Audit Insight

28/04/2026

Which signature cost the millions?

Singapo Construction and Engineering Ltd was growing fast with new contracts, expanding operations, and a reputation that attracted both opportunity and risk.

At the center of its financial operations was a well structured process where the Accounts Payable team prepared payment schedules, the Finance Manager reviewed and approved them, and finally, the Directors signed off on large or sensitive disbursements.

On paper, it looked airtight. In reality, it was not.

Every month, the Accounts Payable team compiled dozens of payments such as supplier invoices, consultancy fees, project-related expenses, KRA tax payments etc.

Pressured by tight deadlines and volume, they occasionally skipped detailed reconciliations, assuming the Finance Manager would catch any anomalies.

The Finance Manager, a seasoned professional, relied heavily on summaries rather than underlying documentation. Trust had quietly replaced verification. If the totals looked reasonable and cash flow allowed, approvals were granted with minimal interrogation.

Then came the Board.

Board meetings were often rushed. The Directors were accomplished individuals in their own right and they treated payment approvals as routine formalities. Thick packs of financial documents were circulated, but few took the time to interrogate them. Their focus leaned more toward strategy, expansion, and high-level performance.

“The Finance Manager has approved, so it must be in order,” became the unspoken assumption. And so, signatures flowed freely.

It took nearly two years before the cracks surfaced.

An Internal Audit revealed a pattern of duplicate payments to certain suppliers, inflated invoices, and, in some cases, payments made to entities with questionable legitimacy.

The total exposure ran into millions.

The room fell silent when the findings were presented.

The Accounts Payable team argued they were overwhelmed and operating under pressure, with limited oversight.

The Finance Manager defended the process, insisting reliance on team inputs and time constraints made deep reviews impractical.

The Directors, however, were stunned. They had signed off on the payments but claimed they had trusted the Finance Manager and were not involved in operational details.

Who should carry the responsibility here for the lost millions?

Send a message to learn more

27/04/2026

The compliance trap facing SMEs

"An Accountant’s job begins and ends with filing PAYE, SHIF, NSSF, HL, submitting VAT returns, and stamping financial statements when required."

This is a persistent and costly misconception among many SMEs in Kenya.

While these are important responsibilities and among the many, they barely scratch the surface of what a qualified and competent Accountant should bring to a business.

This narrow view reduces the Accountant to a statutory “box-ticker,” when in reality, they should be one of the most strategic partners in the business.

Several factors fuel this limited view and/or misconceptions.

For instance, SMEs often opt for the cheapest accounting option, which tends to focus only on statutory compliance (PAYE, SHIF, NSSF, VAT etc).

Many SMEs simply do not know what they should expect from an Accountant.

Some Accountants reinforce the problem by positioning their services narrowly.

Quacks have also infiltrated the system.

Oftentimes, engagements are triggered by statutory requirements rather than business needs.

Most SMEs engage Accountants reactively, often when deadlines loom or when pressure comes from KRA, lenders, or procurement requirements.

This compliance-driven relationship creates a cycle where records are updated retrospectively rather than in real time, financial decisions are made without reliable data, tax is treated as an obligation to be minimized, not managed strategically and the Accountant is seen as a cost rather than a value driver.

The consequences?

Businesses remain perpetually exposed i.e. financial losses, tax disputes, operational inefficiency, and vulnerability to avoidable risks.

SMEs need to understand that Accountants should operate at the heart of the business, not at its periphery.

They need to rethink their relationship with Accountants.

Instead of asking “Who can file my returns cheapest?”

They should be asking, “Who can help me understand, protect, and grow my business?”

That shift changes everything.

An Accountant is not just a reporter of the past, they are an interpreter of the present and an architect of the future.

An Accountant’s role is not just to file returns.

SMEs that recognize this early gain a significant advantage in terms of clarity, control, and confidence in their business decisions.

The real question is not whether you can afford a strategic Accountant, it’s whether you can afford not to have one.

I welcome your thoughts and feedback.

24/04/2026

Does academics matter in public appointments?

The Nairobi county government has appointed Calvince Okoth popularly known politically as “Gaucho” to the board of one of the critical county hospitals, a perceived political appointment.

This appointment has sparked public backlash, with critics questioning his academic qualifications and suitability.

