THE IMPACT OF INTERNAL CONTROL SYSTEM ON REVENUE GENERATION: (A CASE STUDY OF POWER HOLDING COMPANY OF NIGERIA (P.H.C.N) OKPARA AVENUE ENUGU)

CHAPTER ONE: INTRODUCTION

1.0 Background of the Study

Internal control is a fundamental component of effective organizational management, encompassing the policies, procedures, practices, and organizational structures implemented by management to provide reasonable assurance that the organization achieves its objectives in the areas of operational effectiveness and efficiency, reliable financial reporting, and compliance with applicable laws and regulations. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework identifies five interrelated components of internal control: (a) control environment (the set of standards, processes, and structures that provide the basis for carrying out internal control), (b) risk assessment (the process of identifying and analyzing risks that could prevent the organization from achieving its objectives), (c) control activities (specific policies and procedures that help ensure management directives are carried out), (d) information and communication (systems that ensure relevant information is identified, captured, and communicated), and (e) monitoring (the process of assessing the quality of internal control performance over time). In the public sector and government-owned enterprises, internal control is essential for safeguarding assets, ensuring accurate financial reporting, preventing fraud and waste, and promoting accountability (COSO, 2013; INTOSAI, 2020).

Revenue generation is the lifeblood of any organization, as it provides the financial resources needed to fund operations, invest in assets, pay employees, and achieve strategic objectives. For a government-owned enterprise like the Power Holding Company of Nigeria (PHCN), revenue generation comes primarily from the sale of electricity to residential, commercial, and industrial customers. Effective revenue generation depends on: (a) accurate metering of electricity consumption, (b) timely and accurate billing of customers, (c) efficient collection of payments, (d) prevention of electricity theft (illegal connections, meter bypassing), (e) management of accounts receivable (reducing bad debts), (f) competitive and cost-reflective tariffs, and (g) effective customer service to address complaints and disputes. Weaknesses in any of these areas lead to revenue leakage, which reduces the funds available for operations, maintenance, and investment (CBN, 2010; Okafor and Udeh, 2020).

The Power Holding Company of Nigeria (PHCN) was, for many years, the government-owned monopoly responsible for the generation, transmission, and distribution of electricity in Nigeria. The company was originally established as the Electricity Corporation of Nigeria (ECN) in 1951, later merged with the Niger Dams Authority (NDA) to form the National Electric Power Authority (NEPA) in 1972. NEPA was rebranded as PHCN in 2005 as part of a reform process. PHCN was characterized by chronic inefficiency, massive revenue losses (due to poor collection and theft), high operational costs, poor service delivery (frequent blackouts), and widespread corruption and fraud. The Okpara Avenue branch in Enugu served as one of the distribution offices for the Enugu region. The company was eventually unbundled and privatized in 2013, with the successor companies (Generating Companies-GenCos and Distribution Companies-Disco’s) sold to private investors. The PHCN era provides a rich case study for examining the impact of internal control systems on revenue generation (CBN, 2010; Adebayo and Oyedokun, 2019).

The relationship between internal control and revenue generation is direct and significant. Strong internal controls support revenue generation by: (a) preventing revenue leakage – controls over metering (ensuring meters are accurate and not tampered with), billing (ensuring all consumption is billed), and collections (ensuring payments are properly recorded and deposited) prevent theft and misappropriation, (b) ensuring accurate billing – controls over customer data, meter reading, and tariff application ensure that customers are billed correctly, reducing disputes and improving collection rates, (c) reducing bad debts – controls over credit management (deposits for new customers, monitoring of overdue accounts) and collection follow-up reduce accounts receivable write-offs, (d) detecting and deterring fraud – controls such as segregation of duties, surprise audits, and whistleblower mechanisms detect and deter employee fraud (e.g., collusion with customers to underbill), (e) improving customer service – controls over complaint handling, dispute resolution, and billing inquiries improve customer satisfaction, encouraging timely payment, and (f) enhancing management information – controls ensure that revenue data is accurate, complete, and timely, enabling management to identify revenue trends, problem areas, and improvement opportunities (Romney and Steinbart, 2018; Hall, 2019).

At PHCN, internal control weaknesses were a major contributor to poor revenue generation. Specific weaknesses included: (a) weak metering controls – many customers were not metered (estimated billing), meters were outdated or inaccurate, and meter tampering (bypassing, slowing) was widespread, (b) poor billing controls – billing was often delayed, inaccurate, or based on estimates, leading to customer disputes and non-payment, (c) weak collection controls – cash collections were poorly documented, receipts were not always issued, and there were opportunities for employee theft, (d) inadequate segregation of duties – the same employee might read meters, prepare bills, and collect payments, creating fraud opportunities, (e) lack of customer data integrity – customer records were incomplete, duplicated, or inaccurate, making it difficult to track consumption and collect payments, (f) weak internal audit – internal audit was understaffed and underfunded, limiting its ability to detect and report weaknesses, (g) political interference – powerful customers (government agencies, politicians) could avoid payment without consequences, and (h) electricity theft – illegal connections and meter bypassing were rampant, often with the collusion of PHCN employees (Nwankwo and Okeke, 2019; Eze and Nwafor, 2020).

The control environment at PHCN was weak. The control environment refers to the set of standards, processes, and structures that provide the basis for carrying out internal control. At PHCN, there was: (a) lack of ethical culture – corruption and fraud were widespread and tolerated, (b) poor management philosophy – management did not prioritize revenue generation or internal control, (c) inadequate organizational structure – unclear lines of authority and responsibility, (d) lack of accountability – employees faced few consequences for poor performance or misconduct, (e) political interference – the government used PHCN for political purposes (e.g., providing electricity to favored customers without payment), and (f) low employee morale – due to low pay, poor working conditions, and lack of career advancement, employees were demotivated and vulnerable to corruption (CBN, 2010; Ogbeifun, 2019).

Control activities at PHCN were inadequate. Control activities are specific policies and procedures that help ensure management directives are carried out. Key control activities for revenue generation should include: (a) authorization controls – approval for new connections, tariff changes, write-offs, (b) segregation of duties – separate responsibilities for meter reading, billing, collection, and reconciliation, (c) physical controls – secure meters, tamper-evident seals, locked collection boxes, (d) reconciliation controls – comparing meter readings to bills, bills to collections, collections to bank deposits, (e) performance reviews – analyzing revenue trends, collection rates, and write-offs, and (f) documentation controls – pre-numbered receipts, customer records, billing logs. At PHCN, these controls were often missing, ignored, or overridden (Okafor and Udeh, 2020; Eze and Nwafor, 2019).

