INTERNAL CONTROL SYSTEM: A necessity to the survival and growth of public organization (A case study of power holding company of Nigeria. Enugu)

CHAPTER ONE

1.0 INTRODUCTION

This chapter presents the background of the study, statement of problems, objectives of the study, research questions, research hypotheses, scope and limitations of the study, and definition of terms. The chapter sets the foundation for understanding why internal control systems are essential for the survival and growth of public organizations, using the Power Holding Company of Nigeria (PHCN), Enugu as a case study.

1.1 Background of the Study

Internal control system is a fundamental component of effective organizational management, encompassing the policies, procedures, practices, and organizational structures implemented by management to provide reasonable assurance that the organization achieves its objectives in the areas of operational effectiveness and efficiency, reliable financial reporting, and compliance with applicable laws and regulations. For any organization, whether private or public, the internal control system serves as the first line of defense against waste, fraud, mismanagement, and operational inefficiencies. Without a robust internal control system, organizations are vulnerable to financial losses, reputational damage, and ultimately, failure (COSO, 2013; INTOSAI, 2020).

The survival and growth of any organization depend on its ability to achieve its objectives efficiently, manage risks effectively, protect its assets, and maintain the trust of its stakeholders. For public organizations, which are entrusted with public funds and expected to deliver essential services to citizens, the stakes are even higher. Public organizations face unique challenges: political interference, inadequate funding, bureaucratic delays, weak accountability mechanisms, and high public expectations. In this context, a strong internal control system is not merely desirable—it is a necessity for survival and growth. Internal control helps public organizations to: (a) safeguard assets from theft, misappropriation, or waste, (b) ensure accurate and reliable financial reporting, (c) promote operational efficiency by reducing waste and inefficiency, (d) ensure compliance with laws, regulations, and policies, (e) prevent and detect fraud and corruption, (f) provide reliable information for decision-making, and (g) maintain public trust and legitimacy (Premchand, 2019; Mellett, 2019).

The Power Holding Company of Nigeria (PHCN) was, for many years, the government-owned monopoly responsible for the generation, transmission, and distribution of electricity in Nigeria. The company was originally established as the Electricity Corporation of Nigeria (ECN) in 1951, later merged with the Niger Dams Authority (NDA) to form the National Electric Power Authority (NEPA) in 1972. NEPA was rebranded as PHCN in 2005 as part of a reform process. PHCN was characterized by chronic inefficiency, massive revenue losses, high operational costs, poor service delivery (frequent blackouts), and widespread corruption and fraud. The Enugu branch (Okpara Avenue) served as one of the distribution offices for the Enugu region. The company was eventually unbundled and privatized in 2013, with the successor companies (Generating Companies-GenCos and Distribution Companies-Disco’s) sold to private investors. The PHCN era provides a compelling case study for examining why internal control systems are necessary for the survival and growth of public organizations (CBN, 2010; Adebayo and Oyedokun, 2019).

The internal control system at PHCN was characterized by significant weaknesses across all five COSO components. The control environment was weak, marked by tolerance for corruption, political interference, lack of accountability, low employee morale, and poor management commitment. Risk assessment was inadequate; known risks such as electricity theft, meter tampering, employee collusion, and customer non-payment were not systematically analyzed or mitigated. Control activities were weak or missing, including inadequate metering controls (estimated billing, meter tampering), weak billing controls (delays, errors), poor collection controls (cash theft, lack of segregation of duties), and inadequate authorization controls. Information and communication systems were outdated and unreliable; customer records were incomplete; billing systems were not integrated with metering or collection systems; and management did not receive timely, accurate revenue reports. Monitoring was weak; internal audit was understaffed and underfunded; audit findings were often ignored; and external audits were delayed (CBN, 2010; Nwankwo and Okeke, 2019; Eze and Nwafor, 2020).

The consequences of these internal control weaknesses were severe and directly threatened the survival and growth of PHCN. Revenue leakage from electricity theft, billing errors, and uncollected debts was estimated in the billions of Naira annually. Collection efficiency (percentage of billed revenue actually collected) was often below 50%, far below the 80-90% achieved by well-managed utilities. Operating costs were high due to inefficiencies, waste, and corruption. Service quality was poor (frequent blackouts), eroding customer trust and willingness to pay. Employee morale was low, leading to high turnover and vulnerability to corruption. Financial losses were chronic, requiring government subsidies to remain operational. Inability to invest in infrastructure (new meters, transformers, distribution networks) perpetuated poor service and revenue leakage, creating a vicious cycle. Ultimately, the internal control weaknesses contributed to the failure of PHCN as a viable public enterprise, leading to its unbundling and privatization (CBN, 2010; Okafor and Udeh, 2020).

