Internal audit in the public sector serves as the first line of defence against financial mismanagement, fraud, and waste of public resources. Yet across many government entities in Kenya, internal audit functions remain under-resourced and insufficiently independent.
The Current Landscape
The Public Finance Management Act (2012) mandates all public entities to establish internal audit committees. However, implementation has been uneven. Our experience working with the National Treasury and multiple county governments reveals common structural weaknesses:
- Inadequate staffing — Many entities operate with 1-2 audit staff covering hundreds of transactions
- Limited independence — Internal auditors reporting to the same CFO they are meant to audit
- Outdated methodologies — Compliance-based auditing rather than risk-based approaches
- Poor documentation — Audit files that would not withstand external quality assurance review
The Risk-Based Approach
Modern internal auditing has shifted decisively from checklist compliance to risk-based auditing. This approach:
- Identifies and ranks the entity's key risks
- Allocates audit resources proportionate to risk exposure
- Provides management with actionable insights, not just findings
- Adds measurable value to organisational governance
Building a Resilient Internal Audit Function
Establishing the Audit Charter
Every internal audit function must have a formal charter approved by the audit committee, clearly defining its mandate, independence, and reporting lines.
Developing the Annual Audit Plan
The plan should be risk-based, cover all significant business processes over a 3-year cycle, and have sufficient flexibility to respond to emerging risks.
Investing in Technology
Computer-Aided Audit Techniques (CAATs) allow auditors to analyse entire populations of transactions rather than samples — significantly improving detection rates for fraud and error.
External Quality Assurance
The IIA Standards require that internal audit functions undergo an external quality assessment at least once every five years. Matengo & Associates has conducted such reviews for several government agencies including HELB, KDIC, KeRRA, KEFRI, and KNBS.
Our Approach
We provide outsourced internal audit services and capacity building for public sector entities seeking to strengthen their governance frameworks. Our team brings direct experience from engagements with the National Treasury, county governments, and regulatory bodies.
Reach out to discuss how we can support your organisation's internal audit function.
