In modern governance, independence is often misunderstood as standing back—a polite distance maintained to avoid “interfering” with management. In reality, true governance excellence demands something much harder: Active Neutrality. 

Active Neutrality reframes independence from detachment to disciplined engagement without ownership, influence without control, courage without bias.

Risk Intelligence Is a Governance Asset

Internal Audit does not and should not make commercial or financial decisions; that responsibility rests with management. 

Active Neutrality recognises, however, that Internal Audit is uniquely positioned to assess whether the organisation’s current risk posture remains aligned with actual exposure, especially as conditions evolve. 

When Internal Audit uses data to challenge whether current caution (or lack thereof) remains proportionate, it is not directing outcomes; it is enhancing decision context. 

The distinction between ownership of decisions and transparency of risk is the foundation of Active Neutrality.

Timing: The Difference Between a Diagnosis and an Autopsy

Risk insight delivered after a scheduled audit may confirm history.
Risk insight delivered at the point of decision shapes the future. 

In high‑velocity environments, waiting for predetermined audit cycles means: 

• behavioral patterns harden, 

• value‑preserving adjustments are missed, and 

• remediation becomes a reactive cost rather than a preventive strategy. 

A perfect autopsy report doesn’t save the patient it only explains the funeral. 

Active Neutrality requires Internal Audit to engage at the speed of execution, providing timely, data‑driven challenge without assuming managerial authority.

Independence Through Clarity, Not Distance

There is a persistent Independence Trap where Internal Audit hesitates to provide real‑time insight to “protect” objectivity. This is a misunderstanding of the role. 

Independence is not a mandate for silence.
It is a shield that allows the auditor to speak truth to power while the risk is still manageable. 

Independence is strengthened not weakened when Internal Audit: 

• grounds challenge in objective data, 

• avoids ownership of outcomes, and 

• escalates concerns without waiting for the “proper” quarterly window. 

The Three Principles of Active Neutrality 

These ideas crystallise into three practical principles: 

• Zero Ownership of Decisions: Identifying that an initiative is drifting off‑track is not “managing” it. It is reporting on the health of the asset. 
• Zero Dilution of Facts: Independence means reporting facts as they are, not as they become comfortable. Filtering insight to preserve relationships weakens governance. 
• Zero Waiting for the “Window”: If a material risk is crystallising today, waiting for next quarter’s report is a governance failure and not prudence. 

The Bottom Line for the Board 

The Board’s oversight is strong when Internal Audit is neutral in judgment, but courageous in timing. 

An Internal Audit function practising Active Neutrality protects both downside risk and missed opportunity without compromising objectivity. 

If Internal Audit is staying quiet to “stay independent,” it is not protecting the process; it is hiding from it. 

A Final Reflection 

After decades of leading audit teams and managing complex audits, one truth remains: the most valuable independence is not found in the organisational chart. 

It is found in the willingness to be the first person in the room to say, “This doesn’t look right” long before the formal report is due. 

Is your Internal Audit team empowered to be that voice? 

---

Written by Akeem Taofik – FCA

Most Boards intuitively understand speed.  If the business is moving at 100 mph and Internal Audit is constrained by static annual planning cycles is moving at 20 mph, the Assurance Gap widens every day. 

This is not a capability issue; it is a velocity mismatch. 

The Execution Blind Spot 

Risks that emerge during execution, market shifts, operational shortcuts, or behavioral drift rarely wait for the next formal audit cycle. Yet, these are exactly the risks most likely to bypass assurance entirely. 

When Internal Audit is tethered to a “point-in-time” plan, they are essentially looking at a map of where the business was, while the business is already driving through new, unmapped territory. 

The Governance Reality Check 

In a high-velocity environment: 

• Accuracy without timeliness does not protect value; it merely explains losses after the fact. 

• Retrospective assurance provides a perfect autopsy, but the Board needs a diagnosis while the patient is still on the table. 

The real governance question for modern Boards is no longer: “Was the audit done well?” It is: “Did the insight arrive in time to matter?” 

