Economic impact of ICFR system implementation and maintenance in organizations

In today's complex regulatory landscape, implementing Internal Control over Financial Reporting (ICFR) systems is crucial for corporate governance. While compliance is a key driver, understanding the economic impact of both costs and benefits of ICFR systems is essential for strategic decision-making.

What Internal Control Over Financial Reporting is about

Internal Control over Financial Reporting (ICFR) is a framework of internal controls designed to ensure the reliability and integrity of an organization's financial reporting.

The Financial Reporting Council of Nigeria defines ICFR as a process designed to provide reasonable assurance on the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with Generally Accepted Accounting Principles (GAAPs). Its primary goal is to prevent and detect errors or fraud that could result in significant misstatements.

Although ICFR is open for adoption by all companies willing to adopt it, it is mandatory for Publicly interest Entities (PIEs).

What are Public Interest Entities (PIEs)?

In accordance with Section 42 of the Financial Reporting Council of Nigeria (Amendment) Act, 2023, Public Interest Entities (PIEs) include:

• Listed Companies: These include companies that are listed on recognised stock exchanges in Nigeria.
• Non-Listed Regulated Entities: Organization: These include companies that are subject to regulation by certain regulatory bodies, such as the National Insurance Commission, the Central Bank of Nigeria, the National Pension Commission, Securities and Exchange Commission and others.
• Government and Government Organizations: These include government-affiliated companies.
• Private Companies: Private companies, including holding companies of regulated or listed companies, concession and privatized companies where the government retains an interest, government-affiliated companies, and companies involved in public works with contracts valued at one billion naira or more.
• High Turnover Entities: Companies with a yearly revenue of at least 30 billion naira.

The Act became effective from 3 May 2023, and the Financial Reporting Council of Nigeria (FRCN) is responsible for implementing it. FRCN particularly requires PIEs to report on ICFR from the accounting year ending 31 December 2024.

While the Securities and Exchange Commission (SEC) requires public companies to report on ICFR in annual reports from the period ending 31 December 2023.

For PIEs, the implementation of a strong financial reporting system requires the adoption of a robust internal control framework, such as the COSO framework.

The COSO Framework

The COSO framework, which was established by the Committee of Sponsoring Organizations of the Treadway Commission, outlines five components of internal controls.

The five components of the COSO framework are as follows:

• Control Environment: This is the tone of the management and those charged with governance. It is the bedrock of the other components, and it includes such characteristics as the company’s ethical values, governance, the competence of staff, etc.
• Risk Assessment: This involves identifying and evaluating material risks.
• Control Activities: This includes policies and procedures put in place to ensure that certain risks are prevented, detected and mitigated. Some of the control activities include segregation of duties, authorization and approval processes, periodic reconciliations, etc.
• Information and Communication: This ensures that relevant information is identified, captured, and communicated promptly.
• Monitoring: This involves continuous evaluation to ensure that controls are operating effectively. This function is usually vested with the internal audit function and the management of a company.

Responsibility for ICFR in an organisation

The regulatory responsibility for ICFR in Nigeria is mainly overseen by the Financial Reporting Council of Nigeria (FRC), as well as the Securities and Exchange Commission.

The main responsibilities for design, implementation, monitoring and attestation to an organization’s ICFR are further explained below:

• Management: The management is primarily responsible for designing, implementing, and maintaining effective ICFR. It is particularly responsible for the annual assessment and attestation to the effectiveness of the ICFR system.
• Board of Directors: According to Section 61 of the Investment and Securities Act (ISA) 2007, the Board of Directors is responsible for establishing a robust internal control system, overseeing the implementation, and reporting on the effectiveness of the controls in the annual reports.
• Internal Audit Function: For many PIEs that maintain an internal audit unit, the unit is primarily responsible for the evaluation of the design and operating effectiveness of internal controls (including ICFR). The function is also responsible for reporting its findings to the audit committee or the board of directors.
• External Auditors: Auditors are required to assess and attest to the operating effectiveness of ICFR as part of their audit of the financial statements.

It is worth noting that Organizations seeking to implement ICFR need to take into consideration the potential economic costs and benefits. The consideration of these will drive a better decision as to the adoption of ICFR.

Economic Costs of ICFR

• Infrastructure Development: Setting up control systems will require significant investments in technology infrastructure, and integration with current financial systems.
• Human Capital: Hiring and training personnel knowledgeable in ICFR protocols is typically required, incurring both direct and opportunity costs.
• Change Management: Shifting to an ICFR-compliant framework can interrupt existing workflows and result in temporary productivity losses.
• Regular Testing & Monitoring: ICFR frameworks require continuous monitoring and documentation, which can result in a significant rise in operational overhead.

Economic Benefits of ICFR

• Reduction in financial misstatements and fraud: Robust controls minimize the risk of fraudulent misstatement, penalties, or reputational harm due to fraudulent activities or errors.
• Enhanced financial reliability and integrity: The implementation of ICFR by an organization can ensure reliable financial reporting, which enhances internal decision-making and supports long-term financial planning.
• Improved Investor and Stakeholder Confidence: Organizations with strong ICFR systems are more likely to attract investors, reduce stock price volatility, and lower capital costs.
• Avoidance of penalties/fines or sanctions: Companies could incur debt obligations to the tune of ten million naira for non-compliance with ICFR-related filing and reporting obligations. In addition, the responsible officers may become liable to imprisonment of up to 2 years. Companies that are compliant with the filing and reporting requirements of ICFR are more likely to avoid such penalties/fines and sanctions.

Summary of Costs and Benefits of ICFR

For many organizations, particularly smaller firms, the initial costs of implementing Internal Control over Financial Reporting (ICFR) can seem overwhelming. However, these costs should be assessed while considering several significant benefits, which include, but are not limited to:

• Potential savings from avoided legal or regulatory penalties: Effective ICFR systems help organizations comply with financial regulations, thereby reducing the risk of costly litigation or penalties/fines resulting from non-compliance.
• Improvements in operational efficiency and error reduction: The implementation of ICFR frameworks could potentially lead to streamlined processes, and as a result, enhance accuracy and efficiency in operations.
• Market valuation benefits linked to higher transparency: Companies with robust ICFR systems often experience relatively better market valuation due to increased transparency and improved investor confidence.

Conclusion

While implementing and maintaining ICFR involves substantial investment and maintenance costs, the long-term economic benefits are often favourable. The system does not only protect an organization's financial integrity but also enhances operational efficiency and stakeholder trust.

A well-implemented ICFR system can ultimately be cost-effective, as it helps reduce financial leakage due to fraud or error, reduce the need for audit adjustments, and enhance investor relations.

For organizations aiming for sustainability, ICFR is more than just a compliance requirement; it is a strategic financial tool for ensuring the integrity of financial reporting and operational efficiency.

Authors

Obianuju Irechukwu, Manager, Audit & Assurance, and Daniel Oluwasiku, Associate, Audit & Assurance