Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Locations

Services

Audit

Advisory

Our progressive thinkers offer services to help create, protect and transform value today, so you have opportunity to thrive tomorrow.

See Overview

Aviation Advisory
Our dedicated Aviation Advisory team bring best-in-class expertise across modelling, lease management, financial accounting and transaction execution as well as technical services completed by certified engineers.
Consulting
Our Consulting team guarantees quick turnarounds, lower partner-to-staff ratio than most and superior results delivered on a range of services.
Business Risk Services
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
Deal Advisory
Our experienced Deal Advisory team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
Forensic Accounting
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
Financial Accounting and Advisory
Our FAAS team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.
Restructuring
Grant Thornton is Ireland’s leading provider of insolvency and corporate recovery solutions.
Risk Advisory
Our Risk Advisory team delivers innovative solutions and strategic insights for the Financial Services sector, addressing disruptive forces, regulatory changes, and emerging trends to enhance risk management and foster competitive advantage.
Sustainability Advisory
Our Sustainability Advisory team works with clients to accelerate their sustainability journey through innovative and pragmatic solutions.

Related insights:

Sustainability Advisory Sustainability: A team sport that needs a captain

Is your company searching for a sustainability leader? Learn the key skills for embedding sustainability into your business strategy.

Catherine Duggan

| 4 min read | 03 Apr 2024

Audit

Our audit services can strengthen your business and stakeholders' confidence. You'll receive professionally verified results and insights that help you grow.

See Overview

Related insights:

Asset management Asset management of the future
In today’s global asset management landscape, there is an almost constant onslaught of change and complexity. To combat such complex change, asset managers need a consolidated approach. Read our publication and find out more about what you can achieve by choosing to work with us.

Shona O'Hea
| 1 min read | 21 Feb 2024
Internal Audit Maintaining Compliance with New EU Pension Directive IORP II
On 28 April 2021, the Irish Government transposed IORP II (Institution for Occupational Retirement Provision), an EU directive on the activities and supervision of pension schemes, into law.

| 4 min read | 21 Sep 2023
Risk, Compliance and Professional Standards FRED 82 – Periodic Updates to FRS 100 – 105
The concept of a new suite of standards for the UK and Ireland, aligning with international financial reporting standards, was first conceived in 2002

Stephen Murray
| 5 min read | 13 Sep 2023
Audit and Assurance Auditor transition: how to achieve a smooth changeover
Appointing new auditors may seem like a daunting task that will be disruptive to your business and a drain on the finance function. Nevertheless, there are a multitude of reasons to consider a change, including simply seeking a ‘fresh look’ at the business.

Blaithin O’Neill
| 3 min read | 26 Apr 2023

Tax

Our tax services help you gain trust and stay ahead, enabling you to manage your tax transparently and ethically.

See Overview

Corporate Tax
Our Corporate Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic and international clients; covering Corporation Tax, Company Secretarial, Employer Solutions, Global Mobility and Tax Incentives.
Financial Services Tax
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
International Tax
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
Private Client
Grant Thornton’s Private Client Services team can advise you on all areas of financial, pension, investment, succession and inheritance planning. We understand that each individual’s circumstances are different to the next and we tailor our services to suit your specific needs.
VAT
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.

Related insights:

Tax Debt Warehousing Scheme Deadline: 1 May 2024

Businesses availing of the Debt Warehousing Scheme (DWS) have until 1 May 2024 to either pay their warehoused debt in full or engage with Revenue on addressing the debt. Read our latest insight to find out more.

Bernard Doherty

| 1 min read | 18 Apr 2024

Careers

Find out more about our opportunities.

See Overview

Experienced Hires

Looking for a more fulfilling role in professional services? One where fresh thinking, collaboration and diversity are valued? At Grant Thornton we do things...

See Overview

Graduate Programme

We offer a range of graduate programmes to help you thrive in your career. Work with and learn from the best in the business, make a difference and excel by...

See Overview

Undergrad Programme

We offer a fantastic opportunity to kick-start your career with our Summer Internship Programme.

See Overview

Connect

About Us

Grant Thornton Ireland is rapidly approaching 3,000 people, in 9 offices across Ireland, Isle of Man, Gibraltar and Bermuda, and a presence in over 149...

See Overview

Grant Thornton Alumni network

We believe in a connected world — so we created an industry-leading online Alumni Network that focuses on what matters most at Grant Thornton — our people.

See Overview

Events

Browse our schedule of upcoming live events or webinars for the latest thinking from Grant Thornton's subject matter experts.

See Overview

News centre

Explore Grant Thornton's latest press releases and stay informed with our most recent news updates. Our News Centre is your gateway to the latest developments...

See Overview

Subscriptions

Receive the latest insights, news and more direct to your inbox.

