Harmonised Risk Analysis
Risk analysis pursuant to DORA, MaRisk, MaGo and the EBA Guidelines on Outsourcing in a single process, implemented as a stringent workflow, enabling efficient monitoring of all third parties.
Risk analysis is an instrument for initial, event-driven, and regular governance of externally sourced services. The obligation to conduct risk analysis for outsourcing arrangements arises from MaRisk, MaGo and the EBA Guidelines on Outsourcing. For ICT services, the obligation originates from the Digital Operational Resilience Act (DORA). Many ICT services under DORA are also subject to the requirements applicable to outsourcing arrangements. The requirements overlap significantly in many areas, but differ in some aspects. Integrating all requirements into a single process significantly increases the effectiveness of risk analysis and greatly reduces the effort required for its execution.
Risk Analyses with IQRisk – Key Benefits
100% Compliance
Fulfilment of all requirements of DORA, MaRisk (especially AT 9), MaGo (especially Chapter 13) and the EBA Guidelines on Outsourcing.
Stringent Workflow/Intuitive Cockpit
Each risk analysis is executed via a stringent process that is always maintained in a consistent state. An intuitive management cockpit provides full transparency on the status of all risk analyses.
Automated Reporting to Authority
If an initial outsourcing is intended, there is an obligation to notify the authority. The same applies to changes, such as classifying a function as important or critical.The required notifications are automatically generated upon authorisation and transmitted to the competent authority.
Consistent Documentation
Newly analysed outsourcing arrangements or ICT services are automatically stored in the integrated register of information and outsourcing arrangements. Only information not yet digitised must be recorded manually.
Consideration of Concentration Risks
Existing concentration risks are automatically fed into the risk analysis decision process. The concentration risks existing at the time of each risk analysis are automatically documented.
Transfer to Operational Risk Management
Specific risks can be automatically transferred to operational risk management, including their respective probabilities of occurrence and potential loss severities.
Contact us now
Benefit from harmonised risk analysis. Meet the requirements of DORA and other relevant (national) regulations through a consistent risk management process.
![DORA Risikoanalyse [New] – EN](https://www.iqprocess.de/wp-content/uploads/2025/08/Main-Site_on_MAC_image.png "Screen displaying information about Zoom Communications and a chart within a software interface.")
Risk Analysis and Process Automation
Regularly conducted risk analyses are automatically performed at the scheduled intervals. The involved parties receive a digital reminder beforehand. If actions are not completed or delayed, a specially configured escalation workflow is triggered.
For stringent third-party governance, complementary actions are necessary. Examples include typically monthly provider meetings or quarterly performance quality assessments. These complementary processes can be instantiated and executed at any time via IQThirdParty’s process engine.
Contact us now
Would you like to learn more about our SaaS solution IQThirdParty or schedule a demo appointment?
Thank you!
We have received your request and will get back to you shortly with all the information