Andrew Lingley
Head of Growth & Marketing Operations
Andrew Lingley brings practitioner-level expertise at the intersection of governance, operational resilience, and organisational execution. At Drova, Andrew focuses on how strategy, risk intent, and regulatory expectations translate into day-to-day operating reality. His work centres on identifying where accountability, ownership, and systems break down, and helping organisations build structured and disciplined approaches that enable them to operate resiliently and responsibly, particularly under board and regulatory scrutiny. Andrew’s perspective is shaped by direct engagement with executive teams and regulators on real-world governance and resilience expectations. He previously served as Deputy Chair of the Association of Professional Compliance Consultants (APCC) Operational Resilience Working Group, where regulators joined practitioner forums to listen to industry research, operational insights, and implementation challenges relating to FCA and PRA and Bank of England operational resilience requirements. Alongside his executive role, Andrew has held multiple non-executive and board positions in the not-for-profit sector. In these roles, he has contributed to risk assessments, risk appetite statements, regulatory and ACNC compliance, operating and strategic planning, and board mergers, as well as grant and fundraising governance. This experience provides him with first-hand insight into how governance decisions must move beyond policy and into consistent execution. Andrew also spearheads Drova’s industry outlook work across operational resilience, NDIS, and financial services, working closely with Drova’s leadership and content teams. These reports are grounded in practitioner evidence and cross-sector pattern recognition, helping boards and executives move beyond compliance and embed resilience and sustainability into how their organisations actually operate. His insights are grounded in evidence and operational outcomes, not theory, and have been informed by listening to regulators, executives, and risk leaders in live forums. Andrew is a Certified GRC Professional (OCEG), a Member of the Corporate Governance Institute, and holds a Master’s in Leadership, Administration and Governance.
Andrew Lingley brings practitioner-level expertise at the intersection of governance, operational resilience, and organisational execution.
At Drova, Andrew focuses on how strategy, risk intent, and regulatory expectations translate into day-to-day operating reality. His work centres on identifying where accountability, ownership, and systems break down, and helping organisations build structured and disciplined approaches that enable them to operate resiliently and responsibly, particularly under board and regulatory scrutiny.
Andrew’s perspective is shaped by direct engagement with executive teams and regulators on real-world governance and resilience expectations. He previously served as Deputy Chair of the Association of Professional Compliance Consultants (APCC) Operational Resilience Working Group, where regulators joined practitioner forums to listen to industry research, operational insights, and implementation challenges relating to FCA and PRA and Bank of England operational resilience requirements.
Alongside his executive role, Andrew has held multiple non-executive and board positions in the not-for-profit sector. In these roles, he has contributed to risk assessments, risk appetite statements, regulatory and ACNC compliance, operating and strategic planning, and board mergers, as well as grant and fundraising governance. This experience provides him with first-hand insight into how governance decisions must move beyond policy and into consistent execution.
Andrew also helps lead Drova’s industry outlook work across operational resilience, NDIS, and financial services, working closely with Drova’s leadership and content teams. These reports are grounded in practitioner evidence and cross-sector pattern recognition, helping boards and executives move beyond compliance and embed resilience and sustainability into how their organisations actually operate.
His insights are grounded in evidence and operational outcomes, not theory, and have been informed by listening to regulators, executives, and risk leaders in live forums.
Andrew is a Certified GRC Professional (OCEG), a Member of the Corporate Governance Institute, and holds a Master’s in Leadership, Administration and Governance.
Latest from Andrew Lingley
Compliance & Assurance
What happens when operational resilience fails… very publicly?
When operational resilience fails, the world notices.
The past year has shown that business continuity plans are not enough. Ransomware attacks, global outages, power grid failures and data breaches have exposed a pattern of unpreparedness. It is no longer about having a backup plan. It is about proving your organisation can withstand disruption, recover fast and protect what matters most. Resilience is no longer optional. It is the standard.
21 Aug 2025
Compliance & Assurance
SYSC15A and the credibility gap: Why are resilience plans falling short under scrutiny?
There is a difference between having a plan and being ready to prove it.
