Legal Compliance Audit

What is a legal compliance audit?

Legal has something to do with the laws of a country. According to Collins English Dictionary Reference Edition, the word ‘legal’ means (1) established by or permitted by law; lawful (2) of or relating to law (3) relating to or characteristic of lawyers.

From the definition above, we shall use the word legal in the second sense. The same dictionary defines the word ‘audit’ as follows: (1) an official inspection of business accounts, conducted by an independent qualified accountant (2) any thoroughgoing assessment or review (3) to examine (business accounts) officially.

Black’s Law Dictionary Eighth Edition defines a compliance audit as “an audit conducted by a regulatory agency, an organization, or a third party to assess compliance with one or more sets of laws and regulations.

We can thus define the term legal compliance audit as “a thoroughgoing assessment or review of an organization’s processes, policies, documents, records, practices and acts with a view of assessing compliance with one or more sets of laws regulations to which the organization is subject”.

What stands out from the definition of a legal compliance audit?

A legal audit is systematic, objective, impartial and evidence-based.

  • A legal compliance audit is systematic because it follows a fixed plan and is done in an efficient and methodical way.
  • It is objective & impartial because it relates to actual facts as opposed to thoughts, feelings or bias, it does not favour one side or the other.
  • Lastly, a legal audit is evidence based because the auditor’s findings have to be supported or grounded in something tangible-evidence. The audit evidence could include internal documents, policies, procedures, logs, emails, contracts and this evidence is used by an auditor to assess how well an organization is adhering to the laws, regulations, policies, standards and systems. The evidence is what will either support an organization’s claim of being compliant or disapprove this claim.
What are the objects of a legal compliance audit?

The aim or purpose of a legal compliance audit is to assess whether or not an organization is complying with the Constitution, statutory laws, international laws & regulations as applicable to it and internal rules and policies of the organization. Thus, the objectives of a legal audit can broadly be summarized as:

  • Prevention (legal risk management)-one will often find in the public or private sector that the reason for downfall of organizations can easily be traced to some form on non-compliance with laws, regulations, policies or best practices. It is therefore important for any organization keen on minimizing legal risk to undertake a legal compliance audit in order to prevent contravention of laws, regulations or policies that may impact the performance of an organization.
  • Fault-finding. A legal compliance audit may uncover intentional or unintentional deficiencies. This is in appreciation of the fact that there are many ever-changing laws, regulations or policies that an organization must comply with.
  • Punishment -certain laws, regulations or policies have a penalty attached where there is none compliance. The non-compliance could also be an offence with a penalty attached.

Fault-finding and punishment are however not the main objectives of a legal compliance audit, the main objective is:

  • To assess the overall effectiveness of an organization’s compliance practices;
  • To ensure, at all times the organization complies with the spirit and letter of the Constitution;
  • To ensure that an organization’s policies, institutional framework, administrative procedures effectively support implementation of the Constitution;
  • To ensure that laws, rules, regulations, codes and standards which are applicable to the organization are identified, documented and observed; and
  • To improve an organization’s efficiency in the business environment.
Is there a legal basis for a legal compliance audit?
  • Unlike a financial audit which is anchored in Article 229 (4) of the Constitution, section 68 (2) (k) of the Public Finance Management Act, section 14 of the Public Audit Act, section 14 (3) of the States Corporations Act and section 709 (1) of the Companies Act, legal compliance audits are not an express requirement under the laws of Kenya.
  • However, the Code of Governance for State Corporations (Mwongozo 2015) which applies to everyone in State Corporations in Kenya-that is every board member, employee and also to contract staff, requires under clause 8.4 (a) that a comprehensive and independent legal audit be carried out at least once every two (2) years.
  • Mwongozo was issued as a Regulation under section 30 of the State Corporations Act pursuant to an Executive Order (Executive Order No. 7 of 2015) by the Former President of the Republic of Kenya, Hon. Uhuru Kenyatta. Section 30 of the States Corporations Act provides “The President may make regulations generally for the better carrying into effect of the provisions of this Act and the powers conferred by this section may be assigned in accordance with…. the Constitution.”
  • The Capital Markets Authority pursuant to the powers granted under section 11 (3) (v) of the Capital Markets Act (Cap. 485A) issued the Code of Corporate Governance Practices for Issuers of Securities to the Public, 2015. Clause 2.10 of this Code requires a board of a listed company to subject the company to a legal audit.
  • The basis for a legal compliance audit is local/regional/international laws & regulations, business related framework and regulations and an organization’s policies, procedures and processes.
What are compliance obligations and where do there arise from?

