Call: +971 52 6406240 Email: uae@mbgcorp.com

Expo 2020

Internal Control Over Financial Reporting (ICFR)

Have you registered for Corporate Tax yet? Avoid AED 10,000 penalty by registering for Corporate Tax today!

Call Now

Introduction to Internal Controls Over Financial Reporting

ICFR (Internal Control Over Financial Reporting) was introduced primarily as a response to major corporate and accounting scandals in the early 2000s, most notably the Enron and WorldCom scandals. Here’s the key background:

Historical Context:

The financial scandals of Enron (2001) and WorldCom (2002) revealed massive accounting fraud and internal control failures
These scandals led to billions in investor losses and shattered public confidence in corporate financial reporting
The existing regulatory framework proved inadequate to prevent or detect such large-scale financial fraud

In this comprehensive guide, we’ll explore what ICFR is, why it matters, and how organizations can implement effective control frameworks.

What is ICFR?

Internal controls can be categorized into operational controls, compliance controls, and financial reporting controls. Internal Control Over Financial Reporting (ICFR) is subset of internal controls that specifically focuses on financial reporting accuracy and reliability.

It ensures that financial statements are prepared in accordance with applicable accounting standards (e.g., GAAP, IFRS) and are free from material misstatements due to fraud or error. These controls ensure that transactions are properly authorized, recorded, and reported, while safeguarding assets from unauthorized acquisition, use, or disposition.

Examples of Internal Controls and ICFR Coverage

Type of Control	Process	Illustrative Internal Controls	Covered under ICFR (Yes/No)
Preventive	Revenue Recognition	System restricts revenue booking unless all criteria are met.	Yes
Detective	Account Reconciliation	Monthly reconciliation of bank accounts reviewed by management.	Yes
IT General Control (ITGC)	User Access Management	Periodic review of access rights to financial systems.	Yes
Compliance	Environmental Regulations	Regular audits to ensure adherence to environmental laws.	No
Safety Control	Workplace Safety	Mandatory safety training for employees working with heavy machinery.	No

The Evolving Landscape of Internal Controls Over Financial Reporting in the UAE

In recent years, the United Arab Emirates has emerged as a global financial hub, attracting businesses from around the world. With this growth comes the need for robust financial controls and reporting mechanisms. Let's dive into how Internal Control over Financial Reporting (ICFR) has shaped up in the UAE's dynamic business environment by multiple regulatory bodies and frameworks:

SCA issued guidance in 2020 for joint stock company

I. The SCA, the UAE’s financial market regulator, has specific requirements for listed companies. The SCA’s Governance Code (latest version as of May 31, 2024) mandates listed companies to comply with International Financial Reporting Standards (IFRS) and maintain effective internal controls over financial reporting.

CBUAE Regulations

I. CBUAE Regulations Circular No. (21) of 2019 regarding “2020 Reporting Requirements for all Insurance Companies Operating in the UAE”

II. IA Circular No. (21) of 2019 states “As part of the year end audit exercise External Auditors are required to obtain an understanding of the internal controls relevant to the audit and to express an opinion on their operational effectiveness.”

ADAA Regulations

I.As per Article (5) of the Standards for Aud iting Financial Statements of Entities Subject to ADAA: The Auditors shall:

II. Test the effectiveness of internal control systems over financial reporting, which covers regulations and procedures relating to key Transactions with a material financial impact.

