back

Global site

Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Skip to content
Skip to navigation

type to see results

back

Advisory
Audit and Assurance
Corporate accounting and outsourcing
Financial Accounting and Advisory Services (FAAS)
Financial Services
Private Client Services
Tax and legal
U.S. Irish Business Group

Advisory

As your business grows, our advisory services are designed to help you achieve your goals.

See Overview

Business Consulting
Our Consulting team guarantees quick turnarounds, lower partner-to-staff ratio than most and superior results delivered on a range of services.
Business Risk Services
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
Corporate Finance
Our experienced Corporate Finance team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
Digital Risk
Our Digital Risk team offer advisory and consulting solutions that give our clients peace of mind, clear value for money and an enhanced ability to react to cyber attacks.
Digital Transformation
Our Digital Transformation team work with business leaders to deliver efficient digital strategies and operating models that provide new or enhanced capabilities.
Forensic Accounting
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
Objectives and Key Results (OKRs)
Objectives and Key Results (OKRs) is a goal setting framework that helps teams, individuals and organisations set and track measurable goals.
People and Change Consulting
Our People & Change Consulting team help clients adapt to the changing nature of the workforce - how they attract, retain, engage, develop, deploy and lead their people.
Restructuring
Grant Thornton is Ireland’s leading provider of insolvency and corporate recovery solutions.

Audit and Assurance

Our audit approach combines the rigorous standards of professional independence and objectivity, with a methodology that focuses on critical risk areas and...

See Overview

Corporate accounting and outsourcing

At Grant Thornton we have extensive knowledge and experience in providing tailored solutions to our clients, whether on a short-term or long-term basis.

See Overview

Outsourced Payroll
Our outsourced payroll teams become your dedicated payroll department, aiming to process your payroll in the most cost effective and compliant manner.
Outsourcing
Grant Thornton's reliable and cost-effective outsourcing services help you streamline your business operations by taking care of your workload.

Financial Accounting and Advisory Services (FAAS)

Our FAAS team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.

See Overview

Audit and Accounting Advisory
Our Audit and Accounting Advisory team takes the headache out of multi-jurisdictional audit compliance requirements as well as technical compliance with accounting standards and legislation for clients.
Business Process Outsourcing
Grant Thornton’s Business Process Outsourcing (BPO) team serves the needs of rapidly growing mid-tier multinationals operating out of Ireland and other hubs through the provision of services across the full range of finance functions.
Flexible People Solutions
At Grant Thornton, our Financial Accounting and Advisory Services (FAAS) department have a dedicated team that help finance functions maximise efficiency.
Global Compliance & Reporting Solutions
Our Global Compliance & Reporting Solutions service offering covers a full suite of compliance services including financial statement preparation and related filings, dual bookkeeping, direct and indirect tax, statistical returns and payroll.
Global Payroll Solutions
At Grant Thornton, we meet the challenges of our clients. Our Global payroll compliance service offering is tailored to meet all your payroll requirements through a single point of contact.

Financial Services

Grant Thornton’s offering to the financial services industry is unique in that our team brings a wide range of experience with backgrounds in banking,...