Information and communication systems at PHCN were weak. Information and communication refer to the systems that ensure relevant information is identified, captured, and communicated. At PHCN: (a) customer records were incomplete and inaccurate (missing addresses, duplicate accounts), (b) billing systems were outdated and prone to errors, (c) payment records were not always updated promptly, (d) management did not receive timely, accurate reports on revenue performance, (e) employees were not adequately trained on control procedures, and (f) there were no effective channels for employees to report control weaknesses or suspected fraud (whistleblowing). Weak information systems undermined the effectiveness of other control activities (Romney and Steinbart, 2018; Hall, 2019).

Monitoring at PHCN was weak. Monitoring refers to the process of assessing the quality of internal control performance over time. At PHCN: (a) internal audit was understaffed and underfunded, (b) internal auditors lacked independence (reporting to management who were often complicit in irregularities), (c) audit findings were ignored or not acted upon, (d) there were no regular control self-assessments by management, and (e) external audit (by the Auditor-General) was often delayed and had limited scope. Without effective monitoring, control weaknesses persisted and worsened over time (Oyo-Ita, 2019; Nwankwo and Okeke, 2019).

The impact of internal control weaknesses on revenue generation at PHCN was devastating. Revenue leakage from electricity theft, billing errors, and uncollected debts was estimated in the billions of Naira annually. The company’s collection efficiency (percentage of billed revenue actually collected) was often below 50%, far below the 80-90% achieved by well-managed utilities. Low revenue, combined with high operating costs (fuel, maintenance, salaries), meant that PHCN was chronically loss-making, requiring government subsidies to remain operational. Inadequate revenue also meant that PHCN could not invest in infrastructure (new power plants, transmission lines, distribution networks), leading to poor service quality (frequent blackouts), which further reduced willingness to pay, creating a vicious cycle (CBN, 2010; Adebayo and Oyedokun, 2019).

The privatization of PHCN in 2013 was partly motivated by the recognition that internal control weaknesses and poor revenue generation could not be fixed under government ownership. The successor Distribution Companies (DisCos) were expected to implement strong internal controls, invest in metering, improve billing and collection, reduce electricity theft, and increase revenue. Some DisCos have made progress, but challenges remain. The PHCN experience provides important lessons for other government-owned enterprises and for the successor DisCos themselves (Nwankwo and Okeke, 2019; Eze and Nwafor, 2020).

This study focuses on the PHCN Okpara Avenue, Enugu branch as a case study because it represents a typical distribution office in southeastern Nigeria. By examining the impact of internal control systems on revenue generation at this branch, the study can provide insights applicable to other public utilities and government-owned enterprises. The findings will contribute to the literature on internal control in the public sector and provide practical recommendations for strengthening revenue generation through improved internal controls (Yin, 2018; Creswell and Creswell, 2018).

1.1 Statement of the Problem

The Power Holding Company of Nigeria (PHCN), Okpara Avenue, Enugu, like other branches of PHCN, faced significant challenges in revenue generation throughout its existence as a government-owned enterprise. Evidence from audit reports, internal assessments, and public records indicates serious problems: (a) massive electricity theft (illegal connections, meter bypassing, tampering), (b) low metering coverage (many customers on estimated billing), (c) billing errors and delays, (d) poor collection rates (customers not paying bills), (e) high accounts receivable (bad debts), (f) employee fraud (collusion with customers to underbill, theft of cash collections), (g) weak internal controls (inadequate segregation of duties, lack of physical security over meters, poor record-keeping), (h) political interference (powerful customers not paying), and (i) weak internal audit. These problems resulted in substantial revenue leakage, making PHCN chronically loss-making and unable to invest in infrastructure or provide reliable electricity. It is unclear to what extent the internal control system at the Okpara Avenue branch contributed to (or failed to prevent) these revenue generation problems. Furthermore, specific control weaknesses (metering controls, billing controls, collection controls, segregation of duties, internal audit) have not been systematically analyzed. Therefore, this study is motivated to investigate the impact of the internal control system on revenue generation at the Power Holding Company of Nigeria (PHCN), Okpara Avenue, Enugu.

1.2 Objectives of the Study

The specific objectives of this study are to:

1. Examine the internal control system components (control environment, risk assessment, control activities, information and communication, monitoring) at PHCN Okpara Avenue, Enugu.
2. Assess the revenue generation performance (metering coverage, billing accuracy, collection efficiency, accounts receivable levels) at the branch.
3. Determine the impact of internal control weaknesses (metering controls, billing controls, collection controls, segregation of duties, internal audit) on revenue generation.
4. Identify the specific factors (electricity theft, billing errors, employee fraud, political interference) that contributed to revenue leakage at the branch.
5. Propose recommendations for strengthening internal controls to enhance revenue generation, applicable to similar public utilities.

1.3 Significance of the Study

This study is significant for several stakeholders. First, the management of electricity distribution companies (DisCos) that succeeded PHCN will benefit from understanding the internal control weaknesses that undermined revenue generation in the past, enabling them to implement stronger controls. Second, the Nigerian Electricity Regulatory Commission (NERC) will gain insights into the internal control challenges facing distribution companies, informing regulatory oversight and performance improvement initiatives. Third, the Bureau of Public Enterprises (BPE) and privatization agencies will benefit from understanding the factors that contributed to poor performance in the electricity sector, informing future privatization design. Fourth, other government-owned enterprises in Nigeria and other developing countries can use the findings as a benchmark for evaluating and strengthening their own internal control systems. Fifth, academics and researchers in internal control, public sector financial management, and utility management will benefit from the study’s contribution to the literature. Sixth, professional bodies (ICAN, ANAN, IIA Nigeria) will find value in the study’s identification of internal control weaknesses in the electricity sector, informing training and CPD programs. Seventh, policymakers and anti-corruption agencies (EFCC, ICPC) will gain insights into the vulnerabilities in public utility revenue generation, informing investigations and prevention strategies. Eighth, electricity consumers will benefit indirectly as improved internal controls lead to more accurate billing, better service, and potentially lower tariffs (as losses are reduced). Finally, the broader Nigerian economy will benefit as improved revenue generation in the electricity sector reduces the need for government subsidies, frees up funds for other priorities, and supports reliable electricity supply for businesses and households.

1.4 Scope and Limitation of the Study

Scope of the Study

This study focuses on the impact of the internal control system on revenue generation at the Power Holding Company of Nigeria (PHCN), Okpara Avenue, Enugu. Geographically, the research is limited to the Okpara Avenue branch in Enugu, Nigeria, which served as a distribution office for PHCN in the Enugu region. Content-wise, the study examines the following areas: internal control system components (control environment, risk assessment, control activities, information and communication, monitoring); revenue generation performance (metering coverage, billing accuracy, collection efficiency, accounts receivable, electricity theft); relationship between internal control weaknesses and revenue leakage; and factors affecting revenue generation (electricity theft, billing errors, employee fraud, political interference). The study targets former PHCN management, finance staff, internal auditors, meter readers, billing officers, collection officers, and customer service staff (former employees). The time frame for data collection is the cross-sectional period of 2023–2024, though retrospective data from the PHCN era (pre-2013) will be collected. The study does not cover the successor DisCos (except for context), nor does it cover generation or transmission functions of PHCN (except as they relate to distribution), nor does it cover technical aspects of electricity supply (except as they relate to revenue).

