Navigate DORA with confidence and at your own pace with our support

GET IN TOUCH

The Digital Operational Resilience Act (DORA) is an EU regulation designed to increase security and resilience in the financial sector. Full compliance can pose a significant challenge, especially for smaller entities. Following a pragmatic, risk-based approach is crucial to ensure your risks are under control while continuing the road towards full compliance. 

Objectives of DORA 

DORA's main goal is to establish a unified framework across the EU for managing ICT risks. To minimise the impact of potential threats, financial entities and their third-party providers are required to: 

    • implement strong security measures,  

    • conduct regular testing, 

    • develop effective coordinated response and recovery plans. 

Prioritisation and implementation 

Given the big workload DORA imposes on financial entities, it is important to prioritise actions and create a dedicated project roadmap 

As one of the first steps, senior management should clearly define and endorse the ICT risk management framework, as it forms the foundation of the ICT risk management methodology and guides the implementation of all other topicsThey should also set priorities and actions to ensure a risk-based implementation roadmap towards DORA compliance. 

Compliance Timeline and Impact 

DORA will be fully applicable as of January 17, 2025. After that, non-compliance could lead to severe penalties. However, it is already clear that not all organisations will be compliant by the deadlineIf faced with challenges to meet this deadline, it is crucial for organisations to demonstrate their efforts and progress made towards compliance, tackling the critical activities first.  

Our BDO experts know the regulators’ priorities and can help you create a risk-based roadmap tailored to your organisation. 

How BDO can help

At BDOnothing matters more to us than our clients. Through understanding your needs, going the extra mile, delivering on our promises and providing value for money, we are committed to providing you with exceptional client service and first-class advice. 

Our team of DORA experts are knowledgeable and experienced in DORA assessments and implementation. We leverage this experience to provide you the best value-for-money and pragmatic solutions. 

Thanks to our connections with the regulators and sector organisations, we provide you key insights into their priorities and focus areas. Our financial sector team has deep expertise with all kinds of large and small financial entities: banks, asset managers, pension funds, insurance companies, fintechsetc. 

dora

Our services

  • Our BDO experts perform a thorough assessment of your current as-is situation with the aim of developing a roadmap towards DORA implementation and compliance. 

  • Whether you require a formal assessment report or just want a pragmatic “to-do” list to get you kickstarted, our deliverables are tailored to your needs. 

  • Our BDO advisors have hands-on experience with DORA templates including the register of information (ROI), ICT risk management framework, ICT risk register, third party risk management policy and procedures, operational resilience testing programs, and more. 

  • As a next step, BDO can provide you the peace of mind of a managed service: whether you need outsourced third party risk management (TPRM), help with implementing management reporting or even full CISO-as-a-Service support, our dedicated experts are ready to cater to your needs. 

  • Our dedicated team of certified internal auditors (CIA) provide the independent assurance your management needs on DORA compliance from the third line of defense. 

  • As a stand-alone advisory audit or as part of the recurring internal audit plan, ask your BDO contact about how we include DORA in our audits! 

Get in touch with our DORA experts

No matter the challenge or curiosity, we're here to support your business journey. 
Send us your questions, and our experts will provide the answers you need.

Thomas Cornelis

Thomas Cornelis

Senior Manager Risk Advisory
View bio