ISQM 1 Obligation
Every SOCPA firm must comply now
PDPL Fine Exposure
Enforceable since September 2024
To Full Deployment
Not 18 months. Live.
ISQM 1 · AML · PDPL · NCA ECC · Independence · CPD · Performance
Arabic & English · Live in 8 weeks · Powered by Falconry Solutions
SOCPA peer review inspections active
PDPL fully enforceable — SAR 5M exposure
✦ 3 of the Big 10 KSA audit firms live on firm360.ai
NCA ECC controls now mandatory
Already live on firm360.ai — with additional leading firms in advanced commercial discussions and local KSA practices on the Essentials tier.
Every SOCPA-registered firm must maintain a documented System of Quality Management. Manual processes expose firms to inspection findings, remediation orders, and licence risk.
Saudi Arabia's PDPL has been fully enforceable since September 2024. No grace period remains. Audit firms handling client personal data are directly and materially in scope.
Siloed timesheets, engagement tracking, and KPI monitoring create blind spots for leadership — eroding profitability and frustrating partners with duplicated manual effort.
Not a generic GRC tool adapted for auditors — every module built around the workflows, obligations, and regulatory environment of audit firms in the GCC. In Arabic and English.
Automated SoQM annual evaluation, cold file review, root cause analysis, and ISQM 2 EQR — inspection-ready at any time.
Continuous independence tracking across the firm's portfolio — financial interests and relationships flagged automatically.
CPD tracking against SOCPA, ICAEW, and ACCA requirements. Automated deficit alerts ensure your team stays compliant.
Risk-scored onboarding with AML screening, UBO verification, independence checks, and automated annual continuance review.
Real-time AML screening, OFAC/UN/SAMA sanctions checks, regulatory breach detection, and automated reporting.
Real-time monitoring across SOCPA, CMA, NCA, SAMA, and SDAIA — alerts and impact assessments surfaced automatically.
Firm-wide risk register with owner assignment, scoring, mitigation tracking, and heat maps — full partner visibility.
Full PDPL compliance: data mapping, RoPA, 72-hour breach notification, DPIAs, and cross-border transfer controls.
Structured incident lifecycle from detection through remediation — with 72-hour PDPL breach notification built in.
All 65 NCA ECC 2025 controls mapped, evidenced, and monitored. SAMA Cybersecurity Framework aligned.
Supplier and vendor risk assessments, contract monitoring, and automated due diligence workflows.
Policy framework and risk controls for AI tool usage within the firm — aligned to SDAIA guidelines.
Automated time capture, approval workflows, and analytics revealing where firm capacity is spent and lost.
Live engagement progress, budget vs. actual tracking, and partner-level dashboards. WIP monitoring prevents leakage.
Managing partner dashboards — governance health, compliance status, engagement profitability, and team performance.
Annual objectives, per-engagement feedback, mid-year check-in, and year-end calibrated review — ISQM 1 aligned.
Firm-wide resource planning, capacity mapping, and utilisation metrics to optimise staff deployment.
Nitaqat tier tracking, Saudization ratio monitoring, and workforce compliance dashboards for Vision 2030.
Four forces have converged simultaneously. Firms that delay face inspection findings, regulatory fines, and reputational damage that cannot be undone.
SOCPA peer review inspections are running. Firms without documented SoQM evidence face findings and licence risk. Every month of delay increases exposure.
New NCA ECC mandatory controls for all private sector entities in 2025. Audit firms handling client financial data are directly in scope across all 65 controls.
Fines up to SAR 5 million apply. Every audit firm handling client personal data is directly in scope — no exceptions.
Rising regulatory burden, talent costs, and manual governance are shrinking partner income. Firms that automate will outperform those that remain reactive.
Measurable outcomes from the first sprint — not after a 12-month implementation.
Reduction in time spent on compliance documentation and evidence gathering — freeing partners for high-value advisory work.
All risks visible on a single platform — no spreadsheets, no missed obligations, no last-minute inspection scrambles.
Engagement profitability and WIP monitoring prevents revenue leakage at the partner level — before it becomes a write-off.
Leadership dashboards giving complete oversight — governance health, team performance, and engagement status from any device.
Faster workflow completion with intelligent automation — ISQM 1 evidence generated, CPD tracked, AML screened automatically.
Audit-ready ISQM 1 governance documentation available at the touch of a button — whenever SOCPA calls.
Pre-configured for KSA and GCC regulatory requirements. Global frameworks for internationally active firms.
Pre-configured for KSA and GCC regulatory requirements. Global frameworks for internationally active firms.
Phase 01
Discovery & Design
Weeks 1–2
Phase 02
Configure & Integrate
Weeks 3–5
Phase 03
Pilot & Train
Weeks 6–7
Phase 04
Go Live & Optimise
Week 8+
Not a generic GRC tool adapted for auditors — every module built around the specific workflows, standards, and obligations of audit firms in the GCC.
Every module designed around the specific workflows, standards, and obligations of accounting and audit firms — not adapted from a corporate GRC tool.
Native bilingual platform with SOCPA-translated ISQM 1 framework built in. No localisation workarounds — Arabic interface, Arabic regulatory language.
AI accelerates workflows and surfaces insights — but partners remain in control. Every decision has a human in the loop, with full audit trails.
Every module designed around the specific workflows, standards, and obligations of accounting and audit firms — not adapted from a corporate GRC tool.
Falconry Solutions has delivered governance, cybersecurity, and GRC programmes across Saudi Arabia, UAE, Qatar, and Oman for leading enterprises.
Hosted on secure cloud infrastructure with data residency options aligned to KSA requirements. ISO 27001-aligned security practices throughout.
3 of the Big 10 audit firms in Saudi Arabia have already made this decision. Same journey — three simple steps to get started.
Live demo tailored to your firm's ISQM 1 obligations, regulatory exposure, and operational priorities.
Structured review of your ISQM 1 maturity, cyber posture, and compliance gaps — at no cost.
Bespoke implementation plan and commercial proposal. Live in 8 weeks.