Internal Control Over Financial Reporting (ICFR) – SEC Issues Framework on Implementation of Sections 60 to 63 of ISA, 2007

A company’s internal control over financial reporting is a process designed by, or under the supervision of, the company’s principal executive and principal financial officers, or persons performing similar functions, and effected by the company’s board of directors, management, and other personnel to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. 

As part of the efforts to reform corporate financial reporting in Nigeria, the Federal Government of Nigeria passed the amended Investments and Securities Act (ISA), 2007 which provides as follows:

  • Section 60 (2) – the chief executive officer and the chief financial officer or officers or persons performing similar functions to personally certify the accuracy of the financial statements prepared by such company.
  • Section 61 (1) – a public company shall establish a system of internal controls over its financial reporting and security of its assets, and it shall be the responsibility of the board of directors to ensure the integrity of the company’s financial controls and reporting.
  • Section 61 (2) – the directors of a public company shall report on the effectiveness of the company’s internal control system in its annual report.
  • Section 63 – an auditor of a public company shall, in his audit report to the company, issue a statement as to the existence, adequacy, and effectiveness or otherwise of the internal control system of the public company.

In summary, sections 60 to 63 of the Investment and Securities Act (ISA), 2007, provide these specific requirements to be met by companies with respect to Internal Control Over Financial Reporting. It also requires the Board of Directors of a public company to design, establish and maintain adequate internal controls and ensure the effectiveness of these controls as of a date within 90 days prior to the date of its financial statements.

The United States’ Sarbanes-Oxley’s Act (2002) and Section 11 of the Financial Reporting Council of Nigeria’s code of corporate governance (the Code), 2018, also hold similar provisions for public interest entities – all geared towards ensuring the integrity of financial reports of Public Companies.

Following the amendment to the ISA, Nigeria’s Securities and Exchange Commission (SEC) developed a ‘Framework’ in March 2021 [based on the report of an industry-wide committee (constituted for the purpose), and comments from relevant stakeholders and the general public] to provide the necessary implementation Guidance on sections 60 to 63 of the ISA.

The Framework provides guidelines that are necessary for directors (and/ or their consultants) who will implement relevant Internal Controls over Financial Reporting (ICFR) and Auditors who will review same and issue a statement on its existence, adequacy and effectiveness or otherwise. 

Prior to issuing these guidelines, it was practically challenging for public companies in Nigeria to comply with the requirements of the ISA due to absence of a Framework or uniform Guidance on implementation.

With the issuance of this Framework, public companies in Nigeria are now able to adopt a uniform and guided  approach to compliance and are required to report on compliance in annual reports from December 2021 financial year end.

How Vi-M can help

We, at Vi-M Professional Solutions, can support the management of publicly listed companies to comply with SEC’s requirements on ICFR, before the 31 December 2021 deadline.

Our work approach (as prescribed by the SEC’s Framework/ Guidelines) will be to evaluate, test, document, design, monitor and give reasonable assurance that the company’s Internal Controls Over Financial Reporting are effective/ adequate and encompass all the 17 principles (under the five components) of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control Integrated Framework, pertaining to Financial Reporting objectives.

To seek further clarifications, or get help / support in complying with SEC’s Guidelines on ICFR, please send an email to