Meet the Pros: Pervin Sivanathan: Turning Audit into a Catalyst for Operational Resilience 

What’s driving the growing focus on operational resilience from an audit perspective? 

I’ve seen a steady growth in general interest over the last decade, but really it has come into sharp focus in the last five years or so, with COVID being a key catalyst I think. Over the past few years, regulators have become far more prescriptive about how insurers identify and manage critical business services. With frameworks like the FCA’s SYSC 15A and DORA now in effect, firms can no longer treat resilience as a static compliance exercise. 

From an audit perspective, this shift represents both a challenge and an opportunity. It means we’re auditing not just processes, but behaviours: the culture of resilience. The key is ensuring that resilience isn’t viewed as a one-off test, but as something that’s continuously evidenced through governance, monitoring and real-time insight. 

How can audit functions add strategic value beyond regulatory compliance? 

Traditional audits were often backward-looking. In this new landscape, audit can and should be proactive and forward-looking, while learning and applying knowledge from lessons from the past to help the business anticipate issues before they arise. 

By embedding data-driven audit-tech platforms, we can surface risk patterns earlier and build a live picture of performance and vendor dependencies. This allows insurers to go beyond “are we compliant?” and start asking “are we resilient?”, which, to my mind, is a far more valuable conversation to have at board level.  

What are the biggest third-party assurance challenges insurers face today? 

The proliferation of AI and cloud-based vendors has fundamentally changed the risk profile. Many insurers now have lots of third-party partners, each with access to sensitive data or business-critical systems. Managing that risk through manual reviews or spreadsheets is no longer advisable, nor, would I say, really viable.  

The real challenge lies in maintaining oversight across such a diverse vendor landscape. You can’t apply a one-size-fits-all approach. Criticality-based segmentation, continuous monitoring, and data sharing between functions are all key to effective third-party assurance. 

How can automation enhance audit and assurance? 

Automation doesn’t replace auditors, it empowers them. AI-driven tools can triage large datasets, flag anomalies, and prioritise high-risk vendors, freeing human auditors to focus on contextual analysis and judgement. 

Resilience is so much more than just a buzzword for an organisation. At Pro, we’re working holistically across our audit, advisory, compliance and digital services divisions to integrate these audit-tech capabilities into our client programmes, providing dynamic dashboards and continuous assurance cycles that keep pace with regulatory expectations. 

What does best practice in operational resilience look like for 2026 and beyond? 

Best practice combines three core pillars: visibility, accountability, and adaptability. Insurers must have visibility across all operational layers, clear accountability for resilience outcomes, and the adaptability to respond quickly when disruption occurs. 

For me, resilience is not about perfection, it’s about preparedness and learning. A resilient business is one that can absorb shocks, adapt fast, and emerge stronger. 

Thanks Pervin! Ready to strengthen your operational resilience framework? Find out more: getintouch@pro-global.com