Stransact Blog

Blog

  • When Discomfort Signals the Need for Governance Reassessment

    When Discomfort Signals the Need for Governance Reassessment

    In governance, discomfort is not always a warning sign it can be a signal worth listening to. As ICFR assurance becomes more established in Nigeria, some Boards and CFOs experience a persistent unease not because anything is demonstrably wrong, but because something no longer sits comfortably. The scope feels heavier than expected. The effort feels closer to reasonable assurance than limited assurance. The logic between work performed and conclusions reported feels less tidy than before.

    In governance, that discomfort deserves attention.

    Discomfort Often Emerges Before Failure

    A well‑functioning governance systems rarely fail without warning. More often, signals appear early in the form of questions that linger, costs that are harder to explain, or execution patterns that no longer align intuitively with first principles.

    In the context of ICFR assurance, discomfort may surface when:

    • Execution effort materially exceeds what the assurance conclusion can support.
    • scope expands incrementally without explicit Board discussion; or
    • Management can no longer clearly articulate why additional procedures are being performed, beyond precedent.

    These moments are not indicators of non‑compliance. They are indicators of governance tension.

    When Discomfort Points to a Loss of Intentionality

    Discomfort is particularly instructive when it reveals that:

    • a Board did not consciously choose the current assurance depth.
    • methodology has evolved through repetition rather than decision; or
    • The assurance model being experienced no longer reflects the one originally approved.

    In such cases, unease is not resistance, it is a signal that intentional ownership may have eroded.

    Governance strength lies not in eliminating discomfort, but in understanding what it is reacting to.

    Discomfort Is an Invitation, not a Verdict

    Importantly, feeling uneasy does not compel immediate change.

    It invites examination:

    • Is the current ICFR execution still proportionate to our risk profile?
    • Does the incremental work provide comfort we genuinely value?
    • Are we implicitly moving toward a reasonable‑assurance posture without naming it?
    • If circumstances changed, could we confidently recalibrate scope?

    When Boards can engage these questions openly, discomfort becomes productive rather than destabilising.

    The Risk of Ignoring Discomfort

    Where discomfort is consistently deferred, two governance risks emerge:

    • drift, where practice gradually moves beyond intent without accountability; and
    • inertia, where future change becomes harder because the status quo hardens into perceived necessity.

    Over time, what was once a mild unease can evolve into rigidity precisely the opposite of good governance.

    A Discipline Worth Developing

    Just as comfort can be a governance outcome when consciously chosen, discomfort can be a governance asset when properly interpreted.

    It encourages Boards and Audit Committees to:

    • revisit first principles without presuming error.
    • distinguish between regulatory requirement and inherited practice; and
    • maintain agency over assurance models, rather than inheriting them passively.

    In this sense, discomfort is not a call to disrupt but a call to reengage.

    Closing Reflection

    ICFR assurance will continue to mature. For some Boards, that journey will feel settled. For others, it will surface questions that resist easy answers.

    When discomfort arises, the objective is not to resolve it quickly, but to understand it thoroughly. In that understanding lies the capacity to decide consciously, proportionately, and with confidence whether the present course still serves the organisation’s governance intent.

    Discomfort, well‑handled, is not a threat to governance.

    Written by Akeem Taofik – FCA

  • An Executive Guide to Data Security in Nigerian Professional Services Firms

    An Executive Guide to Data Security in Nigerian Professional Services Firms

    Nigerian professional services firms such as law practices, audit and accounting firms, tax advisors, HR and payroll providers, and consulting practices are custodians of high‑value personal and confidential client data.  As regulatory scrutiny increases and clients become more risk‑aware, data security has moved beyond an IT concern to a governance, trust, and reputation imperative.

    Recent incidents across financial services, technology, and advisory firms have demonstrated a simple truth: a single data breach can erase years of brand equity. Under the Nigeria Data Protection Act, 2023 (NDPA) and its implementation guidance issued by the Nigeria Data Protection Commission (NDPC), data security has become a board‑level requirement, not only an IT concern.

    This white paper provides an executive‑level framework for establishing “defensible security”: governance, risk assessment, and proportionate technical and organisational measures that protect confidentiality, integrity and availability of personal data, reduce business disruption, and support client trust.

    The Nigerian Context: Rising Risk, Rising Expectations

    Several factors have significantly increased data‑security expectations in Nigeria’s professional services market:

    • Stricter regulation (NDPR, sector‑specific guidelines, cross‑border data considerations)
    • Growing multinational presence, with global security standards applied to local vendors
    • Increased digitization of audit, tax, payroll, and advisory processes
    • Heightened client due diligence, especially for firms handling financial or personal data.

    Today, clients are no longer asking if their advisers are secure, they are asking how security is governed, tested, and assured.

    Why Is Data Security Important for Professional Services Firms?

    Data security is non-negotiable for professional services firms (law, accounting, consulting, engineering) because their business model is built on trust, intellectual property (IP), and the handling of sensitive client information, therefore, a security breach would negatively impact their value proposition, resulting in legal challenges, operational disruptions, and most importantly, reputational damage.

    Implementing robust data security measures goes beyond compliance with regulatory requirements, it is about protecting the very foundation of the firm. It prevents unauthorized access to data, safeguards sensitive information, effectively detects breaches, promptly responding to them, amongst others, thereby ensuring business continuity and enhancing clients’ trust.

    Why Professional Services Firms are a target of data breaches

    1. Nature of Professional Services Firms: These Professional firms are custodians of sensitive personal and client data, which are targets for cybercrimes and other forms of misuse.
    1. Nigeria’s heightened Legal and Regulatory environment: The Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025 serve as the major statutory framework for personal data protection in Nigeria. In addition, the Nigeria Data Protection Commission was established to provide oversight functions and enforce compliance with the act.
    1. Risk Factors: Professional services firms often experience security failures such as weak accounts authentication, inadequate data back up, weak security controls, amongst others, making them an obvious target.
    1. Weak Governance structures: Lack of effective corporate governance structure, ineffective controls, no succession planning, etc, could expose the firm to such attacks.
    1. Third party Data Management: The reliance on vendors and other third-party tools and platforms pose a huge risk, if effective due diligence processes are not enforced and where the NDPA framework has not been complied with.
    1. Incident Response framework: The NDPA contains provisions on breaches and how they should be treated. Where breaches are not promptly investigated and corrected or reported, it could escalate into more severe issues.

