Strengthening Financial Reporting: Readiness and Adherence to Internal Control Implementation and Evaluation

In this article, our experts shed light on the significance of ICFR, offering valuable insights and a roadmap for a well-prepared evaluation.

Understanding the Significance of Internal Control Over Financial Reporting (ICFR) for Public Interest Entities (PIEs) can instill a sense of responsibility and urgency. As the compliance deadline approaches, it's natural to feel concerned, but there's no need to be overwhelmed. This article aims to be a guiding light, providing valuable insights and an informative roadmap to ensure your team is well-prepared for the ICFR evaluation.

Internal Control over Financial Reporting

Internal Control over Financial Reporting (ICFR) refers to the controls specifically established to address risks related to financial reporting. In simple terms, a company’s ICFR consists of the controls that are set to provide reasonable assurance regarding the achievement of objectives relating to the entity's financial reports reliable and prepared per the Generally Accepted Accounting Principles (GAAP).

ICFR 1

Five key challenges to Implementing ICFR

Preparing reliable and relevant financial statements is a key responsibility of the Chief Executive Officer and Chief Financial Officer of every entity. The ability of a company to effectively manage its business requires access to timely and accurate information that informs decision-making. Moreover, if a company wants to raise funds in the public securities markets, investors must have confidence in its financial statements.

Nonetheless, financial reporting is the responsibility of management and those charged with governance. The ability to fulfil this responsibility depends in part on the design, implementation, and operating effectiveness of the controls and safeguards it has placed over accounting and financial reporting. With these controls, it would be easy for most business entities especially those with numerous locations, operations, and processes to prepare timely and reliable financial reports for the management, investors, lenders, and other users. No functional control system can assure that financial statements will never contain material misstatements. An effective method of ICFR can enormously reduce the risk of such misstatements in a company’s financial statements.

Internal Control

In practice, Internal Control means different things to different professionals. However, according to the Committee on Sponsoring Organizations (COSO) of the Treadway Commission, ‘Internal Control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” ICFR is one of the elements of the broader concept of internal control.

COSO expects that controls are built into the company’s day-to-day operations and reporting through methodology, policies, procedures, and human resource practices while meeting the expectations of its shareholders, investors, and relevant regulatory requirements.

A system of ICFR should address the possibilities of misstatements and the risk of fraudulent financial reporting and accounting practices. Hence, the enactment of legislation by several jurisdictions to enhance transparency and uphold the integrity of financial markets.

In Nigeria, the amended Investments and Securities Act (ISA) was passed in 2007 by the Federal Government as part of its effort to change corporate financial reporting and restore investor confidence. Moreso, the Nigerian Securities and Exchange Commission (SEC) was given a broader oversight mandate on the activities of public companies including enforcement of compliance with the provisions established in the Act. Specifically, Sections 60 - 63 of the Act state the corporate responsibility of public companies to design and implement an effective internal control system and report on its effectiveness.

Establishing and implementing Internal Control over Financial Reporting is not just about creating documents, audit reports, or control processes. It is also about understanding internal control in the context of financial reporting, conforming with guidance on the Implementation of Sections 60-63 of the Investments and Securities Act released in March 2021, and meeting stakeholder expectations. To measure and report on the effectiveness of internal control over financial reporting, we need a suitable control framework established by a body or group that has followed due process, procedures, and expectations expressed by the stakeholders.

The COSO Internal Control–Integrated Framework satisfies this requirement and is recommended for Internal Control over Financial Reporting assessment. Nonetheless, the internal control framework should show the connection between the main components of internal control and help companies, both public and private, to make sure none of the essential elements that make up a sound control system is missing.

The COSO Framework

There are five (5) integrated components of Internal Control with 17 principles that are geared toward achieving an entity’s objectives in terms of operations, financial reporting, and compliance. These components are highlighted below:

  • Control environment – This speaks to the set of structures, processes, and standards that provide the basis for internal control across the organization. For example, setting the tone at the top, establishing a standard of conduct, management responsibility, etc.
  • Risk assessment – Here, the management conducts risk assessment; they channel effort to where their most significant risk is; benchmark with the company’s risk and control matrix.
  • Control Activities - Actual controls in place that contribute to the mitigating of risk, for example, segregation of duties and authorization and approval of transactions.
  • Information and Communication – To generate and use relevant and timely information from internal and external sources to support the practical components of internal control.
  • Monitoring – Assesses the quality of Internal Control performance over time to ensure control meet the need of the organization.

