Why Boards Should Care About Internal Controls: Board Governance, Fiduciary Duty, and Protecting Shareholder Value in Nigeria

Let me tell you about a misunderstanding that is costing Nigerian organisations more than most directors realise.

It is the belief, held by more board members than would admit it, that internal controls are fundamentally a management matter. That they belong to the CFO, the internal auditor, the compliance officer. That a director’s governance responsibility ends with strategy and CEO oversight.

This misunderstanding is not an abstract error. It is a direct cause of value destruction.

The financial frauds that have devastated Nigerian companies. The regulatory sanctions that have embarrassed boards. The qualified audit opinions that have shaken investor confidence. The corporate collapses that have wiped out shareholder value.

Behind each one sits a board that did not exercise sufficient oversight of internal controls.

This article makes the case for why every Nigerian board member must care deeply about internal controls, what that responsibility looks like, and what the latest developments mean for directors.

If you need professional support, our board governance and internal controls advisory for Nigerian companies can help you build effective oversight.

The connection between internal controls and board governance

Understanding why internal controls are fundamentally a board matter is the essential starting point.

The relationship is not incidental. It is structural, legal, and deeply consequential. Under the Companies and Allied Matters Act (CAMA) 2020, the Nigerian Code of Corporate Governance, and CBN and SEC rules, boards bear explicit fiduciary responsibility for the adequacy and effectiveness of internal controls.

This responsibility cannot be delegated to management. It is a board-level accountability.

Internal controls protect assets, ensure reliable financial reporting, and support compliance with laws. These are precisely the outcomes boards are responsible for overseeing.

A board that governs without genuine oversight of internal controls is governing blind. Approving budgets and making strategic decisions on the basis of information whose reliability it has not taken adequate steps to assure.

What is the board’s role in internal control oversight?

According to the OECD G20/OECD Principles of Corporate Governance, board oversight of internal controls refers to “the responsibility of the board of directors to satisfy itself, through appropriate governance structures, information flows, and independent assurance mechanisms, that management has designed, implementing, and is maintaining an effective system of internal controls.”

Board oversight does not mean directors personally design or operate controls. That is management’s role. It means directors actively evaluate whether management’s control environment is adequate, whether identified weaknesses are being remediated, and whether independent assurance from internal and external audit supports confidence in management’s representations.

Why internal control failures are board governance failures

Every significant internal control failure represents, at some level, a board governance failure.

Lessons from Nigerian corporate history.

The banking crisis of 2008 and 2009, which required a CBN intervention of approximately ₦620 billion and the removal of eight bank chief executives, was fundamentally a governance crisis. The boards had failed to exercise adequate oversight of credit risk management and related party transactions.

More recent failures tell the same story. Forensic investigations have consistently identified board-level governance failures as a central cause. Insufficient oversight of risk management. Inadequate challenge of management representations. Passive acceptance of audit findings without demanding remediation.

The boards were not composed of dishonest individuals. They were composed of directors who did not prioritise genuine oversight.

The shareholder value dimension.

The most direct consequence of internal control failures is the destruction of shareholder value. Fraud losses reduce earnings. Regulatory sanctions generate fines. Qualified audit opinions trigger share price declines. Reputational damage drives customer attrition.

Boards that treat internal control oversight as a management responsibility are accepting a level of shareholder value risk that their fiduciary duty requires them to manage.

The personal liability dimension.

Directors must understand that personal liability in the event of control failures is real and increasing. The Economic and Financial Crimes Commission (EFCC) expanded enforcement focus explicitly targets boards where significant control failures have occurred.

Directors who can demonstrate genuine oversight are in a materially better legal position. Good governance is not just ethically right. In Nigeria’s enforcement environment, it is also legally prudent.

What board oversight of internal controls looks like

Understanding the principle is necessary. Nigerian directors need a concrete picture of what meaningful oversight actually requires.

The audit committee as the primary mechanism.

The audit committee is the board mechanism through which oversight is primarily exercised. An effective audit committee, composed of genuinely independent directors with relevant expertise, provides focused oversight that the full board cannot practically achieve.

Members must have genuine financial literacy. The committee must meet at minimum quarterly. It must have direct, unrestricted access to internal audit, external auditors, and finance leadership, including private sessions without management present.

Engaging substantively with internal audit.

Internal audit is the board’s primary source of independent assurance. Engagement must go beyond receiving reports. It must involve active review of the audit plan, substantive engagement with findings asking probing questions about root causes, and genuine tracking of remediation.

The Chief Audit Executive must report functionally to the board or audit committee, not to the CFO or CEO. This structural independence is foundational.

Setting the tone at the top.

The control environment is primarily determined by the tone at the top. Boards that visibly communicate that financial integrity and adherence to controls are non-negotiable create cultures where strong controls are expected.

Setting the right tone requires boards to ask uncomfortable questions. Why did this control fail? Who was accountable? What has been done to prevent recurrence?

For support with audit committee effectiveness, our audit committee and board governance advisory services can help.

The governance structures Nigerian boards need

Knowing what oversight requires is the starting point. Having the right structures makes it possible.

A genuinely independent audit committee.

The audit committee must be composed of directors who are genuinely independent. In Nigeria, where family-controlled businesses remain common, maintaining genuine independence requires deliberate governance design.

Alongside independence, genuine competence is essential. The expertise required includes understanding of internal audit methodology, risk management frameworks, and financial reporting standards.