    ISO 27001: An International Standard for Information Security

    ISO 27001 is the world’s most widely recognized standard for Information Security Management Systems (ISMS). It defines the requirements for establishing, implementing, maintaining, and continually improving a structured and auditable approach to information security across a Firm or an organization.

    ISO 27001 adopts an all-embracing, management‑driven approach to security. It integrates people, processes, and technology, ensuring that information security is embedded into organizational governance rather than treated as an independent IT function. The standard is deliberately sector‑ neutral, making it particularly suitable for professional services firms that manage diverse categories of information assets, including digital records, physical files, intellectual property, and institutional knowledge.

    The ISO 27001 is critical for ensuring Data security in Nigerian Professional services firms, as it provides not just a framework for managing risks, but helps to ensure confidentiality and compliance with the NDPA 2023. Implementing ISO 27001 helps firms secure their sensitive client data, reducing incidences of cyber threats and consolidating on clients’ trust.

    Nigerian Professional services firms operate in an increasingly regulated environment; ISO 27001 provides a globally acceptable basis for demonstrating the existence of well-established and defensible data security practices.

    When a Firm / Company is ISO 27001 certified, it indicates that they have followed best practices to protect their client and other personal data, they have measures in place to proactively identify risks and mitigate them, as well as respond appropriately to security breaches.

    From an executive perspective, the certification provides assurance to clients, regulators, and stakeholders that data security is being managed in a disciplined, systematic, and auditable manner.

    Core Features of ISO 27001

    • Risk-based security model: This ensures that the firm’s security controls are mapped to specific risks, as against generic risks. This flexibility is important especially for Professional Services firms, as there is increased data sensitivity, organizational flexibility and heightened client expectations.
    • Governance and Management System: This requires the involvement of top Management in establishing information security objectives, integrating information security into business processes and generally performing oversight functions in relation to information security. This equally aligns with the requirements of the NDPA 2023, where data security relies on the organisation’s data controllers and processors. For Nigerian Professional services firms, the ISO 27001 serves to ensure that this regulatory requirement becomes an operational discipline.
    • ISO 27001 and the Nigeria Data Protection Act: In addition to implementing proper technical measures to ensure data security and integrity of personal data, the act also mandates on-going monitoring, evaluation and maintenance of data security systems, which should be supported by well-determined policies, training and incident response processes. ISO 27001 provides the framework through which Professional services firms can demonstrate compliance with the NDPA and other stakeholders.
    • Provision of Business value: The ISO 27001 certification provides incredible business value to Professional services firms, far beyond the traditional regulatory compliance. It enhances Client confidence and trust, especially in our environment where data protection is fast becoming a factor in client selection. It equally reduced operational inconsistency and inefficiency, whilst ensuring Firms are mature enough to compete in our increasingly competitive market. With improved operational performance comes increased business value.
    • Third party risk management: Professional services firms are known to rely on third party service providers and platforms, cloud hosting services, amongst others. ISO 27001 mandates the assessment of Vendor security, defining contractual safeguards, as well as monitoring compliance with these safeguards.

    Securing the ISO 27001 certification provides significant benefits including:

    • Enhanced data protection: proactive identification and mitigation of security threats.
    • Regulatory alignment: structured compliance with NDPA requirements and global data protection expectations.
    • Operational efficiency: clearer processes, defined responsibilities, and improved internal coordination.
    • Client confidence: demonstrable commitment to safeguarding client information.
    • Competitive positioning: differentiation in a market where clients increasingly prioritise data protection maturity when selecting advisers.

     

    Stransact: Leading the Charge in Secure Professional Services

    Stransact is among the few professional services firms in Nigeria to have achieved ISO 27001 certification: demonstrating a firm‑wide commitment to enterprise‑grade data security, governance, and risk management. Stransact assures her clients of the following:

    • Protection of sensitive data: Our clients’ data is completely secure. They never have to worry about their information being handled carelessly or not confidentially. Measures have been put in place to identify any threats and respond to them appropriately.
    • Regulatory compliance: as stated above, ISO 27001 aligns our processes with international regulations, thereby ensuring credibility, compliance and reduce operational disruptions. In addition, Stransact is a licensed Data Protection Compliance organisation, having dedicated Data Protection Officers (DPOs), who ensure that we comply completely with the law.
    • Internal Efficiency: the existence of structured processes in Stransact, result in internal efficiency, clarity, improved communication and overall productivity.
    • Customer Trust and Loyalty: by implementing ISO 27001, we show our clients that we value their business by keeping their data secure. They don’t have to worry about unauthorized access to their data or any data breaches.
    • Enhances our competitive edge: through this certification, we have shown the world that we are ready for the future; we have taken the required steps to stand out from the crowd and show that we are worth doing business with.

    In an environment such as Nigeria, with heightened regulatory scrutiny, increasing digitalisation, and evolving cyber threats, ISO 27001 provides Nigerian professional services firms with more than a certification. It offers a defensible, governance‑led foundation for data security.

    When integrated with NDPA compliance efforts, ISO 27001 enables firms to demonstrate accountability, resilience, and a sustained commitment to protecting client data. For boards and executive leadership, it transforms data security from a reactive technical concern into a strategic capability that safeguards trust, reputation, and long‑term enterprise value.

    Written by Ogechi Odiah – Director, People and Consulting Services

  • The Status Quo as Strategy: A Governance Perspective

    The Status Quo as Strategy: A Governance Perspective

    Not every Audit Committee or CFO is unsettled by the current approach to ICFR assurance. For some organisations, the status quo feels appropriately understood, defensible, and aligned with their broader risk posture.

