How to Audit Governance: A Step-by-Step for SMEs & Family Businesses
Many businesses in Kenya operate informally, with roles, oversight, and accountability based more on trust than structure. While this can work for a while, risks accumulate - non-compliance, poor decision-making, disputes, or worse. Governance audits provide a structured way to spot issues early, tighten gaps, and ensure sustainability.
What is a Governance Audit?
A governance audit is a systematic evaluation of how well your business is governed, that is; board and management roles, oversight, legal and regulatory compliance, stakeholder engagement, policy effectiveness, and more. It’s not just about ticking legal boxes, it’s about checking whether structures are working, decisions are being made well, risks are being managed, and the business is future-proof.
Step-by-Step Governance Audit Checklist
Here are key dimensions to audit, with suggested questions and evidence you should gather. Use this as a self-assessment or as the basis for a formal audit.
1. Board Composition & Structure
What to Evaluate: Are board members the right mix of executive / non-executive / independent? Are there enough directors? Is the chair separate from the CEO?
Questions to Ask: “Is at least one third of the board independent?” (as in many board charters in Kenya)
Evidence: Board charter, director appointment records.
2. Board Charters, Roles & Committees
What to Evaluate: Existence and clarity of written charters/policies; clearly defined roles of board vs management; committees and their purposes (audit, risk, nomination).
Questions to Ask: “Is there a board charter that defines roles, responsibilities, and delegation of authority?”
Evidence: the charter document; minutes showing committee reports.
3. Performance Evaluation
What to Evaluate: Are there annual reviews of the board, committees, and individual directors? Is feedback collected (self-evaluation, peer evaluation)?
Questions to Ask: “When was the last board evaluation?” “What improvements were identified and acted upon?”
Evidence: questionnaire responses; summary reports; action plans.
4. Compliance & Legal / Regulatory Review
What to Evaluate: Are statutory filings up to date? Licenses, beneficial ownership, regulatory reports, data protection, employment law, tax, etc.
Questions to Ask: “Are all legal/regulatory deadlines met?” “Do statutory registers exist, and are they current?”
Evidence: copies of filings; licensing documentation.
5. Policies, Ethics & Conflict Management
What to Evaluate: Code of ethics, whistleblowing, conflicts of interest, and confidentiality. Are there documented policies, and do people follow them?
Questions to Ask: “Do directors complete conflict of interest disclosures annually?” “Are there grievance or whistleblowing channels?”
Evidence: policy documents; disclosure registers; complaints logs.
6. Stakeholder Engagement & Communication
What to Evaluate: How are stakeholders involved? How transparent is reporting? Do shareholders, employees, and customers have feedback channels?
Questions to Ask: “Is there formal communication with shareholders?” “Are reports/minutes shared?”
Evidence: newsletters, AGM minutes, website disclosures.
7. Risk Management & Internal Controls
What to Evaluate: Is there a risk register? Internal audit? Controls over financial reporting, operations, data, and cybersecurity?
Questions to Ask: “What are the material risks identified?” “Are there periodic reviews of internal controls?”
Evidence: risk register; internal audit reports; incident logs.
8. Governance Culture & Leadership
What to Evaluate: Are those in leadership transparent? Do board members engage proactively? Is management held accountable? Is training provided for directors?
Questions to Ask: “Do all new directors receive induction?” “Is continuous training offered?”
Evidence: induction records; training attendance; board meeting minutes showing discussion.
How to Conduct the Audit
Here’s a suggested process:
· Inception/Planning — define scope, objectives, timeline, stakeholders.
· Data/Evidence Gathering — collect board documents (charter, minutes), legal filings, policies, interviews or surveys with board members & management.
· Self-Assessment & Tools Use — use questionnaires or self-assessment tools. These might measure how well the board operates in strategic oversight, risk, compliance, etc.
· Report Findings — summarize strengths, gaps, risk areas; make actionable recommendations.
· Action Plan & Monitoring — assign responsibilities, timelines for implementing recommendations; follow up periodically (semi-annual or annual).
· Re-audit / Review — repeat periodically to measure improvement and adapt.
Why Businesses Should Do This
· It surfaces hidden risks: e.g., non-compliance, weak oversight, and role confusion.
· Helps avoid costly crises (legal, reputational, financial).
· Improves decision quality, stakeholder trust, and possibly access to investment or financing.
· Builds resilience and credibility; especially important for family businesses, where transitions can be difficult.
· Enhances company value and growth prospects.
A Kenyan study shows that SMEs that adopt governance practices (audit committees, board oversight, clarity in roles) show better financial performance.
How Azali Can Support
Azali Certified Public Secretaries LLP can assist you at every step:
1. Pre-audit facilitation - we help plan the audit and decide what to include in scope.
2. Document & policies review - we review existing charters, board structure, and legal compliance.
3. Evaluation tools - provide questionnaires or tools for board performance evaluation and self-assessment.
4. Report & Action Planning - prepare a written audit report, highlight gaps, suggest remediation, and help set timelines.
5. Monitoring & Follow-ups - periodic check-ins to see whether recommendations are implemented and governance is improving.
Final Thoughts
A governance audit for large firms, SMEs and family-owned businesses alike is often the difference between flying blind and steering with certainty. Starting now means building a company that’s robust, transparent, and ready to scale (or pass on) without crisis.
If you’d like a tailored governance audit conducted for your organization, feel free to reach out.
admin@azali.co.ke | +254 (0) 707 456 140