After a 2017 order by the Abu Dhabi Accountability Authority (ADAA), Abu Dhabi Government organisations began strengthening their internal controls over financial reporting (ICFR) frameworks. Compliance has helped improve efficiencies, enhance financial reporting and even boost future investment prospects by improving governance in these past three years, according to a new KPMG report.
‘Beyond regulatory compliance: Insights on Resolution No. (1), 2017 of the Chairman of ADAA’ states that ICFR programmes are evolving into opportunities to deliver value to the bottom line. Over the past three years, organisations have derived great value beyond compliance that covers areas ranging from standardisation of processes and mitigating revenue leakages, to hitherto unexplored changes in the operating model.
"Today’s organisations need to significantly transform their business operating models to remain competitive amid a growing number of industry challenges," said Siddharth Behal, partner and head of Internal Audit Risk & Compliance Services (Middle East) at KPMG Lower Gulf. "ICFR programmes are, as of yet, an unfulfilled opportunity to deliver value to the bottom line of a company. Internal control teams need to take a close look at the fundamental business processes, understand core issues and financial reporting risks and subsequently identify opportunities for value creation."
The majority of organisations surveyed have documented process-level, entity-level and IT general controls. A few have also commenced covering anti-fraud controls and compliance as part of their ICFR exercises. Key risks and controls were documented using various tools, such as process maps, process flowcharts and risk and control matrices.
According to the KPMG report, in response to ADAA Regulation No. (1) of 2017, more than half (58%) of organisations initiated their ICFR implementation journey in 2018, while others started in 2019. All the entities surveyed by KPMG used the COSO internal control framework for their ICFR implementation. Approximately 23% noted control failures for in-scope processes.
Within entity-level controls, absence of a comprehensive legal compliance framework and robust fraud risk management were identified as the most common deficiencies by respondents.
Beyond a box ticking exercise
A majority of respondents in the KPMG survey felt that compliance efforts will reduce over the next five years. This is expected to happen as entities strengthen the ICFR mechanism and turn it into it an excellence-driven activity, rather than merely a compliance-driven one.
The KPMG report highlights that with many listings on the horizon, investors are also willing to assign significantly higher PE multiples to entities with better governance and internal controls. Implementing an ICFR programme is an important step in this direction, as multiple entities seek to become transaction ready with the Abu Dhabi Government looking at several listings in the next two to three years.
Like this item? Get our Weekly Update newsletter. Subscribe today