Under the FCA’s PS21/3 standard, many firms look compliant on paper but fall short under scrutiny. The planning phase is over. The focus now is on outcomes and evidence. The FCA expects firms to show how they will keep services running during disruption, with proof that is current, complete, and connected. Anything less reveals a credibility gap that regulators are ready to test.
21 Aug 2025
Compliance & Assurance
Third-party resilience under PS21/3: What the FCA wants you to prove - and the simplest way to prove it
Third-party resilience is now a board-level accountability.
Under the FCA’s PS21/3 standard, outsourcing doesn’t remove responsibility. Firms must prove they can withstand supplier disruption and stay within impact tolerances. That means mapping dependencies, testing scenarios, and holding evidence that stands up to scrutiny. When failure hits, the regulator won’t ask who caused it; they’ll ask why you weren’t ready.
21 Aug 2025
Compliance & Assurance
The board can’t outsource CPS 230 accountability… and APRA knows it
CPS 230 has dragged operational resilience out of the server room and into the boardroom.

No longer a back-office task, it’s now a live legal responsibility for directors. APRA expects boards to approve frameworks, set tolerances, test scenarios — and be able to explain, in plain language, how the organisation stays standing when disruption hits. 

You can outsource the work. But not the accountability.
21 Aug 2025
Compliance & Assurance
'we’ve got it covered': The four most expensive words in CPS 230 compliance
CPS 230 moved operational resilience from intent to proof. “We’ve got it covered” now signals risk unless board-ready evidence is on hand.
20 Aug 2025
Compliance & Assurance
Doing more with less: Digital transformation in credit unions
Digital savvy credit unions are transforming compliance and customer impact without sacrificing trust and care.
22 May 2025
Compliance & Assurance
How credit unions can fix the third-party risk blind spot
Relying on a few tech partners increases risk. Learn how credit unions are preparing for a future-proof model.
18 May 2025
Compliance & Assurance
Why governance is getting both harder and smarter for credit unions
Credit unions are redefining governance, from paid boards to new onboarding, to drive trust, resilience, and real performance impact.
14 May 2025
Compliance & Assurance
Resilience to relevance: Experts on credit union changes
Discover how credit unions are shifting strategy in 2025. This report offers insights for leaders in risk, compliance, strategy, and community growth.
5 May 2025
Compliance & Assurance
Why better governance future-proofs NDIS providers
Integrated governance, risk, and compliance gives NDIS providers daily audit readiness, visibility, and control.
26 Apr 2025
Compliance & Assurance
GRC is no longer the brakes. It’s the strategic steering wheel.
Learn how GRC can drive business strategy and corporate culture to create a competitive advantage from compliance requirements and actions.
20 Feb 2025
Compliance & Assurance
Barclays’ IT outage: 4 lessons in resilience for finance
Barclays' recent IT outage is a wake-up call for every financial institution. Here are 4 lessons from Barclays on building operational resilience.
11 Feb 2025
Compliance & Assurance
FCA firms: Resilience tactics for a VUCA world
Disruption comes in many forms. And we can’t always predict what’s around the corner.
4 Sept 2024
Compliance & Assurance
Key issues facing mutual banks: And what NOT to do
Explore the challenges faced by mutuals in today's financial landscape and the implications of inadequate risk management and governance structures.
4 Sept 2024
Compliance & Assurance
Mutuals & the GFC: Resilience in a financial crisis
Ben Woods dissects the resilience of Australian Mutuals, and the benefits of member-centricity and prudent risk management.
4 Sept 2024
Sustainability & ESG
How to complete a Materiality Assessment that adds value
Our ESG experts outline key steps to take in completing a Materiality Assessment, using a leading-practice approach.
4 Sept 2024
Compliance & Assurance
Critical risk management lessons from SVB's demise
The sudden demise of Silicon Valley Bank sent tremors around the financial world. Here we look at the background and the lessons to be drawn.
4 Sept 2024
Compliance & Assurance
Why Boards must lead on enterprise resilience
Explore the holistic approach to governance, linking ethical culture and adaptable business models, and discover the consequences of negligence.