See Overview

IT Business Consulting

Central Bank of Ireland IT Guidance for regulated firms

Ian Cahill 12 Jan 2017

In September 2016 the Central Bank of Ireland (CBI) issued guidance in relation to IT and cybersecurity governance and risk management for regulated firms in Ireland. This guidance was based on supervisory work carried out by the CBI and contains some worrying insights from a Board of Directors viewpoint.

The CBI reiterated that it expects the Boards and Senior Management of regulated firms to fully recognise their responsibilities in relation to IT and cybersecurity governance and risk management and place these among their top priorities.

Whilst the cybersecurity elements of this guidance have rightly received significant coverage due to the more public and newsworthy nature of issues such as hacking, ransomware, denial of service etc., the CBI’s findings concerning general IT service management, IT outsourcing, IT governance and IT risk make for alarming reading. In essence, the CBI has found that:

IT Outsourcing continues to rise but there is inadequate due diligence being carried out on prospective service providers and that service level agreements and contracts are not robust. Given the impact on the regulated firm and its customers of poor systems performance and/or systems failure, this is a significant omission. Furthermore, the CBI points out that service levels and performance are neither being well monitored nor reported to the Board. The guidance also refers to Cloud services and contracts in this context.

The quality of IT Service Management and Operations is a cause of concern to the CBI. The supervisory work identified issues in areas such as, inter-alia, Incident Management; IT Change Management; IT Project Management, Planning & Documentation and Disaster Recovery/Business Continuity Planning and highlighted the expectation that best practices such as ITIL are incorporated. As with outsourcing above, the CBI notes that deficiencies in board reporting exist in these areas.

The IT Applications that firms rely upon to provide or underpin service to customers also drew cautionary commentary from the CBI. In particular, the major risks concerning legacy systems were highlighted. Such risks include an increased likelihood of system failure, difficulty in maintaining outdated technology and sourcing appropriate skill sets to develop and support legacy systems. Furthermore, the guidance notes the difficulty in obtaining timely and accurate management information from legacy systems due to complexities caused by older designs and configurations. The CBI also points to weaknesses in testing of systems, patches, new technologies, upgrades and products, prior to deployment – with the obvious customer and regulatory implications.

IT Strategy in regulated firms is also reported by the CBI as being, in some cases, deficient and not aligned with business strategy.

The CBI guidance addresses all issues through the lens of IT Risk and Governance. Of deep concern to boards and management of regulated firms should be the finding that there is insufficient ongoing and active IT risk management. Specifically, the CBI finds that risk management is not proactive, risks are poorly monitored and not being mitigated effectively if at all, multiple risk tools are not co-ordinated and, surprisingly, IT risk registers are not up-to-date or do not exist at all. Similarly, there are findings of weak IT asset management and inadequate data governance. The CBI also observes that reviews of IT policies are insufficient and deficient and are treated as ‘box ticking’ exercises. Given the pace of technology change, this is a dangerous habit to form from a risk management viewpoint. Finally, the Central Bank states that it expects that a firm’s governance structure provides for independent assurance on the effectiveness of the IT risk management, internal controls and governance processes.

Next Steps

The Central Bank have stated that these findings and guidelines will form the basis for future supervisory work. So what does a regulated entity do? We recommend you find start by finding out where your firm currently stands on:

Service Delivery and Management

if outsourcing and/or cloud computing forms part of your service delivery model then carry out vendor risk assessment to include: vendor viability, vendor technology and business strategy, vendor contract review, SLA and KPI review, vendor management/governance model. Make sure to also assess your own vendor management capabilities. The outputs of this assessment should form a coherent and targeted action plan;
review your IT service management approach against an industry-standard framework such as ITIL. While it is not always necessary to adopt full ITIL processes, benchmarking against this framework will provide excellent insight into areas of high risk; and
examine your methodology for project and programme management. Is it appropriate for the current environment?

Strategy

carry out an IT strategy assessment and make plans to align it with your business strategy;
ask yourself if your IT infrastructure fit for purpose to support this? Do you have an infrastructure strategy?;
examine your approach to IT applications. If you have an applications strategy then assess it particularly in terms of application lifecycle (pre-acquisition to retirement), legacy systems maintenance, criteria for development, acquisition, upgrade of applications and skills requirement. As part of this, determine if your QA/test approach is effectively aligned. If you don’t have an applications strategy and test strategy, consider creating and implementing these; and
review your MIS and reporting capabilities.

Risk and Governance

carry out an independent assessment of IT governance, IT risk management and IT policies;
create a risk management framework if none exists;
implement an IT asset management process if none exists;
assess your data governance approach. As well as being a CBI guideline, GDPR regulations make this an imperative; and
review board reporting. Is the board getting what it needs? Is it useful and readable?

The Central Bank have stated that these findings and guidelines will form the basis for future supervisory work. We advise that you carry out the above assessments and prioritise your actions based on the results.

Also appears under...