides evidence base for review).
  • P3-S3: Enhance Staff Competency and Culture (review identifies training or cultural gaps).
  • P3-S4: Improve and Communicate Lessons Learned (assurance ensures lessons are implemented effectively).
  • P1-S1 to P2-S5: Provides a feedback loop to all phases to strengthen planning, implementation, and sustainment.
 

"Sustain" Phase of the OR Planning Methodology

 

Introduce Cultural Change Develop Communication Strategy Implement Training and Awareness Provide Self-assessment Conduct Independent Quality Review  
 

 

Operational Resilience Body of Knowledge - Sustain
BoK 11 S1 BoK 12 S2 BoK 13 S3 BoK 14 S4 BoK 15 S5

 

More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

If you have any questions, click to contact us.