Public hospital boards serve critical fiduciary and oversight roles, mainly governance,strategic direction, financial stewardship,procurement, audit , IT, HR oversight etc.

This raises fundamental questions, what are the minimum qualifications to be a board member in the public sector?

Does education, skills, competence and experience really matter?

What tone are we setting at the institution's top ?

I think the new member is well placed to represent patient realities and grassroots concerns, but there is more to this.

An unqualified board member introduces decision-making risks.

Imagine a board member who cannot interrogate complex financial or interpret hospital management reports.

Imagine a board member who is under the influence of powerful political actor (s).

Poor governance decisions can easily translate directly into patient harm, not just financial loss.

This can kill the staff morale and further erode public trust in public institutions.

What message are we even sending to the thousands of qualified, experienced and professional Kenyans?

This is not simply about one individual’s academic.

It is about whether critical public institutions are governed by capability, accountability, and integrity or patronage, optics, and discretion.

If left unaddressed, the real risk is not controversy, it is institutional decay masked as inclusivity.

23/04/2026

Can’t i-Tax handle all tax payers’ communication?

Digital transformation is redefining public finance management in Kenya and I think KRA is quite honestly performing fairly well on this.

However, communication features within i-Tax remain too basic, often limited to static notices or downloadable documents.

Taxpayers cannot get real time alerts and acknowledgement on the I-tax or live communication threads.

Is it a fair question to ask this- why can’t KRA fully leverage its i-Tax platform as the single source of truth for all taxpayer communications, instead of relying heavily on individual taxpayers' emails?

At face value, i-Tax appears rigorous enough to serve as a centralized communication hub.

I mean, it already houses taxpayer profiles, filings, assessments, and payment records.

What's the issue-Is it legal, operational, technological constraints, or tax payer’s behavioral challenges?

In tax administration, communication is not just about delivery, it is about proof.

Certain notices such as assessments, enforcement actions, objections etc. must meet legal thresholds for “service.”

How about we consider fully evolving to recognize i-Tax -based notifications alone as sufficient service in all circumstances?

Send a message to learn more

22/04/2026

Is this a new era for Internal Audit in Kenya?

Last week, I had the privilege of participating in a stakeholder forum to discuss the Proposed Internal Auditors Bill, a development that could significantly reshape the audit, risk, and governance landscape in Kenya.

The conversations were rich, occasionally contentious, but at the end of the day reflective of a profession at a crossroads.

Internal auditing has evolved far beyond the old school compliance checks.

Nowadays, Internal Auditors sit at the heart of governance systems, offering assurance on risk management, internal controls, and organizational integrity.

Despite this important role, the profession in Kenya has remained largely unregulated compared to other professions such as Accounting (ICPAK), Medical (KMPDC), Insurance (IRA), Human Resource (IHRM), Legal (LSK), Engineering practice (EBK) etc.

It is for this reason that the bill is being introduced to establish a formal regulatory framework, define qualifications, licensing and practice requirements, standardize professional conduct and ethics, enhance accountability and oversight and protect Internal Auditors.

I think this is long overdue especially considering the increased fraud cases, governance failures, politicks, weak internal controls, shoddiness etc. across both public and private sectors.

Strengthening the internal audit function is a necessity.

This an opportunity to strengthen a critical profession, improve governance standards, and restore trust in organizational systems.

The Institute of Internal Auditors (Kenya) has long advocated for greater professional recognition and standardization, aligning Kenya with global best practices and we must applaud them.

Please let us support this legislation.

21/04/2026

The growing link between betting and financial fraud

Shida was a reliable Accounts Assistant. For 5 years, he had built a reputation for accuracy, discipline, and trust. He handled daily cash reconciliations and occasionally stepped in to post customer receipts into the system.

His curiosity drove him into online betting and what started as harmless weekend entertainment on Sport-Pesa quickly became a daily routine.

At first, he won. Small amounts, but enough to create confidence. Enough to believe he understood the game.

Shida began placing bets during lunch breaks, then mid-morning, then late afternoons. His phone was always within reach. He justified it, “It is just extra income… everyone is doing it.”

Losses started creeping in. Nothing alarming, KES. 100, KES. 500 here, KES. 1,000 there. But over time, the losses exceeded his disposable income.

Still, he believed one thing, “I just need one good win to recover everything.”

Blunder!

