• Current students
      • Student centre
        Enrol on a course/exam
        My enrolments
        Exam results
        Mock exams
      • Course information
        Students FAQs
        Student induction
        Course enrolment information
        F2f student events
        Key dates
        Book distribution
        Timetables
        FAE elective information
        CPA Ireland student
      • Exams
        CAP1 exam
        CAP2 exam
        FAE exam
        Access support/reasonable accommodation
        E-Assessment information
        Exam and appeals regulations/exam rules
        Timetables for exams & interim assessments
        Sample papers
        Practice papers
        Extenuating circumstances
        PEC/FAEC reports
        Information and appeals scheme
        Certified statements of results
        JIEB: NI Insolvency Qualification
      • CA Diary resources
        Mentors: Getting started on the CA Diary
        CA Diary for Flexible Route FAQs
      • Admission to membership
        Joining as a reciprocal member
        Admission to Membership Ceremonies
        Admissions FAQs
      • Support & services
        Recruitment to and transferring of training contracts
        CASSI
        Student supports and wellbeing
        Audit qualification
        Diversity and Inclusion Committee
    • Students

      View all the services available for students of the Institute

      Read More
  • Becoming a student
      • About Chartered Accountancy
        The Chartered difference
        Student benefits
        Study in Northern Ireland
        Events
        Hear from past students
        Become a Chartered Accountant podcast series
      • Entry routes
        College
        Working
        Accounting Technicians
        School leavers
        Member of another body
        CPA student
        International student
        Flexible Route
        Training Contract
      • Course description
        CAP1
        CAP2
        FAE
        Our education offering
      • Apply
        How to apply
        Exemptions guide
        Fees & payment options
        External students
      • Training vacancies
        Training vacancies search
        Training firms list
        Large training firms
        Milkround
        Recruitment to and transferring of training contract
      • Support & services
        Becoming a student FAQs
        School Bootcamp
        Register for a school visit
        Third Level Hub
        Who to contact for employers
    • Becoming a
      student

      Study with us

      Read More
  • Members
      • Members Hub
        My account
        Member subscriptions
        Newly admitted members
        Annual returns
        Application forms
        CPD/events
        Member services A-Z
        District societies
        Professional Standards
        ACA Professionals
        Careers development
        Recruitment service
        Diversity and Inclusion Committee
      • Members in practice
        Going into practice
        Managing your practice FAQs
        Practice compliance FAQs
        Toolkits and resources
        Audit FAQs
        Practice Consulting services
        Practice News/Practice Matters
        Practice Link
      • In business
        Networking and special interest groups
        Articles
      • Overseas members
        Home
        Key supports
        Tax for returning Irish members
        Networks and people
      • Public sector
        Public sector presentations
      • Member benefits
        Member benefits
      • Support & services
        Letters of good standing form
        Member FAQs
        AML confidential disclosure form
        Institute Technical content
        TaxSource Total
        The Educational Requirements for the Audit Qualification
        Pocket diaries
        Thrive Hub
    • Members

      View member services

      Read More
  • Employers
      • Training organisations
        Authorise to train
        Training in business
        Manage my students
        Incentive Scheme
        Recruitment to and transferring of training contracts
        Securing and retaining the best talent
        Tips on writing a job specification
      • Training
        In-house training
        Training tickets
      • Recruitment services
        Hire a qualified Chartered Accountant
        Hire a trainee student
      • Non executive directors recruitment service
      • Support & services
        Hire members: log a job vacancy
        Firm/employers FAQs
        Training ticket FAQs
        Authorisations
        Hire a room
        Who to contact for employers
    • Employers

      Services to support your business

      Read More
☰
  • The Institute
☰
  • Home
  • Articles
  • Students
  • Advertise
  • Subscribe
  • Archive
  • Podcasts
  • Contact us
Search
View Cart 0 Item
  • Home/
  • Accountancy Ireland/
  • Articles/
  • News/
  • Latest News

Latest news

Getting DORA ready

Jun 21, 2024

As entities prepare for the introduction of the Digital Operational Resilience Act, IT security and compliance will be front of mind for many, writes Jackie Hennessy

With the Digital Operational Resilience Act (DORA) on the way, entities must move from preparation to implementation and take steps towards demonstrating how their practices comply.

