What to Look out for when conducting a Legal Audit in your company

When conducting a legal and compliance audit in Kenya, it is essential to assess various areas to ensure adherence to local laws, regulations, and best practices. Here are some key areas to watch:

1. Corporate and Regulatory Compliance

  • Company Registration & Governance – Confirm compliance with the Companies Act, 2015, including proper registration, up-to-date filings with the Business Registration Service (BRS), and adherence to corporate governance principles.
  • Licensing & Permits – Ensure the entity holds all necessary operational licenses and permits (e.g., from Kenya Revenue Authority (KRA), County Governments, etc.).
  • Shareholding & Board Structure – Verify compliance with ownership and directorship requirements, including rules on foreign ownership, if applicable.

2. Tax Compliance

  • Corporate & Employee Tax – Confirm adherence to KRA regulations, including Income Tax, PAYE (Pay As You Earn), VAT (Value Added Tax), and Withholding Tax.
  • Customs & Excise Duties – For importers/exporters, check compliance with Kenya Revenue Authority (KRA) customs laws and East African Community (EAC) trade agreements.
  • Tax Filings & Documentation – Ensure all statutory tax filings (e.g., iTax) are up-to-date to avoid penalties.

3. Employment & Labor Laws

  • Contracts & Employee Rights – Review employment contracts for compliance with the Employment Act, 2007 and labor regulations.
  • Wages & Benefits – Ensure minimum wage and statutory deductions (NSSF, NHIF, and Housing Levy) are properly calculated and remitted.
  • Workplace Policies – Check compliance with laws on harassment, discrimination, occupational safety (OSHA, 2007), and termination procedures.

4. Data Protection & Privacy

  • Compliance with the Data Protection Act, 2019 – Ensure that personal data is collected, stored, and processed lawfully.
  • Data Security Measures – Review safeguards against cyber risks and unauthorized data access.
  • Data Protection Officer (DPO) – Confirm appointment (if required) and registration with the Office of the Data Protection Commissioner (ODPC).

5. Contractual Obligations & Third-Party Agreements

  • Commercial Contracts – Review contracts with suppliers, customers, and partners to ensure compliance with legal obligations.
  • Procurement Compliance – Ensure public and private procurement processes comply with the Public Procurement and Asset Disposal Act (PPADA), 2015, where applicable.

6. Intellectual Property (IP) Protection

  • Trademarks & Patents – Verify registration with Kenya Industrial Property Institute (KIPI).
  • Copyright & Licensing – Ensure compliance with copyright laws, especially for media, tech, and creative industries.

7. Environmental & Industry-Specific Regulations

  • Environmental Laws – Ensure compliance with NEMA regulations and environmental impact assessment (EIA) requirements, the Carbon Market regulations etc.
  • Industry-Specific Compliance – For regulated industries (e.g., banking, healthcare, insurance, real estate), ensure adherence to sector-specific laws and guidelines from relevant regulatory bodies (e.g., CBK, IRA, CAK, etc.).

8. Litigation & Dispute Resolution

  • Pending Legal Cases – Review ongoing litigation and assess compliance risks.
  • Alternative Dispute Resolution (ADR) – Check if ADR mechanisms (e.g., mediation or arbitration) are in place to mitigate legal risks.

9. Anti-Corruption & Ethical Standards

  • Bribery & Corruption Policies – Ensure compliance with the Bribery Act, 2016, and ethical business conduct.
  • AML/CFT Compliance – Financial institutions should follow CBK and Financial Reporting Centre (FRC) guidelines on Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT).

Leave A Comment

All fields marked with an asterisk (*) are required