April 2026 Governance and Compliance Audit Past Paper Answers

Description

CERTIFIED SECRETARIES (CS) ADVANCED LEVEL
GOVERNANCE AND COMPLIANCE AUDIT

TUESDAY: 21 April 2026. Morning Paper. Time Allowed: 3 hours.
This paper consists of five (5) questions. Question one is a case study. Answer ALL questions. Marks allocated to each question are shown at the end of the question. Do NOT write anything on this paper.

QUESTION ONE
KISIWA INFRASTRUCTURE DEVELOPMENT AUTHORITY (KIDA)

Kisiwa Infrastructure Development Authority (KIDA) is a semi-autonomous government agency established in 2016 to coordinate the planning, financing and implementation of large-scale infrastructure projects in three coastal counties. Its mandate includes road development, port infrastructure upgrades, renewable energy facilities and public transport modernisation. The Authority is funded through a combination of national government allocations, donor funding and internally generated revenues from infrastructure usage fees.

KIDA is governed by a Board of Directors composed of twelve members appointed by the Cabinet Secretary responsible for infrastructure. The Board consists of a non-executive Chairperson, eight non-executive directors representing various stakeholder interests, the Principal Secretary from the parent ministry and two executive directors including the Chief Executive Officer (CEO) and the Director of Finance. The Board is expected to meet quarterly to provide strategic oversight, approve major projects and ensure compliance with governance frameworks applicable to public entities. The Board has formally established four committees, namely; Audit and Risk Committee, Finance and Investment Commit tee, Human Resource and Remuneration Committee and Governance and Ethics Committee.

However, internal records indicate that while these committees exist on paper, they rarely meet. Over the last two financial years, the Audit and Risk Committee only convened once despitemultiple audit issues raised by internal and external stake holders.
Board attendance records show that several directors have consistently missed meetings. In the last financial year, three directors attended fewer than half of the scheduled board meetings. Meeting minutes also indicate that most decisions are heavily influenced by the CEO with limited challenge or independent scrutiny from non-executive directors.
KIDA has experienced significant financial growth due to increased government investment in infrastructure. The Authority’s financial statements for the last three years show the following trends:

Despite this growth, financial management concerns have emerged. A recent internal audit report noted that procurement processes for several road construction contracts worth approximately Sh.1.1 Billion were not supported by complete documentation. In some cases, procurement approvals were signed after contracts had already been awarded.
Additionally, the Authority has accumulated pending bills amounting to Sh.420 million due to delays in project payments and weak contract monitoring mechanisms.

KIDA is required to comply with several regulatory frameworks including the Companies Act, Public Finance Management regulations, Public Procurement Laws, Data Protection Legislation and Corporate Governance Codes applicable to public entities.
However, an internal governance review conducted by the Ministry revealed several compliance gaps including:

• Absence of a comprehensive compliance management framework.
• Failure to maintain a compliance register tracking statutory obligations.
• Inconsistent filing of statutory returns with regulatory authorities.
• Lack of documented conflict-of-interest declarations by board members.
• Absence of formal board performance evaluations.
Further concerns were raised regarding data protection practices. KIDA maintains large databases containing contractor information, employee records and project data. However, the organisation has not appointed a formal data protection officer and has not conducted a data protection impact assessment.

KIDA’s projects have attracted significant public attention due to their economic impact. However, community groups and civil society organisations have criticised the Authority for lack of transparency in project implementation. Several infrastructure projects have experienced delays, yet stakeholders claim that the Authority rarely publishes detailed project progress reports. Communication between the Authority and local communities affected by infrastructure developm ent has been limited. A donor agency funding one of KIDA’s renewable energy projects recently requested evidence that the Authority complies with international governance and accountability standards before releasing the next tranche of funding worth Sh.600 million.
In response to growing concerns, the Board resolved to appoint an independent Governance Auditor to conduct a comprehensive governance and compliance audit. The purpose of the audit is to evaluate the adequacy of governance structures, systems and processes within the Authority and determine whether they align with applicable laws, regulations and governance best practices.
During preliminary discussions with management, the Governance Auditor identified several areas requiring review, including:
• Effectiveness of board oversight and independence.
• Functionality of board committees.
• Adequacy of compliance monitoring systems.
• Procurement governance and contract oversight.
• Stakeholder engagement and transparency mechanisms.
• Internal governance reporting systems.
The Governance Auditor must design an audit strategy, develop governance audit tools and checklists, conduct interviews with board members and senior management, review financial and governance documentation and prepare an independent governance audit report expressing an opinion on the adequacy of governance practices within KIDA.
Required:
(a) Explain FIVE objectives of conducting a governance and compliance audit in KIDA. (10 marks)

(b) an appropriate governance and compliance audit strategy for KIDA. (10 marks)
(c) Analyse FIVE implications of governance weaknesses evident in KIDA. (10 marks)

(d) a governance self-evaluation tool in the form of a checklist with FIVE specific performance indicators that KIDA’s Board could adopt to assess its own performance and that of its committees. (10 marks)
(Total: 40 marks)

QUESTION TWO
(a) Explain the following concepts used in governance and compliance auditing:
(i) Assurance engagement. (1 mark)

(ii) Direct reporting engagement. (1 mark)

(iii) Attestation engagement. (1 mark)
(iv) Reasonable assurance. (1 mark)

(v) Limited assurance. (1 mark)

(b) Discuss FIVE ethical principles that should guide a governance auditor when conducting an audit assignment.
(10 marks)
(Total: 15 marks)

QUESTION THREE
(a) Identify FIVE elements that should be included in the terms of reference for a governance and compliance audit engagement. (5 marks)
(b) Outline FIVE initial considerations when planning a governance and compliance audit. (5 marks)

(c) A professional audit firm is undergoing a peer review process to evaluate its compliance with professional standards. Explain FIVE stages that would be followed in the peer review mechanism. (5marks) (Total: 15 marks)

QUESTION FOUR
(a) Describe FIVE professional liabilities of a governance auditor. (5 marks)
(b) Distinguish between governance audit and compliance audit. (5 marks)

(c) A governance and compliance audit of an organisation was completed on 31 December 2025. However, in January 2026, the organisation discovered significant non-compliance with regulatory requirements that existed before the audit report was issued. Discuss FIVE guidelines the auditor would follow in handling such subsequent events.
(5 marks)
(Total: 15 marks)

QUESTION FIVE
(a) An institution is applying for the “Corporate Governance Gala Award” in your country. Using FIVE parameters evaluated in this award, explain how the institution would be assessed. (5 marks)
(b) During a compliance audit, the auditor was unable to obtain sufficient evidence to form an opinion and therefore issued a disclaimer of opinion. Explain FIVE possible consequences of this type of audit report. (5 marks)

(c) A governance and compliance audit revealed several weaknesses in an organisation’s internal control system and made various recommendations for improvement. Discuss FIVE implementation strategies that management should adopt to ensure the recommendations are effectively implemented. (5 marks) (Total: 15 marks)
………………………………………………………………………………………