Governance Audit in Kenya

Governance Audit in Kenya

What is a Governance Audit?

A governance audit is an independent audit of an organisation’s governance framework. It evaluates whether the structures, instruments, processes, and practices in place are adequate, effective, and aligned with legal and regulatory requirements. This includes reviewing board charters, committee terms of reference, codes of ethics, policies, board composition, meeting processes, stakeholder engagement, and the overall culture of accountability.

They provide an independent, evidence-based opinion on how an organisation’s governance instruments, structures, processes, and practices perform against applicable laws, regulatory codes, and best-practice standards.

Who Must Undertake a Governance Audit in Kenya?

In Kenya, governance audits are mandatory for some organisations and recommended for others.

• Issuers of securities to the public: Listed companies must conduct annual governance audits through accredited professionals and disclose results in their annual reports.

• State corporations: Under the Mwongozo Code of Governance for State Corporations, boards must undergo annual governance audits and implement recommendations as part of their performance contracting obligations.

• Regulated sectors: Banks, SACCOs, insurance companies, pension schemes, and microfinance institutions follow sector-specific governance requirements. While some are not formally required to have governance audits, many conduct them voluntarily to strengthen compliance and stakeholder confidence.

For non-mandated entities such as private companies, non-profits, and foundations, periodic governance audits are considered best practice, especially in sectors with high reputational or regulatory risk.

Key Pillars of a Governance Audit

A comprehensive governance audit in Kenya typically examines eight main areas:

1. Leadership and Ethical Culture – The organisation’s values, tone from the top, conflict of interest controls, anti-corruption measures, and whistleblowing mechanisms.

2. Board Composition and Effectiveness – Skills, diversity, independence, succession planning, director training, and evaluation processes.

3. Strategy, Risk, and Performance – The integration of risk management into strategic planning, crisis preparedness, and performance oversight.

4. Control Environment and Assurance – The effectiveness of internal controls, internal audit, external audit relationships, and risk oversight committees.

5. Transparency and Disclosure – The quality of governance reporting, related-party transaction disclosures, beneficial ownership registers, and compliance with corporate governance codes.

6. Stakeholder Engagement – How the organisation interacts with shareholders, members, employees, customers, regulators, and the community.

7. Compliance and Legal – The existence and effectiveness of compliance policies, regulatory registers, and adherence to data protection, competition, labour, and AML laws.

8. Sustainability and ESG – Oversight of environmental, social, and governance matters, including climate risk, human rights, and community impact.

How a Governance Audit is Conducted

A governance audit follows a structured process:

1. Board Engagement and Planning – The board or its governance/audit committee approves the audit scope, appoints the auditor, and sets timelines.

2. Risk Profiling – The auditor reviews the business model, regulatory environment, and organisational risks to tailor the audit.

3. Information Gathering – The auditor requests core governance documents, policies, board and committee papers, training records, evaluation reports, and disclosure materials.

4. Fieldwork – Interviews with board members and executives, review of board packs and minutes, and observation of governance processes.

5. Scoring and Analysis – Rating each governance pillar against criteria, identifying weaknesses, and finding root causes.

6. Reporting – Delivering a report with ratings, recommendations, and a management action plan.

7. Follow-up – Monitoring progress, validating action completion, and preparing for the next audit cycle.

Why conduct Governance Audits in Kenya

In Kenya’s regulatory environment, governance audits are more than a compliance requirement. They are a tool for building stakeholder trust, improving board decision-making, and mitigating risks.

• Stronger alignment between governance structures and organisational strategy.

• Better risk management and crisis readiness.

• Improved investor and regulator confidence.

• Enhanced organisational culture and ethical behaviour.

• Clearer accountability and transparency.

Common Weaknesses Found in Governance Audits

Some recurring gaps identified in governance audits across Kenyan organisations include:

• Board composition imbalances, such as lack of independence, limited diversity, or outdated skills.

• Weak board papers that lack analysis or arrive too late for proper review.

• Poor related-party transaction oversight and disclosure.

• Outdated or inconsistent policies with no version control.

• Missing or non-operational risk appetite frameworks.

• Ineffective whistleblowing systems.

• Limited ESG oversight and climate risk integration.

• Underdeveloped data protection practices.

Implementation of governance audit recommendations

The best boards move quickly to implement governance audit recommendations. A 90-day action plan might include:

• Updating conflict of interest registers and whistleblowing policies.

• Reviewing and refreshing outdated governance policies.

• Strengthening board induction and training programmes.

• Improving board pack templates and meeting processes.

• Addressing skill gaps through targeted recruitment or advisory support.

• Integrating ESG and data privacy into board oversight.

By embedding these improvements into the annual board work plan and monitoring progress, organisations can move from basic compliance to leading governance practice.

Preparing for a Governance Audit in Kenya

Boards can make the process smoother by maintaining an “evidence pack” throughout the year. This includes:

• Up-to-date governance policies and charters.

• Director independence and training records.

• Board and committee packs and minutes for the past 12–24 months.

• Internal and external audit reports.

• Annual governance disclosures and shareholder communications.

This readiness not only streamlines the audit but also demonstrates a culture of transparency and accountability.