The Bottom Line 

Modern assurance is not about auditing more. It is about auditing at the speed of the business. Governance excellence requires a shift from “periodic validation” to “continuous intelligence.” If your audit function isn’t moving at the speed of your strategy, you aren’t just independent, you’re out of the loop. 

A Final Reflection

As a professional who has led audit teams and managed complex statutory audits for decades, I’ve observed a consistent truth: the most valuable “independence” isn’t found in the organizational chart. It is found in the auditor’s willingness to be the first person in the room to say, “This doesn’t look right” long before the formal report is due. 

Is your Internal Audit team empowered to be that voice? 

---

Written by Akeem Taofik – FCA

In many Boardrooms, independence is rightly treated as the ultimate safeguard of Internal Audit.  Yet increasingly, independence is interpreted even within Internal Audit itself as a reason for detachment. 

When independence becomes a wall that delays engagement with emerging risks until a formal audit cycle begins, it does not strengthen governance. It creates a visibility lag one that Boards should care deeply about. 

Understanding the Visibility Lag 

The IIA Global Internal Audit Standards (2024) encourage agile and continuous auditing and explicitly align Internal Audit with enterprise objectives and risk. However, in practice, many Internal Audit functions still operate on rigid annual or semi‑annual “big‑bang” audit plans. 

What this means is that audit plans often reflect the risks management identified and embedded within enterprise objectives at the point of strategy setting. As execution unfolds, management pivots in real time but Internal Audit remains tethered to a point‑in‑time risk assessment. 

The consequence is a timing gap: while the business adapts at speed, Internal Audit insight arrives later, bound by planning cycles. This creates a governance blind spot, where the most dangerous risks those that emerge during execution are the least likely to be audited in time. 

Boards intuitively understand this challenge. If the business is moving at 100 mph and Internal Audit is constrained by planning cycles is moving at 20 mph, the assurance gap widens every day. 

Objectivity of Judgment ≠ Isolation of Timing 

Independence exists to protect objectivity of judgment, not to justify a wait‑and‑see posture. A perfect autopsy report doesn’t save the patient; it only explains the funeral. 

Accuracy without timeliness is a wasted investment. From a governance perspective, assurance that arrives too late may still be technically correct—but strategically irrelevant. 

Boards should therefore ask a simple but critical question: 

“Is our Internal Audit function staying silent on emerging risks to protect independence or providing the real‑time risk intelligence needed to protect the organisation?” 

Three Provocations for Audit Committees 

1. Risk Intelligence Is Not Management Interference

   Identifying an emerging exposure: such as operations scaling ahead of a signed contract is not an operational decision.
   It is risk intelligence. 

• The trap is viewing proactive signaling as encroachment.
• The reality is that objectivity is compromised when auditors decide, not when they highlight risk. 

2. The Danger of “Autopsy” Governance

   When Internal Audit limits itself to post‑event validation, Boards are left with explanations rather than protection. A perfect autopsy report doesn’t save the patient, rather it only explains the funeral. 

In high‑velocity environments, assurance that arrives months after risk emerges may be technically correct, but strategically irrelevant. 

• The provocation for Boards is simple:
  “Do we value retrospective accuracy more than independent foresight?” 

3. Reframing the Mandate

   Independence should be the shield that allows Internal Audit to:

• speak truth to power in real time, 

• challenge management assumptions before they harden into failures, 

• escalate concerns without hiding behind the “proper” quarterly window, and 

• practice active neutrality: independence is not passive neutrality; it is the fearless, factual reporting of risks as they develop. 

The Bottom Line 

Independence should be a shield, not a hideout.  An Internal Audit function that waits until risk manifests may remain independent in form
but risks becoming irrelevant in substance.

True governance excellence requires Internal Audit to be independent in mind but integrated in timing.

---

Written by Akeem Taofik – FCA

If you run a Nigerian subsidiary of a multinational and still think Section 57 of Nigeria’s updated corporate tax regime is just “one more calculation,” you’re already behind. Yes, Section 57 introduces a 15% minimum effective tax rate (ETR), neutralizing the benefit of incentives where they depress tax outcomes below the threshold. But the arithmetic is not the real story.

