Transforming Governance, Quality & Compliance into Operational Confidence

falconry.one is the governance operating system for audit firms. ISQM 1 evidence, independence monitoring, engagement quality, cyber & data, and partner-level performance one connected platform. Live in eight weeks. Used by firms across the GCC, UK, Africa, and Eastern Europe.

SoQM / PARTNER VIEW · LIVE

Midtier audit firm — 94 engagements

CYCLE 2025–26 · ALL 8 COMPONENTS

ISQM 1 SoQM evaluation

Independence confirmations

PARTNERS: 28 / 28 · STAFF: 143 / 147

EQR workflow (ISQM 2)

ENGAGEMENTS THIS CYCLE: 12 / 12

Client acceptance & AML

94 ACTIVE · 4 FLAGGED FOR REVIEW

Cyber control attestation

LAST ATTESTED: 11 DAYS AGO

Time since last SoQM evidence refresh: 14 minutes. Inspector-ready pack: one click.

Live today in

KSA

KSA · UAE · Qatar · Oman · Bahrain

FRC-inspected mid-tier & network firms

Africa

Kenya · Nigeria · South Africa · Egypt

Europe

Poland · Czech · Romania · Hungary

§01 / THE PROBLEM

Three forces tightening at the same time.

The regulators that oversee your firm have all moved in the same direction inside a three-year window. Most firms are still managing the response in spreadsheets and shared drives — and the evidence shows in the inspection reports.

№ 01 · QUALITY REGULATORS

Inspection regimes are getting sharper.

ISQM 1 + local oversight

FRC (UK), PCAOB (US-reliant), SOCPA (KSA), IRBA (SA), ICPAK (Kenya), and the EU audit reform regulators are all running ISQM 1 SoQM evaluations with teeth. Firms without documented, refreshable evidence are being found wanting — publicly.

ISQM 1

mandatory for every IFAC-member firm globally

№ 02 · DATA & CYBER LAW

Personal liability is now on the table.

GDPR · PDPL · POPIA · UK DPA

Data protection regimes across your markets now carry personal obligations for partners — not just firm-level fines. Audit firms hold concentrated client financial, personal, and transactional data: you are a higher-than-average target for both regulators and attackers.

€20M / 4%

GDPR ceiling · GCC/UK/Africa parallels

№ 03 · PARTNER ECONOMICS

Manual governance is silently eroding profit.

WIP · utilisation · leakage

The governance, compliance, and practice-management workload is expanding faster than firm revenues. Partners are spending time on evidence gathering that used to belong to clients. Engagement WIP, recovery, and utilisation sit in one system; risk and quality in another. Leakage is real and invisible.

30-40%

partner time lost to admin & evidence work

§02 / THE PLATFORM

One system. Three things your firm already does separately.

Not a generic GRC tool adapted for auditors. Every workflow, every evidence pattern, every control mapping is designed for firms that sign auditor's reports for a living. Arabic and English interface, with localisation layers for UK, Africa and EU markets.

Pillar 01 · Govern

Quality & Governance

The spine of ISQM 1, ISQM 2, independence, and partner quality oversight — evidence-ready at all times, not just before inspection.

ISQM 1 SoQM evaluationISQM 1
Engagement quality review (EQR)ISQM 2
Independence monitoringIESBA
Client acceptance & continuanceAML / UBO
CPD & learning complianceICAEW / ACCA / SOCPA
Root cause analysis & remediationISQM 1

+ 3 more modules · archival, cold file review, firm-level monitoring

Pillar 02 · Protect

Risk, Cyber & Data

Firms that handle financial, personal, and transactional client data at scale need defences and evidence that clear the regulator bar — wherever the firm operates.

Enterprise risk register (firm-wide)ISO 31000

Data protection programmeGDPR / PDPL / POPIA

Incident response & breach notification72-HR

Cyber control framework & attestationISO 27001 / NIST

Third-party & vendor riskDUE DIL

Regulatory change monitoringMULTI-JDN

+ 2 more modules · AI governance policy, DPIA library

Pillar 03 · Perform

Performance & Efficiency

The view partners actually look at on Monday morning — engagement health, WIP, recovery, utilisation, people performance. Connected to the quality side, not sitting next to it.

Engagement monitoring & WIPLIVE

Time capture & approvalsTIMESHEET

Resource planning & utilisationCAPACITY

Partner / leadership dashboardsKPI

Staff performance & calibrationISQM 1

Workforce compliance localisationNITAQAT / CIPD

+ 2 more modules · recovery analytics, client portfolio view

§03 / WHAT CHANGES

Concrete, measurable outcomes — not ten-times claims.

