Effective internal controls over financial reporting has been described as necessary to help ensure that companies provide investors with accurate financial statements, which will in turn boost investor protection and confidence.
This was stated by the Executive Commissioner Legal and Enforcement of the Securities and Exchange Commission, Mr. Reginald Karawusa during a training on Internal Controls over Financial Reporting, an implementation of Section -60-63 of the Investment and Securities Act 2007, organised by the SEC in collaboration with the Nigeria Capital Market Institute which commenced in Lagos, Monday.
Karawusa stated that with the plethora of Ponzi schemes plaguing the nation, accurate financial statements are essential for the vitality of financial markets and by extension the economy.
The Executive Commissioner said, “Once investors no longer have confidence in the accuracy and completeness of companies’ financial statements and other disclosures, they will naturally be unwilling to invest, and the financial markets will certainly suffer as is currently experiencing in our country.
Karawusa noted that following the approval of the Framework, it became apparent that its implementation would require extensive improvements in the internal processes of some reporting entities leading to additional responsibilities placed on certain key persons within the entities. It was decided that efforts would be made to engage with companies and sensitize identified role holders on their responsibilities under the Framework.
“As you may recall, the outbreak of accounting scandals in the 1990s and corporate frauds of the early 2000s highlighted the need for the development of a coherent framework of systems of control and policies to identify, measure, mitigate and disclose risks.
According to him, “Securities regulators in a number of jurisdictions acted in lockstep with the United States by introducing requirements that would strengthen controls within companies and enhance the quality financial reports issued by such companies. In line with this global effort, the Federal Government provided under Sec. 61(1) of the Investment and Securities Act 2007 that “a public company shall establish a system of internal controls over its financial reporting and security of its assets and it shall be the responsibility of the board of directors to ensure the integrity of the company’s financial controls and reporting”.
“The International Organization of Securities Regulators (IOSCO) has noted that Internal Controls are intended to ensure fulfilment of corporate’s goals. They also ensure an efficient deployment of corporate resources and assets, avoiding and mitigating operational deviations that could affect business continuity and the achievement of company’s goals.
“Some of such boards lacked effective risk and audit committees, where members ought to have challenged management’s approach to risk. These officers neither have the means to ensure that board decisions and policies were effectively put in place let alone to scrutinize decisions collectively taken.
Karawusa disclosed that in response particularly to corporate scandals of the 1990s/early 2000s, the United States passed the Sarbanes-Oxley Act of 2002 which introduced significant auditing and financial regulations for public companies as safeguards to protect shareholders, employees and other stakeholders from accounting errors and fraudulent financial practices.
In his remarks, Managing Director of NCMI, Dr Emomotimi Agama said that the starting point to evaluate the sufficiency of an ICFR program should be with a financial statement risk assessment.
He said, “The risk assessment, which includes specific financial reporting objectives and identification of risks to achieving those objectives, answers these fundamental questions: Which controls are necessary to address the company’s risks? How many controls does the company need? What is “just enough” for the company’s ICFR program?
“A risk assessment that integrates the right people, processes, tools, and techniques serves to identify the relevant risks of material misstatement (ROMMs). The risk assessment also includes the selection of controls and the evaluation of the design of the control, It’s through the risk assessment process that a company can report with confidence the number and types of controls necessary to have an effective ICFR system.
Agama said Management’s focus on ICFR should start with determining whether the company’s risk assessment process is sufficient to identify and assess the risks to reliable financial reporting, including changes in those risks.
He listed proactive steps management can consider to include: Refreshing the risk assessment program to incorporate the right people, processes, and technologies to unlock the hidden value. Integrating data analytics and visualization to improve the quality of the data analysed to support robust risk identification and report results succinctly to key stakeholders. This, in turn, can rationalize risks of material misstatement to a level of granularity to focus on what could truly be a material misstatement.
“In all of this, Education is essential and the essence of this program is to provide that education to helps companies comply with Sec 60-63 of the ISA 2007” Agama added.