Section 57 is a governance signal

It marks the end of an era where local tax outcomes could be exceptional, lightly governed, and explained after the numbers were already consolidated.

The Comfort That Is Now Gone

For years, many Nigerian subsidiaries operated with quiet confidence. Incentives justified low ETRs. Group headquarters accepted Nigeria as a “special case.” Where questions arose, explanations typically came after the numbers were final.

 Section 57 disrupts that comfort

It now asks a tougher question, one that cannot be deferred: Can Nigeria’s tax outcome be clearly and credibly defended to Group Tax and the Audit Committee without relying on technical footnotes?

If the answer is no, the challenge is not tax complexity.

Why This Is a GRC Issue (Before It’s a Tax One)

From a Governance, Risk, and Compliance (GRC) perspective, Section 57 is not a tax rule; it is a stress test for control maturity, particularly Internal Control over Financial Reporting (ICFR).

Why?

The minimum tax threshold anchors directly to Profit Before Tax (PBT) as reported in audited financial statements. Once that linkage exists, tax is no longer a downstream calculation. It becomes a direct reflection of how disciplined or fragile the financial close process really is.

In practice:

• Weak controls become earnings risk: Volatile PBT caused by late adjustments, weak accrual discipline, inconsistent judgments, or provisioning gaps now creates immediate fiscal and reputational exposure.

• Tax risk moves upstream: Tax outcomes are no longer “managed” after close. They are shaped by how well financial reporting is governed in real time.

• ICFR maturity is exposed: Where tax has been treated as a compliance appendix rather than a governed outcome, Section 57 makes the deficiency visible.

This is how good regulation works. It reveals institutional weaknesses without prescribing the fix.

Audit Friction Is No Longer Tolerated

Historically, tax incentives could often survive scrutiny through post‑hoc explanations. In the Section 57 environment, credibility is defined by the audit trail.

Incentives that are not:

• clearly owned,

• embedded in control design, and

• supported by inspectable evidence

will struggle under Group‑level review or external audit scrutiny.

Persistent “audit friction” is no longer an irritation. It is a governance signal.

The Strategic Shift: From Compliance to Control

High‑maturity organisations are already pivoting. The change is subtle but decisive:

From: “Nigeria is compliant because our incentives are legal.”

To: “Nigeria is controlled because its ETR is deliberate, monitored, and explainable.”

This shift must happen before consolidation, not as a reconciliation exercise after Group questions arise. In a multinational environment, unexplained local volatility is not a local issue, it is an enterprise risk.

The Question That Now Defines Credibility

For CFOs and GRC leaders, the defining question has changed:

If Group Tax or the Audit Committee asked today, ‘Why is Nigeria’s ETR what it is?’ would the response be a spreadsheet model or a governance framework embedded in ICFR?

One signals calculation, the other signals control.

Final Thought

Section 57 is not asking Nigerian subsidiaries to be perfect, it is asking them to be credible.

Credibility does not come from technical explanations delivered after consolidation. It comes from discipline, alignment, and governance maturity.

If Nigeria is still being explained after the fact rather than positioned deliberately within the Group’s governance architecture, Section 57 isn’t the problem.

Your GRC maturity is.

Written by Akeem Taofik – FCA

In governance, discomfort is not always a warning sign it can be a signal worth listening to. As ICFR assurance becomes more established in Nigeria, some Boards and CFOs experience a persistent unease not because anything is demonstrably wrong, but because something no longer sits comfortably. The scope feels heavier than expected. The effort feels closer to reasonable assurance than limited assurance. The logic between work performed and conclusions reported feels less tidy than before.

In governance, that discomfort deserves attention.

Discomfort Often Emerges Before Failure

A well‑functioning governance systems rarely fail without warning. More often, signals appear early in the form of questions that linger, costs that are harder to explain, or execution patterns that no longer align intuitively with first principles.

In the context of ICFR assurance, discomfort may surface when:

• Execution effort materially exceeds what the assurance conclusion can support.
• scope expands incrementally without explicit Board discussion; or
• Management can no longer clearly articulate why additional procedures are being performed, beyond precedent.

These moments are not indicators of non‑compliance. They are indicators of governance tension.