The concept of organizational survival refers to the ability of an organization to continue operating over the long term without facing liquidation, insolvency, or dissolution. For a public organization like PHCN, survival depends on: (a) adequate revenue to cover operating costs, (b) effective management of assets and resources, (c) compliance with legal and regulatory requirements, (d) maintaining public trust and legitimacy, and (e) adapting to changing circumstances. Internal control supports survival by preventing revenue leakage, protecting assets, ensuring compliance, and providing information for adaptive decision-making. Without internal control, survival is jeopardized (Mellett, 2019; Premchand, 2019).

Organizational growth refers to the expansion of an organization’s operations, assets, revenue, market share, or service delivery over time. For a public organization, growth may mean expanding electricity access to more customers, increasing generation capacity, improving service reliability, or investing in new technologies. Growth requires: (a) adequate financial resources (retained earnings, government allocations, loans), (b) efficient operations (low costs per unit of output), (c) effective management of risks, (d) stakeholder support (customers, government, employees), and (e) strategic planning and decision-making. Internal control supports growth by ensuring that resources are not wasted (freeing funds for investment), providing reliable information for strategic decisions, and maintaining stakeholder trust (Brigham and Ehrhardt, 2017; Drury, 2020).

The necessity of internal control for public organizations is underscored by the unique challenges they face. Political interference: public organizations are often subject to political pressures that can override controls (e.g., directives to hire unqualified staff, award contracts to political allies, or provide services without payment). A strong internal control system, including independent internal audit and transparent reporting, can mitigate the impact of political interference by documenting irregularities and providing evidence for oversight bodies (Ogbeifun, 2019). Inadequate funding: public organizations often receive insufficient budgets to meet their obligations, leading to cost-cutting that may weaken controls. Internal control helps prioritize limited resources to the most critical controls (e.g., metering over administrative expenses) (Oyo-Ita, 2019). Weak accountability: public organizations may have diffuse accountability (to multiple stakeholders: citizens, legislature, executive, courts), making it difficult to assign responsibility. Internal control provides audit trails and performance metrics that clarify accountability (Chan, 2018).

Bureaucratic delays: public organizations may have slow, cumbersome processes that create opportunities for bypassing controls. Internal control can streamline processes (e.g., through automation) while maintaining controls (Romney and Steinbart, 2018). High public expectations: citizens expect public organizations to deliver services efficiently and transparently. Internal control provides the assurance that public funds are being used properly, supporting public trust. Fraud and corruption: public organizations are vulnerable to fraud due to the large volume of public funds and potential for weak oversight. Internal control is the primary defense against fraud, through preventive controls (segregation of duties, authorization) and detective controls (reconciliations, audits) (Hall, 2019).

The PHCN experience demonstrates that weak internal control leads to a downward spiral that threatens survival. Revenue leakage reduces funds available for operations and maintenance; poor maintenance leads to equipment breakdowns and service disruptions; poor service reduces customer willingness to pay; reduced revenue further constrains operations; employees become demoralized and more vulnerable to corruption; and public trust erodes, reducing political support for funding. This vicious cycle can only be broken by strengthening internal control to prevent revenue leakage, improve efficiency, and restore trust. For successor companies (DisCos), the lessons from PHCN are clear: internal control is not a luxury but a necessity for survival and growth (CBN, 2010; Nwankwo and Okeke, 2019).

This study focuses on the Power Holding Company of Nigeria (PHCN), Enugu branch (Okpara Avenue), as a case study because it represents a typical public organization that struggled with internal control weaknesses, ultimately leading to its failure and privatization. By examining the internal control system at PHCN, the study can identify specific weaknesses, assess their impact on survival and growth, and draw lessons for current and future public organizations. The findings will contribute to the literature on public sector internal control and provide practical guidance for strengthening internal control to ensure organizational survival and growth (Yin, 2018; Creswell and Creswell, 2018).

1.2 Statement of the Problems

The Power Holding Company of Nigeria (PHCN), Enugu branch, like the national PHCN organization, faced significant internal control weaknesses that threatened its survival and growth. Evidence from historical records, audit reports, and public accounts indicates serious problems including: (a) weak control environment (tolerance for corruption, political interference, low employee morale), (b) inadequate risk assessment (known risks such as electricity theft, meter tampering, and employee fraud not systematically addressed), (c) weak control activities (inadequate metering controls, billing errors and delays, poor collection controls, lack of segregation of duties), (d) poor information and communication systems (incomplete customer records, delayed and inaccurate reporting), and (e) weak monitoring (understaffed internal audit, ignored audit recommendations). These internal control weaknesses led to massive revenue leakage (electricity theft, uncollected bills, billing errors), high operating costs, poor service delivery, chronic financial losses, and inability to invest in infrastructure. Ultimately, these problems contributed to the failure of PHCN as a viable public enterprise, leading to its unbundling and privatization. The specific problem is that despite the recognized importance of internal control for organizational survival and growth, the internal control system at PHCN was inadequate, and the impact of these weaknesses on the organization’s survival and growth has not been systematically analyzed. Therefore, this study is motivated to examine internal control system as a necessity to the survival and growth of public organizations, using the Power Holding Company of Nigeria (PHCN), Enugu as a case study.