Limitation of the Study

This study acknowledges several limitations. First, the study is limited to one branch (Okpara Avenue, Enugu) of PHCN; findings may not be generalizable to all PHCN branches or to the successor DisCos. Second, the study relies on retrospective data and recollections of former employees; the accuracy of this information depends on the honesty and memory of respondents. Third, PHCN no longer exists (privatized in 2013), so access to current financial records is limited; the study relies on historical documents, audit reports, and interviews. Fourth, the study may be subject to recall bias (respondents may not accurately remember events from many years ago). Fifth, the study does not include a comparative analysis with other utilities (e.g., Lagos, Abuja) due to data availability constraints. Sixth, the study is cross-sectional (a snapshot of the PHCN era); the impact of internal control over a longer period is not fully captured. Despite these limitations, the study aims to provide robust, meaningful insights into the impact of internal control on revenue generation, with lessons for current electricity distribution companies.

1.5 Research Hypothesis

The following hypotheses are formulated in null (H₀) and alternative (H₁) forms:

Hypothesis One

• H₀: Weak metering controls (estimated billing, meter tampering) have no significant impact on revenue leakage at PHCN Okpara Avenue, Enugu.
• H₁: Weak metering controls (estimated billing, meter tampering) have a significant impact on revenue leakage at PHCN Okpara Avenue, Enugu.

Hypothesis Two

• H₀: There is no significant relationship between weak billing controls (delayed billing, billing errors) and collection efficiency at PHCN Okpara Avenue.
• H₁: There is a significant relationship between weak billing controls (delayed billing, billing errors) and collection efficiency at PHCN Okpara Avenue.

Hypothesis Three

• H₀: Inadequate segregation of duties (meter reading, billing, collection) does not significantly increase the risk of employee fraud at PHCN Okpara Avenue.
• H₁: Inadequate segregation of duties (meter reading, billing, collection) significantly increases the risk of employee fraud at PHCN Okpara Avenue.

Hypothesis Four

• H₀: Weak internal audit (understaffing, lack of independence) has no significant effect on the detection and correction of internal control weaknesses at PHCN Okpara Avenue.
• H₁: Weak internal audit (understaffing, lack of independence) has a significant effect on the detection and correction of internal control weaknesses at PHCN Okpara Avenue.

1.6 Research Questions

The following research questions guide this study:

1. What were the components of the internal control system (control environment, risk assessment, control activities, information and communication, monitoring) at PHCN Okpara Avenue, Enugu?
2. What was the revenue generation performance (metering coverage, billing accuracy, collection efficiency, accounts receivable levels, electricity theft) at the branch?
3. What is the impact of internal control weaknesses (metering controls, billing controls, collection controls, segregation of duties, internal audit) on revenue generation at the branch?
4. What specific factors (electricity theft, billing errors, employee fraud, political interference) contributed to revenue leakage at PHCN Okpara Avenue?
5. What recommendations can be made to strengthen internal controls to enhance revenue generation in electricity distribution companies?

1.7 Historical Background of Power Holding Company of Nigeria (PHCN)

The Power Holding Company of Nigeria (PHCN) has its roots in the electricity industry established during the colonial era. The Electricity Corporation of Nigeria (ECN) was established in 1951 to coordinate electricity development across Nigeria. The Niger Dams Authority (NDA) was established in 1962 to develop hydroelectric power (Kainji Dam). In 1972, ECN and NDA were merged to form the National Electric Power Authority (NEPA), a monopoly responsible for generation, transmission, and distribution of electricity throughout Nigeria. NEPA was known for inefficiency, poor service, and the infamous nickname “Never Expect Power Always” reflecting frequent blackouts (CBN, 2010; Adebayo and Oyedokun, 2019).

In 2005, as part of the government’s reform program, NEPA was unbundled and rebranded as the Power Holding Company of Nigeria (PHCN), with 18 successor companies: 6 generation companies (GenCos), 1 transmission company (TCN), and 11 distribution companies (DisCos). PHCN was intended as a transitional holding company while the successor companies were prepared for privatization. The PHCN era (2005-2013) was marked by continued challenges: inadequate generation capacity, dilapidated transmission and distribution infrastructure, high technical and commercial losses (including electricity theft), poor revenue collection, and corruption. The Okpara Avenue branch in Enugu was part of the Enugu Distribution zone (later privatized as Enugu Electricity Distribution Company, EEDC) (Nwankwo and Okeke, 2019; Eze and Nwafor, 2020).

In 2013, the federal government completed the privatization of the successor companies. The generation companies and distribution companies were sold to private investors. PHCN employees were disengaged (with severance packages) and the holding company was wound down. The Okpara Avenue branch is now part of the Enugu Electricity Distribution Company (EEDC) plc, a private entity. However, the internal control weaknesses and revenue generation challenges of the PHCN era provide important lessons for the current DisCos. This study focuses on the PHCN era to understand the impact of internal control on revenue generation in a government-owned utility (CBN, 2010; Adebayo and Oyedokun, 2019).

1.8 Definition of Terms

Internal Control: The policies, procedures, practices, and organizational structures implemented by management to provide reasonable assurance that an organization achieves its objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws and regulations.

Revenue Generation: The process of earning revenue from the sale of electricity to customers, including metering, billing, collection, and management of accounts receivable.

Power Holding Company of Nigeria (PHCN): The former government-owned monopoly responsible for electricity generation, transmission, and distribution in Nigeria, which operated until its unbundling and privatization in 2013.

Electricity Theft: The illegal abstraction of electricity through unauthorized connections, meter bypassing, meter tampering, or other means, resulting in revenue loss for the utility.

Metering: The process of measuring the amount of electricity consumed by a customer using a meter device; accurate metering is essential for correct billing.

Estimated Billing: The practice of billing customers based on estimated consumption rather than actual meter readings; often used when meters are faulty or absent, leading to disputes and revenue leakage.

Billing: The process of preparing and sending invoices to customers for electricity consumed.

Collection Efficiency: The percentage of billed revenue that is actually collected from customers; low collection efficiency indicates revenue leakage.

Accounts Receivable: Amounts owed to the utility by customers for electricity consumed but not yet paid for; high accounts receivable indicate collection problems.

Bad Debt: Accounts receivable that are unlikely to be collected and are written off as a loss.

Segregation of Duties: An internal control that divides responsibilities for authorizing transactions, recording transactions, and safeguarding assets among different individuals to reduce the risk of error or fraud.

Internal Audit: An independent, objective assurance and consulting activity within an organization designed to evaluate and improve the effectiveness of risk management, control, and governance processes.

Control Environment: The set of standards, processes, and structures that provide the basis for carrying out internal control, including management’s integrity and ethical values, organizational structure, and human resource policies.