Every number below is sourced from live deployments or documented customer measurements across GCC, UK, African and Eastern European mid-tier firms. We publish the method and would rather under-claim than over-sell.

A note on baselines. Measurements taken pre-deployment and at 90 days post go-live. Source firms: three GCC Big 10 affiliates, two UK Top-50 firms (anonymised), one African regional network, one Central European firm. Methodology available under NDA during demo.

OUTCOME · ISQM 1 EVIDENCE

48 hrs to produce an inspector-ready SoQM evaluation pack

From a typical six-week partner review cycle at mid-tier firms. Evidence is refreshable continuously, not rebuilt annually.

Source · avg. across 6 firms · Q4 2025 – Q1 2026 · full method in demo

OUTCOME · PARTNER TIME

112 hrs partner hours saved per year, on average

Reclaimed from manual evidence collection, independence confirmations, and inspection prep. Measured per-partner at engagement partner and Quality Partner level.

Source · 11 partners across 3 live deployments · 90-day window

OUTCOME · INSPECTION

12 → 0 inspection observations closed during cycle

From a UK Top-50 firm's previous FRC AQR cycle to current. Firm remains anonymised under NDA — references available during commercial discussions.

Source · one UK firm · verifiable under reference-call NDA

OUTCOME · RECOVERY

2.3% uplift in engagement recovery rate

From WIP visibility and early-stage budget alerts preventing end-of-engagement write-offs. Modest, specific, and replicable.

Source · 2 firms · FY2025 vs. FY2024 baseline

OUTCOME · GOING LIVE

8 weeks from kickoff to first live engagement monitored

With two partner workshops, one data migration, and a pilot group of six to ten engagements. Contractually committed with a hypercare window.

Source · standard deployment model · SLA in MSA

§04 / REGULATORY COVERAGE

Pre-mapped to the regulators in every market we serve.

Not a generic GRC tool adapted for auditors. Every workflow, every evidence pattern, every control mapping is designed for firms that sign auditor's reports for a living. Arabic and English interface, with localisation layers for UK, Africa and EU markets.

REGION / GCC

Gulf Cooperation Council

KSA · UAE · Qatar · Oman · Bahrain · Kuwait

SOCPAPeer review & ISQM 1 evaluation

PDPLData protection, enforceable

NCA ECCCyber controls 2024/25

SAMA CSFFinancial sector cyber

CMAListed entity audit requirements

REGION / UK & IRELAND

United Kingdom

England & Wales · Scotland · Ireland

FRC AQRAudit Quality Review regime

ICAEWPractice assurance & CPD

ACCAMonitoring & CPD

UK GDPRData protection & DPA 2018

ECCTAEconomic Crime & Corporate Transparency

NCSC CAFCyber assessment framework

REGION / AFRICA

Africa

Kenya · Nigeria · South Africa · Egypt · Ghana · Rwanda

IRBASouth Africa audit regulator

FRC NigeriaFinancial Reporting Council

ICPAKKenya practice review

POPIASouth Africa data law

NDPRNigeria data regulation

DPA KenyaKenya data protection 2019

REGION / EASTERN EUROPE

Europe

Poland · Czech · Romania · Hungary · Bulgaria

CEAOBCommittee of European Audit Oversight

PANA / KIBRPoland audit oversight

ASPE CZCzech audit regulator

GDPREU data protection

NIS2EU cyber directive

EU AREU audit reform regime

§05 / DEPLOYMENT

Eight weeks. Not eighteen months.

Implementation horizons that don't outlive the strategic case. One committed path, two partner workshops, one pilot cohort, and first-engagement go-live at week eight.

WEEKS 01 – 02

Design & scoping

Governance assessment. Workflow mapping against your quality manual. Data inventory. Configuration plan signed.

WEEKS 03 – 05

Configure & integrate

Platform stood up. Integrations to your practice management / HR / email. Quality framework imported. Evidence pipelines live.

WEEKS 06 – 07

Pilot & train

Six to ten live engagements running on the pilot group. Partner & manager training. UAT. Refinements applied.

WEEK 08 → GO LIVE

Deploy & hypercare

Firm-wide rollout. 30 days of daily hypercare. First monthly partner dashboard. SoQM evidence pack generated.

What you get,
contractually.

A dedicated implementation lead (a partner-experienced hand, not a project coordinator). In-region data residency where required — GCC, UK, EU, South Africa. ISO 27001-aligned security. 30-day hypercare post go-live with daily standups. A commercial SLA that includes the timeline — not just aspires to it.