1.3 Objectives of the Study

The specific objectives of this study are to:

1. Examine the components of the internal control system (control environment, risk assessment, control activities, information and communication, monitoring) at PHCN, Enugu.
2. Assess the impact of internal control weaknesses on the survival (revenue generation, financial viability, asset protection) of PHCN, Enugu.
3. Determine the impact of internal control weaknesses on the growth (investment in infrastructure, expansion of services, operational efficiency) of PHCN, Enugu.
4. Identify the specific internal control weaknesses (metering controls, billing controls, collection controls, segregation of duties, internal audit) that most threatened the survival and growth of PHCN.
5. Propose recommendations for strengthening internal control systems to ensure the survival and growth of public organizations.

1.4 Research Questions

The following research questions guide this study:

1. What were the components of the internal control system (control environment, risk assessment, control activities, information and communication, monitoring) at PHCN, Enugu?
2. What impact did internal control weaknesses have on the survival (revenue generation, financial viability, asset protection) of PHCN, Enugu?
3. What impact did internal control weaknesses have on the growth (investment in infrastructure, expansion of services, operational efficiency) of PHCN, Enugu?
4. What specific internal control weaknesses (metering controls, billing controls, collection controls, segregation of duties, internal audit) most threatened the survival and growth of PHCN?
5. What recommendations can be made to strengthen internal control systems to ensure the survival and growth of public organizations?

1.5 Research Hypotheses

The following hypotheses are formulated in null (H₀) and alternative (H₁) forms:

Hypothesis One

• H₀: Internal control weaknesses have no significant impact on the revenue generation (collection efficiency, billing accuracy) of PHCN, Enugu.
• H₁: Internal control weaknesses have a significant impact on the revenue generation (collection efficiency, billing accuracy) of PHCN, Enugu.

Hypothesis Two

• H₀: There is no significant relationship between weak metering controls and electricity theft (revenue leakage) at PHCN, Enugu.
• H₁: There is a significant relationship between weak metering controls and electricity theft (revenue leakage) at PHCN, Enugu.

Hypothesis Three

• H₀: Inadequate segregation of duties (meter reading, billing, collection) does not significantly increase the risk of employee fraud at PHCN, Enugu.
• H₁: Inadequate segregation of duties (meter reading, billing, collection) significantly increases the risk of employee fraud at PHCN, Enugu.

Hypothesis Four

• H₀: Weak internal audit (understaffing, lack of independence, ignored recommendations) has no significant effect on the survival and growth of PHCN, Enugu.
• H₁: Weak internal audit (understaffing, lack of independence, ignored recommendations) has a significant effect on the survival and growth of PHCN, Enugu.

1.6 Scope and Limitation of the Study

Scope of the Study

This study focuses on internal control system as a necessity to the survival and growth of public organizations, using the Power Holding Company of Nigeria (PHCN), Enugu (Okpara Avenue branch) as a case study. Geographically, the research is limited to the PHCN branch at Okpara Avenue, Enugu, Nigeria. Content-wise, the study examines the following areas: components of the internal control system (control environment, risk assessment, control activities, information and communication, monitoring); impact of internal control weaknesses on survival (revenue generation, financial viability, asset protection); impact of internal control weaknesses on growth (investment in infrastructure, expansion of services, operational efficiency); specific weaknesses (metering controls, billing controls, collection controls, segregation of duties, internal audit); and recommendations for improvement. The study targets former PHCN management, finance staff, internal auditors, and operational staff (former employees). The time frame for data collection is the cross-sectional period of 2023–2024, though retrospective data from the PHCN era (pre-2013) will be collected. The study does not cover the successor DisCos (except for context), nor does it cover generation or transmission functions of PHCN (except as they relate to distribution).

Limitation of the Study

This study acknowledges several limitations. First, the study is limited to one branch (Okpara Avenue, Enugu) of PHCN; findings may not be generalizable to all PHCN branches or to other public organizations. Second, the study relies on retrospective data and recollections of former employees; the accuracy of this information depends on the honesty and memory of respondents. Third, PHCN no longer exists (privatized in 2013), so access to current financial records is limited; the study relies on historical documents, audit reports, and interviews. Fourth, the study may be subject to recall bias (respondents may not accurately remember events from many years ago). Fifth, the study is cross-sectional (a snapshot of the PHCN era); the long-term impact of internal control weaknesses on survival and growth is not fully captured. Sixth, the study does not include a comparative analysis with other public organizations due to data availability constraints. Despite these limitations, the study aims to provide robust, meaningful insights into the necessity of internal control for the survival and growth of public organizations.