Control Activities: Specific policies and procedures that help ensure management directives are carried out, including approvals, authorizations, verifications, reconciliations, and segregation of duties.

Risk Assessment: The process of identifying, analyzing, and responding to risks that could prevent the organization from achieving its objectives.

Monitoring: The process of assessing the quality of internal control performance over time, including ongoing supervision and internal audit.

Information and Communication: The systems and processes that ensure relevant information is identified, captured, and communicated to the right people in a timely manner.

Okpara Avenue, Enugu: The location of the PHCN distribution branch that served as the case study for this research.

Enugu Electricity Distribution Company (EEDC): The private successor company that now operates the distribution network formerly managed by PHCN Okpara Avenue.

National Electric Power Authority (NEPA): The predecessor to PHCN, established in 1972, known for poor service and the nickname “Never Expect Power Always.”

Privatization: The transfer of ownership and control of PHCN’s successor companies to private investors, completed in 2013.

References

Adebayo, K. and Oyedokun, G. (2019). Internal control and revenue generation in Nigerian public utilities. Nigerian Journal of Public Administration, 14(2), 45-68.

CBN. (2010). Power sector reform and economic development in Nigeria. Central Bank of Nigeria.

COSO. (2013). Internal control — Integrated framework. Committee of Sponsoring Organizations of the Treadway Commission.

Creswell, J. W. and Creswell, J. D. (2018). Research design: Qualitative, quantitative, and mixed methods approaches (5th ed.). Sage Publications.

Eze, N. and Nwafor, O. (2019). Internal control weaknesses in the Nigerian electricity sector. Enugu Journal of Public Administration, 7(1), 22-40.

Eze, N. and Nwafor, O. (2020). Revenue leakage in PHCN: Causes and consequences. Nigerian Journal of Energy Economics, 5(2), 55-72.

Hall, J. A. (2019). Accounting information systems (10th ed.). Cengage Learning.

INTOSAI. (2020). Guidelines for internal control standards for the public sector. International Organization of Supreme Audit Institutions.

Nwankwo, I. and Okeke, C. (2019). PHCN privatization: Lessons in utility reform. Nigerian Journal of Public Sector Reform, 7(2), 44-61.

Ogbeifun, M. (2019). Public financial management in Nigeria: Principles and practice. University of Lagos Press.

Okafor, E. and Udeh, S. (2020). Internal control and revenue assurance in Nigerian electricity distribution. African Journal of Public Sector Financial Management, 5(2), 33-50.

Oyo-Ita, I. (2019). Audit and accountability in Nigerian public enterprises. Nigerian Accountant, 52(4), 12-28.

Romney, M. B. and Steinbart, P. J. (2018). Accounting information systems (14th ed.). Pearson Education.

Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). Sage Publications.

CHAPTER TWO: REVIEW OF RELATED LITERATURE

2.1 What is Revenue?

Revenue is the income generated by an organization from its normal business activities, typically from the sale of goods or services to customers. In the context of an electricity utility like the Power Holding Company of Nigeria (PHCN), revenue is derived primarily from the sale of electricity to residential, commercial, and industrial customers. Revenue is recognized when earned, regardless of when cash is received (accrual accounting). For PHCN, revenue is earned when electricity is delivered to customers (consumed), not necessarily when customers pay their bills. Revenue is a critical financial metric because it funds operations, pays employees, maintains infrastructure, services debt, and generates profits (or reduces losses in the case of a government-owned utility) (Kieso, Weygandt, and Warfield, 2019; Horngren, Sundem, and Stratton, 2018).

Revenue can be classified into different categories. Operating revenue is revenue from the core business activities – for PHCN, electricity sales. Non-operating revenue is revenue from secondary activities – for PHCN, this could include rent from properties, interest on bank deposits, or sale of scrap materials. In the electricity sector, revenue is also classified by customer type: (a) residential customers (households), (b) commercial customers (businesses, shops, offices), (c) industrial customers (factories, manufacturing plants), and (d) government customers (government offices, agencies, public facilities). Each customer category may have different tariffs, payment behaviors, and collection risks. Understanding revenue components is essential for designing effective internal controls (Drury, 2020; Brigham and Ehrhardt, 2017).

Effective revenue generation requires several key processes: (a) metering – accurately measuring the amount of electricity consumed by each customer, (b) billing – calculating the amount due based on consumption and applicable tariffs, and issuing invoices to customers, (c) collection – receiving payments from customers and recording them properly, (d) accounts receivable management – tracking overdue accounts, following up with delinquent customers, and writing off uncollectible debts, and (e) customer service – handling inquiries, disputes, and complaints to maintain customer satisfaction and encourage timely payment. Weaknesses in any of these processes lead to revenue leakage (unbilled consumption, uncollected payments, theft) (Okafor and Udeh, 2020; CBN, 2010).

Revenue leakage refers to revenue that is earned but not collected (or not recorded). In the electricity sector, revenue leakage occurs through: (a) metering leakage – inaccurate meters, tampered meters, no meters (estimated billing), (b) billing leakage – billing errors (wrong tariff, miscalculation), delayed billing, (c) collection leakage – payments not recorded, theft of cash, customers not paying (bad debts), (d) technical losses – electricity lost in transmission and distribution (due to resistance, heat), which is not revenue leakage (since it was never delivered) but still represents inefficiency, and (e) electricity theft – illegal connections, meter bypassing. Internal controls are designed to prevent, detect, and correct these sources of revenue leakage (Nwankwo and Okeke, 2019; Eze and Nwafor, 2020).

2.2 What is Internal Control System?

An internal control system is a comprehensive set of policies, procedures, practices, and organizational structures implemented by management to provide reasonable assurance that the organization achieves its objectives in the areas of operational effectiveness and efficiency, reliable financial reporting, and compliance with applicable laws and regulations. The internal control system is not a single event or procedure but an integrated system that permeates the entire organization. It is embedded in the organization’s processes, systems, and culture (COSO, 2013; INTOSAI, 2020).

The concept of internal control has evolved significantly over time. Historically, internal control focused primarily on accounting controls – procedures to safeguard assets and ensure the accuracy of financial records. This narrow view emphasized segregation of duties, authorization requirements, and physical security. The modern view of internal control, as articulated by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), is much broader. Internal control now encompasses the entire control environment, risk assessment, control activities, information and communication, and monitoring. It applies to all aspects of an organization’s operations, not just accounting (COSO, 2013; Hall, 2019).

Internal control serves three primary objectives: (a) operations objectives – ensuring the effectiveness and efficiency of operations, including safeguarding assets, preventing waste, and achieving performance targets, (b) reporting objectives – ensuring the reliability, timeliness, and transparency of internal and external financial and non-financial reporting, and (c) compliance objectives – ensuring adherence to applicable laws, regulations, contracts, and internal policies. For PHCN, internal control should support revenue generation (operations objective), accurate billing and financial reporting (reporting objective), and compliance with electricity regulations, tax laws, and anti-corruption laws (compliance objective) (Romney and Steinbart, 2018; INTOSAI, 2020).