    That position deserves recognition.

    Governance is not about relentless change. It is about informed choices. Where Boards have consciously elected to accept broader ICFR execution than what a limited‑assurance conclusion strictly requires, the critical question is not whether that choice is right or wrong, but whether it is clearly understood, intentionally owned, and periodically revisited.

    Comfort Can Be Rational and Still Require Oversight

    There are legitimate reasons why Boards may be comfortable with current ICFR execution practices:

    • Higher levels of assurance effort can feel safer in uncertain regulatory or market environments
    • Additional procedures may reduce perceived audit friction or inspection risk
    • Costs may be proportionate to organisational scale and complexity
    • The approach may align with global group practices or long‑standing auditor relationships

    None of these drivers is inherently problematic. Comfort, however, is not a substitute for clarity.

    Good governance asks not only “Are we comfortable?” but also: “Do we fully understand what we are approving—and why?”

    The Risk Is Not Over‑Execution, but Unexamined Execution

    Choosing to tolerate or even welcome expanded ICFR procedures is a defensible governance stance. The risk arises when that expansion becomes default behavior, rather than an explicitly articulated decision.

    Over time, unexamined execution can:

    • harden into perceived regulatory necessity,
    • blur the distinction between limited and reasonable assurance, and
    • make future scope or cost recalibration more difficult to justify.

    In such cases, the Board may remain comfortable yet gradually lose intentional control over the assurance model it is sponsoring.

    What Good Ownership Looks Like in Practice

    For Boards that deliberately prefer the status quo, strong governance is demonstrated by being able to clearly articulate:

    • Why the current ICFR scope exceeds the minimum required for limited assurance.
    • what incremental comfort that additional work is intended to provide.
    • how comfort aligns with the assurance conclusion ultimately reported; and
    • under what conditions the approach would be reconsidered.

    When these questions are answerable, comfort becomes a governance outcome, not a governance blind spot.

    A Discipline Worth Preserving

    ICFR assurance will continue to evolve through regulatory refinement, market practice, and organisational maturity. Boards that are comfortable today are not obligated to lead that change.

    They are, however, custodians of intentionality.

    Whether maintaining the current model or reshaping it over time, the enduring marker of sound governance is not alignment with best practice trends, but clarity of purpose, proportionality of execution, and readiness to reengage first principles when circumstances change.

    Comfort, when consciously chosen, can coexist with strong governance.
    Comfort, when inherited and unexamined, rarely does.

    Written by Akeem Taofik – FCA

  • ICFR Is Already Here: Is Limited Assurance Being Executed as Intended?

    ICFR Is Already Here: Is Limited Assurance Being Executed as Intended?

    As assurance becomes more routine, it may be worth pausing to reflect on whether execution, scope, and reported assurance levels remain coherently aligned.
    Sharing a governance reflection below.

    Internal Control over Financial Reporting (ICFR) is now firmly embedded in Nigeria’s financial reporting framework under the oversight of the Financial Reporting Council of Nigeria (FRCN). As ICFR assurance becomes more routine, a natural governance question arises for Boards, CFOs, and Audit Committees: does the way ICFR assurance is being executed reflect the assurance level ultimately reported?

    This is not a technical debate, but rather, it is a governance consideration that goes directly to proportionality, cost discipline and expectation setting between auditors and Boards, and the credibility of what ICFR assurance communicates to the market.

    The Significance of the Limited Assurance Starting Point

    From inception, ICFR assurance in Nigeria was deliberately framed by FRCN as a limited assurance engagement under ISAE 3000 (Revised). That design reflected regulatory judgement balancing improved governance oversight against market readiness, implementation burden, and cost efficiency.

    A limited assurance model is intended to:

    • provide moderate assurance in negative form, using procedures less extensive than those required for reasonable assurance; and
    • avoid conclusions that imply sustained operating effectiveness comparable to US SOX style regimes.

    This starting logic is important, as it defines both what ICFR assurance is designed to achieve and what it is not.

    What the Independent ICFR Attestation Report Signals

    Independent ICFR attestation reports consistently emphasize three elements:

    • negative form conclusions (“nothing has come to our attention…”).
    • explicit acknowledgment that procedures performed are less extensive than those required for reasonable assurance; and
    • clear differentiation between limited and reasonable assurance.

    These disclosures are not incidental. They establish the boundary conditions of the engagement and shape market expectations about the level of comfort being provided.

    From a governance perspective, this framing naturally prompts a simple question: should the experience of an ICFR review materially exceed what the final report itself can support?

    Where Practical Tensions Arise

    In practice, ICFR engagements often involve procedures that feel more extensive than what stakeholders typically associate with limited assurance. Operating effectiveness activities are frequently embedded within ICFR workstreams.

    Such procedures are well understood and entirely appropriate when used deliberately to support audit reliance strategies under ISA 330. However, they serve a specific audit objective and are not intrinsically required to support a negative assurance of ICFR conclusion.

    This raises a legitimate governance reflection:

    If an ICFR engagement culminates in a limited assurance conclusion regardless of whether operating effectiveness exceptions are identified, how should Audit Committees interpret the role and necessity of those procedures?

    The issue is not whether such work can be performed, but whether it is essential to the assurance outcome being reported.

    Proportionality, Cost, and Clarity

    As ICFR becomes more embedded, Boards and management increasingly bear the cost of ongoing assurance activity. With that comes a fiduciary obligation to ensure proportionality.

    From a governance standpoint:

    • assurance scope should be clearly traceable to stated objectives.
    • methodology choices should be distinguishable from mandatory requirements; and
    • cost should align with the level of assurance ultimately expressed to the market.

    Where these lines blur, there is a risk that ICFR assurance evolves through habit rather than deliberate governance intent.