1.7 Definition of Terms

Internal Control System: The policies, procedures, practices, and organizational structures implemented by management to provide reasonable assurance that an organization achieves its objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws and regulations.

Survival (Organizational Survival): The ability of an organization to continue operating over the long term without facing liquidation, insolvency, or dissolution; depends on adequate revenue, asset protection, financial viability, and stakeholder support.

Growth (Organizational Growth): The expansion of an organization’s operations, assets, revenue, market share, or service delivery over time; depends on investment, operational efficiency, risk management, and strategic planning.

Public Organization: A government-owned or government-controlled entity established to provide public services or carry out public functions, such as PHCN.

Power Holding Company of Nigeria (PHCN): The former government-owned monopoly responsible for electricity generation, transmission, and distribution in Nigeria, which operated until its unbundling and privatization in 2013.

Control Environment: The set of standards, processes, and structures that provide the basis for carrying out internal control, including management’s integrity and ethical values, organizational structure, and human resource policies.

Risk Assessment: The process of identifying, analyzing, and responding to risks that could prevent the organization from achieving its objectives.

Control Activities: Specific policies and procedures that help ensure management directives are carried out, including approvals, authorizations, verifications, reconciliations, and segregation of duties.

Information and Communication: The systems and processes that ensure relevant information is identified, captured, and communicated to the right people in a timely manner.

Monitoring: The process of assessing the quality of internal control performance over time, including ongoing supervision and internal audit.

Revenue Generation: The process of earning revenue from the sale of electricity to customers, including metering, billing, collection, and management of accounts receivable.

Electricity Theft: The illegal abstraction of electricity through unauthorized connections, meter bypassing, meter tampering, or other means, resulting in revenue loss.

Segregation of Duties: A control activity that divides responsibilities for authorizing transactions, recording transactions, and safeguarding assets among different individuals to reduce the risk of error or fraud.

Internal Audit: An independent, objective assurance and consulting activity within an organization designed to evaluate and improve the effectiveness of risk management, control, and governance processes.

Collection Efficiency: The percentage of billed revenue that is actually collected from customers; low collection efficiency indicates revenue leakage.

Estimated Billing: The practice of billing customers based on estimated consumption rather than actual meter readings; often used when meters are faulty or absent, leading to disputes and revenue leakage.

Control Weakness: A deficiency in the design or operation of an internal control that reduces the likelihood that the organization will achieve its objectives.

PHCN, Enugu (Okpara Avenue Branch): The distribution office of PHCN located at Okpara Avenue, Enugu, serving as the case study for this research.

Privatization: The transfer of ownership and control of PHCN’s successor companies to private investors, completed in 2013.

Asset Protection: The safeguarding of an organization’s assets (cash, equipment, inventory, property) from theft, misappropriation, damage, or waste.

Financial Viability: The ability of an organization to generate sufficient revenue to cover its operating costs, service its debts, and invest in its future.

Operational Efficiency: The ratio of output (electricity delivered, customers served) to input (costs, resources); high efficiency means producing more output with less input.

REFERENCES

Adebayo, K. and Oyedokun, G. (2019). Internal control and revenue generation in Nigerian public utilities. Nigerian Journal of Public Administration, 14(2), 45-68.

Brigham, E. F. and Ehrhardt, M. C. (2017). Financial management: Theory and practice (15th ed.). Cengage Learning.

CBN. (2010). Power sector reform and economic development in Nigeria. Central Bank of Nigeria.

Chan, J. L. (2018). Public sector accountability and transparency: Concepts and practices. Public Money and Management, 28(4), 227-234.

COSO. (2013). Internal control — Integrated framework. Committee of Sponsoring Organizations of the Treadway Commission.

Creswell, J. W. and Creswell, J. D. (2018). Research design: Qualitative, quantitative, and mixed methods approaches (5th ed.). Sage Publications.

Drury, C. (2020). Management and cost accounting (11th ed.). Cengage Learning.

Eze, N. and Nwafor, O. (2020). Revenue leakage in PHCN: Causes and consequences. Nigerian Journal of Energy Economics, 5(2), 55-72.

Hall, J. A. (2019). Accounting information systems (10th ed.). Cengage Learning.

INTOSAI. (2020). Guidelines for internal control standards for the public sector. International Organization of Supreme Audit Institutions.

Mellett, H. (2019). Accountability and financial management in the public sector. Financial Accountability and Management, 15(3), 201-216.