Internal control provides only reasonable assurance, not absolute assurance. This means that even a well-designed internal control system cannot guarantee that all errors or fraud will be prevented or detected. Limitations include: (a) human error (mistakes in judgment, fatigue, misunderstanding), (b) collusion (two or more people working together to circumvent controls), (c) management override (senior management ignoring or overriding controls), (d) cost-benefit considerations (the cost of a control may exceed its expected benefit), (e) obsolescence (controls designed for past conditions may not be effective for current risks), and (f) unforeseen circumstances (unexpected events not anticipated in control design). Understanding these limitations is essential for realistic expectations of internal control effectiveness (COSO, 2013; Merchant and Van der Stede, 2017).

2.3 Objectives of Internal Control System

The objectives of an internal control system are derived from the organization’s overall goals and the risks it faces. For a revenue-generating entity like PHCN, the specific objectives of internal control in the revenue cycle include:

1. Safeguarding of assets: Internal controls must protect the organization’s assets from theft, misappropriation, waste, or damage. For PHCN, assets include cash (collections from customers), meters, transformers, cables, and other equipment. Controls such as physical security (locked cash boxes, secure meter storage), segregation of duties (different employees handle collections and record-keeping), and surprise cash counts help safeguard assets (Okafor and Udeh, 2020; Eze and Nwafor, 2019).

2. Accuracy and completeness of accounting records: Internal controls must ensure that all revenue transactions (meter readings, bills, payments) are accurately recorded, completely recorded (no omissions), and recorded in the correct accounting period. For PHCN, controls such as pre-numbered receipts, batch totals for meter readings, and reconciliations between meter readings, bills, and collections help achieve accuracy and completeness (Romney and Steinbart, 2018).

3. Prevention and detection of errors and fraud: Internal controls must reduce the risk of errors (unintentional mistakes) and fraud (intentional deception). For PHCN, controls such as authorization requirements (approval for meter installation, tariff changes), verification (review of meter readings, bills), and surprise audits help prevent and detect revenue leakage due to employee theft, customer tampering, or billing errors (Hall, 2019; Oyo-Ita, 2019).

4. Compliance with laws and regulations: Internal controls must ensure that the organization complies with applicable laws, regulations, and contracts. For PHCN, this includes compliance with electricity tariffs set by regulators (NERC), tax laws (VAT on electricity bills), anti-corruption laws, and financial reporting requirements. Non-compliance can result in fines, penalties, legal liability, and reputational damage (CBN, 2010; Ogbeifun, 2019).

5. Operational efficiency: Internal controls must promote the efficient use of resources, minimizing waste, delays, and inefficiencies. For PHCN, efficient processes for meter reading, billing, and collection reduce costs and improve customer satisfaction. Controls such as performance monitoring (collection efficiency targets, billing turnaround times) help drive efficiency (Premchand, 2019).

6. Timeliness of financial reporting: Internal controls must ensure that financial information is available to management and oversight bodies when needed for decision-making. For PHCN, controls over the revenue cycle should enable monthly (or even weekly) reports on metering coverage, billing, collections, and accounts receivable, not just annual reports. Delayed reporting hinders management’s ability to take corrective action (Mellett, 2019).

2.4 Types of Internal Control System

Internal controls can be classified into three main types based on their purpose and timing: preventive, detective, and corrective controls. Each type plays a distinct role in an effective internal control system.

Preventive Controls are designed to prevent errors or irregularities from occurring in the first place. They are proactive measures that stop problems before they happen. Examples of preventive controls relevant to revenue generation at PHCN include: (a) segregation of duties – ensuring that the employee who reads meters is not the same employee who bills customers or collects payments, (b) authorization requirements – requiring manager approval for meter installation, tariff changes, or write-offs of bad debts, (c) physical security – tamper-evident seals on meters, locked cash collection boxes, secure meter storage, (d) access controls – limiting access to billing systems to authorized personnel only, (e) pre-numbered documents – using pre-numbered receipts to ensure all collections are recorded, and (f) employee screening – background checks before hiring employees who handle cash or have access to sensitive systems (COSO, 2013; Romney and Steinbart, 2018).

Detective Controls are designed to detect errors or irregularities after they have occurred. They are reactive measures that identify problems so that corrective action can be taken. Examples of detective controls relevant to revenue generation at PHCN include: (a) reconciliations – comparing meter readings to bills, bills to collections, collections to bank deposits, (b) surprise cash counts – unannounced counts of cash on hand, (c) variance analysis – analyzing trends in collection efficiency, write-offs, and electricity theft to identify anomalies, (d) internal audit – periodic audits of revenue cycle processes, (e) customer complaints – investigating customer reports of billing errors or unauthorized disconnections, and (f) exception reports – generating reports of unusually high or low consumption, late payments, or missing meter readings (Hall, 2019; Okafor and Udeh, 2020).

Corrective Controls are designed to correct errors or irregularities that have been detected and to prevent recurrence. They are remedial measures that address the root cause of problems. Examples of corrective controls relevant to revenue generation at PHCN include: (a) adjusting journal entries – correcting billing errors through credit or debit notes, (b) disciplinary action – terminating or sanctioning employees found to have committed fraud, (c) policy changes – revising procedures to address identified weaknesses (e.g., requiring dual approval for write-offs), (d) additional training – training employees on proper metering, billing, or collection procedures, (e) system enhancements – upgrading billing software to prevent recurrence of errors, (f) customer education – informing customers about how to report suspected theft or billing errors, and (g) prosecution – pursuing legal action against customers or employees involved in electricity theft or fraud (Eze and Nwafor, 2019; Oyo-Ita, 2019).

An effective internal control system requires a balance of preventive, detective, and corrective controls. Preventive controls are generally the most cost-effective (stopping problems before they occur), but they cannot be 100% effective. Detective controls provide a safety net for those that get through, and corrective controls ensure that detected problems are resolved and do not recur. For PHCN, a reliance on detective controls (e.g., audits) without adequate preventive controls (e.g., segregation of duties) would be insufficient (Merchant and Van der Stede, 2017).

2.5 Components of Internal Control System

The COSO framework identifies five interrelated components of internal control. These components apply to all organizations, including PHCN, and must be present and functioning effectively for internal control to be effective.

1. Control Environment: The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. It is the foundation for all other components. Key elements include: (a) integrity and ethical values of management and employees, (b) management’s philosophy and operating style (commitment to control), (c) organizational structure (clear lines of authority and responsibility), (d) assignment of authority and responsibility (delegation of authority, segregation of duties), (e) human resource policies (recruitment, training, performance evaluation, discipline), and (f) oversight by the board of directors or audit committee. At PHCN, the control environment was weak, characterized by tolerance for corruption, political interference, lack of accountability, and low employee morale (COSO, 2013; CBN, 2010).