Built by Falconry Solutions the advisory firm behind the platform.

falconry.one is a product. Falconry Solutions is the strategic advisory firm that built it, deploys it, and — where firms choose — operates it as a managed service. Ten-plus years advising audit, banking and sovereign institutions across the GCC, with programme leads who have sat inside the firms we now serve.

One product · one advisory partner · one implementation team · one accountable relationship.

§06 / NEXT STEPS

The 45-minute conversation
that pays for itself.

A live walkthrough of an ISQM 1 SoQM evaluation on the platform — against your firm's existing manual and inspection history. You see exactly what the partner view looks like, what the evidence pack contains, and what the 8-week deployment would mean for your cycle.

Transforming Governance, Quality & Compliance into Operational Confidence

falconry.one is the governance operating system for audit firms. ISQM 1 evidence, independence monitoring, engagement quality, cyber & data, and partner-level performance one connected platform. Live in eight weeks. Used by firms across the GCC, UK, Africa, and Eastern Europe.

§01 / THE PROBLEM

Three forces tightening at the same time.

The regulators that oversee your firm have all moved in the same direction inside a three-year window. Most firms are still managing the response in spreadsheets and shared drives — and the evidence shows in the inspection reports.

№ 01 · QUALITY REGULATORS

Inspection regimes are getting sharper.

ISQM 1 + local oversight

ISQM 1

№ 02 · DATA & CYBER LAW

Personal liability is now on the table.

GDPR · PDPL · POPIA · UK DPA

€20M / 4%

№ 03 · PARTNER ECONOMICS

Manual governance is silently eroding profit.

WIP · utilisation · leakage

30-40%

§02 / THE PLATFORM

One system. Three things your firm already does separately.

Not a generic GRC tool adapted for auditors. Every workflow, every evidence pattern, every control mapping is designed for firms that sign auditor's reports for a living. Arabic and English interface, with localisation layers for UK, Africa and EU markets.

Pillar 01 · Govern

Quality & Governance

Pillar 02 · Protect

Risk, Cyber & Data

Pillar 03 · Perform

Performance & Efficiency

§03 / WHAT CHANGES

Concrete, measurable outcomes — not ten-times claims.

Every number below is sourced from live deployments or documented customer measurements across GCC, UK, African and Eastern European mid-tier firms. We publish the method and would rather under-claim than over-sell.

A note on baselines. Measurements taken pre-deployment and at 90 days post go-live. Source firms: three GCC Big 10 affiliates, two UK Top-50 firms (anonymised), one African regional network, one Central European firm. Methodology available under NDA during demo.

OUTCOME · ISQM 1 EVIDENCE

48 hrs to produce an inspector-ready SoQM evaluation pack

From a typical six-week partner review cycle at mid-tier firms. Evidence is refreshable continuously, not rebuilt annually.

Source · avg. across 6 firms · Q4 2025 – Q1 2026 · full method in demo

OUTCOME · PARTNER TIME

112 hrs partner hours saved per year, on average

Reclaimed from manual evidence collection, independence confirmations, and inspection prep. Measured per-partner at engagement partner and Quality Partner level.

Source · 11 partners across 3 live deployments · 90-day window

OUTCOME · INSPECTION

12 → 0 inspection observations closed during cycle

From a UK Top-50 firm's previous FRC AQR cycle to current. Firm remains anonymised under NDA — references available during commercial discussions.

Source · one UK firm · verifiable under reference-call NDA

OUTCOME · RECOVERY

2.3% uplift in engagement recovery rate

From WIP visibility and early-stage budget alerts preventing end-of-engagement write-offs. Modest, specific, and replicable.

Source · 2 firms · FY2025 vs. FY2024 baseline

OUTCOME · GOING LIVE

8 weeks from kickoff to first live engagement monitored

With two partner workshops, one data migration, and a pilot group of six to ten engagements. Contractually committed with a hypercare window.

Source · standard deployment model · SLA in MSA

§04 / REGULATORY COVERAGE

Pre-mapped to the regulators in every market we serve.

Not a generic GRC tool adapted for auditors. Every workflow, every evidence pattern, every control mapping is designed for firms that sign auditor's reports for a living. Arabic and English interface, with localisation layers for UK, Africa and EU markets.

REGION / GCC

Gulf Cooperation Council

REGION / UK & IRELAND

United Kingdom

REGION / AFRICA

Africa

REGION / EASTERN EUROPE

Europe

§05 / DEPLOYMENT

Eight weeks. Not eighteen months.

What you get, contractually.

Built by Falconry Solutions the advisory firm behind the platform.

§06 / NEXT STEPS

The 45-minute conversation that pays for itself.

What you get,
contractually.

The 45-minute conversation
that pays for itself.