When Discomfort Points to a Loss of Intentionality

Discomfort is particularly instructive when it reveals that:

• a Board did not consciously choose the current assurance depth.
• methodology has evolved through repetition rather than decision; or
• The assurance model being experienced no longer reflects the one originally approved.

In such cases, unease is not resistance, it is a signal that intentional ownership may have eroded.

Governance strength lies not in eliminating discomfort, but in understanding what it is reacting to.

Discomfort Is an Invitation, not a Verdict

Importantly, feeling uneasy does not compel immediate change.

It invites examination:

• Is the current ICFR execution still proportionate to our risk profile?
• Does the incremental work provide comfort we genuinely value?
• Are we implicitly moving toward a reasonable‑assurance posture without naming it?
• If circumstances changed, could we confidently recalibrate scope?

When Boards can engage these questions openly, discomfort becomes productive rather than destabilising.

The Risk of Ignoring Discomfort

Where discomfort is consistently deferred, two governance risks emerge:

• drift, where practice gradually moves beyond intent without accountability; and
• inertia, where future change becomes harder because the status quo hardens into perceived necessity.

Over time, what was once a mild unease can evolve into rigidity precisely the opposite of good governance.

A Discipline Worth Developing

Just as comfort can be a governance outcome when consciously chosen, discomfort can be a governance asset when properly interpreted.

It encourages Boards and Audit Committees to:

• revisit first principles without presuming error.
• distinguish between regulatory requirement and inherited practice; and
• maintain agency over assurance models, rather than inheriting them passively.

In this sense, discomfort is not a call to disrupt but a call to reengage.

Closing Reflection

ICFR assurance will continue to mature. For some Boards, that journey will feel settled. For others, it will surface questions that resist easy answers.

When discomfort arises, the objective is not to resolve it quickly, but to understand it thoroughly. In that understanding lies the capacity to decide consciously, proportionately, and with confidence whether the present course still serves the organisation’s governance intent.

Discomfort, well‑handled, is not a threat to governance.

---

Written by Akeem Taofik – FCA

Not every Audit Committee or CFO is unsettled by the current approach to ICFR assurance. For some organisations, the status quo feels appropriately understood, defensible, and aligned with their broader risk posture.

That position deserves recognition.

Governance is not about relentless change. It is about informed choices. Where Boards have consciously elected to accept broader ICFR execution than what a limited‑assurance conclusion strictly requires, the critical question is not whether that choice is right or wrong, but whether it is clearly understood, intentionally owned, and periodically revisited.

Comfort Can Be Rational and Still Require Oversight

There are legitimate reasons why Boards may be comfortable with current ICFR execution practices:

• Higher levels of assurance effort can feel safer in uncertain regulatory or market environments
• Additional procedures may reduce perceived audit friction or inspection risk
• Costs may be proportionate to organisational scale and complexity
• The approach may align with global group practices or long‑standing auditor relationships

None of these drivers is inherently problematic. Comfort, however, is not a substitute for clarity.

Good governance asks not only “Are we comfortable?” but also: “Do we fully understand what we are approving—and why?”

The Risk Is Not Over‑Execution, but Unexamined Execution

Choosing to tolerate or even welcome expanded ICFR procedures is a defensible governance stance. The risk arises when that expansion becomes default behavior, rather than an explicitly articulated decision.

Over time, unexamined execution can:

• harden into perceived regulatory necessity,
• blur the distinction between limited and reasonable assurance, and
• make future scope or cost recalibration more difficult to justify.

In such cases, the Board may remain comfortable yet gradually lose intentional control over the assurance model it is sponsoring.

What Good Ownership Looks Like in Practice

For Boards that deliberately prefer the status quo, strong governance is demonstrated by being able to clearly articulate:

• Why the current ICFR scope exceeds the minimum required for limited assurance.
• what incremental comfort that additional work is intended to provide.
• how comfort aligns with the assurance conclusion ultimately reported; and
• under what conditions the approach would be reconsidered.

When these questions are answerable, comfort becomes a governance outcome, not a governance blind spot.