Compliance Requirements in Nigeria

One of the principal reasons why internal control over financial reporting in Nigeria is spoken about is due to regulatory compliance requirements. Without the compliance requirements in regulated industries, internal control in the context of financial reporting would have been according to the opinions and traditions of the bodies charged with governance. Let us see some compliance requirements that support internal control over financial reporting in Nigeria.

  • The Nigerian Securities and Exchange Commission (SEC) guidance on the Implementation of Sections 60 – 63 of the Investments and Securities Act in 2021 affirms that a public company shall establish a system of internal controls over its financial reporting and security of its assets, and it shall be the responsibility of the Board of Directors to make sure the integrity of the company's financial controls and reporting. One unique aspect of the SEC guidance is the alignment with the COSO framework objectives.
  • The Financial Reporting Council of Nigeria (FRC) issued the guidance on management report on Internal Control over Financial Reporting. This guidance applies to all the Public Interest Entities (PIEs). Principle 1.5 of the guidance requires the Board of Directors of a PIE to perform the annual assessment of, and report on, the entity’s internal control over financial reporting in its annual report. However, the guidance encouraged any entities, including the non-public interest entities that desire best practices to implement this guidance.
  • The Companies and Allied Matters Act 2020 was issued by the Corporate Affairs Commission. Section 405b of the Act requires the establishment, maintenance, and evaluation of internal control over financial reporting.
  • The Nigerian Code of Corporate Governance (NCCG) 2018 issued by the Financial Reporting Council of Nigeria (FRC). Principle 11.4.7.3 of the NCCG 2018 requires the Board Audit Committee to develop a comprehensive internal control framework for the Company, obtain appropriate (internal and/or external) assurance, and report annually in the Company’s audited financial report, on the design and operating effectiveness of the Company’s internal controls over the financial reporting systems.

The list above is non-exhaustive. The requirements for Internal Control over Financial Reporting in different industries may differ or be more restrictive. Entities must prove that they implement ICFR and have all it takes to engage the stakeholders.

Why Invest in the Implementation of ICFR?

The value and the benefits that companies and stakeholders will derive from implementing ICFR are more than the cost. Investors are the prime beneficiary of the implementation of ICFR.

ICFR 2

Also, other stakeholders such as the board of directors and management will also enjoy an effective implementation of ICFR.

We understand that the cost of investing in the implementation of ICFR could be a challenge for some entities; Management and the Board of Directors need to consider and discuss other alternatives to accomplish the same objectives with key stakeholders.

Challenges in Implementing ICFR

Implementing Internal Control over Financial Reporting can be challenging due to factors such as:

  • Complexity of processes: In implementing ICFR, the focus should be on processes that would contribute to appropriate financial reporting and not on the entire business processes within the organization. Care must be taken to properly assess and differentiate these processes to ensure effective implementation.
  • Resource allocation: Many companies frequently face a resource shortage when it comes to achieving appropriate controls and monitoring financial reporting processes. Also, scarcity of resources with sufficient experience and skill in financial reporting, and many businesses struggle to find and retain qualified employees.
  • Ensuring compliance with regulations:  Many entities run compliance programs in isolation to demonstrate compliance to selective legislations/ regulations, raising the overall cost of compliance.
  • Maintaining effective communication across departments: An vital aspect of a system of internal controls and a challenge faced by many organizations is maintaining effective communication across the departments concerning improving the controls that are put in place over time.
  • It requires careful planning, coordination, and ongoing monitoring to ensure its effectiveness.

Conclusion

Recently, Internal Control over Financial Reporting (ICFR) has gained importance due to the development of the direction of the Implementation of Sections 60-63 of the Investments, and Securities Act which was released in March 2021 by the Nigerian Securities and Exchange Commission and other legislations. Moreso, effective design and implementation of ICFR goes a long way to combat and reduce fraud, improve the reliability of financial statement, and retain investor confidence.

This is a call to action to the Board of Directors, Chief Executive Officers, and Chief Financial Officers to establish a system of ICFR and ensure its integrity. However, it is imperative to engage professionals with the knowledge, skill, and experience to work with you across the implementation stages to ensure that every business process with financial implications is monitored.

Implementation of ICFR is essential for any organization, large or small, public, or private, to ensure that the required controls put in place by the Board of Directors and management are effective.