See Overview

Actuarial
Our Actuarial team provides a comprehensive range of services to our insurance clients. From regulatory support for compliance to delivering specialist expertise in insurance & reinsurance.
Data Analytics
Our team helps to unlock the potential of data analytics within your organisation, allowing you to be more innovative, efficient and customer-centric than ever before.
Digital and Fintech
Our FinTech team are experts in technology and financial services and have a long track record of helping companies achieve sustained advantage.
Digital Risk
Our Digital Risk team offer advisory and consulting solutions that give our clients peace of mind, clear value for money and an enhanced ability to react to cyber attacks.
Financial Services Audit
Our Financial Services Audit team offers expertise and knowledge along with a horizontal approach to solving clients’ problems and queries.
Financial Services Consulting
We work closely with clients to understand their strategy and benchmark their performance against the very best international standards.
Financial Services Tax
Grant Thornton Ireland has a team of over 100 tax professionals providing advice to a diverse range of clients in the Financial Services sector.
FS Business Risk Services
Our FS Business Risk team have real experience of the financial services sector, through working within regulatory bodies or holding leadership positions in Risk, Compliance and Internal Audit functions.
Grant Thornton Pensioneer Trustees Limited
The Grant Thornton Pensioneer Trustee service can offer business owners, directors and employees the opportunity to manage their own retirement choices with full transparency.
Pension Audit
The Grant Thornton Pension Audit team has vast experience in managing schemes and preparing annual reports on them for clients.
Prudential Risk
Our industry leading Prudential Risk team works with clients on a range of areas including regulatory reporting, regulatory authorisations, on-site investigations and data quality assurance.
Quantitative Risk
Our Quantitative Risk team members bring a wide range of experience with many of them having backgrounds in banking, investment markets, regulation, professional practice, and academia.
Sustainability desk
We recognise that businesses are operating at different levels of maturity when it comes to sustainability, and pride ourselves on working with our clients to develop bespoke solutions to their needs.
Financial Accounting and Advisory Services (FAAS)
Our Financial Accounting and Advisory Services (FAAS) team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.

Private Client Services

Grant Thornton’s Private Client Services team can advise you on all areas of financial, pension, investment, succession and inheritance planning. We understand...

See Overview

Grant Thornton Financial Counselling
Grant Thornton Financial Counselling (GTFC) comprises a team of highly qualified professionals who offer financial advice to individuals and corporates across a range of areas including savings, investments, pension planning, and inheritance and succession planning.
Inheritance Planning
Our services on Inheritance Planning mirror those on Succession Planning whereby the foundations of the plan are derived from meaningful conversations with those that wish to pass on or protect their asset base.
Personal Tax Compliance & Planning
The Grant Thornton Personal Tax team helps clients remain compliant and up to date with all of their tax obligations whilst ensuring that they are solutions driven and manage their finances in the most tax efficient way possible.
Succession Planning
We have extensive experience guiding our clients successfully through the succession process. This involves advice on both the qualitative and quantitative aspects of the process. While there is a business at the core of each succession plan we advise on, it is all predicated on understanding the people and their respective wishes.

Tax and legal

Grant Thornton Ireland has a team of over 100 tax professionals providing advice to a diverse range of clients, including sole traders, small and medium sized...

See Overview

Company Secretarial
Grant Thornton’s Company Secretarial team contains qualified Company Secretaries. Clients are assured that they will meet all of their obligations under the Companies Acts and other relevant legislation and regulations.
Corporation Tax
Our Corporation Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic, international, and financial services clients. We place a strong emphasis on direct service to clients and we pride ourselves on the close personal relationships we build and the deep understanding of their businesses we develop
Employer Solutions
Attracting and retaining key talent, managing employment costs and ensuring compliance with complex tax rules presents one of the most serious challenges today for many businesses. You need to ensure that your business complies with increasingly complex tax legislation and can adapt to updated Revenue guidance in a cost-effective way and we are here to help.
Financial Services Tax
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
Global Mobility Services
Grant Thornton Ireland offer a different approach to managing global mobility. We have brought together specialists from our tax, global payroll, people and change and financial accounting teams across Ireland and Northern Ireland, while drawing on the knowledge and insights of our global network of over 143 offices of mobility professionals to provide you with a holistic approach to managing global mobility.
International Tax
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
Tax Advisory
The Grant Thornton Tax Advisory team blends commercial experience and knowledge with tax expertise to advise clients on the full range of transactions including sales, mergers, restructurings and succession planning.
Tax Incentives
Our Tax Incentives team help clients access vital cash funding and tax incentives to enable them to achieve their growth ambition.
Transfer Pricing
Our Transfer Pricing team has extensive experience across all industries. They can assist clients in overcoming challenges and deliver sector specific, sustainable solutions.
VAT
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.
Real Estate Tax Advisory
The Irish real estate market has experienced considerable change in recent years. This has resulted in the emergence of a number of challenges for investors, but has also brought about significant opportunities. With this in mind, taxation is now more than ever one of the key factors for real estate investors when appraising investments, financing methods and development structuring.