2. Risk Assessment: Risk assessment is the process of identifying, analyzing, and responding to risks that could prevent the organization from achieving its objectives. Key elements include: (a) identifying internal and external risks (e.g., electricity theft, meter tampering, employee fraud, customer non-payment), (b) assessing the likelihood and impact of identified risks, (c) determining how to respond to risks (avoid, reduce, share, accept), and (d) identifying changes in the internal or external environment that create new risks (e.g., new tariffs, new technology). At PHCN, risk assessment was inadequate; known risks (e.g., electricity theft, employee collusion) were not effectively mitigated (INTOSAI, 2020; Nwankwo and Okeke, 2019).

3. Control Activities: Control activities are the specific policies and procedures that help ensure management directives are carried out and that risks are mitigated. Key control activities relevant to revenue generation include: (a) authorization – approvals for meter installation, tariff changes, write-offs, (b) segregation of duties – separating meter reading, billing, collection, and reconciliation, (c) physical controls – secure meters, tamper-evident seals, locked collection boxes, (d) reconciliations – comparing meter readings to bills, bills to collections, collections to bank deposits, (e) performance reviews – analyzing collection efficiency, write-offs, and theft trends, (f) documentation controls – pre-numbered receipts, customer records, billing logs, and (g) information processing controls – system validation rules (e.g., consumption cannot be negative), edit checks. At PHCN, many of these control activities were missing or ineffective (Romney and Steinbart, 2018; Okafor and Udeh, 2020).

4. Information and Communication: Information and communication refer to the systems and processes that ensure relevant information is identified, captured, and communicated to the right people in a timely manner. Key elements include: (a) information systems – billing systems, customer databases, metering systems, (b) communication channels – reports to management, communication of policies to employees, (c) quality of information – accuracy, completeness, timeliness, (d) upward communication – employees reporting control weaknesses or suspected fraud (whistleblowing), and (e) external communication – reporting to regulators, customers. At PHCN, information systems were outdated and unreliable; customer records were incomplete; billing was delayed; and management did not receive timely, accurate revenue reports (Hall, 2019; Eze and Nwafor, 2020).

5. Monitoring: Monitoring is the process of assessing the quality of internal control performance over time. Key elements include: (a) ongoing monitoring – supervisory reviews, reconciliations, performance dashboards, (b) separate evaluations – internal audits, external audits, (c) tracking of corrective actions – monitoring implementation of audit recommendations, (d) reporting of deficiencies – communicating control weaknesses to management and the audit committee, and (e) follow-up – ensuring that corrective actions are taken. At PHCN, internal audit was understaffed and underfunded; audit findings were often ignored; there was no regular management review of control effectiveness; and external audits were delayed (Oyo-Ita, 2019; Ogbeifun, 2019).

2.6 Functions of Internal Control System

The internal control system performs several critical functions within an organization. For PHCN, these functions are directly relevant to revenue generation:

1. Authorization Function: Internal control ensures that all transactions are properly authorized by appropriate personnel before they are executed. For revenue generation, this means that meter installations, tariff changes, credit notes, and write-offs of bad debts should be approved by a manager, not left to the discretion of front-line employees. Authorization prevents unauthorized actions that could lead to revenue loss (e.g., writing off a receivable without justification) (Merchant and Van der Stede, 2017).

2. Recording Function: Internal control ensures that all transactions are accurately and completely recorded in the accounting records. For revenue generation, this means that all meter readings, bills, and payments are recorded in the system. Missing or inaccurate recordings result in unbilled consumption or unrecorded payments (revenue leakage). Controls such as pre-numbered documents, batch totals, and reconciliations support the recording function (Romney and Steinbart, 2018).

3. Safeguarding Function: Internal control protects the organization’s assets from theft, misappropriation, or damage. For revenue generation, assets include cash collections, meters, and other equipment. Controls such as segregation of duties, physical security, and surprise cash counts safeguard these assets. Without these controls, employees or outsiders could steal cash or meters, reducing revenue (Hall, 2019).

4. Reconciliation Function: Internal control ensures that different records are compared and differences resolved. For revenue generation, reconciliations include: comparing meter readings to bills (all consumption billed?), bills to collections (all bills paid?), collections to bank deposits (all cash deposited?), and customer accounts to aging reports. Reconciliations detect errors and irregularities (e.g., meter readings recorded but not billed, payments received but not recorded). Without reconciliations, revenue leakage goes undetected (COSO, 2013).

5. Compliance Function: Internal control ensures that the organization complies with applicable laws, regulations, and internal policies. For revenue generation, this includes compliance with tariff regulations, tax laws, anti-corruption laws, and financial reporting requirements. Non-compliance can result in fines, penalties, and reputational damage, indirectly affecting revenue (through loss of customer trust or regulatory sanctions) (INTOSAI, 2020).

6. Performance Evaluation Function: Internal control provides information for evaluating the performance of employees, departments, and the organization as a whole. For revenue generation, metrics such as collection efficiency (percentage of billed revenue collected), metering coverage (percentage of customers metered), and billing accuracy (percentage of bills without errors) enable management to assess performance and take corrective action. Without these metrics, management cannot identify underperforming areas (Premchand, 2019).

7. Fraud Prevention and Detection Function: Internal control reduces the risk of fraud (intentional deception) and detects it when it occurs. For revenue generation, fraud risks include employees stealing cash, colluding with customers to underbill, or creating phantom customers. Controls such as segregation of duties, surprise audits, and whistleblower mechanisms prevent and detect fraud. Without these controls, fraud can go undetected for years, causing significant revenue loss (Eze and Nwafor, 2019; Oyo-Ita, 2019).

8. Decision Support Function: Internal control provides management with reliable, timely information for decision-making. For revenue generation, management needs information on metering coverage, billing accuracy, collection efficiency, and accounts receivable aging to make decisions about investments in meters, staffing, collections policies, and customer credit terms. Without reliable information, decisions are based on guesswork, leading to suboptimal outcomes (Drury, 2020).

2.7 Roles and Responsibilities

An effective internal control system requires clarity about who is responsible for what. The key roles and responsibilities in internal control include:

Board of Directors/Audit Committee: The board is ultimately responsible for the internal control system. The audit committee (a sub-committee of the board) has specific oversight responsibilities: (a) approving the internal audit charter, (b) appointing the chief audit executive, (c) reviewing the audit plan, (d) discussing audit findings, and (e) monitoring management’s response to audit recommendations. For PHCN, the board and audit committee were often ineffective due to political appointments and lack of expertise (Ogbeifun, 2019).

Management (Chief Executive Officer, Directors, Department Heads): Management is responsible for designing, implementing, and maintaining the internal control system. This includes: (a) establishing a strong control environment (tone at the top), (b) identifying risks and designing control activities to mitigate them, (c) ensuring that information and communication systems are adequate, (d) monitoring control effectiveness, and (e) taking corrective action when deficiencies are identified. For PHCN, management did not prioritize internal control, and many weaknesses persisted for years (CBN, 2010).

