CHAPTER 4: GOVERNANCE
One of the first requirements set out in DORA is that financial entities must establish “an internal governance and control framework” for overseeing the organisation’s risk management activities.19 While the Regulation’s requirements in relation to this are relatively slim – taking up on a single article – this is potentially one of the most important parts of DORA compliance.
The management body that the Regulation sets out will be necessary to ensure compliance with DORA’s other requirements, and – of special note – has the “ultimate responsibility for managing the financial entity’s ICT risk”.20 This is no small duty, as you can imagine.
As with most governance roles, the management body will be primarily involved at ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access