By the third month, Shida was juggling, rent obligations, transport, a small mobile loan and growing betting losses.

His salary no longer stretched. He began borrowing from colleagues. Then requesting salary advances.

At work, nothing had changed, except everything had.

The pressure was no longer external. It was urgent and personal.

One evening during reconciliation, Shida noticed a KES. 8,000 cash surplus from delayed posting of receipts. It was a timing issue, one that would correct itself the next day.

He paused, then rationalized, “I will take it tonight, place a bet, win, and return it tomorrow morning. No one will ever know.”

He transferred the money to his M-Pesa account and placed multiple bets.

The next day, the system showed a variance. Instead of raising it, Shida adjusted the records, just slightly to mask the shortfall.

He told himself, “I will fix it next time.”

But “next time” required another bet. And another.

What began as a one-time “borrowing” became a pattern, small amounts taken, records adjusted and losses recovered through more risk.

Within weeks, the amounts increased from thousands to tens of thousands.

He began delaying posting of customer receipts deliberately.

He avoided taking leave.

He insisted on handling reconciliations alone.

Colleagues noticed changes such as irritability, constant phone use, defensive responses to simple questions. Interestingly, no one connected the dots.

It was not a whistleblower or even an audit that uncovered the truth but a routine system upgrade that flagged inconsistencies in historical postings.

An internal review uncovered repeated small adjustments, delayed reconciliations and missing funds totaling over KES. 1.2 million which Shida could not explain because by then, it was no longer about one mistake.

It was a cycle.

Shida lost his job and the company suffered financial losses.

Internal controls were overhauled, too late and management asked the familiar question, “How did we not see this coming?”

20/04/2026

What is the client paying for?

Benki Ltd outsources staff from Chapa Kazi Ltd which provides 50 employees.

Below is Chapa Kazi's monthly cost breakdown:

Gross salaries (50) staff KES. 5 Million
Employer NSSF KES. 300,000
Employer SHIF/ insurance KES. 200,000
Other staff costs (leave, admin) KES. 500,000
Management fee KES. 1 Million
Total invoice amount 7 Million

Chapa Kazi have been arguing that VAT only applies to the management fee (charging VAT @ 16% on the KES. 1 Million) and insisting that salaries are mere reimbursements.

Chapa Kazi Invoices Benki a total invoice of KES. 7,160,000 every month without fail.

This matter looks simple on paper, but believe you me not it has traversed through our courts.

As a matter of fact, the Tax Appeals Tribunal of Kenya upheld this position (In Stratostaff EA Ltd v Commissioner).

However, the High Court has recently disagreed with this stating that the entire KES. 7 Million is consideration for a taxable service and therefore VAT should be computed on it (VAT @ 16% of KES. 7 Million). Thus, the client should be invoiced KES. 8,120,000. (KES. 7 Million+KES. 1,120 Million).

The High Court explained that the client is not paying salaries directly to employees, the client is paying for a bundled service. In other words, salaries are part of the service cost and not a pass through.

For VAT purposes, the big question is, what is the client paying for?

The answer is simple-the client is paying for service of providing labour, not just reimbursing salaries.

Send a message to learn more

16/04/2026

In tax disputes, being right is not enough.

The CFO of a large manufacturing company in Nairobi, received an email from the KRA with the subject line, “Additional assessment and corporation tax and VAT."

By the time the CFO finished reading, his heart had sunk. The assessment ran into almost a billion.

Some of it made sense. Some minor VAT mismatches and a few disallowed expenses but a large portion, particularly on “unreported income,” was clearly off the mark.

The CFO did what many Finance Heads instinctively do, he pushed back.

“We are not paying this,” he told his team. “Let us object.”

Blunder!

The objection was filed within time. It was detailed, backed by schedules, reconciliations, and even Bank and M-Pesa statements. On substance, it was strong.

But in the rush to respond, one critical step was overlooked, no payment was made on the undisputed portion.

The CFO's reasoning was simple.

Why pay anything when the whole tax assessment is questionable?

Weeks later, KRA responded.

Not to the merits of the case, but to the process.

“Your objection has been deemed invalid for failure to settle the undisputed tax.”

Just like that, the entire assessment stood.

Within days, agency notices hit the company’s bank accounts.

Cash flow tightened overnight, lendors, suppliers began calling and the payroll was suddenly at risk.

