Governance and Compliance Audit notes

Governance and secretarial Audit pdf notes

SomeaKenya provides Updated and Revised notes for the current CPA syllabus. Revision kits (Past papers with answers) are also available to help you with revision of the upcoming exams. you can get these materials in Hardcopies (Printed and Binded) and also Softcopies through Our mobile application which can be downloaded at Playstore.

Topics covered




This paper is intended to equip the candidate with knowledge, skills and attitudes that will enable him/her to effectively plan and conduct a governance and compliance audit.


A candidate who passes this paper should be able to:

  • Identify the objectives and scope of governance and compliance audits
  • Design and implement a governance and compliance audit strategy
  • Prepare and interpret various governance and compliance audit reports
  • Analyse the various checklists/work sheets for governance and compliance audits
  • Design self-evaluation tools
  • Draft audit report and audit opinion


  1. Basic concepts and elements in auditing

1.1       Auditing

1.2       Assessment

1.3       Monitoring

1.4       Assurance engagement

1.5       Non-assurance engagement

1.6       Reasonable assurance

1.7       Limited assurance

1.8       Direct reporting engagement

1.9       Attestation engagement

1.10    Compilation engagements

1.11    Assurance reports

1.12    Direct reporting

1.13    Authorities and criteria

1.14    Assertions and audit

1.15    Internal audit

1.16    Statutory audit

1.17    Legal audits

1.18    Governance audit

  1. Governance and compliance risks

2.1       Identifying, managing and monitoring governance and compliance risks

2.2       Impact of non-compliance: Legal impact, Business impact, Reputational impact

2.3       Role of ethics and compliance officers

2.4       Identify, prioritise, and assign accountability for managing existing or potential threats related to noncompliance or ethical misconduct

2.6       Identifying laws and regulations with which the organisation is required to comply in all jurisdictions where it conducts business, as well as critical organisational policies

  1. Introduction to governance and compliance audit

3.1       General principles of governance of governance and compliance audit

3.2       The nature and purpose of governance audit

3.3       The nature and purpose of compliance audit

3.4       Types and timing of governance and compliance audits

3.5       Users of governance and compliance audit information and their respective needs

3.6       Qualities of good governance and compliance audit

3.7       The Challenges of governance and compliance Auditing

3.8       Governance and compliance audit in the digital era

  1. Legal, regulatory and professional and ethical considerations

4.1       Legal requirements on governance and compliance audit for different types of legal entities

4.2       Codes of governance as issued by ICS and different industry regulators

4.3       Regulatory framework of governance and compliance audit industry regulators

4.4       Governance and compliance audit standards by ICS

4.5       Code of ethics for Certified Secretaries

4.6       Auditors’ authority, professional liability and legal responsibilities

4.7       Professional objectivity, professional skepticism and professional judgment

4.8       The role of ICS in governance and compliance auditing

4.9       Ethics & integrity as a compliance issue

  1. Engagement and appointment

5.1       Designing terms of reference

5.2       Designing scope of work and request for proposal

5.3       Tendering and procuring audit services

5.4       Designing proposal

5.5       Qualification requirements

5.6       Negotiating fees amount, structure and timelines

5.7       Acceptance and professional appointments

5.8       Award and execution of contract

5.9       Inception report

  1. Planning for a governance and compliance audit

6.1       Initial considerations for planning

6.2       Planning process with timelines

6.3       Materiality at planning stage

6.4       Determine audit objective and scope

6.5       Determine the key governance and compliance parameters

6.6       Determining the level of assurance

6.7       Identifying subject matter and criteria

6.8       Understanding the entity and its environment

6.9       Developing audit strategy

6.10     Assessing audit risk, threats and safeguards

6.11     Developing audit plan, programme and procedures

6.12     Preparation of audit working papers

6.13     Developing governance compliance matrix

6.14     Governance and compliance audit checklist

6.15     Quality control

6.16     The audit team

 Documentation and Communication

7.1       Documentation in governance and compliance audit

7.2       Communication between auditor and client organisation

  1. Conduct of governance and compliance audit

8.1       Inception meeting for clarification and/or understanding of key contact persons, scope, process, timelines, schedule, logistics, operating environment and areas of emphasis

8.2       Reviewing the compliance, governance and internal control systems

8.3       Group governance and compliance audits

8.4       Assessing compliance with the Constitution, applicable laws, rules, regulations, international treaties, international agreements, codes of conduct and internal policies

8.5       Coordination in the conduct of governance and compliance audit

8.6       Role of in-house corporate secretary, internal auditor, external auditor, legal auditor, audit committee, regulatory oversight bodies and other governance assurance functions

8.7       Process of governance and compliance audit

8.8       The governance and compliance audit cycle

8.9       Governance and compliance audit tools

8.10     Use of technology

8.11     Scoring methodology

8.12     Data analysis

  1. Gathering audit evidence

9.1       Nature and sources of audit evidence

9.2       Types of audit evidence

9.3       Evidence gathering techniques

9.4       Data collection instruments

9.5       Document checklists/list of documents to be provided by client for review by the auditor

9.6       Literature review

9.7       Questionnaire/survey or confidential discussions with select members of the board and senior management using a structured format

9.8       Site visits

9.9       Limitations in gathering audit evidence

9.10     Types of audit tests

9.11     Audit sampling

9.12     Using the work of experts

9.13     Using reports of board evaluation and other internal governance assessments.

9.14     Methods and techniques of auditing high risk areas

9.15     Data analysis

9.16     Evaluating of evidence and forming conclusions

  1. Reporting governance and compliance audit

10.1     Purpose and users of auditor’s report

10.2     Types, contents, elements and structures of auditors’ report

10.3     Governance and compliance audit opinion

10.4     Consequences of various audit reports and opinions

10.5     Reporting of suspected unlawful and/or unethical acts

10.6     Conclusions/opinions in governance and compliance audit

10.7     Reports to those charged with governance

10.8     Governance and compliance report on the annual report

10.9     Interim, final and abridged versions of governance and compliance reports

10.11  Submission, presentation and /or filing of audit report

10.12  Closure of the audit assignment

10.13  Audit follow up

  1. Implementing audit recommendations

11.1     Implementation strategies

11.2     Formulating an action plan and compliance matrix

11.3     Role of the Board in implementing the action plan

11.4     Monitoring, evaluating, tracking progress and embedding recommendations/ decisions arising from the audit.

  1. Post governance and compliance audit

12.1     Nature and scope of subsequent events

12.2     General guidelines on subsequent events

  1. Peer review mechanism

13.1     Purpose, scope and types of peer review

13.2     Responsibilities of parties in peer review

13.3     Peer review mechanism stages

13.4     Quality management and assurance measures

13.5     Confidentiality requirements

  1. Governance Awards in practice

14.1.1 The ICS Governance Awards, other regional governance awards

14.1.2 Parameters evaluated in the governance awards

14.1.3 Award evaluation tool and scoring

Governance Index


Written by 

One thought on “Governance and Compliance Audit notes”

Leave a Reply

Your email address will not be published. Required fields are marked *