Book a Demo
The Platform

Three pillars.
One system.
Zero blind spots.

The first purpose-built Governance Operating System for audit and professional services firms in the GCC. Every module designed around real firm workflows, real regulatory obligations, and real partner pain points.

ISQM 1 · AML · PDPL · NCA ECC · Independence · CPD · Performance

Arabic & English · Live in 8 weeks · Powered by Falconry Solutions

SOCPA peer review inspections active

PDPL fully enforceable — SAR 5M exposure

✦ 3 of the Big 10 KSA audit firms live on firm360.ai

NCA ECC controls now mandatory

Platform architecture

Three governance pillars, fully interconnected

No silos. No data re-entry. Actions in one pillar automatically flow into the others — acceptance feeds independence, which feeds ISQM 1, which feeds your partner dashboard.

Pillar 1

Governance & Quality Automation

The ISQM 1 engine. Every quality management obligation — documented, automated, and inspection-ready at any time.

  • ISQM 1 Quality Management (SoQM)Live
  • Client Acceptance & ContinuanceLive
  • AML & KYC ScreeningLive
  • Independence MonitoringLive
  • CPD & Learning ComplianceLive
  • ISQM 2 EQR ManagementLive
  • Cold File Review SchedulingLive
  • Regulatory Change Monitoring2025

Pillar 2

Risk, Cyber & Data Protection

The regulatory resilience layer. NCA ECC, PDPL, and enterprise risk — all in one control environment.

  • Enterprise Risk ManagementLive
  • NCA ECC Cybersecurity GovernanceLive
  • PDPL Data Privacy ComplianceLive
  • Third-Party Risk ManagementLive
  • Incident Response ManagementLive
  • Business Continuity PlanningLive
  • AI Governance (SDAIA)2025
  • Vendor Due Diligence2025

Pillar 3

Performance & Operational Efficiency

The profitability layer. Real-time visibility into every engagement, every team member, every billable hour.

  • Performance Management & ReviewsLive
  • Time & Timesheet ManagementLive
  • Engagement Monitoring & WIPLive
  • Resource UtilisationLive
  • Leadership Dashboards & KPIsLive
  • Staff Appraisals & FeedbackLive
  • Saudization Compliance (Nitaqat)Live
  • Succession Planning2025
Powered by FalconryX

The AI intelligence layer beneath everything

FalconryX AI

Intelligence that works in the background — not instead of you

FalconryX is firm360.ai's embedded AI layer. It doesn't replace professional judgment — it amplifies it. Every partner remains in control. Every AI output is explainable. Every decision has an audit trail.

Aligned to SDAIA's AI governance guidelines and emerging IAASB standards on AI use in audit.

Risk scoring & anomaly detection

Automatically scores client risk across AML, independence, and continuance — flagging anomalies before they become problems.

ISQM 1 evidence generation

Drafts SoQM documentation and annual evaluation reports from structured data — reviewed and approved by partners.

Regulatory change impact alerts

Monitors SOCPA, NCA, SAMA, SDAIA, and IAASB — automatically assessing the impact on your firm's obligations.

Predictive engagement health

Early warning on engagement profitability, deadline risk, and resource gaps — surfaced before they become write-offs.

FX AI ISQM AML PDPL NCA CPD RISK
Module explorer

Every module, in detail

Select any module to see exactly what it does, how it works, and what it delivers.

Client Acceptance & Continuance

Automated client risk scoring, onboarding workflows, and annual continuance review. Replaces manual checklists with a structured, documented, ISQM 1-aligned process.

  • Risk-scored client onboarding with weighted scoring across financial, reputational, and independence risk factors
  • Automated AML pre-screening integrated into acceptance workflow
  • Independence conflict checking at point of acceptance
  • Partner review and digital sign-off with full audit trail
  • Annual continuance review workflow with carry-forward risk data
  • SOCPA and ISQM 1 compliant documentation output
  • Arabic and English interfaces throughout

Acceptance & Continuance Dashboard

142

Active clients

8

Pending review

3

High risk flagged

97%

Continuance complete

  • Al-Rajhi Advisory LLCAccepted
  • National Pharma Co.Review required
  • Gulf Manufacturing LtdAccepted
  • MENA Fintech HoldingsAML in progress
  • Arabia Logistics GroupAccepted

AML & KYC Screening

Real-time sanctions screening, beneficial ownership verification, and PEP identification — integrated into acceptance and monitored continuously.

