By Aduragbemi Omiyale

The Executive Commissioner for Legal and Enforcement at the Securities and Exchange Commission (SEC), Mr Reginald Karawusa, has stressed that effective internal controls over financial reporting are very vital to ensure companies provide investors with accurate financial statements, which will, in turn, boost investor protection and confidence.

Speaking at a workshop on Internal Controls over Financial Reporting, an implementation of Section -60-63 of the Investment and Securities Act 2007, organised by the SEC in collaboration with the Nigeria Capital Market Institute in Lagos on Monday, Mr Karawusa stated that with the plethora of Ponzi schemes plaguing the nation, accurate financial statements are essential for the vitality of financial markets and by extension the economy.

“Once investors no longer have confidence in the accuracy and completeness of companies’ financial statements and other disclosures, they will naturally be unwilling to invest, and the financial markets will certainly suffer as is currently experiencing in our country,” he said.

The Executive Commissioner noted that following the approval of the framework, it became apparent that its implementation would require extensive improvements in the internal processes of some reporting entities leading to additional responsibilities placed on certain key persons within the entities.

He added that it was decided that efforts would be made to engage with companies and sensitize identified role holders on their responsibilities under the framework.

“As you may recall, the outbreak of accounting scandals in the 1990s and corporate frauds of the early 2000s highlighted the need for the development of a coherent framework of systems of control and policies to identify, measure, mitigate and disclose risks,” he stated.

According to him, “Securities regulators in a number of jurisdictions acted in lockstep with the United States by introducing requirements that would strengthen controls within companies and enhance the quality of financial reports issued by such companies.

“In line with this global effort, the Federal Government provided under Section 61(1) of the Investment and Securities Act 2007 that a public company shall establish a system of internal controls over its financial reporting and security of its assets, and it shall be the responsibility of the board of directors to ensure the integrity of the company’s financial controls and reporting.

“The International Organization of Securities Regulators (IOSCO) has noted that Internal Controls are intended to ensure the fulfilment of corporate goals. They also ensure an efficient deployment of corporate resources and assets, avoiding and mitigating operational deviations that could affect business continuity and the achievement of the company’s goals.

“Some of such boards lacked effective risk and audit committees, where members ought to have challenged management’s approach to risk. These officers neither have the means to ensure that board decisions and policies were effectively put in place, let alone to scrutinize decisions collectively taken,” Mr Karawusa said.

He disclosed that in response particularly to corporate scandals of the 1990s/early 2000s, the United States passed the Sarbanes-Oxley Act of 2002, which introduced significant auditing and financial regulations for public companies as safeguards to protect shareholders, employees and other stakeholders from accounting errors and fraudulent financial practices.

In his remarks, the Managing Director of NCMI, Mr Emomotimi Agama, said that the starting point to evaluate the sufficiency of an ICFR program should be with a financial statement risk assessment.

“The risk assessment, which includes specific financial reporting objectives and identification of risks to achieving those objectives, answers these fundamental questions: Which controls are necessary to address the company’s risks? How many controls does the company need? What is just enough for the company’s ICFR program?

“A risk assessment that integrates the right people, processes, tools, and techniques serves to identify the relevant risks of material misstatement (ROMMs). The risk assessment also includes the selection of controls and the evaluation of the design of the control; it’s through the risk assessment process that a company can report with confidence the number and types of controls necessary to have an effective ICFR system,” Mr Agama stated.

He said the management’s focus on ICFR should start with determining whether the company’s risk assessment process is sufficient to identify and assess the risks to reliable financial reporting, including changes in those risks.

Mr Agama listed proactive steps management can consider, including Refreshing the risk assessment program to incorporate the right people, processes, and technologies to unlock the hidden value. Integrating data analytics and visualization to improve the quality of the data analysed to support robust risk identification and report results succinctly to key stakeholders. This, in turn, can rationalize the risks of material misstatement to a level of granularity to focus on what could truly be a material misstatement.

“In all of this, Education is essential, and the essence of this program is to provide that education to help companies comply with Sec 60-63 of the ISA 2007,” he added.