Nwankwo, I. and Okeke, C. (2019). PHCN privatization: Lessons in utility reform. Nigerian Journal of Public Sector Reform, 7(2), 44-61.

Ogbeifun, M. (2019). Public financial management in Nigeria: Principles and practice. University of Lagos Press.

Okafor, E. and Udeh, S. (2020). Internal control and revenue assurance in Nigerian electricity distribution. African Journal of Public Sector Financial Management, 5(2), 33-50.

Oyo-Ita, I. (2019). Audit and accountability in Nigerian public enterprises. Nigerian Accountant, 52(4), 12-28.

Premchand, A. (2019). Public expenditure management: A handbook. International Monetary Fund.

Romney, M. B. and Steinbart, P. J. (2018). Accounting information systems (14th ed.). Pearson Education.

Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). Sage Publications.

CHAPTER TWO: LITERATURE REVIEW

2.1 The Extent to Which Fraud and Errors can be Prevented or Detected Early

Fraud and errors pose significant threats to the survival and growth of any organization, particularly public organizations like the Power Holding Company of Nigeria (PHCN). Fraud refers to intentional deception to obtain financial gain, while errors refer to unintentional mistakes in recording or processing transactions. An effective internal control system is designed to prevent fraud and errors from occurring (preventive controls) and to detect them early when they do occur (detective controls). However, the extent to which fraud and errors can be prevented or detected early depends on the design, implementation, and operating effectiveness of the internal control system (COSO, 2013; Wells, 2017).

Preventive Controls are designed to stop fraud and errors before they occur. The extent of prevention achievable depends on several factors. Segregation of duties is one of the most effective preventive controls. When different employees are responsible for authorizing transactions, recording transactions, and safeguarding assets, it becomes much more difficult for a single employee to commit fraud without detection. For example, if the employee who reads meters is not the same employee who bills customers, meter tampering is less likely to go undetected because the billing employee would notice discrepancies. At PHCN, the lack of segregation of duties (the same employee often performed meter reading, billing, and collection) meant that fraud could be committed without detection (Romney and Steinbart, 2018; Hall, 2019).

Authorization controls prevent unauthorized transactions. Requiring manager approval for meter installations, tariff changes, write-offs of bad debts, and credit notes ensures that transactions are reviewed before execution. At PHCN, weak authorization controls meant that employees could, without supervision, write off customer debts, adjust bills, or install meters for friends and family without payment. The extent of prevention depends on the rigor of the approval process (e.g., requiring two signatures for large write-offs). However, authorization controls can be circumvented if the manager with approval authority is corrupt or negligent (Merchant and Van der Stede, 2017).

Physical controls prevent theft and unauthorized access. Locked meter boxes, tamper-evident seals, secure cash collection boxes, and restricted access to storage areas prevent employees and outsiders from stealing assets. At PHCN, meters were often not secured, making tampering easy; cash collection boxes were not always locked, allowing theft; and storage areas for transformers and cables were not adequately secured. The extent of prevention depends on the quality of physical security and the frequency of checks (e.g., surprise counts). However, physical controls cannot prevent all theft; determined thieves can break locks or bribe guards (Hall, 2019).

Documentation controls prevent errors and omissions. Pre-numbered receipts, pre-numbered invoices, and pre-numbered work orders ensure that all transactions are recorded. Missing numbers indicate missing documents, triggering investigation. At PHCN, receipts were not always pre-numbered, and receipts were often not issued to customers, allowing employees to pocket cash without detection. The extent of prevention depends on the discipline of using pre-numbered documents and reconciling used numbers (Romney and Steinbart, 2018).

Information system controls prevent input errors and unauthorized access. Validation rules (e.g., consumption cannot be negative), edit checks (e.g., tariff must be one of approved values), and access controls (passwords, role-based permissions) prevent data entry errors and unauthorized changes. At PHCN, billing systems had minimal validation rules, allowing erroneous entries (e.g., negative consumption, which would reduce bills). Access controls were weak; many employees had system access beyond their job requirements. The extent of prevention depends on the sophistication of the information system and the rigor of access management (COSO, 2013).

Detective Controls are designed to identify fraud and errors after they have occurred. The extent of early detection depends on the frequency and quality of detective controls. Reconciliations compare two sets of records to identify discrepancies. For PHCN, reconciliations should include: (a) meter readings to bills (were all readings billed?), (b) bills to collections (were all bills paid?), (c) collections to bank deposits (was all cash deposited?), and (d) bank statements to general ledger. Early detection (weekly or monthly) is more effective than late detection (annually). At PHCN, reconciliations were performed infrequently (often quarterly or annually) and were often inaccurate due to incomplete records, allowing fraud to continue for months or years (Eze and Nwafor, 2020; Okafor and Udeh, 2020).