    A Forward-Looking Question for the Nigerian Market

    The evolution of practice also raises a broader policy question—one that may become unavoidable over time:

    If ICFR execution increasingly resembles reasonable assurance behaviour in substance, should the assurance level remain limited in form?

    Conversely, if limited assurance remains the intended endpoint, what additional discipline is required to ensure that execution remains consistent with that intent?

    These are not questions for auditors alone. They fall squarely within the responsibility of regulators, Audit Committees, and Boards charged with safeguarding reporting integrity and cost efficiency.

    Closing Reflection

    ICFR assurance should mean exactly what it states in the report — no more, no less.

    As ICFR practices mature, the real test of governance will not be how much work is performed, but how deliberately assurance scope, assurance level, and cost are aligned. When execution quietly exceeds what reporting can support, clarity is lost, accountability weakens, and value becomes harder to demonstrate.

    For CFOs and Audit Committees, the task ahead is neither resistance nor automatic acceptance. It is intentional oversight returning to first principles, interrogating scope with precision, and ensuring that ICFR assurance evolves as a disciplined governance tool, not a matter of habit or momentum.

    In that discipline lies both credibility and confidence.

    Written by Akeem Taofik – FCA

  • Stransact and Doftwerks Achieve ISO/IEC 27001:2022 Certification, Setting the Benchmark for Secure NRS E-Invoicing in Nigeria

    Stransact and Doftwerks Achieve ISO/IEC 27001:2022 Certification, Setting the Benchmark for Secure NRS E-Invoicing in Nigeria

    Stransact, a leading professional services firm and RSM correspondent in Nigeria, together with its technology subsidiary, Doftwerks, has achieved ISO/IEC 27001:2022 certification, the globally recognised standard for information security management systems (ISMS).

    This milestone affirms the firms’ adherence to the highest international standards for data protection, confidentiality, integrity, and availability, and positions Stransact and Doftwerks at the forefront of secure, enterprise grade compliance solutions supporting Nigeria’s Nigeria Revenue Service (NRS) e invoicing mandate.

    ISO/IEC 27001:2022 is regarded as the gold standard for information security governance, requiring organisations to implement rigorous controls across people, processes, and technology. Certification confirms that Stransact and Doftwerks have established a comprehensive, independently audited framework to identify, manage, and mitigate information security risks across all operations.

    “ISO/IEC 27001:2022 certification is not a badge; it is an operating discipline,” said Eben Joels, Managing Partner at Stransact. “For our clients—particularly CFOs, CIOs, and compliance leaders—this provides board level assurance that sensitive financial and transactional data is protected in line with the most demanding global standards. It also reinforces our commitment to supporting the NRS e invoicing regime with solutions that are not only compliant, but secure by design.”

    As Nigeria advances the implementation of mandatory electronic invoicing, data security and system resilience have become critical concerns for businesses operating at scale. Through Doftwerks, Stransact delivers technology enabled compliance solutions that integrate seamlessly with enterprise finance systems while meeting regulatory and security expectations.

    “Security is foundational to trust in any digital tax infrastructure,” said Tunde Awopegba, Chief Technology Officer at Doftwerks. “This certification validates the robustness of our platforms and internal controls, and gives clients confidence that their data is handled with the same level of care expected in leading global markets.”

    What the Certification Means for Clients

    The ISO/IEC 27001:2022 certification provides tangible benefits to organisations engaging Stransact and Doftwerks, including:

    • Regulatory confidence in meeting NRS e invoicing and broader data protection expectations
    • Reduced information security risk across financial, tax, and transactional data
    • Enterprise grade governance and controls aligned with international best practices
    • Assurance for boards, investors, and regulators on data integrity and confidentiality
    • A trusted partner for organisations operating in highly regulated or data sensitive environments

    By embedding information security into service delivery and technology architecture, Stransact and Doftwerks continue to differentiate themselves as trusted advisors at the intersection of regulation, technology, and risk management.

    About Stransact

    Stransact is a multidisciplinary professional services firm providing audit, tax, advisory, transaction support, and regulatory compliance services to local and international clients. As an RSM correspondent firm in Nigeria, Stransact combines deep local expertise with global standards to support organisations navigating complex regulatory and business environments.

    About Doftwerks

    Doftwerks is the technology subsidiary of Stransact, delivering secure, scalable digital solutions across tax compliance, finance transformation, and regulatory technology. The firm specialises in building enterprise grade platforms that align with both Nigerian regulatory requirements and international best practices.

  • 5 Must-Reads for Forward-Thinking Leaders

    5 Must-Reads for Forward-Thinking Leaders

    At Stransact, we remain aligned to the ever-evolving landscape of business, regulation, and industry developments. Our weekly insights are designed to equip you with the foresight and clarity to make informed decisions and lead with impact.

    Filing your Personal Income Tax (PIT) is more than a statutory obligation; it’s a fundamental civic duty that supports national development. Learn the essentials of PIT compliance, common pitfalls to avoid, and how to ensure you stay on the right side of the law with ease.
    Read the article

    Nigeria’s e-invoicing rollout marks a decisive shift toward a transparent, efficient, and digitally governed tax system. Explore how this reform is backed by statutory authority and phased implementation that will reshape how businesses document, validate, and report transactions.
    Read the article

    For many insurers, IFRS 17 has long been seen as a complex reporting requirement. However, market leaders are shifting perspective, treating it as a management system rather than just an accounting standard. Discover how forward-thinking organizations are leveraging IFRS 17 to enhance decision-making, improve financial transparency, and gain a competitive edge.
    Read the article

    A tax system that commands respect is one built on predictability, transparency, and the rule of law. Understand the implications of Nigeria’s evolving tax laws and what they reveal about the balance between regulatory authority and taxpayer rights.
    Read the article

    Data protection is no longer optional; it’s a critical business priority. Discover why proactive organizations investing in strong data protection frameworks today are positioning themselves for long-term success in an increasingly digital economy.
    Read the article

    Follow Stransact for weekly insights on the future of business, finance, and regulation in Nigeria.