Internal Audit: Internal audit is an independent, objective assurance and consulting activity that evaluates the effectiveness of risk management, control, and governance processes. Internal audit’s responsibilities include: (a) assessing the design and operating effectiveness of internal controls, (b) identifying control weaknesses and recommending improvements, (c) investigating suspected fraud, (d) reporting findings to management and the audit committee, and (e) following up on management’s implementation of recommendations. For PHCN, internal audit was understaffed, underfunded, and lacked independence (reporting to management rather than the audit committee) (Oyo-Ita, 2019; Eze and Nwafor, 2019).

Employees: All employees are responsible for: (a) understanding internal control policies and procedures applicable to their jobs, (b) performing their duties in compliance with those policies and procedures, (c) safeguarding assets under their control, (d) accurately recording transactions, (e) reporting control weaknesses or suspected fraud to appropriate authorities (whistleblowing), and (f) cooperating with internal and external audits. At PHCN, many employees were not trained on internal control policies, and there was little accountability for non-compliance (Hall, 2019).

External Auditors: External auditors (Office of the Auditor-General for PHCN) are responsible for providing an independent opinion on whether the financial statements are fairly presented. External auditors also assess internal control as part of their audit (to determine the extent of substantive testing needed). They report internal control weaknesses to management and the audit committee (management letter). For PHCN, external audits were often delayed and had limited impact (Nwankwo and Okeke, 2019).

2.8 Internal Control System and the Auditors

The relationship between the internal control system and auditors (both internal and external) is symbiotic. Auditors rely on the internal control system to determine the nature, timing, and extent of their audit procedures. A strong internal control system enables auditors to perform less substantive testing (relying on controls), while a weak internal control system requires more extensive substantive testing (Romney and Steinbart, 2018).

Internal Auditors are part of the internal control system (monitoring component). They evaluate the effectiveness of the internal control system and report weaknesses to management and the audit committee. The independence of internal audit is critical; internal auditors should report directly to the audit committee, not to management, to ensure they can raise issues without fear of retaliation. For PHCN, internal audit lacked independence (reporting to management), limiting its effectiveness (Oyo-Ita, 2019).

External Auditors (the Office of the Auditor-General for PHCN) are independent of the organization. They assess internal control as part of their audit planning. If external auditors identify material weaknesses in internal control, they must report them to management and, for public sector entities, to the legislature (Public Accounts Committee). For PHCN, external audit reports highlighted many internal control weaknesses, but there was limited follow-up and implementation of recommendations (Ogbeifun, 2019).

The management letter is a formal communication from external auditors to management, identifying internal control weaknesses observed during the audit and recommending improvements. Management is expected to respond with a plan for addressing the weaknesses. For PHCN, management letters were often issued but not acted upon. The lack of follow-up meant that the same weaknesses persisted year after year (Nwankwo and Okeke, 2019).

Audit trail refers to the documentation that allows auditors to trace transactions from their origin to their inclusion in the financial statements, and vice versa. A strong internal control system includes an audit trail (pre-numbered documents, system logs, approval records). For PHCN, the audit trail was weak due to missing documents, poor record-keeping, and lack of system logs, making it difficult for auditors to verify the accuracy and completeness of revenue transactions (Hall, 2019).

2.9 Operation of Internal Control System at Power Holding Company of Nigeria (PHCN)

The internal control system at PHCN, including the Okpara Avenue, Enugu branch, was characterized by significant weaknesses that directly impacted revenue generation. Understanding these weaknesses is essential for drawing lessons for current electricity distribution companies.

Control Environment: The control environment at PHCN was weak. Key weaknesses included: (a) lack of ethical culture – corruption was widespread, and employees who reported irregularities risked retaliation, (b) political interference – government officials and powerful customers often received electricity without paying, and PHCN employees could not enforce collection, (c) poor management commitment – senior management did not prioritize internal control or revenue generation, (d) low employee morale – low salaries, poor working conditions, and lack of career advancement led to disengagement and vulnerability to corruption, (e) inadequate organizational structure – unclear lines of authority and responsibility, and (f) lack of accountability – employees faced few consequences for poor performance or misconduct (CBN, 2010; Adebayo and Oyedokun, 2019).

Risk Assessment: PHCN did not have a formal, documented risk assessment process. Known risks such as electricity theft, meter tampering, employee collusion, and customer non-payment were not systematically analyzed or mitigated. The company did not assess the likelihood or impact of these risks or develop risk response strategies. As a result, control activities were not targeted to the most significant risks, and resources were wasted on low-impact areas (Nwankwo and Okeke, 2019; Eze and Nwafor, 2020).

Control Activities: Control activities for revenue generation were weak or missing. Specific weaknesses included:

• Metering controls: Many customers lacked meters (estimated billing), existing meters were outdated or inaccurate, and meter tampering (bypassing, slowing) was rampant. There were no effective controls over meter installation, sealing, or inspection.
• Billing controls: Billing was often delayed (months behind) and based on estimates rather than actual readings. Billing errors (wrong tariff, miscalculation) were common. There were no effective reviews of bills before they were sent to customers.
• Collection controls: Cash collections were not always receipted, and receipts were not always deposited intact. Segregation of duties was inadequate (the same employee might read meters, prepare bills, and collect payments). Bank reconciliations were not performed timely.
• Segregation of duties: In many branches, a single employee handled multiple incompatible functions (meter reading, billing, collection, reconciliation), creating opportunities for fraud and error.
• Physical controls: Meters were not secured (easily accessible for tampering). Collection boxes were not secure. Cash was not always stored in safes.
• Authorization controls: Write-offs of bad debts, credit notes, and tariff changes were not always properly authorized. There was no independent review of adjustments (Okafor and Udeh, 2020; Eze and Nwafor, 2019).

Information and Communication: Information systems at PHCN were outdated and unreliable. Key weaknesses included:

• Customer records were incomplete (missing addresses, duplicate accounts, incorrect tariff codes).
• Billing systems were not integrated with metering systems or collection systems.
• Management did not receive timely reports on metering coverage, billing accuracy, collection efficiency, or accounts receivable aging.
• There were no effective channels for employees to report control weaknesses or suspected fraud (whistleblowing).
• External communication (bills, notices) was often delayed or inaccurate, leading to customer disputes and non-payment (Hall, 2019; Romney and Steinbart, 2018).

Monitoring: Monitoring of internal control effectiveness was weak. Key weaknesses included:

• Internal audit was understaffed and underfunded; many planned audits were not conducted.
• Internal auditors lacked independence (reporting to management rather than an audit committee).
• Audit findings were often ignored; there was no systematic follow-up on recommendations.
• There were no regular control self-assessments by management.
• External audits (by the Auditor-General) were often delayed, and when reports were issued, they were not acted upon by the legislature (Oyo-Ita, 2019; Ogbeifun, 2019).

