October 12, 2021
For more than a decade, public companies in the United States of America (USA), Canada, Brazil, Turkey, and more have been required to implement Internal Control over Financial Reporting (ICFR), especially as part of issuer audits. While some organizations may view the ICFR requirements as a burden or a check-the box exercise, these companies are likely missing opportunities to unlock hidden value, which may have a broader impact on their system of internal control.
This is why it is unfortunate that most discussions about ICFR are focused on how public companies can meet regulatory expectations, often leaving out another important aspect of Internal Control over Financial Reporting, the intent, which if understood would bring the importance of these regulations to the forefront and can be a strong motivator for compliance.
This is especially true in Nigeria, where new Security and Exchange Commission (SEC) regulations require listed entities to comply with ICFR by the end of their fiscal year in 2021.
In this article, we will go over the intent, importance and challenges of Internal Control over Financial Reporting, the consideration for its implementation, and best practices for compliance.
Why is ICFR so Important?
In the 1990s, publicly traded companies in the USA like Xerox and Global Crossing engaged in a series of fraudulent and misleading activities. Notably, these companies published false financial statements in order to increase the prices of their stock. However, like a house of cards, there is only so long false reporting can stand up to market forces before crumbling. The companies that engaged in fraudulent reporting began to crash, and almost a thousand listed trading companies were forced to restate their financial statements. This resulted in almost $6 trillion of stock market value disappearing overnight.
The high-profile nature of these frauds shook investor confidence in the trustworthiness of corporate financial statements. It led many to demand an overhaul of regulatory standards guiding financial reporting for publicly traded companies. In response to these events, and in a bid to protect investors from fraudulent financial reporting by corporations, the Sarbanes-Oxley Act (SOX) of 2002 was passed by the United States Congress.
This new Act imposed tough new penalties on lawbreakers and mandated strict reforms to existing securities regulations. Thus began the era of ICFR.
Compliance Requirement in Nigeria
The SEC issued the “Guidance for the Implementation of Sections 60-63 of the Investment Securities Act” which provides guidelines for directors to implement relevant ICFR and auditors to review the same and issue reports on the effectiveness of ICFR. Based on the guidelines, public companies are required to report on compliance in their annual reports effective December 2021 financial year-end.
As a result, quoted companies in Nigeria, are required to have an integrated audit performed, which includes an external auditor’s assessment of the effectiveness of the company’s ICFR and an annual managerial evaluation of the aforementioned internal controls.
Objective of Internal Control over Financial Reporting
ICFR is designed to protect the interests of investors and other stakeholders by preventing fraud and financial crimes as a result of poor reporting by publicly traded companies. This is why regulatory bodies worldwide see ICFR engagements as opportunities for public companies to improve the quality and efficiency of their financial reporting models.