The Securities and Exchange Commission (SEC) has said that effective internal controls over financial reporting are necessary to ensure that companies provide investors with accurate financial statements, thus boosting investor protection and confidence.
The Executive Commissioner (Legal and Enforcement) at SEC, Mr Reginald Karawusa, stated this during a training on internal controls over financial reporting, organised by the regulator in collaboration with the Nigeria Capital Market Institute in Lagos.
Karawusa said that with the plethora of Ponzi schemes plaguing the nation, accurate financial statements are essential for the vitality of financial markets and by extension the economy.
The Executive Commissioner added that once investors no longer have confidence in the accuracy and completeness of companies’ financial statements and other disclosures, they will naturally be unwilling to invest. And the financial markets will certainly suffer as is currently experiencing in our country.
Note that the training is in line with the implementation of Section -60-63 of the Investment and Securities Act 2007.
Approval of framework: Karawusa noted that it became apparent that the implementation of the Investment and Securities Act would require extensive improvements in the internal processes of some reporting entities. This led to additional responsibilities being placed on certain key persons within the entities.
It was, therefore, decided that efforts would be made to engage with companies and sensitize identified role-holders on their obligations under the Framework. He explained:
- “As you may recall, the outbreak of accounting scandals in the 1990s and corporate frauds of the early 2000s highlighted the need for the development of a coherent framework of systems of control and policies to identify, measure, mitigate and disclose risks.
- According to him, “Securities regulators in a number of jurisdictions acted in lockstep with the United States by introducing requirements that would strengthen controls within companies and enhance the quality of financial reports issued by such companies. In line with this global effort, the Federal Government provided under Sec. 61(1) of the Investment and Securities Act 2007 that “a public company shall establish a system of internal controls over its financial reporting and security of its assets and it shall be the responsibility of the board of directors to ensure the integrity of the company’s financial controls and reporting”.
- “The International Organization of Securities Regulators (IOSCO) has noted that Internal Controls are intended to ensure the fulfilment of corporate goals. They also ensure an efficient deployment of corporate resources and assets, avoiding and mitigating operational deviations that could affect business continuity and the achievement of the company’s goals.
- “Some of such boards lacked effective risk and audit committees, where members ought to have challenged management’s approach to risk. These officers neither have the means to ensure that board decisions and policies were effectively put in place let alone to scrutinize decisions collectively taken”.
Corporate scandals: Karawusa recalled that in response particularly to corporate scandals of the 1990s and early 2000s, the United States passed the Sarbanes-Oxley Act of 2002 which introduced significant auditing and financial regulations for public companies as safeguards to protect shareholders, employees, and other stakeholders from accounting errors and fraudulent financial practices.
Risk assessment: The Managing Director of NCMI, Dr Emomotimi Agama, pointed out that the starting point to evaluate the sufficiency of an ICFR program should be with a financial statement risk assessment. He said:
- “The risk assessment, which includes specific financial reporting objectives and identification of risks to achieving those objectives, answers these fundamental questions: Which controls are necessary to address the company’s risks? How many controls does the company need? What is “just enough” for the company’s ICFR program?
- “A risk assessment that integrates the right people, processes, tools, and techniques serves to identify the relevant risks of material misstatement (ROMMs). The risk assessment also includes the selection of controls and the evaluation of the design of the control, It’s through the risk assessment process that a company can confidently report the number and types of controls necessary to have an effective ICFR system.”
Agama added that Management’s focus on ICFR should start with determining whether the company’s risk assessment process is sufficient to identify and assess the risks to reliable financial reporting, including changes in those risks.
Steps to take: He listed proactive steps management can consider, including refreshing the risk assessment program to incorporate the right people, processes, and technologies to unlock the hidden value.
Integrating data analytics and visualization to improve the quality of the data analyzed to support robust risk identification and report results succinctly to key stakeholders. This, in turn, can rationalize the risks of material misstatement to a level of granularity to focus on what could truly be a material misstatement.
- “In all of this, Education is essential and the essence of this program is to provide that education to help companies comply with Sec 60-63 of the ISA 2007,” Agama added.