error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content

      The Digital Operational Resilience Act (DORA), currently in-effect, creates a regulatory framework under which firms must ensure they can withstand, respond to and recover from all types of ICT-related disruptions. 

      Financial institutions have made significant progress on their DORA compliance journeys, and our Risk Consulting team has seen firsthand the scale and complexity of the implementation effort when supporting the businesses. Now that DORA is in effect and regulatory scrutiny is increasing, the focus must shift from programme delivery to embedding operational resilience into day-to-day operations.

      The Risk Consulting team, led by Jackie Hennessy, share their views and guidance below.

      Compliance excellence

      The next phase of your DORA journey


      As DORA programmes wind down and shift into business-as-usual (BAU), it presents a valuable opportunity to take stock. Revisiting your initial gap assessments and the enhancements made during the programme can help validate the progress achieved and ensure your organisation is well-positioned to maintain ongoing compliance.

      As financial institutions across Europe continue to channel considerable efforts in their DORA programmes, one truth is becoming increasingly clear: implementation alone isn’t enough.

      The real challenge, and opportunity, lies in ensuring that these strategies are effective, embedded, and resilient. That’s where quality assurance (QA) steps in, not as a compliance afterthought, but as a strategic imperative.

      For senior management, DORA isn’t just another regulatory hurdle; it’s a shift in accountability and a strategic imperative to embed digital resilience at the core of operations. Business leaders are now directly responsible for driving proactive resilience transformation efforts to ensure their organisations can withstand and recover from digital disruptions. 

      This accountability demands more than dashboards and documentation. It requires confidence that the programme is delivering as designed. Quality assurance provides that confidence.

      Transforming resilience into reality

      How quality assurance strengthens DORA implementation


      Quality assurance goes beyond merely fulling requirements —it’s about uncovering vulnerabilities that can derail even the most well-funded DORA programmes. It enables organisations to proactively identify and address challenges in some of the areas that we have identified as the most challenging across the industry:

      • Service and asset mapping: QA validates the completeness of mapping between critical services and underlying assets, ensuring robust and holistic resilience strategies. 
      • Ownership and BAU integration: It assesses whether DORA responsibilities are clearly defined and embedded into day-to-day operations, making DORA related operations sustainable beyond initial rollout. 
      • Resilience reporting: QA evaluates the relevance and effectiveness of existing KPIs, ensuring board level reporting reflects the true state of resilience. 
      • Third and fourth-party resilience: It uncovers gaps in vendor oversight, helping organisations manage ICT risks across their extended supply chain. 
      • Scenario testing maturity: QA reviews the design and execution of resilience testing, moving organisations from checkbox exercises to meaningful preparedness. 
      • Integration with existing capabilities: It ensures DORA is not a standalone initiative but is aligned with and enhances existing risk, compliance, and IT frameworks. 

      By addressing these areas, quality assurance becomes a strategic enabler, helping senior management demonstrate accountability, build stakeholder trust, and unlock the full value of their DORA investment.

      How KPMG can help

      An independent review of your DORA implementation can provide clarity and confidence. Drawing on deep cross-functional expertise, we can help assess whether your current design aligns with both regulatory expectations and your broader strategic objectives – supporting a smooth transition into sustained, resilient operations.

      KPMG services across your DORA journey:

      • Governance
      • Assessment
      • Remediation
      • Compliance & Quality Assurance
      • Target Operating Model
      • Technology Enablement
      • People & Change

      For more information, explore our insights and framework in our DORA Quality Assurance services brochure.

      Download

      DORA: Quality assurance

      (PDF, 466KB)
      Download

      Get in touch

      Whether you require additional resources or expert knowledge, the skills across our Consulting practice can be drawn upon to aid with the various aspects of your DORA programme.

      If you would like to discuss how KPMG can provide guidance and support on your DORA compliance journey, please get in touch with our Technology Risk Consulting Team. We’d be delighted to hear from you.

      Jackie Hennessy
      Jackie Hennessy

      Partner

      KPMG in Ireland

      Carmen Cronje
      Carmen Cronje

      Director

      KPMG in Ireland

      Read more on DORA

      Something went wrong

      Oops!! Something went wrong, please try again