INTERNAL CONTROL OVER FINANCIAL REPORTING (ICOFR)
January 08, 2025
INTERNAL CONTROL OVER FINANCIAL REPORTING (ICOFR)
Building on the strong base set by the 2020 Governance Code (Decision no. 3/R.M), the SCA has made significant updates to its corporate governance requirements, shown in the latest changes from Decision no. 2/R.M of 2024. The present decision has been published and applied as of 9th January 2024. Active Date: 15 Jan 2024 (Amendments).
These SCA regulations, along with their relevant amendments, are applicable to Public Joint-Stock Companies (PJSCs) in the UAE, effective from January 2024 and applicable for years ending either on 30 June 2024 or 31 December 2024 onwards. All the public joint stock companies are expected to comply with these rules. The SCA, being the regulatory authority supervising listed companies, oversees the application of this Guide. (Article (3):Decision Publication and Application)
At UHY James, we are fully equipped and confident in our expertise and know-how to assist PJSC companies in adhering to SCA requirements. Below is a comprehensive overview pertaining to Board of Directors, Audit Committee and Auditors in line with SCA Regulations.
Article 14: Board Obligation
Taking the necessary procedures to ensure efficient internal auditing of the work flow in the Company, including:
- Establishing a clear policy approved by the board for internal audit, ensuring departmental compliance with adopted systems and regulations.
- Setting written and detailed regulations and procedures for internal auditing, which determines the duties and responsibilities in compliance with the policy approved by the Board and the general requirements and objectives stipulated in the applicable legislations.
The board of directors sets and oversees governance rules aligned with the Governance Code issued by SCA, where it may establish a governance committee of non-executive members to implement the Governance Code, ensuring compliance, updating these rules, and awareness of the board members of global leading practices in corporate governance. This committee is obligated to prepare an annual corporate governance report, to confirm that it has met the requirements specified in this Governance Code as stipulated in Article 63 bis.
Developing and adopting an internal control framework and risk management framework suitable for the company’s operations and compliant with international practices (recommended COSO), ensuring its application through:
- Creating a suitable control environment within the company.
- Designing and developing internal control procedures.
- Providing information and preparing internal reports.
- Supervising the performance of internal control systems, assessing their effectiveness, and taking corrective actions.
- Enabling the auditor to express an opinion on the effectiveness of internal control systems and risk management.
Article 66 and 67 : Risk Management, Compliance and Audit Risk Management
1. The Company Board shall ensure, through the Audit and Risk Committees, in consultation with the senior executive management, that appropriate systems and procedures are in place for effective risk management and internal auditing. The Board shall, in particular:
- Adopt risk management procedures and ensure compliance with these procedures.
- Analyze, evaluate and approve the effectiveness of internal risk management procedures and internal controls on a regular basis.
2. The Board shall determine the scope of the Internal Auditing Department report in light of recommendations made by the Audit Committee and Internal Auditing Department. In particular, the report shall cover scope of compliance with internal controls when identifying and managing risks.
Article (61/Bis): Duties of Audit Committee
1. The committee shall prepare an annual report on the activities of the Audit Committee, signed by the Chairman of the Audit Committee, and included as an
independent report in the annual governance report issued by the company in accordance with the provisions of this guide. The Chairman of the Audit Committee
must also be present at the annual General Assembly meeting to answer questions related to the annual report.
2. The audit committee is obligated to compile an annual report that encompasses several critical areas such as review of significant financial matters, evaluation of the external audit's independence and effectiveness process, external auditor appointments, review of high and medium risks issued by internal audits, corrective
measures for risk management and internal control deficiencies, and review of related-party transactions, as highlighted
3. The annual report must include the following:
- Significant matters considered by the Committee in relation to the financial statements and how these matters were addressed.
- An explanation of how the independence and effectiveness of the external audit process and the approach taken in appointing or reappointing the external auditor are evaluated, and information about the tenure of the current audit firm.
- A statement of the committee’s recommendation regarding the appointment, reappointment or dismissal of the external auditor, and the reasons for the Board of Directors not accepting that recommendation.
- An explanation of how to ensure the independence of the external auditor if he provides services other than auditing the company’s accounts.
- Actions that the Committee has taken or will be taken to address any deficiencies or weaknesses in the event of any failures in internal control or risk
- management.
- Evidence that the committee reviews all mediumand high-risk reports issued by internal audit to determine whether they arise from major failures or weaknesses in internal control.
- Comprehensive information about the corrective treatment plan in the event of fundamental deficiencies in the areas of risk management and internal control systems.
Article (71) - Auditor Duties
The auditor shall supervise the Company works, examine the Company administrative and financial systems and internal auditing systems, give an opinion as to the effectiveness of such systems, and ensure their appropriateness for smooth flow of the Company works and preservation of the Company assets.
Article (77) - Corporate Governance Information
The company is obligated to present a signed governance eport, prepared in accordance with the form prescribed by the Authority that is available on its official website of the Authority and the Exchange.
The annual report shall include a corporate governance report includes the following at least:
1. The names of Board members, chairman, vice-chairman and other persons occupying main jobs in the company, a brief biography of each member including its qualifications and experience, and the identification of the independent member (s) as well as other positions in the Board or senior management they hold in other companies or institutions.
2. Committees and Board members, the authorities and assignments entrusted thereto and activities carried out during the year.
3. Number of meetings held by Board and Board Committees as well as names of the attendees.
4.The names of the major shareholders who directly or indirectly own more than five percent of the company shares in addition to a brief summary of the changes in the company capital structure.
5. Report on the risk management framework and internal controls, including the following:
- The applicable corporate governance rules.
- The self-evaluation approach of the Board performance.
- Internal audit procedures and the scope of their full application by the Board.
6. Details and reasons for any compensation and allowances received by each Board member and Board committees for the financial year.
7. A statement of the company directors and the first and second grades as stated in the organizational structure of the company and their functions, dates of appointment, details of salaries, bonuses received by each of them separately and any other compensation received from the company, clarifying the consideration for these compensations.
8. Compensation of the Board members and all members of the Company administrative body, including remuneration and any incentive programs related to securities issued or guaranteed by the Company.
Email info@uhy-ae.com to know more.