In today’s fast-paced, risk-driven business environment, organisations face mounting pressure to ensure accuracy, compliance, and operational resilience. This is where a robust internal control framework (ICF) covering internal controls over financial reporting (ICOFR), operational control, information technology general control (ITGC), and fraud and compliance control objectives becomes important. There are various regulations in the UAE issued by regulators to companies under their purview to implement an internal control framework.

In the UAE, the COSO Internal Controls Framework is widely used and recommended by regulators. Most organisations are using the COSO framework either to comply with existing regulatory requirements or to improve their business processes, or both. This is recognised globally as the leading framework for effective governance. The COSO framework empowers businesses to proactively manage risks, safeguard assets, and build stakeholder trust while driving sustainable growth.

The applicable ICF regulatory requirements in the UAE are as follows:

There are various regulatory requirements regarding internal controls in the UAE as follows:

BDO has been helping clients globally and locally in the UAE to improve their internal controls and optimise business processes using COSO / SOX frameworks.  This includes developing a fully-fledged internal control framework covering the three key control objectives - operational, compliance and finance, tailor-made specific ICOFR implementation projects focusing only on the financial control objective.
 

Regulation	SCA Governance Code -Decision no. 2/RM of 2024) Articles 14,61, and 73	ADAA Resolution No. 88 of 2021	Circular No. (21) of 2019 of “2020	Resolution #157 of 2024
Regulator	Securities and Commodities Authority (SCA)	Abu Dhabi Accountability Authority (ADAA)	CBUAE	UAE Accountability Authority
Applicability	All listed PSJC companies in the UAE	Abu Dhabi Government-owned entities, both directly and indirectly more than 25% of their capital	All insurance and Takaful Insurance Companies in the UAE and their foreign branches	All UAE Federal Government Ministries, authorities, and corporations in which the federal government has a minimum share of 25% in their capital
Focus	Broad focus on entity-wide risks and controls (including operational and compliance controls)	Specifically focuses on financial reporting risks and controls	Specifically focuses on financial reporting risks and controls	Broad focus on entity-wide risks and controls (including operational, risk and compliance controls)

Why BDO? 

• Early and ongoing communication: Our team works with management and external auditors in a transparent, dynamic manner. 
• Aligned goals and expectations for ICF/ ICOFR compliance: Agreed-upon goals and clear expectations set for regulatory compliance. 
• Operational excellence through technology solutions: we go beyond compliance by providing recommendations that improve your process efficiency, including utilisation of technology, thereby improving your bottom line.
• Maximum engagement of your external auditors: We use the resources and network at our disposal to help ensure that your organisation’s processes and compliance match evolving requirements from external auditors and regulators. 
• Strategic and control culture alignment: We ensure that our client’s process owners understand the ICF/ ICOFR through training, coaching and change management sessions.