  • IFRS 17 in Nigeria: The Shift from Compliance Burden to Strategic Advantage

    IFRS 17 in Nigeria: The Shift from Compliance Burden to Strategic Advantage

    As insurers move further into their IFRS 17 journey, one thing is now clear: The conversation has moved beyond compliance. The real question is: “How do we turn IFRS 17 into a competitive advantage?”

    Across Nigeria, insurers have now completed at least one full-year reporting cycle under IFRS 17 (2023 FY) consistent with global adoption timelines and transition activity already reported by Nigerian insurers such as Leadway Assurance and others; the insights emerging from the 2024 and 2025 cycles show a striking pattern: The market leaders are the companies treating IFRS 17 as a management system, not an accounting project.

    Why IFRS17 Matters More in Nigerias 2026 Economy

    With FX volatility, inflationary pressure, higher discount rates, and rising capital costs, the insurance sector needs a clearer economic lens. IFRS 17 provides exactly that by:

    • Replacing premium‑based revenue with service‑based revenue
    • Converting unearned profit into a visible liability: the Contractual Service Margin (CSM)
    • Requiring cohort‑level discipline that exposes pricing strength (or weakness) early
    • Improving comparability and investor confidence through consistent reporting

    This is the level of transparency global investors and rating agencies expect.

    Read more: Your Tax, Your Responsibility: A Practical Guide to Personal Income Tax Filing in Nigeria

    The Biggest Mindset Shift: From Premium Volume → To Earned‑Value Profitability

    Under legacy accounting, profitability could be flattered by cash inflow.
    Under IFRS 17, this disappears.

    Instead, finance leaders now get:

    • CSM as a forward‑earnings reservoir

    It tells the truth about long‑term profitability, not just what happened this quarter.

    • Risk Adjustment as a volatility indicator

    A direct measure of uncertainty and risk appetite.

    • Coverage Units as the engine of profit release

    A methodology that needs strong governance and clear Board oversight.

    Where the Winners Are Emerging: CFOs Who Treat IFRS17 Data as Strategy

    The best‑performing insurers are using IFRS 17 insights to:

    1. Refine product pricing before underpricing becomes a balance‑sheet problem
    2. Redesign reinsurance treaties using CSM, RA and cohort analytics not negotiations alone
    3. Strengthen claims performance through clearer loss‑component identification
    4. Improve capital planning and dividend forecasts with more predictable earnings visibility
    5. Communicate with Boards and investors using business‑ready IFRS 17 dashboards instead of technical jargon

    These are the companies moving from compliance to competitive edge.

    Audit Reality: Integration Is the Make‑or‑Break Factor

    Across the 2025/2026 audit cycles, we’ve seen one constant:

    Where actuarial engines and finance systems are not aligned, IFRS 17 becomes a reconciliation nightmare. But where integration is strong:

    • Month‑end closes improve
    • Audit exceptions reduce
    • Regulatory questions are easier to answer
    • CFOs spend time on strategy, not troubleshooting

    This is where real value is unlocked.

    Read more: NRS Rolls Out Nationwide E-Invoicing Regime What It Means for Nigerian Businesses

    The Leadership Imperative for 2026

    IFRS 17 is not just a technical standard. It is a leadership standard. To lead in today’s market, finance executives must:

    • Treat CSM movement as a strategic KPI
    • Build a unified Actuarial–Finance “single source of truth”
    • Define Board‑friendly dashboards for CSM, RA, and cohort profitability
    • Link IFRS 17 insights into pricing, capital, claims, and reinsurance
    • Strengthening governance around coverage units and assumption changes

    This is how insurers differentiate themselves as the market consolidates and competition intensifies.

     Call to Action for CFOs & Finance Directors

    As we head into the 2026 reporting cycle, ask yourself:

    • Are you leveraging IFRS 17 to reshape your profit story or only to comply?
    • Is your CSM movement aligned with strategic decisions?
    • Are actuarial and finance speaking the same language?
    • Do your Board and investors understand your IFRS 17 narrative?
    • Are you using IFRS 17 data to drive pricing, capital allocation, and reinsurance strategy?

    If you see breakthroughs or friction points, we did love to hear them.

    Drop your insights in the comments or send us a mail at [email protected]. Let’s turn IFRS 17 from a requirement into a strategic weapon for the Nigerian insurance industry.

  • Your Tax, Your Responsibility: A Practical Guide to Personal Income Tax Filing in Nigeria

    Your Tax, Your Responsibility: A Practical Guide to Personal Income Tax Filing in Nigeria

    Filing your Personal Income Tax (PIT) in Nigeria is more than a statutory obligation, it is a fundamental civic duty. It ensures that individuals contribute equitably to national development while protecting themselves from the legal and financial consequences of non‑compliance. Whether you are a salaried employee, a business owner, or earn income from multiple sources, understanding your personal tax obligation is essential.

    With the annual PIT filing deadline set for 31 March, this guide provides a clear and practical overview of:

    • Who is required to file a return
    • How and where to file
    • Key documentation required
    • The consequences of non‑compliance under the Nigeria Tax Administration Act, 2025

    Read more: How to File Your Personal Income Tax in Nigeria: A Step-by-Step Compliance Guide

    Who Is Required to File Personal Income Tax?

    In Nigeria, every taxable person is required to file an annual Personal Income Tax return, regardless of whether tax has already been deducted at source.

    1. Employees under the PAYE System

    If you are in paid employment, your employer deducts tax monthly under the Pay‑As‑You‑Earn (PAYE) system and remits it to the relevant State Internal Revenue Service (IRS). However, PAYE deductions do not eliminate your obligation to file an annual return.

    An annual filing is required to formally declare your income and confirm your tax position. Additional tax may become payable where:

    • You earned income outside your employment (e.g. rental income, consulting fees, investments), or
    • Your employer under‑deducted tax during the year.