A board-reporting whistleblower mechanism.

A confidential whistleblower mechanism that reports to the audit committee is one of the highest-value oversight tools available. The Association of Certified Fraud Examiners (ACFE) global research consistently identifies tips as the single most effective fraud detection mechanism.

A mechanism that employees genuinely trust creates an early warning channel that gives the board advance notice of control failures.

Direct board access to the Chief Audit Executive.

The Chief Audit Executive must have direct, unrestricted access to the board. Where this access does not exist, the board’s most important source of independent intelligence is compromised.

For support with governance structures, our board governance framework and internal control oversight advisory can help.

Board governance and internal controls developments for 2025 to 2026

The governance landscape is shifting rapidly. Here are the most important developments.

The FRCN’s enhanced board accountability requirements.

The Financial Reporting Council of Nigeria (FRCN) updated corporate governance code includes strengthened provisions making boards directly accountable for internal control oversight. Boards must include specific internal controls statements in annual reports, confirming not just that controls exist but that the board has satisfied itself of their effectiveness.

CBN’s board risk committee requirements.

The Central Bank of Nigeria (CBN) updated guidelines mandate board-level risk committees with specifically qualified members and explicit responsibilities for oversight of internal control and risk management environments.

Institutional investors are pricing board governance quality.

Institutional investors are significantly increasing the weight they place on board governance quality. For listed companies seeking international capital, demonstrable board governance quality has become a direct determinant of the cost of capital.

ESG controls are becoming a board priority.

As Nigerian companies respond to NGX ESG disclosure requirements, boards are increasingly being asked to demonstrate that they have satisfied themselves of the adequacy of controls assuring that information’s reliability.

For support with ESG governance, our ESG governance and board oversight advisory can help.

A board governance self-assessment checklist

Use this tool to assess your board’s internal control oversight.

Does your board have a formally constituted audit committee with genuinely independent members who possess relevant expertise? Does the audit committee meet at minimum quarterly and hold private sessions with auditors without management present? Does the Chief Audit Executive report functionally to the board rather than the CFO? Does the board receive and substantively engage with internal audit findings, tracking remediation to completion?

Does the board review and approve the risk-based internal audit plan? Is there a confidential whistleblower mechanism reporting to the audit committee? Does the board treat internal controls as a standing governance priority?

Key board governance terms every director should know

Board Oversight of Internal Controls. The board’s responsibility to satisfy itself that management maintains an effective system of internal controls.

Audit Committee. The board committee responsible for oversight of financial reporting, internal controls, and the audit function.

Chief Audit Executive (CAE). The senior executive responsible for internal audit, who should report functionally to the board.

Whistleblower Mechanism. A confidential channel for reporting concerns about misconduct or control failures.

Tone at the Top. The ethical culture established by board and senior leadership behaviour.

Material Weakness. A control deficiency that creates a reasonable possibility that a material misstatement will not be prevented or detected.

Fiduciary Duty. The legal obligation of directors to act in the best interests of the organisation and its shareholders.

Control Environment. The foundation of internal controls, determined by leadership’s commitment to integrity.

Recommended services from Business Cardinal

Ready to strengthen your board’s internal control oversight? These services are designed to help Nigerian boards govern effectively.

Board Governance and Internal Controls Advisory for Nigerian Companies – Comprehensive advisory for board-level internal control oversight.

Audit Committee and Board Governance Advisory Services – Audit committee effectiveness and governance support.

Board Governance Framework and Internal Control Oversight Advisory – Governance structure design for effective oversight.

Board Evaluation and Effectiveness Services for Nigerian Companies – Independent board assessments evaluating oversight quality.

Where to go from here

The boards that have suffered the most consequential governance failures were not composed of deliberately negligent directors. They were composed of directors who did not understand their oversight obligation, did not have the right governance structures, or did not ask the questions that genuine rigour requires.

The difference between a board that governs internal controls well and one that governs them poorly is structure, information, engagement, and the willingness to ask uncomfortable questions.

Start by assessing your current oversight practices. Then strengthen your audit committee. Then ensure independent access. Then monitor remediation.

The boards that govern internal controls well will protect shareholder value and build lasting trust.

Let’s work together

Is your board exercising the internal control oversight that your organisation and its shareholders genuinely deserve?

At Business Cardinal, we help Nigerian boards and audit committees build the governance structures, information frameworks, and engagement capabilities that genuine oversight requires. We understand the regulatory framework. We know the best practices. And we have practical experience helping boards govern effectively.

Not theory. Not generic advice. Practical, actionable support tailored to your specific organisation.

Contact us today:

📧 Email: hello@businesscardinal.com
📞 Phone: +234 802 320 0801
📍 Address: 5, Ishola Bello Close, Off Iyalla Street, Alausa, Ikeja, Lagos, Nigeria

Contact Business Cardinal to discuss your board governance needs.

Let us help you build the governance standard your shareholders deserve.

Business Cardinal – Your Partner in Board Governance

References

OECD – G20/OECD Principles of Corporate Governance
Financial Reporting Council of Nigeria – Nigerian Code of Corporate Governance
Central Bank of Nigeria – Corporate Governance Guidelines
Securities and Exchange Commission Nigeria – Code of Corporate Governance
Association of Certified Fraud Examiners (ACFE) – Report to the Nations
Economic and Financial Crimes Commission (EFCC) – Enforcement Reports