Back to Insights
Audit & Assurance 2 min read

Strengthening Internal Audit Functions in Kenya's Public Sector

Effective internal audit is the backbone of public financial management. We explore how government entities can build resilient audit functions that deliver real accountability.

K

CPA Lawrence Kaberi

18 February 2025

Internal audit in the public sector serves as the first line of defence against financial mismanagement, fraud, and waste of public resources. Yet across many government entities in Kenya, internal audit functions remain under-resourced and insufficiently independent.

The Current Landscape

The Public Finance Management Act (2012) mandates all public entities to establish internal audit committees. However, implementation has been uneven. Our experience working with the National Treasury and multiple county governments reveals common structural weaknesses:

  • Inadequate staffing — Many entities operate with 1-2 audit staff covering hundreds of transactions
  • Limited independence — Internal auditors reporting to the same CFO they are meant to audit
  • Outdated methodologies — Compliance-based auditing rather than risk-based approaches
  • Poor documentation — Audit files that would not withstand external quality assurance review

The Risk-Based Approach

Modern internal auditing has shifted decisively from checklist compliance to risk-based auditing. This approach:

  1. Identifies and ranks the entity's key risks
  2. Allocates audit resources proportionate to risk exposure
  3. Provides management with actionable insights, not just findings
  4. Adds measurable value to organisational governance

Building a Resilient Internal Audit Function

Establishing the Audit Charter

Every internal audit function must have a formal charter approved by the audit committee, clearly defining its mandate, independence, and reporting lines.

Developing the Annual Audit Plan

The plan should be risk-based, cover all significant business processes over a 3-year cycle, and have sufficient flexibility to respond to emerging risks.

Investing in Technology

Computer-Aided Audit Techniques (CAATs) allow auditors to analyse entire populations of transactions rather than samples — significantly improving detection rates for fraud and error.

External Quality Assurance

The IIA Standards require that internal audit functions undergo an external quality assessment at least once every five years. Matengo & Associates has conducted such reviews for several government agencies including HELB, KDIC, KeRRA, KEFRI, and KNBS.

Our Approach

We provide outsourced internal audit services and capacity building for public sector entities seeking to strengthen their governance frameworks. Our team brings direct experience from engagements with the National Treasury, county governments, and regulatory bodies.

Reach out to discuss how we can support your organisation's internal audit function.

Need professional advice?

Our team can help you apply these insights to your specific situation.

Contact Us