    1. Self‑Employed Individuals and Business Owners

    If you are self‑employed such as a freelancer, consultant, contractor, or business owner, no taxes are deducted on your behalf. You are therefore personally responsible for:

    • Computing your tax liability
    • Paying the tax due
    • Filing your annual Personal Income Tax return

    Failure to do so exposes you to penalties and limits your access to important business and financial opportunities.

    Read more: Avoid These Payroll Penalties: What Every Nigerian Employer Should Know

    Step‑by‑Step Guide to Filing Personal Income Tax

    Step 1: Determine Your Tax Residency

    Your tax residency determines where you are required to file and pay tax.

    • Resident Individuals

      If you live or work in a Nigerian state for 183 days or more in a year, you are deemed resident in that state and must file with its State IRS. An individual is also deemed to be resident in Nigeria if any of the following is met:

    • They serve as a Nigerian diplomat, diplomatic agent, or government employee posted abroad, OR
    • They have a permanent home available in Nigeria for domestic use, OR
    • They have a habitual place of abode in Nigeria, OR
    • They are a Nigerian who earns income from employment or business exercised wholly or partly in Nigeria, OR
    • They have substantial economic and immediate family ties in Nigeria.

    • Non‑Residents

      These are individuals who do not meet any of the above criteria for determining residency. However, Individuals living outside Nigeria but earning income sourced from Nigeria may still have Nigerian tax obligations, subject to applicable tax rules.

    Step 2: Compute Your Taxable Income

    Your taxable income includes all income earned during the year, such as:

    • Salaries, wages, bonuses, allowances, and commissions
    • Business or professional income
    • Rental income
    • Investment income (dividends, interest, etc.)
    • Any other taxable income earned within the year

    Nigeria operates a progressive tax system, meaning higher income attracts higher tax rates but only on the portion of income that falls within each tax band.

    Step 3: Pay the Tax Due

    Once your tax liability has been determined, payment can be made through any of the following channels:

    • Your State Internal Revenue Service’s online portal
    • Bank deposits using the appropriate state revenue code
    • Remita or other government‑approved payment platforms

    It is critical to retain proof of payment, as this will be required during filing and for future tax verification.

    Step 4: File Your Annual Tax Return (On or Before 31 March)

    By law, individuals must file their Personal Income Tax returns on or before 31 March each year, covering income earned in the preceding year.

    To file, you will typically need:

    • Pay slips or income statements.
    • Financial statements (for business owners).
    • Bank statements (where applicable).
    • Rental agreements (if applicable).
    • Investment documentation.
    • Evidence of tax payments made.

    Returns may be filed through:

    • Your State IRS e-filing portal.
    • Physical submission at the State IRS office.
    • Completion and submission of the Taxpayer Self‑Assessment Form (Form A) available on your State IRS website.

    Read more: NRS Rolls Out Nationwide E-Invoicing Regime What It Means for Nigerian Businesses

    Tax Clearance Certificate (TCC): Why It Matters

    Upon filing and settling your taxes, you may apply for a Tax Clearance Certificate (TCC). A TCC is official evidence that your tax affairs are in order and is commonly required for:

    • Government contracts and tenders
    • Business registration and regulatory approvals
    • Visa and immigration applications
    • Loan and credit facilities
    • Property and high‑value transactions

    Without proper tax filing, obtaining a TCC can be delayed or denied.

    Penalties for Late or Non‑Filing

    Section 101 of the Nigeria Tax Administration Act, 2025 provides that a taxable person who fails to file returns, or knowingly files incomplete or inaccurate returns, is liable to administrative penalties as follows:

    • ₦100,000 for the first month of default, and
    • ₦50,000 for each subsequent month the failure continues

    These penalties apply irrespective of whether tax is eventually paid.

    Conclusion

    Personal Income Tax compliance is not merely a regulatory formality. It safeguards you from penalties, strengthens your financial credibility, and unlocks access to critical personal and business opportunities. Proactive compliance today prevents costly consequences tomorrow.

    Your tax. Your responsibility. Your compliance.

  • NRS Rolls Out Nationwide E-Invoicing Regime What It Means for Nigerian Businesses

    NRS Rolls Out Nationwide E-Invoicing Regime What It Means for Nigerian Businesses

    Nigeria has entered a decisive new phase in tax administration. The Nigeria Revenue Service NRS has issued a public notice outlining the phased implementation of its E-Invoicing and Electronic Fiscal System (EFS), with the programme already underway for large taxpayers and scheduled to expand to medium and emerging taxpayers over the coming years.

    Also known as the Merchant Buyer Solution (MBS), the initiative fundamentally changes how businesses generate, transmit, authenticate, and store invoice data. With large taxpayers already onboarded and enforcement timelines now clearly mapped out, Nigerian enterprises must begin preparing for a fully digital fiscal environment

    A New Era of Digital Tax Compliance

    Electronic invoicing replaces paper-based billing with structured digital exchange of invoices, credit notes, and debit notes between buyers and sellers through integrated systems. By digitizing invoicing and enabling secure transmission through accredited platforms, the reform is expected to reduce tax leakages and underreporting, improve audit efficiency and revenue assurance, strengthen transparency across supply chains and simplify compliance through automation and interoperability.

    For businesses, this marks a clear shift toward technology driven compliance, where invoicing, reconciliation, reporting, and authentication become part of a unified digital workflow.

    How Nigeria’s E Invoicing Rollout Evolved

    Nigeria’s move toward electronic fiscalisation has unfolded gradually as part of a broader digital tax transformation agenda:

    • 2021- Authorities signaled plans to connect automated tax systems to taxpayers’ electronic records, laying early groundwork for digital monitoring.
    • 2024- Mandatory e invoicing policy direction emerged through the Merchant Buyer Solution framework.
    • January 2025- Pilot deployment began with selected large taxpayers to validate integrations and data transmission.
    • August 2025- Official go live for large taxpayers marked the transition from preparation to live fiscal reporting.
    • 2026 to 2028- Phased nationwide expansion covering go-live and enforcement for medium (2027) and emerging (2028) taxpayers.