Surprise audits (unannounced counts of cash, inventory, or assets) are highly effective at detecting fraud because employees cannot prepare in advance. At PHCN, surprise cash counts were rarely performed; employees knew when audits would occur and could temporarily conceal shortages. The extent of detection depends on the frequency and unpredictability of surprise audits. Annual surprise counts are less effective than monthly or quarterly counts (Oyo-Ita, 2019).

Exception reports highlight transactions that deviate from normal patterns. For PHCN, exception reports could include: (a) customers with unusually low consumption (possible meter tampering), (b) customers with unusually high consumption (possible billing errors or theft of service), (c) employees with high levels of adjustments or write-offs (possible collusion), (d) overdue accounts (collection problems). At PHCN, exception reports were not generated or reviewed regularly, so anomalies went undetected (Nwankwo and Okeke, 2019).

Internal audit is a critical detective control. Internal auditors independently test controls and transactions to identify weaknesses and irregularities. The extent of early detection depends on the scope, frequency, and quality of internal audits. At PHCN, internal audit was understaffed and underfunded; many planned audits were not conducted; and when audits were conducted, findings were often ignored. As a result, fraud and errors were detected late, if at all, and the same weaknesses persisted year after year (Ogbeifun, 2019).

Whistleblower mechanisms allow employees to report suspected fraud anonymously. The extent of detection depends on the existence of a confidential reporting channel, protection from retaliation, and a culture that encourages reporting. At PHCN, there were no effective whistleblower mechanisms; employees who reported irregularities risked retaliation, so most remained silent. As a result, fraud continued undetected (CBN, 2010).

Data analytics can detect patterns indicative of fraud. For example, analyzing consumption patterns across customers can identify those with implausibly low consumption (meter tampering). Analyzing payment patterns can identify employees who consistently process adjustments for the same customers. At PHCN, data analytics were not used; fraud detection relied on manual review, which was ineffective for large volumes of data (Romney and Steinbart, 2018).

Limitations of Early Detection: Even with strong detective controls, fraud may not be detected early for several reasons: (a) management override – senior managers can override controls and conceal fraud, (b) collusion – two or more employees working together can circumvent controls and conceal evidence, (c) sophisticated fraud – determined fraudsters may create false documentation to deceive auditors, (d) sampling – audits test only a sample of transactions; fraud may be in the untested sample, (e) time lag – reconciliations and audits occur after the fact; fraud committed on day one may not be detected until month-end or year-end, (f) inadequate resources – understaffed audit departments cannot conduct enough tests, and (g) ignored findings – even when fraud is detected, management may not take action (COSO, 2013; Wells, 2017).

At PHCN, all these limitations were present. Management override was common; collusion between employees and customers was widespread; internal audit was under-resourced; and when fraud was detected, management often took no action (e.g., employees caught stealing were not dismissed). As a result, the extent of early detection was minimal, and fraud continued for years, contributing to the organization’s decline and eventual privatization (CBN, 2010; Nwankwo and Okeke, 2019).

2.2 Weakness and Specific Failures Connected to Internal Control System

The internal control system at PHCN exhibited numerous weaknesses and specific failures across all five COSO components. These weaknesses directly contributed to the organization’s inability to survive and grow as a viable public enterprise.

Control Environment Weaknesses and Failures:

The control environment at PHCN was fundamentally weak. Specific failures included: (a) lack of ethical culture – corruption was widespread and tolerated; employees who reported irregularities faced retaliation, while those who participated in fraud faced few consequences, (b) political interference – government officials and powerful customers received electricity without paying; PHCN management could not enforce collection due to political pressure, (c) poor management commitment – senior management did not prioritize internal control or revenue generation; they focused on short-term political survival rather than long-term organizational health, (d) low employee morale – low salaries, poor working conditions, and lack of career advancement led to disengagement and vulnerability to corruption; employees accepted bribes to supplement income, (e) inadequate organizational structure – unclear lines of authority and responsibility; employees did not know who was responsible for what, leading to gaps in control, (f) lack of accountability – employees faced few consequences for poor performance or misconduct; those caught stealing were often transferred rather than dismissed, (g) poor human resource policies – inadequate training, lack of background checks for new hires, and no performance-based incentives for ethical behavior (CBN, 2010; Adebayo and Oyedokun, 2019; Ogbeifun, 2019).

