Legal audits: Antidote to corporate legal risks

Legal auditing is the interrogation of an entity’s documentation, policies, processes, and operating procedures, to ascertain compliance with prevailing legal requirements.

By Makaya Oweya, Risk and Dispute Resolution Lawyer, Gikera & Vadgama Advocates [email protected]

The business environment is riddled with legal risks which emanate from potential legal claims, compliance or regulatory requirements. These risks, if not averted, can become considerable legal problems for businesses.

Any business can mitigate its legal risk by adopting “preventive lawyering” which is “ a legal specialty of preventing the disease of litigation. Litigation is a serious disease that leaves its victims financially and emotionally weakened and, in some cases, may lead to their economic demise.” [i]

In the Kenyan market, we have seen the cost of legal liabilities from defamation claims that result in high monetary awards, contractual breaches that have concluded in substantial awards of interest and costs, mismanagement of employee relations which have impeded business continuity.

It is therefore imperative that businesses conduct regular legal health checks for their organizations to gain information from key operational areas of business as to the status of contracts, legal demands, licensing, and other regulatory requirements. 

What is a legal audit?

Legal auditing is the interrogation of an entity’s documentation, policies, processes, and operating procedures, to ascertain compliance with prevailing legal requirements. Legal auditing allows an entity to assess the need to revise its policies or operations to comply with evolving legal requirements. They provide information for entities to use in the mitigation of liabilities and allow for categorization, and therefore strategy around legal risk.

Legal auditing can be used preventatively and remedially. It is a proactive approach that businesses can use to forestall, address and manage legal problems.

Areas covered by Legal Audits

Legal audits examine all aspects of an organization from registration, policies, and procedures (including anti-money laundering, B2B contracts, B2C contracts, employment handbooks, employment contracts, governance) and extend to external aspects such as regulation. An organization may elect to limit or expand the scope of the legal audit depending on its priority areas where there is a looming risk such as licensing, tax, effecting of staff overhaul with the possibility of redundancy pay outs.

The role of legal audits falls into 4 areas: Risk Assessment, Compliance, Information and Monitoring.

Risk Assessment

Legal Audits interrogate the procedures and documentation within a company and reveal any potential risks. An example is an audit of any employment contracts where the Legal Auditor will assess the extent to which Human Resource Policies reflect the organization’s growth and comply with provisions of Employment and Labour Relations Law. There are cases where contracts or policies were developed at inception and do not account for growth within the organization or the changing legal environment or there are inadvertent delays or errors in failing to renew documentation such as immigration permits.

In an example of a case we have handled, a company did not amend the provisions on gratuity from inception and allowed the internal promotion of candidates, including a clerk, who remained with the company for over 40 years rising to management. At the time of computing the gratuity payable, the company sought to apply the law to remit 15 days of service for each year worked however, the employee contested this and was allowed to rely on the policy, which was quite generous, that saw him net a huge sum of money which the company had no financial reserves for.


Different entities are governed with different laws and regulations. For instance, the legal instruments governing the running of NGOs are different from the legal instruments governing corporate bodies. Additionally, the repercussions for non-compliance differ from one entity to another. NGOs are likely to lose donor funding while corporate entities will face shareholder scrutiny and demand a change of management.  

A legal audit will flag areas for compliance and assist an entity meet any requirements set by law. In such scenarios, the audits extend to assessing any returns which ought to be filed and ensuring these are actually presented.


Legal Auditors are legal practitioners who are conversant with the changes in law. Changes are introduced by new legislation, amendments to existing legislation and court decisions which impact on the operations of a business entity. So as to mitigate the risks, businesses need to align themselves with changes in law.

A legal audit will inform business of new laws as well as the best ways to comply. It also forms a proper basis of identifying areas requiring training of key staff members. An example of new legislation that requires alteration of procedures and assignment of personnel is the Data Protection Act which requires organizations to have data protection officers.


A legal audit forms basis for monitoring adherence to statutory provisions. For instance, the Employment Act provides that an employment contract shall contain certain details of the employee, including career progression within the organization. A legal audit will inspect the records kept by the organization and monitor their conformity to the legal provisions.

How often should Legal Audits be conducted?

Legal Audits should be conducted regularly depending on the business cycles and priority areas. In determining the frequency, there should be consideration of industry, size of the organization and the changes in the legislation within that industry.

For example, for state corporations, the Mwongozo, which is a code of governance for state corporations, gives a guideline that governance audits should be done annually. Among the areas that the governance audit should cover is an audit on compliance with laws and regulations. These clauses require that legal compliance audits for state corporations be done annually with comprehensive and independent legal audits done at least once every two years.

Legal audits may also be conducted on an ad hoc basis depending on the issues arising within the organization, industry and the economic environment generally.  This will allow the organization to develop timely and effective remedial measures that mitigate risks.


Unforeseen legal risks can cripple the entire operations of an entity and as such there is need to ensure that a business is always “legally healthy.” Regular legal audits will provide businesses with “a peace of mind” by providing preventive measures to any potential legal risks. The cost of litigation is substantial, in monetary and non-monetary terms. We therefore recommend the periodic conduct of legal audits to ensure that your organization’s legal health is sound.

It is better to be safe than sorry.

Edward P. Richards and Katherine C Rathburn, in their book Medical Risk Management: Preventive Legal Strategies for Health Care Workers have used an analogy to define preventive lawyering as follows


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on whatsapp
Dr. Hanningtone Gaya

Dr. Hanningtone Gaya

Kenya’s Dr Hanningtone Gaya, holds a PhD in Commerce in Business Management from Nelson Mandela University (NMU), is viewed as an authority in country branding and is the founder chairman of the Brand Kenya Board.

Related Posts