Latest News

ICFR is unlocking opportunities and improving operational efficiency

After a 2017 order by the Abu Dhabi AccountabilityAuthority (ADAA), Abu Dhabi Government organizations began strengthening their internal controls over financial reporting (ICFR) frameworks. Compliance has helped improve efficiencies, enhance financial reporting and even boost future investment prospects by improving governance in these past three years, according to a new KPMG report.‘Beyond regulatory compliance: Insights on Resolution No. (1), 2017 of the Chairman of ADAA’states that ICFR programs are evolving into opportunities to deliver value to the bottom line. Over the last three years, organizations have derived great value beyond compliance that covers areas ranging from standardization of processes and mitigating revenue leakages to hitherto unexplored changes in the operating model.

Siddharth Behal, Partner & Head of Internal AuditRisk & Compliance Services (Middle East), KPMG Lower Gulf Limited said: “Today’sorganizations need to significantly transform their business operating models to remain competitive amid a growing number of industry challenges. ICFRprograms are, as of yet, an unfulfilled opportunity to deliver value to the bottom line of a company. Internal control teams need to take a close look at the fundamental business processes, understand core issues and financial reporting risks and subsequently identify opportunities for value creation.”

The majority of organizations surveyed have documented process-level, entity-level, and IT general controls. A few have also commenced covering anti-fraud controls and compliance as part of their ICFR exercises. Key risks and controls were documented using various tools, such as process maps, process flowcharts, and risk and control matrices.

According to the KPMG report, in response to ADAA Regulation No. (1) of 2017, more than half (58%) of organizations initiated their ICFR implementation journey in 2018, while others started in 2019. All the entities surveyed by KPMG used the COSO internal control framework for their ICFR implementation. Approximately 23% noted control failures for in-scope processes.

Within entity-level controls, the absence of a comprehensive legal compliance framework and robust fraud risk management were identified as the most common deficiencies by respondents.

A majority of respondents in the KPMG survey felt that compliance efforts will reduce over the next five years. This is expected to happen as entities strengthen the ICFR mechanism and turn it into it an excellence-driven activity, rather than merely a compliance-driven one.

The KPMG report highlights that with many listings on the horizon, investors are also willing to assign significantly higher PE multiples to entities with better governance and internal controls. Implementing an ICFR program is an important step in this direction, as multiple entities seek to become transaction-ready with the Abu Dhabi Government looking at several listings in the next two to three years.

For more information, please visit


Read more opinions >