A Discipline Worth Preserving

ICFR assurance will continue to evolve through regulatory refinement, market practice, and organisational maturity. Boards that are comfortable today are not obligated to lead that change.

They are, however, custodians of intentionality.

Whether maintaining the current model or reshaping it over time, the enduring marker of sound governance is not alignment with best practice trends, but clarity of purpose, proportionality of execution, and readiness to reengage first principles when circumstances change.

Comfort, when consciously chosen, can coexist with strong governance.
Comfort, when inherited and unexamined, rarely does.

---

Written by Akeem Taofik – FCA

As assurance becomes more routine, it may be worth pausing to reflect on whether execution, scope, and reported assurance levels remain coherently aligned.
Sharing a governance reflection below.

Internal Control over Financial Reporting (ICFR) is now firmly embedded in Nigeria’s financial reporting framework under the oversight of the Financial Reporting Council of Nigeria (FRCN). As ICFR assurance becomes more routine, a natural governance question arises for Boards, CFOs, and Audit Committees: does the way ICFR assurance is being executed reflect the assurance level ultimately reported?

This is not a technical debate, but rather, it is a governance consideration that goes directly to proportionality, cost discipline and expectation setting between auditors and Boards, and the credibility of what ICFR assurance communicates to the market.

The Significance of the Limited Assurance Starting Point

From inception, ICFR assurance in Nigeria was deliberately framed by FRCN as a limited assurance engagement under ISAE 3000 (Revised). That design reflected regulatory judgement balancing improved governance oversight against market readiness, implementation burden, and cost efficiency.

A limited assurance model is intended to:

• provide moderate assurance in negative form, using procedures less extensive than those required for reasonable assurance; and
• avoid conclusions that imply sustained operating effectiveness comparable to US SOX style regimes.

This starting logic is important, as it defines both what ICFR assurance is designed to achieve and what it is not.

What the Independent ICFR Attestation Report Signals

Independent ICFR attestation reports consistently emphasize three elements:

• negative form conclusions (“nothing has come to our attention…”).
• explicit acknowledgment that procedures performed are less extensive than those required for reasonable assurance; and
• clear differentiation between limited and reasonable assurance.

These disclosures are not incidental. They establish the boundary conditions of the engagement and shape market expectations about the level of comfort being provided.

From a governance perspective, this framing naturally prompts a simple question: should the experience of an ICFR review materially exceed what the final report itself can support?

Where Practical Tensions Arise

In practice, ICFR engagements often involve procedures that feel more extensive than what stakeholders typically associate with limited assurance. Operating effectiveness activities are frequently embedded within ICFR workstreams.

Such procedures are well understood and entirely appropriate when used deliberately to support audit reliance strategies under ISA 330. However, they serve a specific audit objective and are not intrinsically required to support a negative assurance of ICFR conclusion.

This raises a legitimate governance reflection:

If an ICFR engagement culminates in a limited assurance conclusion regardless of whether operating effectiveness exceptions are identified, how should Audit Committees interpret the role and necessity of those procedures?

The issue is not whether such work can be performed, but whether it is essential to the assurance outcome being reported.

Proportionality, Cost, and Clarity

As ICFR becomes more embedded, Boards and management increasingly bear the cost of ongoing assurance activity. With that comes a fiduciary obligation to ensure proportionality.

From a governance standpoint:

• assurance scope should be clearly traceable to stated objectives.
• methodology choices should be distinguishable from mandatory requirements; and
• cost should align with the level of assurance ultimately expressed to the market.

Where these lines blur, there is a risk that ICFR assurance evolves through habit rather than deliberate governance intent.

A Forward-Looking Question for the Nigerian Market

The evolution of practice also raises a broader policy question—one that may become unavoidable over time:

If ICFR execution increasingly resembles reasonable assurance behaviour in substance, should the assurance level remain limited in form?

Conversely, if limited assurance remains the intended endpoint, what additional discipline is required to ensure that execution remains consistent with that intent?

These are not questions for auditors alone. They fall squarely within the responsibility of regulators, Audit Committees, and Boards charged with safeguarding reporting integrity and cost efficiency.

