DORA 2024 – Internal Audit’s Role and Strategies Ahead of Compliance Deadline

Christophe BARDY - GRACES community
11/9/2024
Propulsé par Virginie
Cet article est réservé aux membres GRACES.community

The newest edition of the ECIIA paper, DORA: Impact of the Digital Operational Resilience Act (DORA) on the Internal Audit Function, has been published, offering valuable insights for the insurance industry. With the January 17, 2025, compliance deadline approaching, this paper outlines key strategies and actions to help internal audit teams ensure readiness.


The Digital Operational Resilience Act (DORA) represents the European Union’s strategic approach to managing systemic risk within the financial system. It aims to enhance cybersecurity and operational resilience across the financial services sector, becoming mandatory in 2025.


Key findings from a survey of 70 insurance industry respondents show that many companies are still in the early or moderate stages of implementing DORA. The paper outlines essential actions for internal audit teams, such as regular audits of ICT risk management frameworks, reviews of ICT response and recovery plans, and assessments of ICT third-party service providers. It also emphasizes the importance of internal auditors documenting Threat-led Penetration Tests (TLPT) and ensuring that contracts with ICT third-party providers adhere to all key provisions.


By focusing on these practical recommendations, the paper serves as a vital resource for internal audit professionals aiming to enhance their digital resilience and comply with DORA requirements.

Envie de lire la suite de l’article ?
Il vous reste 50% de l’article à lire
Inscrivez-vous sur GRACES.community pour profitez de toute l’actualité compliance
directement depuis votre espace Membre !
M'inscrire

Plus de 200 sociétés ont trouvé leur compliance officer avec GRACES.community,

et si c’était vous ?