Financial Services Ireland

Leading Through Volatility

Covid-19: managing your IT risk and control environment

Read more


The Covid-19 pandemic continues to bring uncertainty to organisations globally and nationally. Financial services firms have navigated through significant disruption to their operations, while simultaneously trying to be resilient and support the recovery of the economy. EY has seen financial services firms adapting their operating models, setting up new processes, operating existing processes remotely and leveraging different solutions and service providers to deliver their business services to customers. With changes in customer demand, these challenges have also led to a variety of IT-related risks and issues. These include an increase in cyber threats, increased strain on business continuity measures, change management capabilities and higher dependency on specific IT service providers. This highlights the need for firms to rationalise, optimise and sustain their IT risk and control environments to ensure effectiveness in the eyes of their internal and external stakeholders. If firms seize the opportunity to transform their IT risk and control environment in the “new normal”, it provides a platform for long-term value creation and a resilient business.

Here in Ireland, our clients are consciously shifting their focus to identify what this “new normal” means for their business and how best to implement change during the pandemic to adapt their IT processes, manage new or evolving IT risks and implement necessary measures to maintain a controlled IT environment. They are actively working to embed new processes and controls to support this changing environment to ensure they are in line with changing business and customer needs. In addition, with on-going government restrictions, our clients have been forced to shift their business operations and introduce new ways of working to effectively manage the following:

  • increased use of online channels and contactless payments due to the shift in business and customer needs
  • increased dependency on remote access to support working outside of the office
  • increased concerns over data protection relating to accessing sensitive information remotely and the scale of this due to changes in business operations

These aspects have driven changes to organisations’ IT risk and control environments. This has also brought focus from regulatory bodies with increased scrutiny of IT risk and security through supervisory activity including inspections and thematic reviews to ensure organisations are establishing a plan to measure compliance against the evolving regulatory expectations.

To navigate these challenges, our latest paper – which you can download below – focuses on what firms should consider now, next and beyond. You may also find it useful to review our latest insights and thinking to support you in leading through these volatile times; don’t hesitate to reach out if you have a question.

Jerry O’Sullivan

FS Executive Director, Risk
Jerry's Full Profile