  • Real-time screening against OFAC, UN, EU, HMT, and SAMA sanctions lists
  • Politically Exposed Person (PEP) identification and enhanced due diligence
  • Ultimate Beneficial Ownership (UBO) verification and documentation
  • Continuous monitoring — re-screening triggered on list updates
  • SAMA AML framework compliance — all required documentation captured
  • SAR (Suspicious Activity Report) drafting workflow
  • FATF and MENAFATF aligned risk assessment methodology

AML Screening Console

0

Sanctions hits

3

PEP matches

1

EDD required

100%

Screened today

  • Ahmed Al-Mahmoud — DirectorClear
  • Fatima Hassan — UBO (62%)PEP — EDD required
  • Gulf Corp Holdings LLCClear

ISQM 1 Quality Management

The complete ISQM 1 engine. SoQM documentation, annual evaluation, cold file review, and SOCPA peer review preparation — all automated and inspection-ready.

  • Full SoQM documentation framework — SOCPA aligned in Arabic and English
  • Annual quality management evaluation with AI-assisted evidence gathering
  • Root cause analysis for identified deficiencies — structured and documented
  • ISQM 2 EQR management and scheduling
  • Cold file review scheduling, assignment, and findings management
  • One-click SOCPA peer review evidence pack generation
  • Remediation tracking with partner accountability

ISQM 1 Annual Evaluation — FY 2024

87%

Evaluation complete

2

Deficiencies identified

12

Cold files reviewed

Ready

Inspection status

  • Leadership & GovernanceComplete
  • Human Resources componentComplete
  • Engagement PerformanceIn progress
  • Monitoring & Remediation2 actions open

Independence Monitoring

Continuous independence tracking across your entire firm — financial interests, personal relationships, and long association threats flagged automatically.

  • Partner and staff independence declarations at onboarding and annually
  • Financial interest monitoring — banned investments flagged in real time
  • Personal relationship conflict detection across the client portfolio
  • Long association tracking with automatic safeguard prompts
  • Firm-wide independence register maintained automatically
  • IESBA Code of Ethics and SOCPA independence rules pre-configured
  • Independence breach workflow with escalation and remediation tracking

Independence Register

46

Staff monitored

1

Potential threat

0

Confirmed breaches

98%

Declarations current

  • Partner A — All engagementsIndependent
  • Manager B — Al-Faris GroupLong assoc. review
  • Senior C — All engagementsIndependent

CPD & Learning Compliance

Firm-wide CPD tracking against SOCPA, ICAEW, ACCA, and CPA requirements. Automated alerts ensure no staff member falls below threshold.

  • SOCPA CPD requirements pre-configured — 120 hours per 3-year cycle
  • ICAEW, ACCA, and CPA international CPD tracking
  • Automated deficit alerts to staff and managers before deadlines
  • CPD activity logging with evidence upload and approval
  • Mandatory training completion tracking (AML, ethics, independence)
  • CPD compliance feeds directly into ISQM 1 HR component

CPD Compliance Dashboard

92%

Firm CPD compliance

4

At-risk staff

1,840

Hours logged

Mar 31

Next deadline

  • Partner A — SOCPA (40/40h)Complete
  • Manager B — ICAEW (28/40h)12h deficit

Performance Management

Annual objectives, per-engagement feedback, mid-year check-ins, and year-end calibrated reviews. The ISQM 1 HR quality component, automated.

  • Annual objectives with SMART framework and partner approval
  • Per-engagement feedback after every audit — immediate, structured, documented
  • Mid-year check-in workflow with progress against objectives
  • Year-end calibration committee workflow
  • 360-degree feedback from peers, seniors, and juniors
  • Performance ratings feeding promotion and compensation decisions
  • Full performance history retained per staff member

Performance Review — FY 2024

46

Active reviews

38

Mid-year complete

284

Feedback items

Dec 31

Year-end deadline

  • Manager A — Mid-year completeOn track
  • Senior B — Objectives agreedIn progress

Enterprise Risk Management

Firm-wide risk register with owner assignment, impact/likelihood scoring, mitigation tracking, and partner dashboards.