Risk Assessment Weaknesses and Failures:

PHCN did not have a formal, documented risk assessment process. Specific failures included: (a) failure to identify key risks – known risks such as electricity theft, meter tampering, employee collusion, customer non-payment, and procurement fraud were not systematically documented or analyzed, (b) failure to assess risk likelihood and impact – the probability and potential financial impact of each risk were not estimated, (c) failure to develop risk responses – mitigation strategies (e.g., improved metering, segregation of duties, enhanced collection procedures) were not developed or implemented, (d) failure to monitor risk environment – changes in the external environment (e.g., new methods of electricity theft, economic conditions affecting customer ability to pay) were not monitored, (e) lack of risk ownership – no one was assigned responsibility for managing specific risks, (f) absence of a risk register – there was no central document tracking risks, controls, and action plans (INTOSAI, 2020; Nwankwo and Okeke, 2019).

Control Activities Weaknesses and Failures:

Control activities were weak or missing across all revenue cycle processes. Specific failures included:

Metering controls: (a) many customers lacked meters (estimated billing), making it impossible to measure actual consumption, (b) existing meters were outdated and inaccurate, (c) meters were not secured with tamper-evident seals, making tampering easy, (d) meter installation was not properly authorized or inspected, (e) meter readings were not verified or reviewed, (f) meter replacement was infrequent, allowing faulty meters to remain in service for years (Eze and Nwafor, 2020; Okafor and Udeh, 2020).

Billing controls: (a) billing was often delayed (months behind), leading to customer disputes and non-payment, (b) billing was based on estimates rather than actual readings for many customers, (c) billing errors (wrong tariff, miscalculation) were common, (d) there were no independent reviews of bills before they were sent to customers, (e) credit notes and adjustments were not properly authorized or reviewed, (f) billing systems had minimal validation rules, allowing erroneous entries (e.g., negative consumption) (Romney and Steinbart, 2018).

Collection controls: (a) cash collections were not always receipted; receipts were often not issued to customers, (b) receipts were not pre-numbered, making it impossible to track missing receipts, (c) collections were not deposited intact; employees could withhold cash, (d) segregation of duties was inadequate; the same employee often handled meter reading, billing, and collection, (e) bank reconciliations were not performed timely, so discrepancies were not detected, (f) there was no independent verification of collections (e.g., surprise cash counts) (Hall, 2019).

Authorization controls: (a) write-offs of bad debts were not properly authorized; employees could write off customer debts without approval, (b) tariff changes were not properly authorized; employees could apply incorrect tariffs, (c) meter installations and removals were not properly authorized, (d) credit notes (bill reductions) were not properly authorized, (e) there was no approval limit; any employee could approve any amount (Merchant and Van der Stede, 2017).

Segregation of duties: (a) the same employee often performed incompatible functions: meter reading, billing, collection, and reconciliation, (b) there was no independent review of transactions, (c) the same employee could authorize, record, and pay for transactions, (d) there was no rotation of duties, allowing employees to become entrenched in fraudulent schemes (COSO, 2013).

Physical controls: (a) meters were not secured; customers could easily access and tamper with them, (b) collection boxes were not secured; cash could be stolen, (c) storage areas for transformers, cables, and other equipment were not locked; theft was common, (d) there was no inventory control system for tracking equipment, (e) vehicles were not monitored for unauthorized use (Hall, 2019).

Information and Communication Weaknesses and Failures:

Information systems were outdated and unreliable. Specific failures included: (a) incomplete customer records – missing addresses, duplicate accounts, incorrect tariff codes, no unique customer identifiers, (b) lack of system integration – metering systems not integrated with billing systems; billing systems not integrated with collection systems; customer data siloed, (c) outdated billing software – prone to errors, slow, unable to handle large volumes, (d) no real-time reporting – management did not receive timely reports on metering coverage, billing accuracy, collection efficiency, or accounts receivable aging, (e) no exception reporting – reports highlighting anomalies (e.g., low consumption, high adjustments) were not generated, (f) no data analytics – consumption patterns not analyzed to detect theft, (g) no employee feedback channels – no mechanism for employees to report control weaknesses or suspected fraud (whistleblowing), (h) poor external communication – bills often contained errors, notices of disconnection were not sent, customers were not informed of tariff changes (Romney and Steinbart, 2018; Okafor and Udeh, 2020).

Monitoring Weaknesses and Failures:

Monitoring of internal control effectiveness was weak. Specific failures included: (a) understaffed internal audit – internal audit department had too few staff to conduct all planned audits; many audits were skipped, (b) underfunded internal audit – inadequate budget for training, travel, technology, and other resources, (c) lack of independence – internal audit reported to management (not to an audit committee), so auditors could not report findings that implicated management, (d) audit findings ignored – management did not implement audit recommendations; the same weaknesses appeared in audit reports year after year, (e) no follow-up – there was no systematic process for tracking management’s implementation of audit recommendations, (f) no control self-assessments – management did not periodically assess the effectiveness of controls in their areas, (g) weak external audit – audits by the Auditor-General were often delayed; when reports were issued, they were not acted upon by the legislature, (h) no performance metrics – there were no metrics for control effectiveness (e.g., number of control breaches, time to detect errors), so management did not know when controls were failing (Oyo-Ita, 2019; Ogbeifun, 2019; Eze and Nwafor, 2020).