4 Sept 2024
Compliance & Assurance
ESG awareness begins with the right diagnosis
Learn about the significance of incorporating ESG into a comprehensive approach to achieve 360 degree situational awareness and effective reporting.
4 Sept 2024
Compliance & Assurance
From spreadsheets to GRC software: Better reporting ahead
Michael Rasmussen explains why you should move towards integrated GRC management solutions that provide audit trails, consistency, & integrated reporting.
4 Sept 2024
Compliance & Assurance
Trust, integrity & cybersecurity: Apple or banks?
Apple's new high yield savings account attracts $1 billion in 4 days - what can financial institutions learn?
4 Sept 2024
Compliance & Assurance
Lessons from over a decade of cyber-resilience: Aussie mutuals
Australian mutuals, resilient against evolving cyber threats, serve as a model for financial institutions. Ben Woods explores their proactive approach.
4 Sept 2024
Sustainability & ESG
The big risk most corporates overlook
Company risk management programs that don’t address ESG are missing the point entirely and overlooking the gravest risk we’ve ever faced.
4 Sept 2024
Compliance & Assurance
Global risk landscape 2024: How to tackle what you can’t see
The World Economic Forum's inaugural Chief Risk Officers Outlook presents a comprehensive perspective of potential global risks.
4 Sept 2024
Compliance & Assurance
When corporate governance falls apart: Four examples of what not to do
Corporate governance failures uncovered lessons learned and why oversight is critical to long-term performance.
4 Sept 2024
Sustainability & ESG
How Australian mutuals are pioneering climate action
Australian mutuals, dedicated to sustainability for decades, lead the charge in building resilient enterprises against climate challenges.
4 Sept 2024
Sustainability & ESG
What does ESG look like for high-growth companies?
For smaller high-growth companies, implementing ESG practices can be challenging but it is crucial to start your sustainability journey.
4 Sept 2024
Compliance & Assurance
Operational resilience: Key steps to maturity
We look at the key steps of building resilience to develop a best-practice operational resilience strategy moving forward.
4 Sept 2024
Sustainability & ESG
ESG: Three letters that drive impact investing
Making investments to generate positive, measurable impact is the benchmark at the intersection of ESG and impact investing.
4 Sept 2024
Compliance & Assurance
How to convince the Board on resilience's value
Driving operational resilience should be high on your agenda. Here are a few ways to articulate the significance of operational resilience to your Board.
4 Sept 2024
Compliance & Assurance
New rules expand operational resilience scope
Learn how operational resilience regulatory requirements are expanding on a global scale and how this will impact your organisation.
4 Sept 2024
Compliance & Assurance
Would your risk documentation hold up in court?
You need to be able to defend your GRC management in a litigious environment. Evidence alone is no longer enough for regulators & auditors.
4 Sept 2024
Compliance & Assurance
What small businesses need to know about compliance
Smaller businesses still have plenty of compliance obligations to meet, with fewer staff to help you manage them.
4 Sept 2024
Sustainability & ESG
Why net-zero carbon for ESG is like net-zero carbs for health
Singling out one problem from a huge web of interconnected issues is not going to move the needle on ESG factors.
4 Sept 2024
Compliance & Assurance
Have your GRC spreadsheets hit the complexity barrier?
Using spreadsheets and documents across disparate systems to manage risk processes is ‘the inevitability of failure’.
4 Sept 2024
Compliance & Assurance
Inside Ireland’s bid to become Europe’s anti-money laundering hub
We delve into Ireland's strategic bid to host AMLA and the transformative impact it could have on the European financial regulatory landscape.
4 Sept 2024
Sustainability & ESG
Canada’s Bill S-211: A move toward corporate accountability
Learn how to mitigate third-party and supply chain risks and strengthen your ethical and transparent business practices.
4 Sept 2024
Compliance & Assurance
Optimising risk management in a post-COVID world
With a focus on risk management, we explore the new ways of thinking that recent world events have taught us.
4 Sept 2024
Sustainability & ESG
The case for equal stakeholder weighting in ESG materiality
Why do ESG Materiality Assessments use even stakeholder weightings to produce the Materiality Matrix?
