Beyond regulatory compliance, ICFR is unlocking opportunities and improving operational efficiency: KPMG report

Beyond regulatory compliance, ICFR is unlocking opportunities and improving operational efficiency: KPMG report

DUBAI, UAE: After a 2017 order by the Abu Dhabi Accountability Authority (ADAA), Abu Dhabi Government organizations began strengthening their internal controls over financial reporting (ICFR) frameworks.Compliance has helped improve efficiencies, enhance financial reporting and even boost future investment prospects by improving governance in these past three years, according to a new KPMG report.‘Beyond regulatory compliance: Insights on Resolution No. (1), 2017 of the Chairman of ADAA’ states that ICFR programs are evolving into opportunities to deliver value to the bottomline. Over the last three years, organizations have derived great value beyond compliance that covers areas ranging from standardization of processes and mitigating revenue leakages, to hitherto unexplored changes in the operating model.

Siddharth Behal, Partner & Head of Internal Audit Risk & Compliance Services (Middle East),KPMG Lower Gulf Limitedsaid: “Today’s organizations need to significantly transform their business operating models to remain competitive amid a growing number of industry challenges. ICFR programs are, as of yet, an unfulfilled opportunity to deliver value to the bottom line of a company. Internal control teams need to take a close look at the fundamental business processes, understand core issues and financial reporting risks and subsequently identify opportunities for value creation.”

The majority of organizations surveyed have documented process-level, entity-level and IT general controls. A few have also commenced covering anti-fraudcontrols and compliance as part of their ICFR exercises. Key risks andcontrols were documented using various tools, such as process maps, process flowcharts and risk and control matrices.

According to the KPMG report, in response to ADAA Regulation No. (1) of 2017, more than half (58%) of organizations initiated their ICFR implementation journey in 2018, while others started in 2019.All the entities surveyed by KPMG used the COSO internal control framework for their ICFR implementation. Approximately 23% noted control failures for in-scope processes. 

Within entity-level controls, absence of a comprehensive legal compliance framework and robust fraud risk management were identified as the most common deficienciesby respondents. 

A majority of respondents in the KPMG survey felt that compliance efforts will reduce over the next five years. This is expected to happen as entities strengthen the ICFR mechanismand turn it into it an excellence-driven activity,rather than merely a compliance-driven one. 

The KPMG report highlights that with many listings on the horizon, investors are also willing to assign significantly higher PE multiples to entities with better governance and internal controls. Implementing an ICFR program is an important step in this direction, as multiple entities seek to become transaction ready with the Abu Dhabi Government looking at several listings in the next two to three years.