Are you ready for the future?

PwC ICFR Benchmark 2019

How effective and future proof is your internal control over financial reporting (ICFR)? And how are your peers managing their internal control frameworks?

The 2019 ICFR Benchmark Survey

The survey aims to provide valuable insight into what characterises the most efficient and effective ICFR frameworks and how far Norwegian companies have travelled on their digitalisation journeys with respect to ICFR. 

When we conducted the ICFR benchmark in 2016, we noted a significant potential for improvement of overall ICFR maturity. Were we expecting to see improvements in 2019? The short answer is yes, we expected to see a general increase in ICFR maturity due to i.e. key trends within digitalisation and fraud risk management evolving over recent years. However, the results from the survey provide little evidence supporting a general increase in overall ICFR maturity since 2016.

The 2019 survey also aims to gain insights into how the respondents use digital tools to further advance their ICFR frameworks and how ICFR is utilised to manage fraud risk.

Key findings

Still room for improvement

In short, the results from the survey provide little evidence supporting a general increase in overall ICFR maturity since 2016. The overall maturity is largely unchanged, and monitoring continues to be the area with the highest improvement potential.

Negative development

There has been a slight negative development in the overall risk maturity score since 2016. However, a large majority of the companies have a defined approach for identifying and assessing inherent risks of significant financial statement misstatements. 

Scoping continues to be an area of improvement

The use of scoping to build a focused and cost efficient ICFR framework continues to be an area of improvement for most respondents. 

According to our survey, companies performing scoping scope out low risk processes and low risk entities, leading to more efficient and focused internal control. However, it is more common to scope out processes than entities. 

Little has changed

Control design maturity has improved slightly, indicating that companies are increasingly focusing on formalising their controls. However, the survey shows that little has changed with regards to monitoring. Most respondents have some form of monitoring in place for entity level (policies), process level, analytical and IT general controls (ITGC). Interestingly, we see that only approximately half of the respondents conduct monitoring of their automated controls.

Digital tools still not widely used

The most cost effective and productive companies are moving towards fully automated financial reporting processes and controls and digital tools for analysing data and managing the ICFR framework. The survey indicates that using digital tools for a more efficient and effective ICFR framework is still not a widespread practice.

Contact us

Gøril Hyni

Partner | Auditor, PwC Norway

+47 952 60 629


Tanja Sæland

Director, PwC Norway

+47 952 60 630


If you wish to discuss  how you may improve the effectiveness and efficiency of your company’s internal control, do not hesitate to contact us!