    This consultation pilot, which aims to stabilise and enforce pathways, reflects international best practices for national fiscalisation programs.

    Read more: Navigating the Future of Tax Compliance: FIRS to Roll Out E-Invoicing in Nigeria

    The Legality: What Gives NRS the Authority

    A major question business often ask is what makes this mandatory.

    According to the NRS public notice on the EFS rollout, the programme is anchored in Nigeria’s tax administration legal framework. Section 23 of the Nigeria Tax Administration Act (NTAA) empowers the Service to deploy technology for efficient tax administration and collection, while Section 158 of the Nigeria Tax Act (NTA) mandates taxpayers to implement the fiscalisation system deployed by the Service.

    Taken together, these provisions establish the basis for NRS to introduce and enforce a digital fiscal regime across taxpayer categories, particularly where compliance depends on structured invoice data and electronic reporting.

    Separately, Nigeria’s technical and ecosystem governance is supported by the National Regulatory Guideline for Electronic Invoicing in Nigeria 2025 issued by NITDA, which

    • Applies to regulators, accredited service providers, and all entities generating or processing electronic invoices.
    • Defines the operational roles of Access Point Providers and System Integrators.
    • Establishes compliance, licensing, monitoring, and enforcement structures within the e-invoicing ecosystem.

    These elements collectively confirm that E Invoicing under EFS is a statutory compliance requirement and not optional modernization.

    Phased Rollout Timeline

    To ensure operational readiness, NRS is implementing EFS in structured phases aligned with turnover thresholds.

    Large Taxpayers Above ₦5 Billion

    • Go live: August 2025.
    • Post goes live review: January to March 2026.
    • Compliance enforcement: April to June 2026.

    Large enterprises are already transmitting invoice data and setting the pace for national adoption.

    Medium Taxpayers ₦1 Billion to ₦5 Billion

    • Stakeholder engagement: January to March 2026.
    • Pilot rollout: April to June 2026.
    • Go live: 1 July 2026.
    • Compliance enforcement: January to March 2027.

    Preparation timelines for this segment are now time critical.

    Emerging Taxpayers Below ₦1 Billion

    • Stakeholder engagement: January to March 2027.
    • Pilot rollout: April to June 2027.
    • Go live: 1 July 2027.
    • Compliance enforcement: January to March 2028.

    Although timelines are longer, early readiness significantly reduces disruption risk.

    What This Means for Businesses

    The nationwide mandate represents more than regulation. It is a structural digital transformation of commercial operations. Businesses must prepare to generate invoices in standardised compliant digital formats, transmit data securely via accredited e invoicing access platforms, maintain audit-ready electronic transaction records, and meet ongoing monitoring, reporting, and compliance obligations.

    Failure to prepare before enforcement windows may expose organisations to penalties, service disruption, or regulatory action, while early readiness enables faster reporting, reduced errors, improved visibility, and stronger credibility.

    The Critical Role of Technology Integration

    Compliance is now deeply technology dependent; successful adoption relies on qualified system integrators and secure digital infrastructure operating within Nigeria’s regulated E-invoicing framework.

    To support businesses through this transition, Stransact’s technology arm, Doftwerks, has been approved to assist organisations with integration, compliance-ready invoicing workflows, and secure connectivity to the national e invoicing ecosystem.

    Through Doftwerks, businesses can:

    • Integrate ERP, POS, and accounting systems with compliant e invoicing infrastructure.
    • Implement secure authentication, transmission, and audit trail capabilities.
    • Accelerate readiness ahead of enforcement timelines.
    • Minimise operational disruption during migration to electronic fiscal reporting.

    This capability complements Stransact’s broader mission of enabling seamless, compliant, and future-ready financial operations for Nigerian enterprises.

    Read more: FIRS E-Invoice Service

    Preparing for the Future Now

    One conclusion is unavoidable: Electronic invoicing is becoming the default framework for doing business in Nigeria. Organisations that digitise workflows, align with compliant infrastructure, and begin integration early will transition confidently. Those that delay risk last minute disruption as enforcement deadlines approach.

    Conclusion

    Nigeria’s E-Invoicing rollout marks a decisive step toward a transparent, efficient, and digitally governed tax system. Backed by statutory authority, national technical standards, and phased enforcement, the reform signals a permanent shift in how businesses document and report transactions.

    For forward thinking organisations, this is more than compliance. It is an opportunity to modernise finance operations, strengthen governance, and compete in a digital economy.

    Through Stransact and its approved technology arm, Doftwerks, Nigerian businesses can navigate this transition with confidence, securely, compliantly, and efficiently.

  • Nigeria’s New Tax Laws and the Limits of Administrative Power

    Nigeria’s New Tax Laws and the Limits of Administrative Power

    Introduction: Reform Raises Old Legal Questions

    The Nigeria Revenue Service (NRS) has issued formal notices to taxpayers announcing the commencement of the Nigeria Tax Act, 2025 (NTA) and the Nigeria Tax Administration Act, 2025 (NTAA), with effect from 1 January 2026. The notice, intended to provide “clarifications for ease of compliance and transition”, instead raises fundamental legal questions about the temporal application of tax laws, the scope of administrative authority, and the continued relevance of settled judicial principles.

    At the heart of the controversy is whether the NRS can, through administrative guidance, apply a new tax regime to income and transactions that arose before the commencement of the legislation.

    Year of Assessment Versus Year of Income

    The notice states unequivocally that “income tax returns due for filing in the 2026 Year of Assessment shall be prepared, filed, and assessed in accordance with the provisions of the NTA and NTAA.” On its face, this appears administratively tidy. In law, however, it is far from straightforward.

    For upstream petroleum companies, the year of assessment coincides with the year of income (i.e. actual year basis of assessment). For all other companies, Nigeria operates a preceding-year basis of assessment. Consequently, income reported in the 2026 Year of Assessment for non-upstream companies relates to profits earned in the 2025 financial year, at a time when the NTA and NTAA were not in force.