According to ISO 14001:2015, compliance obligations are legal requirements that an organization must comply with and other requirements that an organization has to, or chooses to comply with.  Compliance obligations can arise from mandatory requirements, such as applicable laws and regulations, or voluntary commitments, such as organizational and industry standards, contractual relationships, codes of practice

Organizations have various legal duties (obligations) that they should comply with. These legal duties may vary depending on the nature of the organization i.e. whether a public or private entity.

Why should an organization carry out a legal compliance audit?

Does your organization want:

  • To be up to date with the ever-changing legal terrain including the Constitution, statutory laws, amendments and repeal of laws, new enactments which affect legal rights and obligations, decisions of the courts?
  • To keep up with advances worldwide (best practices)?
  • To maximize its productivity?
  • To align with new business prospects e.g. endeavor into a new product or service and wants to ascertain the legal requirements?
  • To do away with outdated systems, standards & procedures?
  • An in-depth examination of the legal and regulatory environment in order to be conscious of the obligations incumbent upon it?
  • To update its registration records, licences or other requirements in conformity with the laws?
  • To identity weaknesses in its internal policies and procedures, standards & systems for the purpose of taking steps to redress them?
  • To pre-empt litigious proceedings and save on the related legal expenses?To avoid criminal prosecution of its management and senior staff?

If your answer to all or some of the questions above is ‘YES’, then you know ‘WHY’ your organization should carry out a legal compliance audit.

Who carries out a legal compliance audit?

A legal compliance audit can be an internal audit or an independent audit. An internal audit is carried out by an organization’s personnel while an independent audit is carried out by an outsider or a person not connected with the organization being audited.

What is required of the auditor?

When carrying out a legal compliance audit, the auditor will examine and interrogate an organization’s policies, operations, practices, activities and documents to determine whether the organization is compliant with the existing laws, regulations and policies.

Ultimately the auditor will seek to:

  • Identify what an organization is required to comply with;
  • Examine what the organization is actually doing/does;
  • Identify the legal risks of non-compliance
  • Review laws, regulations and policies; and
  • Propose reforms/make improvement recommendations to the organization.

Please contact us on if you would like to conduct a legal compliance audit of your organization.

Share This Story

Gerivia Web / Blog Disclaimer

The information on this web/blog site is for general information only. It does not constitute legal advice in any and should not be treated as such. The use of the web/blog site does not constitute rendering legal advice by the authors of the articles to the readers and does not create any advocate-client relationship between you and the web/blog site publisher. The site is not and should not be used as a substitute for competent legal advice from a licensed Advocate. The authors are not responsible for any actions or omissions which result from relying on or using information in this web/blog site and will accept no liability for its use. Readers should always seek case specific advice from qualified Advocates and other professionals when dealing with specific cases.

In as much as we try to ensure that the information contained in the web/blog site is updated, accurate and reliable, we make no representations or warranties to that effect. Some of the articles may contain the personal opinion and critique of the law by the authors which are for general discourse only and are not intended to and do not constitute legal advice.

Whereas we provide links to other websites that are relevant to our work, we assume no responsibility for the contents of the linked websites and cannot guarantee their availability or the accuracy of the information they contain. Provision of linked websites should not in any way be construed as an endorsement of the contents of those sites or of any association with those entities.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top