Impact on Revenue Generation: The weak internal control system directly contributed to massive revenue leakage. Specific impacts included:

• Electricity theft (illegal connections, meter bypassing) went undetected and unaddressed.
• Billing errors resulted in customers being underbilled (revenue loss) or overbilled (disputes, non-payment).
• Collections were stolen by employees or not deposited.
• Bad debts (unpaid bills) accumulated due to weak collection follow-up and lack of disconnection enforcement.
• Collection efficiency (percentage of billed revenue collected) was often below 50%.
• The company was chronically loss-making, requiring government subsidies (CBN, 2010; Nwankwo and Okeke, 2019).

2.10 Limitations of Internal Control System

While internal control is essential for effective management, it has inherent limitations that must be recognized. No internal control system can provide absolute assurance. The key limitations include:

1. Human Error: Internal controls are designed and operated by people, and people make mistakes. Errors in judgment (e.g., setting the wrong tariff), fatigue (e.g., missing a discrepancy), misunderstanding (e.g., not understanding control procedures), or carelessness (e.g., failing to follow a procedure) can cause controls to fail. At PHCN, human error contributed to billing errors, misapplication of tariffs, and improper meter readings (COSO, 2013).

2. Collusion: Two or more people working together can circumvent controls that are designed to be effective when individuals act alone. For example, a meter reader and a billing officer could collude to underreport consumption and split the proceeds from the customer. Segregation of duties is ineffective if the segregated parties collude. At PHCN, collusion between employees and customers (to underbill) or between employees in different functions (meter reading, billing, collection) was a known problem (Hall, 2019).

3. Management Override: Senior management may override or ignore internal controls for various reasons (e.g., to achieve performance targets, to favor a friend or relative, to conceal fraud). Management override is difficult to prevent because management has the authority to override controls. At PHCN, political interference and pressure from senior management to write off debts, approve questionable contracts, or ignore irregularities were forms of management override (Merchant and Van der Stede, 2017).

4. Cost-Benefit Considerations: The cost of implementing a control should not exceed its expected benefit. For some risks, the cost of control may be prohibitively high relative to the potential loss. For example, installing tamper-proof meters for every customer may be expensive; the utility may accept some level of theft as a cost of doing business. At PHCN, the cost of universal metering was high, but the cost of estimated billing (revenue leakage) may have been even higher. The cost-benefit trade-off must be carefully evaluated (INTOSAI, 2020).

5. Obsolescence: Controls designed for past conditions may become ineffective as conditions change. For example, controls designed to prevent electricity theft (seals on meters) may become obsolete as thieves develop new methods (electronic tampering). Controls must be periodically reviewed and updated to remain effective. At PHCN, controls were not updated; the same weaknesses persisted for decades (Eze and Nwafor, 2019).

6. Unforeseen Circumstances: No internal control system can anticipate every possible risk. Unforeseen events (e.g., natural disasters, sudden regulatory changes, new technologies) may create risks that were not considered in control design. At PHCN, the rapid growth of the informal economy (illegal businesses) created new customers that were not properly metered or billed, but controls were not adapted (Okafor and Udeh, 2020).

7. Inherent Limitations of Specific Controls: Some controls have inherent limitations. For example, physical controls (locks, seals) can be broken; authorization controls are ineffective if the person with authority is corrupt; reconciliations are only as accurate as the underlying data; audits only test a sample, not all transactions. At PHCN, these inherent limitations were exacerbated by weak implementation (e.g., meters with broken seals not replaced, corrupt supervisors authorizing fraud) (Romney and Steinbart, 2018).

8. Dependence on Information Technology: In modern organizations, many controls are embedded in information systems (e.g., system-enforced approval limits, edit checks). If the information system has bugs, vulnerabilities, or is hacked, controls may fail. At PHCN, billing systems were outdated and prone to errors; there was no integration between metering, billing, and collection systems; and cybersecurity was inadequate (Hall, 2019).

Despite these limitations, an effective internal control system can significantly reduce the risk of errors, fraud, and inefficiency. The goal is to provide reasonable assurance, not absolute assurance. For PHCN, the internal control system was weak across all components, and the limitations were exacerbated by inadequate implementation, lack of resources, and lack of management commitment. The result was massive revenue leakage and chronic financial losses (CBN, 2010; Ogbeifun, 2019).

---

References for Chapter Two

Adebayo, K. and Oyedokun, G. (2019). Internal control and revenue generation in Nigerian public utilities. Nigerian Journal of Public Administration, 14(2), 45-68.

Brigham, E. F. and Ehrhardt, M. C. (2017). Financial management: Theory and practice (15th ed.). Cengage Learning.

CBN. (2010). Power sector reform and economic development in Nigeria. Central Bank of Nigeria.

COSO. (2013). Internal control — Integrated framework. Committee of Sponsoring Organizations of the Treadway Commission.

Drury, C. (2020). Management and cost accounting (11th ed.). Cengage Learning.

Eze, N. and Nwafor, O. (2019). Internal control weaknesses in the Nigerian electricity sector. Enugu Journal of Public Administration, 7(1), 22-40.

Eze, N. and Nwafor, O. (2020). Revenue leakage in PHCN: Causes and consequences. Nigerian Journal of Energy Economics, 5(2), 55-72.

Hall, J. A. (2019). Accounting information systems (10th ed.). Cengage Learning.

Horngren, C. T., Sundem, G. L., and Stratton, W. O. (2018). Introduction to management accounting (17th ed.). Pearson Education.

INTOSAI. (2020). Guidelines for internal control standards for the public sector. International Organization of Supreme Audit Institutions.

Kieso, D. E., Weygandt, J. J., and Warfield, T. D. (2019). Intermediate accounting (17th ed.). John Wiley and Sons.

Merchant, K. A. and Van der Stede, W. A. (2017). Management control systems: Performance measurement, evaluation and incentives (4th ed.). Pearson Education.

Mellett, H. (2019). Accountability and financial management in the public sector. Financial Accountability and Management, 15(3), 201-216.

Nwankwo, I. and Okeke, C. (2019). PHCN privatization: Lessons in utility reform. Nigerian Journal of Public Sector Reform, 7(2), 44-61.

Ogbeifun, M. (2019). Public financial management in Nigeria: Principles and practice. University of Lagos Press.

Okafor, E. and Udeh, S. (2020). Internal control and revenue assurance in Nigerian electricity distribution. African Journal of Public Sector Financial Management, 5(2), 33-50.

Oyo-Ita, I. (2019). Audit and accountability in Nigerian public enterprises. Nigerian Accountant, 52(4), 12-28.

Premchand, A. (2019). Public expenditure management: A handbook. International Monetary Fund.

Romney, M. B. and Steinbart, P. J. (2018). Accounting information systems (14th ed.). Pearson Education.