The CFO sat in silence during the emergency board meeting. The numbers were no longer theoretical, they were immediate and unforgiving.

That is when the company decided to bring in a Tax Consultant.

The first question was blunt, “Did you pay the undisputed tax?” The CFO shook his head. The Consultant leaned back. “Then KRA never had to consider your argument.”

Under the Tax Procedures Act , the right not to pay disputed tax only exists if you first comply with the basics, including settling what you do not dispute.

“You were right on the technical issues,” the Consultant said. “But you lost on procedure.”

They moved quickly to regularize the position by paying the undisputed portion and applied for reinstatement of the objection.

This opened direct engagement with KRA and this time, the case was heard.

And as it turned out, the company’s position was largely correct. A significant portion of the disputed tax was vacated.

The final liability was reduced by more than half.

But the victory was bittersweet as the company had already incurred bank disruption costs from the agency notices, interest and penalties that had accumulated during the delay and the reputational strain with banks, suppliers and staff had taken a toll.

15/04/2026

The hidden cost of fraud investigation

Fraud is often quantified in financial terms such as lost revenue, stolen assets, or misstated accounts.
We forget that one of its most weighty and underappreciated impacts lies beyond the numbers.

The reality is that fraud diverts management’s attention and organizational resources.

Fraud investigations are inherently intensive. Once suspicions arise, management must shift focus from running the business to understanding what went wrong.

Senior Management and sometimes board members become deeply involved. Meetings multiply, priorities shift, and normal workflows are interrupted.

Strategic initiatives stall, decision-making slows, and opportunities may be missed. In competitive industries, even a short-term lapse in leadership focus can have lasting consequences.

Fraud investigations demand significant resources, both human and financial.
These resources are often reallocated from other critical functions such as process improvement, compliance monitoring, or innovation projects. The opportunity cost is significant.

The cost of an investigation can sometimes exceed the value of the fraud itself as organizations incur professional fees (if external investigators and consultants are involved).

There is also the legal cost and potential settlements, regulatory penalties and additional insurance premiums.

There are also the costs of implementing corrective controls post-investigation. When management attention is absorbed by crisis response, cost control in other areas may weaken, further compounding financial strain.

Fraud investigations create a reactive environment, forcing management into a defensive posture. This causes strategic projects such as expansion plans, digital transformation, market entry initiatives to either be delayed or deprioritized.

Over time, this can lead to strategic drift, where the organization loses alignment with its long-term goals. Competitors, unburdened by similar disruptions, may capitalize on this gap.

Fraud investigations also have a psychological and cultural impact. Employees may feel anxious, mistrustful, or disengaged. Productivity can decline as staff become preoccupied with uncertainty or internal scrutiny.

Management must spend additional time on communication, reassurance, and rebuilding trust further stretching leadership bandwidth.

Boards demand detailed updates during fraud investigations. While this oversight is essential, it increases reporting burdens on management. Time that could be spent on strategic governance discussions is instead consumed by investigative updates and remediation plans.

External stakeholders such investors, regulators, customers and other partners often require explanations and assurances.

Managing these relationships during a fraud investigation is both delicate and time-consuming.

Finally, reputational risk management becomes a priority, adding another layer of complexity to management responsibilities.

14/04/2026

Make no mistake-not all per diem is tax free

A Manager had always looked forward to out of town assignments. As a Senior Manager in Nairobi, travel meant more than just work as it came with a generous per diem that often felt like a quiet bonus or entertainment allowance on top of the salary.

Every month, without fail, the Manager seemed to be “on assignment.” Mombasa one week, Kisumu the next, Eldoret and so on at least on paper. The Manager’s pay-slip reflected substantial per diem payments, comfortably below the radar and, in his mind, completely tax-free.

One morning, an email from the Finance Department disrupted his routine. The company was undergoing a tax review following queries from the KRA. Supporting documents were required for all travel related payments made over the past year.

The Manager was not worried, until he started compiling the records.

It emerged that some trips had no ticket, hotel, food and drinks receipts, others had no clear travel approvals and a few… had never even happened.

Weeks later, the KRA findings were clear.

A significant portion of the per diem paid to several staff, including the Senior Manager, was reclassified as taxable income. The company faced hefty PAYE adjustments, penalties, and interest and internally, policies and procedures were tightened overnight.