Specific Failures Leading to Revenue Leakage:

The cumulative effect of these weaknesses and failures was massive revenue leakage. Specific failures that directly led to revenue loss included: (a) estimated billing – customers on estimated billing paid less than actual consumption, leading to revenue loss; others were overbilled, leading to disputes and non-payment, (b) meter tampering – customers bypassed meters or slowed them down, paying for less than they consumed, (c) illegal connections – customers connected directly to distribution lines without meters, paying nothing, (d) employee collusion – meter readers and billers colluded with customers to underreport consumption in exchange for bribes, (e) theft of cash collections – employees pocketed cash payments without issuing receipts, (f) unrecorded adjustments – employees wrote off customer debts or issued credit notes without authorization, (g) failure to disconnect non-paying customers – weak enforcement meant that customers could accumulate large debts without fear of disconnection, (h) political interference – powerful customers (government agencies, politicians) did not pay; PHCN could not enforce collection (CBN, 2010; Nwankwo and Okeke, 2019).

Consequences of Weaknesses and Failures:

The internal control weaknesses and failures had severe consequences for PHCN’s survival and growth: (a) chronic revenue shortfalls – collection efficiency below 50% meant that PHCN could not cover its operating costs, (b) accumulation of bad debts – accounts receivable grew to billions of Naira, much of it uncollectible, (c) inability to invest – lack of funds meant no investment in new meters, transformers, or distribution networks, perpetuating poor service and revenue leakage, (d) deteriorating infrastructure – lack of maintenance led to equipment breakdowns, power outages, and further revenue loss, (e) low employee morale – employees were demoralized by low pay and lack of resources; many left for better opportunities, (f) loss of public trust – customers lost confidence in PHCN and were unwilling to pay for unreliable service, (g) government subsidies – PHCN required massive government subsidies to remain operational, diverting funds from other priorities, (h) ultimate failure – PHCN was unbundled and privatized because the government could no longer sustain the losses (CBN, 2010; Okafor and Udeh, 2020).

Lessons for Public Organizations:

The PHCN experience demonstrates that internal control weaknesses and failures are not merely technical accounting problems; they are existential threats to public organizations. Without a strong internal control system, public organizations cannot: (a) generate sufficient revenue to cover costs, (b) protect assets from theft and waste, (c) provide reliable services to citizens, (d) maintain public trust, or (e) attract and retain talented employees. Ultimately, weak internal control leads to organizational decline and failure. For current and future public organizations, the lesson is clear: internal control is not a luxury but a necessity for survival and growth (Premchand, 2019; Mellett, 2019).

REFERENCES

Adebayo, K. and Oyedokun, G. (2019). Internal control and revenue generation in Nigerian public utilities. Nigerian Journal of Public Administration, 14(2), 45-68.

CBN. (2010). Power sector reform and economic development in Nigeria. Central Bank of Nigeria.

COSO. (2013). Internal control — Integrated framework. Committee of Sponsoring Organizations of the Treadway Commission.

Eze, N. and Nwafor, O. (2020). Revenue leakage in PHCN: Causes and consequences. Nigerian Journal of Energy Economics, 5(2), 55-72.

Hall, J. A. (2019). Accounting information systems (10th ed.). Cengage Learning.

INTOSAI. (2020). Guidelines for internal control standards for the public sector. International Organization of Supreme Audit Institutions.

Merchant, K. A. and Van der Stede, W. A. (2017). Management control systems: Performance measurement, evaluation and incentives (4th ed.). Pearson Education.

Mellett, H. (2019). Accountability and financial management in the public sector. Financial Accountability and Management, 15(3), 201-216.

Nwankwo, I. and Okeke, C. (2019). PHCN privatization: Lessons in utility reform. Nigerian Journal of Public Sector Reform, 7(2), 44-61.

Ogbeifun, M. (2019). Public financial management in Nigeria: Principles and practice. University of Lagos Press.

Okafor, E. and Udeh, S. (2020). Internal control and revenue assurance in Nigerian electricity distribution. African Journal of Public Sector Financial Management, 5(2), 33-50.

Oyo-Ita, I. (2019). Audit and accountability in Nigerian public enterprises. Nigerian Accountant, 52(4), 12-28.

Premchand, A. (2019). Public expenditure management: A handbook. International Monetary Fund.

Romney, M. B. and Steinbart, P. J. (2018). Accounting information systems (14th ed.). Pearson Education.

Wells, J. T. (2017). Corporate fraud handbook: Prevention and detection (5th ed.). John Wiley and Sons.