Closing Reflection

ICFR assurance should mean exactly what it states in the report — no more, no less.

As ICFR practices mature, the real test of governance will not be how much work is performed, but how deliberately assurance scope, assurance level, and cost are aligned. When execution quietly exceeds what reporting can support, clarity is lost, accountability weakens, and value becomes harder to demonstrate.

For CFOs and Audit Committees, the task ahead is neither resistance nor automatic acceptance. It is intentional oversight returning to first principles, interrogating scope with precision, and ensuring that ICFR assurance evolves as a disciplined governance tool, not a matter of habit or momentum.

In that discipline lies both credibility and confidence.

---

Written by Akeem Taofik – FCA

As insurers move further into their IFRS 17 journey, one thing is now clear: The conversation has moved beyond compliance. The real question is: “How do we turn IFRS 17 into a competitive advantage?”

Across Nigeria, insurers have now completed at least one full-year reporting cycle under IFRS 17 (2023 FY) consistent with global adoption timelines and transition activity already reported by Nigerian insurers such as Leadway Assurance and others; the insights emerging from the 2024 and 2025 cycles show a striking pattern: The market leaders are the companies treating IFRS 17 as a management system, not an accounting project.

Why IFRS 17 Matters More in Nigeria’s 2026 Economy

With FX volatility, inflationary pressure, higher discount rates, and rising capital costs, the insurance sector needs a clearer economic lens. IFRS 17 provides exactly that by:

• Replacing premium‑based revenue with service‑based revenue
• Converting unearned profit into a visible liability: the Contractual Service Margin (CSM)
• Requiring cohort‑level discipline that exposes pricing strength (or weakness) early
• Improving comparability and investor confidence through consistent reporting

This is the level of transparency global investors and rating agencies expect.

Read more: Your Tax, Your Responsibility: A Practical Guide to Personal Income Tax Filing in Nigeria

The Biggest Mindset Shift: From Premium Volume → To Earned‑Value Profitability

Under legacy accounting, profitability could be flattered by cash inflow.
Under IFRS 17, this disappears.

Instead, finance leaders now get:

• CSM as a forward‑earnings reservoir

It tells the truth about long‑term profitability, not just what happened this quarter.

• Risk Adjustment as a volatility indicator

A direct measure of uncertainty and risk appetite.

• Coverage Units as the engine of profit release

A methodology that needs strong governance and clear Board oversight.

Where the Winners Are Emerging: CFOs Who Treat IFRS 17 Data as Strategy

The best‑performing insurers are using IFRS 17 insights to:

1. Refine product pricing before underpricing becomes a balance‑sheet problem
2. Redesign reinsurance treaties using CSM, RA and cohort analytics not negotiations alone
3. Strengthen claims performance through clearer loss‑component identification
4. Improve capital planning and dividend forecasts with more predictable earnings visibility
5. Communicate with Boards and investors using business‑ready IFRS 17 dashboards instead of technical jargon

These are the companies moving from compliance to competitive edge.

Audit Reality: Integration Is the Make‑or‑Break Factor

Across the 2025/2026 audit cycles, we’ve seen one constant:

Where actuarial engines and finance systems are not aligned, IFRS 17 becomes a reconciliation nightmare. But where integration is strong:

• Month‑end closes improve
• Audit exceptions reduce
• Regulatory questions are easier to answer
• CFOs spend time on strategy, not troubleshooting

This is where real value is unlocked.

Read more: NRS Rolls Out Nationwide E-Invoicing Regime What It Means for Nigerian Businesses

The Leadership Imperative for 2026

IFRS 17 is not just a technical standard. It is a leadership standard. To lead in today’s market, finance executives must:

• Treat CSM movement as a strategic KPI
• Build a unified Actuarial–Finance “single source of truth”
• Define Board‑friendly dashboards for CSM, RA, and cohort profitability
• Link IFRS 17 insights into pricing, capital, claims, and reinsurance
• Strengthening governance around coverage units and assumption changes

This is how insurers differentiate themselves as the market consolidates and competition intensifies.