    Requiring taxpayers to compute 2025 income under a legal regime that only commenced on 1 January 2026 amounts, in substance, to retroactive taxation.

    The Presumption Against Retroactivity in Tax Law

    Nigerian courts have long held that statutes are presumed to operate prospectively unless the legislature clearly provides otherwise. This presumption is particularly strong in tax law, where statutes impose compulsory financial burdens. In Uwaifo v. Attorney-General, Bendel State and Attorney-General of the Federation v. Abubakar, the Supreme Court cautioned against interpretations that retrospectively alter substantive rights or liabilities.

    Nothing in the NTA or NTAA expressly authorizes the retrospective application of income tax provisions to profits earned before their commencement. In the absence of such language, administrative notices cannot lawfully supply what the legislature has withheld.

    The Accugas Case: A Direct Judicial Answer

    This issue is not novel. In Accugas Limited v. Federal Inland Revenue Service, the Tax Appeal Tribunal was confronted with an argument strikingly similar to the one now implicit in the NRS notice. The tax authority contended that because an amended tax law (Finance Act, 2019) was in force in the relevant Year of Assessment, it should apply to income earned in an earlier accounting period.

    The Tribunal rejected that argument in clear terms. It held that for companies assessed on a preceding-year basis, tax liability is governed by the law in force during the year the income was earned, not the year in which the assessment is made. The Year of Assessment, the Tribunal explained, is an administrative construct; it cannot be used as a legal mechanism to impose new tax rules on prior-year income.

    On appeal, the Federal High Court affirmed this reasoning, giving it binding judicial weight. The lesson from the Accugas case is unmistakable: the timing of assessment cannot override the timing of income.

    Against this backdrop, the directive that 2026 YOA returns must be assessed under the NTA and NTAA “irrespective of the actual filing date” sits on legally fragile ground for non-upstream taxpayers.

    Read more: The Limits of Regulatory Authority and the Imperative of Legislative Clarity

    Transactional Taxes: A Selective Temporal Approach

    The NRS notice adopts a different approach for transactional taxes. It states that the provisions of the NTA and NTAA shall apply to VAT, Stamp Duties and Withholding Tax “in respect of transactions occurring on or after 1 January 2026”. This is orthodox and uncontroversial. Transactional taxes attach to discrete events, and the applicable law is the law in force at the time the transaction occurs.

    The notice further preserves the validity of all VAT actions lawfully undertaken before 31 December 2025, including filings, assessments, payments and credits. This saving provision implicitly recognizes that the new law cannot disturb completed transactions.

    The difficulty arises when this logic is not consistently applied across the tax system.

    Capital Gains: An Important but Telling Concession

    The notice expressly provides that chargeable gains arising from disposals between 1 January 2025 and 31 December 2025 “shall be assessed and filed in accordance with the provisions of the repealed Capital Gains Tax Act”. Only disposals occurring on or after 1 January 2026 are brought under the new regime.

    This concession is significant. It acknowledges that capital gains crystallize at the point of disposal and must be governed by the law in force at that time. It also acknowledges, implicitly, that applying the new law to 2025 disposals would be impermissibly retrospective.

    Yet this creates an immediate tension with the broader directive on income tax for the 2026 Year of Assessment.

    Read more: One Law, Two Scripts: Navigating the Material Discrepancies in the Nigeria Tax Act 2025 – Eben Joels

    Capital Gains as Income: A Structural Conflict

    One of the most far-reaching reforms introduced by the NTA is the integration of capital gains into income tax computations. Under the new regime, chargeable gains from 1 January 2026 form part of total profits for income tax purposes. This reform makes the NRS’s transitional position even more delicate.

    The notice states that “income tax returns due for filing in the 2026 Year of Assessment shall be prepared, filed, and assessed in accordance with the provisions of the NTA and NTAA”. For non-upstream companies, the 2026 YOA relates to 2025 income. This would, in effect, require taxpayers to apply the new law to 2025 profits (except for capital gains, which are preserved under the old law).

    The result is a selective temporal application: one part of a company’s income (capital gains) is governed by the old statute, while the rest (ordinary profits, other transaction taxes) falls under the new law, all within the same assessment year. Nigerian courts, including in Accugas Ltd v. FIRS, have consistently rejected such selective retroactive application, holding that tax liability is determined by the law in force at the time income is earned, not by the year of assessment.

    In short, the NRS notice recognizes the impossibility of retroactively reclassifying capital gains yet attempts to do so implicitly for all other income in the same period, creating a legal and administrative contradiction that cannot be ignored. Tax law does not support such selective temporal logic. A single transaction carried out in 2025 cannot, as a matter of principle, be partly governed by repealed legislation and partly by new legislation absent explicit statutory direction.

    The Limits of Administrative Guidance

    Courts have consistently held that administrative circulars and notices cannot impose tax obligations beyond what the statute authorizes. In Attorney-General of the Federation v. Nigeria LNG Limited and FBIR v. Halliburton (WA) Ltd, the courts emphasized that tax liability arises strictly by operation of law, not by administrative convenience.

    The NRS notice, however well-intentioned, cannot override the statutory presumption against retroactivity or displace binding judicial authority, including the Accugas decision”.

    A Safer Path Forward

    A legally coherent transition would be to apply the NTA and NTAA prospectively to income and gains arising from financial years beginning on or after 1 January 2026. For non-upstream companies, this would mean that the 2026 Year of Assessment, which relates to 2025 income, remains governed by the repealed laws, with the new regime fully taking effect from the 2027 Year of Assessment. Such an approach would align administrative practice with judicial precedent, preserve taxpayer certainty, and protect the credibility of Nigeria’s ambitious tax reform agenda.

    A tax system that commands respect and compliance is one that is predictable, transparent and anchored in the rule of law. Nigeria’s tax reform agenda will be best served by ensuring that these principles are not sacrificed in the rush to implementation.