From Adherence to Trustworthiness: Mastering the UAE’s Latest ICOFR Mandates
June 26, 2025
The Securities and Commodities Authorities (SCA) has introduced key clarifications applicable to UAE Public Joint Stock Companies (PJSCs) on Internal Control Over Financial Reporting (ICOFR) requirements. These amendments aim to enhance corporate governance relating to finance reporting, align with global best practices and boost investor confidence in UAE’s Securities Market.
Key Highlights of the Circular issued on January 14, 2025
- Clear recommendation of COSO Framework for establishing Internal Controls
- Detailed responsibilities of the Board, Senior Management and Auditors
- Phased Approach for Internal Control Review
Embracing COSO Framework for establishing Internal Controls
In accordance with global best practices, the SCA has suggested the COSO framework for putting in place strong internal controls and a risk management system.
The COSO framework focuses on following 5 pillars:
- Robust Control Environment
- Risk Assessment Procedures
- Control Activities
- Information and Communication Channels
- Continuous Monitoring Activities
Note: Companies that have established internal control framework to comply with other regulators may continue to follow such other framework provided minimum criteria of circulars are being complied with.
Enhanced Responsibilities of the Board, Senior Management and Auditors
Role of Board of Directors
Article 14 of SCA – Corporate Governance Guide states that the Board is responsible for developing and implementing an internal control and risk management system that is appropriate for the company’s operations and in accordance with international best practices (recommended COSO).
The Board is in charge of ensuring the implementation of internal control and risk management systems that enable auditors to express their views on the effectiveness of the Company's internal controls, including internal control financial reporting (ICOFR).
Role of Senior Management
Senior Management is responsible for implementing standard operating procedures (SOPs), processes and systems that aligns with the Board’s approved internal control and risk management framework.
Role of Auditors
In accordance with the revisions made in Article 73(4), the auditor may express an opinion on the efficacy of the company’s internal control systems and their compliance with the approved internal control framework in a separate report.
Phased Approach for Internal Control Review
| Particulars | Phase I - Fiscal Year 2024 | Phase II - Fiscal Year 2025 |
| Requirement of Self-assessment by Management and address any gaps | Yes | Yes |
| Auditor’s Opinion | Limited to ICOFR Framework | Yes, the Auditor shall provide opinion on effectiveness on internal control and risk management framework, including ICOFR. |
| Public Disclosure of Audit Opinion | No, a separate report shall be presented to BOD or Audit Committee only (if applicable) | Yes, a separate report shall be issued (with disclosure) containing the auditor’s opinion. |
How can MBG’s Risk Advisory Team Help You?
We can act as a layer of assurance by developing and testing internal control over the financial reporting (ICOFR) framework of your Company before external auditors conduct their reviews.
MBG simplifies ICFR regulatory requirements by offering following support:
- Control Gap Analysis
- Control Design and Implementation / Risk Control Matrices (RCMs)
- ITGC Control Evaluation
- ICFR Testing and Report Support
- Remediation Assistance
- Training and Knowledge Transfer
Reach out to our team TODAY