III. Examine the effectiveness of control procedures related to information systems, applications and software utilized in financial activities

How MBG Can Help

With MBG's local expertise, global standards, proven track record, industry-specific solutions (financial services and listed companies). MBG simplifies ICFR compliance with regulatory requirements by offering targeted, expert support across key areas:

Gap Analysis

Reviewing current control documentation, mapping controls to financial statement assertions, identifying and prioritizing control gaps

Control Design & Implementation

Developing risk-based control matrices, crafting clear control descriptions and procedures, implementing automated solutions where feasible

IT Control Evaluation

Assessing cybersecurity measures, reviewing data backup and recovery processes, evaluating system access and segregation of duties

ICFR Testing Support

Designing effective test procedures, determining sample sizes through rigorous risk assessments, documenting results and conclusions systematically

Remediation Assistance

Conducting root cause analyses, developing action plans with clear timelines, monitoring progress to ensure effective remediation

Reporting Expertise

Drafting concise descriptions of key audit matters, accurately disclosing material weaknesses and significant deficiencies, preparing actionable management letters

Training & Knowledge Transfer

ICFR fundamentals and best practices, specific regulatory requirements, ongoing monitoring and self-assessment techniques By partnering with MBG, you gain a trusted advisor to help ensure your ICFR processes meet regulatory standards and support your organization’s overall success.

Steps for Implementation of ICFR Journey

The Internal Controls over Financial Reporting (ICFR) Journey typically involves a structured process to ensure compliance with financial reporting regulations. Here are the key steps in implementing and maintaining an effective ICFR framework in line with COSO Framework:

Scoping & Risk Assessment

• Identify significant accounts, processes, and locations and perform a risk assessment.
• Define the scope of ICFR based on financial statement impact and inherent risks.

Documentation of Processes & Controls

• Map business processes (Order-to-Cash, Procure-to-Pay, Financial Close, etc.) and identify key controls (both entity-level controls and process-level controls).
• Document control activities, policies, and procedures.

Design & Implementation of Controls

• Ensure control design effectiveness (preventive & detective controls)
• Assign ownership of controls and Identify automated and manual controls.

Control Testing & Evaluation

• Conduct walkthroughs to validate control design, perform operating effectiveness testing (sample-based testing), identify control deficiencies and gaps.

Deficiency Evaluation & Remediation

• Categorize deficiencies as material weaknesses, significant deficiencies, or control deficiencies.
• Develop a remediation plan, monitor for track corrective actions.

Monitoring & Continuous Improvement

• Conduct regular self-assessments and internal audits.
• Update controls to adapt to business and regulatory changes.

Meet Sarah

Sarah is an experienced internal auditor at Emirates ABC Insurance. When the CBUAE mandated a comprehensive ICOFR compliance report with just days to go, Sarah felt the weight of responsibility and mounting stress.

The Challenge

Reviewing the current ICOFR framework, Sarah discovered gaps in documentation and control testing. With the looming deadline, the pressure was intense, and she struggled to ensure complete and accurate compliance.

A Lifeline in Consulting

To manage the crisis, Sarah reached out to MBG Corporate Services. They promptly assigned Samantha, a seasoned ICOFR consultant, to help navigate the complex requirements.

Collaborative Action and Transformation

Together, Sarah and Samantha:

Mapped Critical Processes: Identified weak or missing controls.
Developed a Robust Framework: Documented standardized procedures and integrated automated checks.
Conducted Rigorous Testing: Simulated various scenarios to validate each control.

MBG’s expert support eased Sarah’s stress, turning the overwhelming task into manageable steps.

To manage the crisis, Sarah reached out to MBG Corporate Services. They promptly assigned Samantha, a seasoned ICOFR consultant, to help navigate the complex requirements.

Together, Sarah and Samantha:

Mapped Critical Processes: Identified weak or missing controls.
Developed a Robust Framework: Documented standardized procedures and integrated automated checks.
Conducted Rigorous Testing: Simulated various scenarios to validate each control.

MBG’s expert support eased Sarah’s stress, turning the overwhelming task into manageable steps.

Why Your Organization Needs Strong ICFR

Regulatory penalties and fines
Damaged investor confidence
Increased audit costs
Reputational risks
Lost business opportunities

What can we help you achieve?

Stay one step ahead in a rapidly changing world and build a sustainable future with us.

Get a quote

We're here
To help you.

Submit your enquiries to MBG Corporate Services. We will respond as soon as possible.

Call us at: +971 52 640 6240

Get A Free Consultation

Latest Insights

Risk Advisory