4 Sept 2024
Compliance & Assurance
Navigating operational resilience: From theory to practice
Practical lessons learned from the recent CPS 230 Operational Risk Management Morning Briefing in Sydney.
4 Sept 2024
Sustainability & ESG
Own your impacts: Whose responsibility is ESG?
Why should corporations proactively address Environmental, Social and Governance (ESG) issues? Because they can.
4 Sept 2024
Compliance & Assurance
Four ways GRC can support operational stability
Well-targeted GRC strategies can help organisations break down silos, improve communication and reduce interdepartmental tensions.
4 Sept 2024
Sustainability & ESG
Interpreting your materiality matrix
Our ESG experts deep-dive into the Materiality Matrix, understanding each segment, and how to interpret your results.
4 Sept 2024
Compliance & Assurance
A history of corporate governance and why it remains so important
Learn more about the rich history of corporate governance and why it is still such a critical concern for businesses today.
4 Sept 2024
Compliance & Assurance
15 reasons to prioritise operational resilience
Discover why operational resilience is crucial today with 15 compelling reasons to prioritise it in your organisation, ensuring adaptability and success.
4 Sept 2024
Compliance & Assurance
220 daily regulatory changes? Here's how to keep up
With 220 regulatory changes globally, finanical services firms can stay informed and compliant with one central, intelligent GRC platform.
4 Sept 2024
Sustainability & ESG
Which stakeholders should you include in your Materiality Assessment?
Andrea Spencer-Cooke & Dr Young-Ferris explore how to choose the right stakeholders for a Materiality Assessment that delivers maximum impact.
4 Sept 2024
Compliance & Assurance
Cyber risk then and now: The Y2K readiness lesson
Discover how Aussie mutual banks tackled Y2K-laying the groundwork for today’s proactive cyber risk strategies.
4 Sept 2024
Compliance & Assurance
Avoiding silos in a risk-connected world
Break down silos and boost resilience in a connected risk landscape. Discover how integrated GRC systems drive smarter, stronger operations.
4 Sept 2024
Compliance & Assurance
APRA’s governance lessons from helen rowell
Explore APRA's governance evolution with insights from Helen Rowell. Learn how Drova helps APRA-regulated SMEs navigate compliance and future challenges
4 Sept 2024
Compliance & Assurance
UK Regulators’ bold plan to boost financial sector resilience
The Bank of England, PRA, and FCA’s joint proposal sheds light on the crucial aspects of fortifying critical third parties in the UK's financial sector.
4 Sept 2024
Compliance & Assurance
Achieving 360° GRC: Interconnectedness is the key to confidence
360° GRC means every policy, risk, control, and incident connects—delivering confidence when regulators or boards ask for proof.
3 Sept 2024
Sustainability & ESG
Breaking biases: Driving inclusion from the board down
Inclusion requires more than goodwill—it needs governance, data, and action to challenge bias at every level.
3 Sept 2024
Compliance & Assurance
Navigating the future of disability services
NDIS providers face new compliance standards, margin pressure, and stakeholder demands—success hinges on integrated governance and risk practices.
3 Sept 2024
Compliance & Assurance
Why a holistic governance lens is vital
Holistic governance links board duties, stakeholder expectations, ethics, and accountability into one continuous improvement system.
3 Sept 2024
Compliance & Assurance
Operational resilience fail leads to £48.6m fine
TSB’s migration missteps and the FCA/PRA fine underscore why resilience must be tested, evidenced, and governed end to end.
3 Sept 2024
Sustainability & ESG
Inspire inclusion & close the gender pay gap
International Women’s Day’s “Inspire Inclusion” theme underscores the need to confront gender pay gaps and back female leadership.
3 Sept 2024
Compliance & Assurance
Why risk management is everyone’s job now
A strong compliance team is an essential first step towards effective risk management – but it is only one part of the puzzle.
22 Aug 2024
Compliance & Assurance
What is operational resilience? 5 key insights
Explore core concepts of operational resilience and build a solid foundation to navigate today’s business risks.
6 Aug 2024