Ozona Consulting · ISO 20000, ISO 270001, ISO 22301 consultancy

DORA · Internal Audit

DORA Training · Internal Audit

 

The Regulation (EU) 2022/2554 (DORA) establishes a European regulatory framework that strengthens the digital operational resilience of financial sector entities, addressing ICT risk management, incident management, operational resilience testing, third-party management and information sharing.

This training has been specifically designed for internal audit teams of financial entities, covering the planning, execution and reporting of audits on the five pillars of DORA. The contents are based on the experience of Ozona Consulting’s team of consultants in real implementation and audit projects on ISO 22301, ISO 27001 and ISO 20000, on the articles of the DORA regulation and on its Regulatory Technical Standards (RTS).

The course is useful for internal audit teams and for any profile involved in the adoption, management and governance of DORA within the entity.

KEY FEATURES OF THE COURSE

PRACTICAL APPROACH

Audit programme applied to the five pillars of DORA, with real cases and examples.

INTERNAL AUDIT FOCUSED

Designed specifically for internal audit teams of financial entities.

BASED ON THE REGULATION AND RTS

Contents based on the DORA articles, its Regulatory Technical Standards and good practice guides.

TARGET AUDIENCE

  • Internal audit teams of financial entities
  • Auditors with responsibilities for DORA compliance
  • ICT risk, compliance and governance officers
  • Digital operational resilience officers
  • Profiles involved in the adoption and governance of DORA within the entity

Prior knowledge of DORA fundamentals recommended. Intermediate level.

COURSE DETAILS

DURATION AND FORMAT

12 hours distributed across 4 sessions of 3 hours (or 3 sessions of 4 hours), in live online or on-site format. Available in multi-client or in-company format.

 

LANGUAGE AND MATERIALS

Course in Spanish, materials in Spanish (PDF manual; printed copy optional).

 

CERTIFICATE

Attendance certificate upon completion.

 

WHAT IS INCLUDED?

  • Training
  • Course manual in electronic PDF format
  • Attendance certificate

COURSE PROGRAMME

12 hours distributed across 4 sessions of 3 hours each.

SESSION 1 · INTRODUCTION TO THE DORA REGULATION (3 HOURS)

  • Context of the EU Digital Finance Package: EU digital financial environment and the need for a regulatory framework such as DORA.
  • Objectives and timeline of the DORA Regulation: main goals, implementation deadlines and obliged entities.
  • Consequences of non-compliance: sanctions, audits, reputational and financial risks.
  • The five pillars of DORA: ICT risk management, incident management, operational resilience testing, third-party management and information sharing.
  • Policy instruments related to DORA: relationship between legal and regulatory instruments and the organisation’s internal policies.

SESSION 2 · IMPACT OF DORA ON INTERNAL AUDIT (3 HOURS)

  • Direct requirements of DORA for internal audit: how DORA affects planning, execution and reporting of audits.
  • Other implications: necessary adjustments to internal processes and policies to ensure compliance.
  • Training and skills development: new competences that internal auditors must acquire, including ICT risk management and operational resilience.

SESSION 3 · AUDIT PROGRAMME FOR DORA (3 HOURS)

  • Audit planning: structuring the plan to address the five pillars of DORA.
  • Audit tests:
    • Digital operational resilience of the organisation.
    • Identification and review of critical and important functions.
    • Audit of recovery plans for ICT incidents.
    • Incident management and notification process to regulators.
    • ICT audits: controls and system security.
    • Penetration testing: review of effectiveness on ICT infrastructure.
  • Outsourcing risk management: supervision of external ICT service providers and compliance with DORA.

SESSION 4 · CONTINUOUS IMPROVEMENT AND CLOSURE (3 HOURS)

  • Governance and organisation: assessment of the governance structure in relation to digital operational resilience.
  • ICT risk management: audit of the process for identifying, analysing and mitigating risks.
  • ICT incident management: classification, reporting and analysis according to DORA thresholds.
  • Digital operational resilience testing: testing programme, penetration tests and crisis simulations.
  • Third-party ICT providers: review of the provider management framework to ensure compliance.

Request information about the DORA internal audit training

    Interested in an in-company sessionOther editions