Risk Management and Internal Controls Mechanisms

Risk Management

Nakilat’s risk governance approach is continuously enhanced through the adoption of leading practices related to Enterprise Risk Management (ERM), Information Security Management, Business Continuity Management (BCM), and Compliance. Having robust governance enables Nakilat to shield the company from internal and external uncertainties and minimize any adverse impact or exposure on the company’s performance. Nakilat aims to create a more risk-focused culture to provide reasonable assurance for the achievement of its core strategic objectives.

Enterprise Risk Management (ERM)

The ERM program in Nakilat is established to assist the strategic decision-making process that shall contribute to the achievement of Nakilat’s strategic objectives, by evaluating, prioritizing, and managing potential risks to drive value creation. The program also aims to instill and promote a risk-conscious culture where all employees embrace and manage risks in their daily activities and throughout business processes. In addition, robust risk management framework and governance structure ensures continuous improvements towards the maturity level of its ERM program. This comprises of the integrated links established between Nakilat’s 5-year strategy and risk management as well as feeding risk assessment results to Internal Audit plans and Management of Change process. Such integration encompasses the assessment of emerging and existing risks associated with strategic initiatives, new projects, and corporate and departmental risks to help ensure implementing effective mitigation plans. The enterprise-wide view of risks allowed Nakilat to better understand each dependency and eliminated the silo effect across the organization. The ERM function strives to oversee, adopt, and facilitate leading risk management practices to build confidence and assurance to Nakilat’s stakeholders and help Nakilat’s management in making informed business decisions.

Business Continuity Management (BCM)

Nakilat’s BCM has been built and established at Nakilat to ensure organizational resiliency towards unexpected adverse events and opportunities, and excel in managing incidents, crises, and disasters. The Business Continuity Management System (BCMS) and Framework has geared the organization by ensuring the continuity of business operations with minimal disruption and retain stakeholder’s confidence at Nakilat’s services. This has been achieved by continuously evolving our BCM approach by identifying interdependencies among departments to create end-to-end Business Continuity Plans. An emphasis has also been given towards BCM training and workshop to further improve employees’ capability which enables them to effectively take control and manage the process during unexpected events. As part of our ongoing efforts to measure and test the robustness of Nakilat’s BCM structure, we conduct regular Business Continuity drills and exercises with all related parties to ensure better preparedness in case of Business Continuity invocation.

Information Security

Nakilat has implemented an Information Security Management System (ISMS) as a commitment to effectively foster security consciousness through the use of internationally recognized standards such as the ISO 27001. Nakilat has obtained the ISO 27001:2013 certification from Lloyd’s Register Quality Assurance (LRQA) for three consecutive years, which affirms our continuous efforts at managing information security risks and implementation of appropriate controls to collect, store and handle information, which could help to prevent potential data loss or information leakage. The implementation of the ISMS strives to continuously provide assurance that our business is running in a safe and secure environment by assuring the confidentiality, integrity and availability of the company’s information.


Nakilat is dedicated towards compliance with applicable rules, laws, regulations, standards, to ensure our business activities are always conducted in utmost conformity to avoid any potential impact that may negatively affect Nakilat. Thus, Nakilat has established a Compliance function to provide holistic oversight of the compliance requirements in addition to existing risk disciplines such as Risk Management and Internal Audit. The compliance function collaboratively worked with all departments towards implementing the required measures, in order to identify existing or foreseen compliance prerequisites to gain valuable insight and drive better detection and resolution of issues.

Company’s Internal Controls Mechanisms

The board oversees the company’s internal controls that are defined by each department, and the Internal Audit department then ensures that controls are implemented and measures their effectiveness.

The Internal Audit department looks after internal controls in the company, that are defined by each department. The Internal Audit department prepares internal audit reports on a regular basis that are reported to the board audit committee for their review. The reports include audit findings that address all matters related to identifying risks, and various weaknesses in internal controls, and suggest corrective actions to the concerned departments.

Company’s Internal Control over Financial Reporting (ICOFR)

The Board of Directors of Nakilat and its consolidated subsidiaries is responsible for establishing and maintaining adequate internal control over financial reporting (“ICOFR”) as required by Qatar Financial Markets Authority (“QFMA”). Our internal control over financial reporting is a process designated to provide reasonable assurance regarding reliability of financial reporting and the preparation of the group’s consolidated financial statements for external reporting purposes in accordance with International Financial Reporting Standards (“IFRS”). ICOFR also includes our disclosure controls and procedures designated to prevent misstatements.

Financial Risk Management and Sensitivity Analysis

The Group has exposure to the following risks from its use of financial instruments:

  1. Market Risk
  2. Liquidity Risk
  3. Credit Risk

The Board of Directors has overall responsibility for the establishment and oversight of the Group’s risk management framework and internal audit activities. A risk management committee have been established which is responsible for developing and monitoring the Group’s risk management policies. The committee reports regularly to the CEO and the Board of Directors on its activities.

For further information, please refer to the annual report of the company.

List of Advisers / Auditor / Credit Rating Agency

Group Auditor: KPMG
Credit Rating Agencies: S&P, Fitch and Moody’s