AH adds a cryptographic signature to each packet, which ensures nothing has modified it and it came from the correct source. AH is, obviously, not compatible with NAT.
ESP's ICV is just a checksum to ensure the packet hasn't been damaged. It does not ensure the packet has not been altered, or authenticate who sent it.