How can automation and digital transformation in finance functions enhance risk management and compliance efficiency, particularly in highly regulated sectors across Saudi Arabia and the wider MENA region?
Early in my career, I saw how strategic investments in technology deliver long-term returns, transforming even small companies into large-scale operations. Technology has always been a key driver of growth and competitiveness. For me, automation is not optional, it is a key enabler of control, efficiency, and value creation. It reduces human error, frees resources to focus on high-value activities, and ensures processes are more resilient.
Working in Saudi Arabia is an advantage, as the Kingdom has a clear vision to become a global leader in technology adoption. Today, AI is transforming business operations, enabling advanced data analysis, smarter decision-making, predictive insights, and automation of routine tasks. By embracing change and innovation, companies can increase efficiency, reduce errors, and make smarter, faster decisions, keeping pace with the dynamic market.
What are the biggest cultural or organisational challenges you’ve faced when embedding governance and compliance frameworks across different markets, and how did you overcome them?
The three main pillars for any organisation are people, process, and technology. Each has its challenges, but the most difficult is always the human element. Management often assumes people are the easiest part, but in reality, they require the most attention to ensure smooth implementation and risk mitigation. One key challenge I have seen is adapting compliance culture across different countries, where regulations and attitudes to enforcement differ. This requires building awareness, clarity of consequences, and embedding a culture of self-compliance.
A notable example from my career was leading finance functions during organisational transformations – moving companies from family-run structures to multinational operations and preparing them for IPO processes. This required implementing strong governance, compliance frameworks, and risk controls, while leveraging technology to drive efficiency and ensure readiness for public market scrutiny. The knowledge I gained from my MBA in Finance and CRMP certification in risk management enabled me to implement effective governance and control frameworks, make strategic decisions, and guide teams through complex projects.
In creating a group-wide loss prevention function, what key risk indicators (KRIs) and monitoring tools did you find most effective for detecting fraud, leakages, or non-compliance across diverse operations?
It is clear that key elements will be financial and quantitative, but we cannot ignore qualitative indicators as well, and the most important part is how you interpret them. I started the project by defining the main key risk elements and potential sources of leakage. I used many tools which I learned from my ISO qualification, such as the fishbone diagram and the Pareto 80/20 concept. Interpreting this information is a critical factor – looking at number trends, percentages, comparisons, rankings, and considering the human factor.
For example, do risks change when certain people are on vacation or away from supervision? In another example from a QSR pizza restaurant, the pizza box itself was defined as a risk element requiring proper control, as no pizza could be sold without it. We also considered store image and customer experience as risks for revenue loss, since poor service or a negative experience indirectly reduces long-term revenue. So, defining risk elements is a very important stage. As I learned from CRMP, a risk management plan must be comprehensive and structured, outlining an organisation’s strategy for identifying, assessing, mitigating, and monitoring potential risks that may impact its operations and objectives.
When designing standardised policies and procedures across multiple countries, how do you balance the need for group-level consistency with the necessity of meeting local regulatory compliance obligations?
Most of the time, group-level policies and local regulations do not conflict, especially when both are aligned with IFRS. Where gaps exist, I ensure proper adjustments are made for statutory reporting while maintaining group-level consistency for management reporting. This balance allows for standardised governance and risk management at the group level, while still respecting local compliance requirements
In your career you’ve created a shared services centre for finance functions serving seven countries. How can centralisation improve governance and compliance without losing sight of local market nuances?
Implementing a Shared Services Centre (SSC) is not a plug-and-play exercise – it requires strong preparation, similar to ERP projects. Success depends on a clear diagnosis of objectives, which go beyond cost savings to include efficiency, standardisation, and process enhancement. Part of the preparation stage is to standardise processes and systems while considering local market requirements.
I was fortunate to implement SSC models for two large groups at different times in my career. One was a Captive Shared Service Centre, wholly owned by the parent company, serving seven countries. The other was a Business Process Outsourcing (BPO) model. In both cases, thorough assessment and preparation were key factors for success. Respecting current staff and planning for role relocation was also an important element. For example, we reassigned employees to new roles such as loss prevention, which required a local presence and could not be handled remotely by the SSC.
Managing these types of projects requires a change management mindset. My change management certification helped me lead initiatives such as establishing a Shared Services Centre across seven countries and implementing automation projects that enhanced operational efficiency
With Vision 2030 accelerating diversification and regulatory sophistication in Saudi Arabia, what role will compliance, risk management, and governance play in enabling sustainable growth and international investor confidence?
Over the past decade, Saudi Arabia has become a global role model for transformation, and Vision 2030 is accelerating this momentum. Today, the challenge is not government speed, but the ability of companies to adapt and sustain growth in such a dynamic environment. To attract international investors and build long-term resilience, organisations must embed strong governance, risk management, and compliance frameworks. These will be the foundation for sustainable growth in the Kingdom, not just for the next decade, but for generations to come.
Mohamed Ibrahim is currently a financial controller of a leading Saudi gaming and electronics company. He holds an MBA in Finance from the University of Leicester (UK), along with professional certifications including the Association of Governance, Risk, and Compliance (AGRC) certificate in Corporate Governance, CRMP (Certified Risk Management Professional), Change Management, ILM, and a Certificate in Strategic Management and Leadership from the Chartered Management Institute (CMI). With more than 25 years of experience, he has held senior finance roles across multinational companies in the MENA region. Mohammed has contributed both at the startup stage of companies as well as during critical transformation periods, such as guiding organisations from family-owned businesses into structured multinationals and preparing them for IPO readiness. Together with cross-functional teams, he has successfully led projects in finance transformation, automation, ERP implementation (Oracle and SAP), VAT rollouts, Shared Services Centres across seven countries, risk management frameworks, and loss prevention initiatives. Throughout his career, his aim has been to leave a positive impact and sustainable systems in every company he has joined, with a focus on governance, efficiency, and long-term value creation.