  • Risk register with full taxonomy — strategic, operational, regulatory, reputational
  • Risk scoring matrix with inherent vs. residual risk tracking
  • Risk owner assignment with accountability and escalation workflows
  • Mitigation action tracking with deadline alerts
  • Board and partner reporting packs generated automatically
  • Key Risk Indicator (KRI) monitoring with breach alerts

Risk Register — Q1 2025

24

Active risks

3

High / critical

18

Mitigations open

7

Due this month

  • SOCPA inspection findingsHigh — Mitigating
  • Key talent departureMedium — Monitored
  • Cyber incidentLow — Controlled

NCA ECC Cybersecurity Governance

All 65 NCA Essential Cybersecurity Controls mapped, evidenced, and monitored. SAMA CSF and ISO 27001 aligned. Continuously maintained.

  • All 65 NCA ECC 2025 controls pre-mapped with evidence requirements
  • Control maturity scoring — Initial through Optimising
  • Evidence upload and document management per control
  • Gap analysis against current NCA ECC requirements
  • SAMA Cybersecurity Framework alignment dashboard
  • ISO 27001 control mapping for internationally active firms
  • Annual cybersecurity review report generated automatically

NCA ECC Control Dashboard

65

Total controls

51

Compliant

11

Partial

3

Gaps

  • Cybersecurity Governance (1-1)Compliant
  • Asset Management (2-1)Partial — 3 actions
  • Identity & Access (3-1)Compliant

PDPL Data Privacy Compliance

Full Saudi PDPL compliance — data mapping, RoPA, 72-hour breach notification, DPIAs, and cross-border transfer controls. Enforceable since September 2024.

  • Data inventory and mapping across all firm systems
  • Records of Processing Activities (RoPA) maintained automatically
  • 72-hour PDPL breach notification workflow with SDAIA reporting
  • Data Protection Impact Assessments (DPIA) for high-risk processing
  • Cross-border data transfer controls and adequacy assessments
  • Data subject rights management — access, erasure, correction
  • Privacy by design assessment for new firm initiatives

PDPL Compliance Dashboard

38

Processing activities

100%

RoPA complete

0

Active breaches

2

DPIAs required

  • Client data processingDocumented
  • Cloud vendor transfersDPIA in progress

Security & data

Security is the foundation, not a feature.

Audit firms hold some of the most sensitive financial data in the GCC. Our security posture is designed to match that responsibility.

ISO 27001-aligned security

Information security practices aligned to ISO 27001 — covering access controls, encryption, vulnerability management, and incident response.

KSA data residency options

Data residency options aligned to KSA requirements. Your data stays where your regulatory obligations require.

End-to-end encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys managed with strict access controls and regular rotation.

Full immutable audit trails

Every action, decision, and document change — logged with user, timestamp, and context. Complete accountability at every level.

Role-based access controls

Granular RBAC — Partners, Managers, Staff, and Compliance Officers each have precisely scoped permissions. No over-privileged access.

PDPL-compliant by design

The platform is built PDPL-compliant — data minimisation, purpose limitation, and retention controls built into every module.

See the platform in your firm

We demonstrate firm360.ai using scenarios drawn from your firm's actual ISQM 1 obligations — not a generic product tour.

Book a personalised demo →
View pricing

Live demo of your priority modules

We show the modules most relevant to your firm's immediate obligations — ISQM 1, PDPL, or NCA ECC — in a working environment.

Free ISQM 1 readiness assessment

Structured maturity assessment of your current quality management posture — at no cost and no obligation.

Implementation roadmap in 5 days

Bespoke plan and commercial proposal specific to your firm's size, jurisdiction, and priorities.

  • contact@falconry360.com
  • www.firm360.ai · Powered by Falconry Solutions