As the Senior Manager reviewed his updated pay-slip, with back taxes deducted, he finally understood what had always been overlooked.

Per diem was not free money. It was only tax-free when it was real.

Per diem in Kenya is not naturally tax-free, it is conditionally exempt.

The rule of the thumb is this simple, if it is a genuine reimbursement, it is not taxable but if it resembles income, it will be taxed.

Additionally, per diem of upto KES. 10,000 per day is nontaxable (as it is treated as a reimbursement and must be properly supported or documented) while anything above KES. 10,000 is taxable under PAYE unless fully supported as a real or genuine expenditure.

We welcome your thoughts and feedback.

13/04/2026

Auditors must master the interplay between compliance and substantive testing

In auditing, one of the most important distinctions professionals must clearly understand is the difference between compliance testing and substantive testing.

Both are essential in forming an audit opinion, but they basically serve different purposes and are applied in different ways.

For Auditors (involved in internal audit, external audit, and regulatory reviews), confusing the two can lead to gaps in assurance or inefficient audit work.

Compliance testing (also known as tests of controls) focuses on evaluating whether an organization’s internal controls are properly designed and operating effectively.

It answers the question, “Are the rules, policies, and controls being followed consistently?”

For example, checking whether all payments are approved according to the delegation of authority, verifying that procurement follows the required tendering process, reviewing whether system access controls are enforced and confirming that reconciliations are prepared and reviewed timely.

Substantive testing on the hand focuses on verifying the accuracy and validity of financial information itself, regardless of whether controls exist or not.

It answers the question, “Are the numbers and transactions actually correct?”

For example, confirming receivable balances with customers, verifying bank balances directly with financial institutions, physically counting inventory, recalculating payroll figures and examining supporting documents for transactions.

In simple terms, compliance testing focuses on processes and procedures while substantive testing focuses on transactions and balances.

It is important to note that compliance and substantive testing are not substitutes but they complement each other.

If compliance testing shows that controls are effective, the Auditor can reduce the extent of substantive testing and vice versa.

The most common mistakes Auditors make is over-reliance on compliance testing and assuming that good controls automatically mean accurate financial data or ignoring weak controls and failing to increase substantive testing when controls are ineffective.

The other common mistake Auditors make is confusing documentation with evidence. A signed document (compliance) does not always prove a transaction is genuine (substance).

We welcome your thoughts and feedback.

09/04/2026

The Commissioner General’s exit-What went wrong?

The abrupt exit of the quiet but aggressive Commissioner General (CG) of the KRA marks yet another leadership disorder at one of Kenya’s most critical fiscal institution.

The board made a decision not to renew the CG’s contract and immediately send him on immediate terminal leave, even before the expiry of his tenure.

The sudden exit may be an indicator of misalignment between policy expectations and actual delivery, internal disagreements on enforcement strategies and governance or board-level strategic shifts. (netizens are jokingly speculatating that he refused a bribe).

This is not the first time KRA leadership has seen abrupt exits. Historically, CGs have rarely completed their terms smoothly, with resignations and non-renewals becoming a pattern.

It is important to note the KRA CG (though a political appointee) is not just a technocrat, but a central player in economic policy ex*****on.

This transition raises critical queries that go beyond personalities and into the structural integrity of tax administration in Kenya.

It will definately come with consequences on possible strategic discontinuity, investor and taxpayer uncertainty, internal restructuring, tax policy interpretation inconsistencies, change in compliance priorities, audit intensity priorities and so on.

The timing of the exit is particularly striking considering recent reports indicating that KRA had recently crossed the KES 2 Trillion mark in revenue collection.

Generally speaking, this implies strong operational performance, improved compliance enforcement and good progress in sealing tax leakages and one would struggle to understand why the CG had to go.

However, revenue shortfalls are still being experienced which can significantly have fiscal implications affecting borrowing, debt servicing and public expenditure.

Remember, Kenya’s fiscal landscape is defined by high public debt, expanding expenditure needs and pressure from lenders for revenue growth.

Since his appointment, Kenya has experienced frequent tax law changes, increased enforcement on an unexplained income and the expansion of the tax base-forget not the legal setbacks!

It is my sincere hope that the leadership change will signal a shift from “collection intensity” to “collection efficiency and sustainability” and I think the taxpayers need to know what really went wrong.