ICFR Testing Common Issues

In the UAE, insurance companies place a strong emphasis on testing Internal Control over Financial Reporting (ICFR) to ensure the accuracy and reliability of their financial statements. The Central Bank of the UAE (CBUAE) has established several requirements that insurance companies must fulfill to comply with ICFR standards. For reference to these requirements, please refer to the CBUAE Insurance Reporting Requirements for 2024.

ICFR testing plays a crucial role in identifying and mitigating risks associated with material misstatements in financial reporting.  To ensure continuous progress, the CBUAE also requires companies to submit a Management Assessment Report duly authorized by the CEO and CFO (or equivalents).

This article outlines the ICFR testing practices commonly followed and highlights the typical observations identified during operational control testing.

Common Issues Identified in Operational Effectiveness Testing for Insurance Companies in UAE:

  • Unsigned Documents:
    One of the most frequent findings in ICFR testing is the presence of unsigned documents. Financial documents that require authorization or approval often lack proper signatures, digital approvals, hence making it difficult to verify whether transactions were properly reviewed and approved. This lack of formal approval leads to a weak control environment and increases the risk of unauthorized transactions.
  • Incomplete Documentation:
    Another common issue amongst the Insurance Companies is incomplete documentation. During testing, many Insurance Companies are found to have missing or incomplete records for transactions, approvals, or reconciliations. This makes it challenging to trace financial activities and ensure the accuracy of financial reporting. Incomplete documents hinder the institution’s ability to maintain transparency and accountability.
  • Not Following the Authority Matrix:
    A significant issue identified in many Insurance Companies is the consistent failure to follow the established authority matrix. In smaller institutions, where resource constraints often require employees to manage multiple functions, there is a frequent overlap or bypassing of designated approval channels. Employees may initiate, approve, and record transactions without obtaining the appropriate level of authorization outlined in the matrix. This results in transactions being approved by individuals without the proper authority, undermining internal controls. Such deviations from the authority matrix pose serious risks to financial integrity. Without a clear segregation of duties and adherence to approval hierarchies, the likelihood of both intentional and unintentional errors increases. Moreover, the lack of independent oversight allows fraudulent activities to go undetected, as no secondary or higher-level checks are in place to validate the accuracy, completeness, or legitimacy of transactions. Ultimately, failing to comply with the authority matrix weakens the institution’s internal control environment, exposing it to financial losses and regulatory scrutiny.
  • Poor Record-Keeping Practices:
    Record-keeping is another area where inefficiencies are often noted. Many Insurance Companies fail to maintain organized and accurate records of their financial transactions that are easily extractable. This poor record-keeping not only affects day-to-day operations but also complicates the audit process, as auditors cannot easily verify the operating effectiveness of controls.
  • Manual Control Processes:
    Insurance Companies in the UAE often rely on manual processes for critical tasks such as reconciliations and approvals. Manual controls are more prone to errors and inconsistencies, making the institution vulnerable to financial discrepancies. Automation of these processes is a common recommendation to improve control efficiency.

Conclusion:

ICFR testing in UAE Insurance Companies reveals several common issues, including unsigned documents, incomplete records, lack of approvals, and poor segregation of duties, manual controls and many more. These weaknesses in controls can lead to financial misstatements and increased risk of fraud. Addressing these issues through improved documentation, stronger control processes, and automation can significantly enhance the accuracy and reliability of financial reporting.

Note: The identified issues mentioned herein do not pertain to any specific Insurance Company and is based on the observation of Limitless Consulting and is written by Hamza Ejaz.



Leave a Reply