 Call to Action for CFOs & Finance Directors

As we head into the 2026 reporting cycle, ask yourself:

• Are you leveraging IFRS 17 to reshape your profit story or only to comply?
• Is your CSM movement aligned with strategic decisions?
• Are actuarial and finance speaking the same language?
• Do your Board and investors understand your IFRS 17 narrative?
• Are you using IFRS 17 data to drive pricing, capital allocation, and reinsurance strategy?

If you see breakthroughs or friction points, we did love to hear them.

Drop your insights in the comments or send us a mail at [email protected]. Let’s turn IFRS 17 from a requirement into a strategic weapon for the Nigerian insurance industry.

Over the past two decades, corporate scandals most notably Enron and global financial crises have driven major reforms in financial reporting. For Public Interest Entities (PIEs), this led to the adoption of stronger ICFR frameworks like COSO 2013 Internal Control: Integrated Framework, reinforcing the need for transparency, accountability, and stakeholder trust.

In Nigeria, the Financial Reporting Council (FRC) requires all Public Interest Entities to implement and report on the effectiveness of their ICFR. With the mandate effective from financial years ending on or after 31 December 2024. 2025 marks the second year of mandatory compliance. PIEs are reminded to maintain and annually assess their ICFR, ensuring ongoing transparency, accountability, and independent assurance.

Read more: Stransact makes World Tax list of Tier-1 firms in tax services

What Is ICFR and Why Does It Matter?

Internal Control over Financial Reporting (ICFR) refers to the processes and controls established by management to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with applicable accounting standards.

ICFR Core Objectives

• Ensuring transactions are recorded accurately to support the preparation of financial statements.
• Providing assurance that receipts and expenditures are made only with proper authorization.
• Safeguarding assets against unauthorized use, loss, or disposition.

While most organizations already maintain internal controls, what’s evolving is the benchmarking of these controls against globally recognized frameworks most notably, the COSO 2013 Internal Control – Integrated Framework.

This shift enhances the effectiveness, consistency, and auditability of ICFR, ensuring that financial statements are not only accurate and complete but also compliant with international best practices.

Read more: National Repository Portal and Financial Reporting Compliance: A Guide for Nigerian PIEs

What does FRC expects from Public Interest Entities Management’s Responsibility

Management is responsible for the design, implementation, and annual certification of ICFR effectiveness. As mandated by the Financial Reporting Council of Nigeria (FRCN), this responsibility cannot be delegated to external auditors to preserve their independence. While internal audit or independent consultants may support the process, only management must assess and certify ICFR annually.

External Auditors’ Role

External auditors are required to independently review management’s ICFR assessment and issue a separate attestation report, without compromising their independence. This may be conducted as part of an integrated audit, which includes:

• A distinct ICFR audit (with its own fee), and
• A financial statement audit informed by ICFR conclusions.

Even if ICFR is ineffective, it doesn’t mean the financial statements are misstated but it may require more substantive testing and higher audit fees.

Read more: Financial Reporting in Nigeria: The Critical Role of ICFR

Call to Action

• CEOs: Champion ICFR as a continuous, enterprise-wide Ensure it is adequately resourced and embedded into the organization’s governance and risk management framework not treated as a mere compliance checkbox.
• CFOs: Lead continuous maintenance of ICFR and annual certification of ICFR. Ensure timely, evidence-based assessments and maintain clear documentation to support transparency and audit readiness.

• External Auditors: Uphold independence by refraining from performing ICFR assessments. They should independently review and attest to management’s ICFR assessment as part of the integrated audit.

Read more: Why IFRS 18 Should Be a Strategic Priority for CFOs and Financial Leaders

Looking Ahead: Strengthening Trust Through Effective ICFR Implementation

As Nigeria’s regulatory landscape continues to evolve, the successful implementation of Internal Control over Financial Reporting (ICFR) stands as a defining marker of corporate integrity and governance maturity. For Public Interest Entities, this is more than a compliance exercise; it is a commitment to building investor confidence, enhancing financial transparency, and reinforcing accountability across all levels of the organization.

In 2025 and beyond, organizations that embed ICFR into their governance culture will not only stay compliant but also position themselves as trusted leaders in financial reporting excellence.