Financial entities will need to demonstrate appropriate security and resilience of critical information and communication technology (ICT) systems and applications to comply with DORA. The level of compliance efforts will vary depending on the size and complexity of your entity.

A risk-based approach, appropriate security and resilience testing are necessary to address potential vulnerabilities and to prove compliance in meeting the evidence requirements of the European Supervisory Authorities. By focusing on long-term resilience, entities can establish a resilient foundation, which will aid them in their steps towards DORA compliance.

Resilience means learning from the past, to improve the present, and to prepare for the future. 

To make entities ready for DORA, there are five key actions to assist those in the preparation phase. These actions will enable entities to effectively manage their digital operational resilience.

1. Determine strategic priorities

To enhance business practices, organisations must aim to achieve a transformation towards a resilient end-to-end IT and operations environment.

To ensure strong risk management, a focus should be placed on achieving a broad agile transformation that takes into account risks associated with ICT suppliers and continuity measures.

Additionally, it is necessary to aim to increase your organisation's agility in serving digital channels by implementing strong business continuity management (BCM) measures.

2. Implement resilience and incident management measures

To ensure effective implementation of your DORA program, it is crucial to ensure leadership support, as well as translation of strategic and regulatory requirements into operational measures.

It is essential to enable control owners and line management to manage compliance requirements in a risk-based way, including the automation of controls related to digital resilience, to manage the complexity of (compliance) requirements effectively.

Think big and start small – for example, by organising a workshop with relevant middle-management players to align and agree on the implementation strategy of your DORA program.

3. Manage third-party risks

To ensure effective management of ICT risk related to third-party providers, it is essential to conduct complete monitoring of all ICT-related third-party risks throughout all relationship phases.

This involves the classification and analysis of providers and their management bodies, record-keeping of relevant information, managing proportionality, managing compliance and creating a third-party risk assessment process risk strategy.

By undertaking these steps, comprehensive management of ICT risk in relation to third-party providers can be ensured.

4. Test digital operational resilience

To ensure operational resilience, it is crucial to test critical functions more frequently than non-critical, at least once per year. The program for testing digital operational resilience must be based on relevant threat scenarios.

Best practice is to implement an appropriate test set-up for each threat, to test the resilience effectively. Moreover, every three years, entities are required to perform threat-lead penetration testing that simulates a realistic and advanced cyber-attack. This simulation helps organisations to prepare and train for real cyber-attacks.

5. Implement measures for resilience and ICT incidents

To establish strong operational resilience measures and incident management, it is essential to accomplish resilience testing from a wider perspective, which – beyond technical security testing – includes regular crisis simulations.

It is important to improve business continuity plans and ICT crisis scenarios to ensure that uncontrolled disruptions are avoided due to slow and ineffective incident management.

Moreover, accomplishing mature threat intelligence and assessing top continuity risk scenarios is crucial to enhancing resilience and preparedness in critical situations.

By understanding these measures, strong operational resilience can be established, ensuring smooth and uninterrupted operations.

Jackie Hennessy is a Partner at KPMG 

The latest news to your inbox

Please enter a valid email address You have entered an invalid email address.

Useful links

  • Current students
  • Becoming a student
  • Knowledge centre
  • Shop
  • District societies

Get in touch

Dublin HQ

Chartered Accountants
House, 47-49 Pearse St,
Dublin 2, Ireland

TEL: +353 1 637 7200
Belfast HQ

The Linenhall
32-38 Linenhall Street, Belfast
Antrim BT2 8BG, United Kingdom.

TEL: +44 28 9043 5840

Connect with us

CAW Footer Logo-min
GAA Footer Logo-min
CARB Footer Logo-min
CCAB-I Footer Logo-min

© Copyright Chartered Accountants Ireland 2020. All Rights Reserved.

☰
  • Terms & conditions
  • Privacy statement
  • Event privacy notice
LOADING...

Please wait while the page loads.