U.S. Irish Business Group

U.S. companies in Ireland form a critical part of Ireland’s cutting edge, internationally traded goods and services economy in industries such as information...

See Overview

About us

See Overview

Alumni

See Overview

Meet our People

See Overview

Office locations

See Overview

Subscriptions

See Overview

Webinars and Events

See Overview

Financial Services

Enhancing the Operational Resilience of Digital Systems: The European Supervisory Authorities’ Public Consultation on DORA

By:

Shane O'Neill,

Mary Loughney

05 Jul 20237 min read

The European Supervisory bodies have recently opened a public consultation on the first batch of technical standards under the Digital Operational Resilience Act (DORA)

Contents

Subscribe to our mailing list

Update your subscriptions for Grant Thornton publications and events.

The consultation focuses on the development of technical standards that will define the requirements for the ICT risk management framework, the classification of ICT-related incidents and the register of information required for all contractual arrangements with third-party providers and the policies governing the use of services by third-party providers.

The ever-increasing dependency of the financial sector on software and digital processes means that information communication technologies (ICT) risks are inherent in the finance sector. As the Commission itself remarked, 'The absence of detailed and comprehensive rules on digital operational resilience at EU level has led to the proliferation of national regulatory initiatives (e.g. on digital operational resilience testing) and supervisory approaches (e.g. addressing ICT third-party dependencies).

DORA will have a significant effect on enhancing the operational resilience of digital environments. By soliciting public input through this consultation process, the European Supervisory Authorities aim to ensure that the resulting technical standards align with industry best practices, promote digital resilience and facilitate robust and secure digital environment across the European Union.

The simplification of the ICT Risk Management Framework

The consultation paper aims to establish a standardised approach for managing risks in information and communication technology across the European Union. By harmonising tools, methods, processes and policies, the EU aims to improve overall ICT and cybersecurity by protecting critical infrastructure and sensitive data. The ESAs have considered the existing European and international standards on ICT risk management, the EBA Guidelines on ICT and security risk management (2019), the NIS2 Directive and the NIST cybersecurity framework components.

The standards set out requirements for all financial entities with respect to:

Security policies, procedures, protocols and tools for ICT (including governance, risk management, asset management, encryption and cryptography, operations security, network security, project and change management, physical security and information security awareness and training);
Human resources policy and access control;
Policies for detecting and responding to incidents;
Business continuity management;
Reporting on the ICT risk management framework review; and
Proportionality approches to managing risks.

New Classification Rules for ICT-related Incidents

The proposed consultation paper requires financial entities to classify ICT-related incidents from other IT-related incidents. Firms will be required to detect and classify incidents and report major incidents and security payment-related incidents to the relevant national component authorities (NCAs).

The proposed mechanism for classification is divided into two categories—primary and secondary. The criteria used between both is defined as follows:

To avoid complexity, the ESAs have discarded the possibility of introducing specific thresholds for cyber threats; instead, they have stated that the classification criteria are the same as those for ICT-related incidents. The consultation paper proposes considering the following elements when assessing the probability of the materialisation of the cyber threat:

Applicable risks, including potential vulnerabilities of the systems of the financial entity that can be exploited;
Capabilities and intent of threat actors; and
The persistence of the threat and any accrued knowledge about ICT- related incidents that have impacted the financial entity.

The ESAs have asked for a response to a number questions including:

Do you agree with the overall approach for classification of major incidents as illustrated above?
Do you agree with the approach for classification of significant cyber threats?

The Register of Information Required for Contractual Arrangements on the Use of Services Provided by ICT Third-parties

DORA requires that at the entity level, firms maintain and update a register of information in relation to all contractual arrangements on the use of ICT services provided by third-party service providers (ICT TPPs). The ESAs have provided register templates to capture risks stemming from the contractual arrangement, the critical or important functions supported by ICT TPPs, the service supply chain with a focus on subcontractors supporting an important function or material parts thereof and the Legal Entity Identifier code of the ICT TPP.

The consultation paper outlines templates for the register of information to be maintained at entity level and sub-consolidated and consolidated level. The templates capture information each of the areas depicted below.

*Source: Consultation Paper on draft Implementing Technical Standards to establish the templates composing the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers as mandated by Regulation (EU) 2022/2554

DORA requires that financial entities must have the established capability to provide the registers to the competent authorities in accordance with the requested uniform formats and using the defined secure electronic channels.

The ESAs have asked for responses on a number of questions including:

Is the structure of the Register of Information clear?
Do you agree with the level of information requested in the Register of Information templates?
Do you think that the minimum level of information requested is sufficient to fulfill the three purposes of the Register of Information, while also considering the varying levels of granularity and maturity among different financial entities?

Policy on ICT Services Performed by Third-parties

This consultation paper provides further detail on the requirement under DORA to maintain a strategy on ICT third-party risk. The strategy should include a policy on the use of services supporting critical or important functions provided by third-party service providers, including intragroup ICT providers. The paper considers already existing specifications provided in guidelines on outsourcing arrangements published by the ESAs.

The policy on the use of ICT services supporting critical or important functions provided by third-party service providers must contain a number of elements, including:

Methodology for determining which ICT services support critical or important functions;
The lifecycle stages when using services including risk assessment, due diligence and monitoring;
The process for assessing that the third-party provider has sufficient resources to provide the service;
Audit and inspection requirements;
Differentiating process for ICT third-party providers that are authorised or registered by a competent authority in Member State with those registered in a third country;
Role of intragroup ICT providers for critical or important functions; and
Exit and termination requirements.

As noted above, DORA sets out core contractual rights in relation to several elements in the performance and termination of contracts with a view to enshrine certain minimum safeguards underpinning the ability of Financial Entities to monitor effectively all risk emerging at ICT third-party level. Some contractual requirements set out in DORA are mandatory and will need to be included in contracts, if not already reflected. Others take the form of principles and recommendations and may require negotiation between the relevant parties. Early mapping and engagement in this respect will be important. Additionally, parties may wish to consider benchmarking their existing contractual arrangements against relevant requirements set out in DORA, as well as existing standard contractual clauses developed by EU institutions.

The Path Forward

Following the consultation process, the ESAs expect to submit these draft technical standards to the European Commission by 17 January 2024.

A recent survey conducted by Grant Thornton reveals that 62 % of Irish companies in the insurance sector have yet to initiate their implementation of DORA.

With the deadline of 17 January 2025 rapidly approaching, these firms must assess the impact of DORA’s technical standards and begin to take remediation steps.

Taking a risk-based approach reflective of an organization’s size, nature, scale and the complexity of services and operations, Financial Entities should begin to scope out the impact of DORA on their business. Firms should carry out a comprehensive gap analysis of their existing ICT-risk management processes against the new requirements introduced by DORA to identify any aspects of their existing processes that will be impacted by the new requirements and develop detailed implementation plans setting out the steps that will need to be taken to effect relevant changes. In anticipation of the final publication of the consultation papers, firms can take the following proactive steps to prepare:

Evaluate your current ICT Risk Management Framework by conducting an comprehensive maturity review on where enhancements and alignments can be made;
Perform gap analysis of your ICT incident response capabilities with a focus on classification; and
Revisit your strategy, documentation and approach for third-party service providers with a focus on oversight and monitoring of those that support critical or important functions.

How Grant Thornton Can Help

At Grant Thornton, our commitment goes beyond providing exceptional operational resilience services. We take a partnership approach, working closely with organizations to understand their unique challenges and goals. Don't let the implementation of the Digital Operational Resilience Act catch you off guard. Our team of experts will collaborate with you to develop customized strategies and practical solutions that align with your business objectives. With our comprehensive support, you can confidently tackle the complexities of the Digital Operational Resilience Act while unlocking opportunities for growth and innovation. Contact our Digital Risk team today to embark on this transformative partnership.