Internal Audit & Risk Advisory | Mbiyu Muhia & Associates
Internal Audit & Risk Advisory

Internal Audit & Risk Advisory

Strengthen governance, detect weaknesses before they become losses, and build an organisation that regulators and stakeholders can trust — with Kenya's experienced internal audit professionals.

Request an Audit Learn More
20+Years Risk Experience
IIAStandards Compliant
100%Independent Reviews
NGOsSACCOs, SMEs & Corporates
Risk advisory meeting
About This Service

Your First Line of Defence Against Fraud, Waste & Non-Compliance

Internal controls are what stand between your organisation and financial loss. Our risk-based methodology identifies your highest-exposure areas first — then delivers practical, actionable recommendations your team can actually implement.

  • Risk-based internal audit plans tailored to your organisation
  • Internal control reviews across finance, procurement and operations
  • Fraud risk assessment and prevention frameworks
  • Outsourced internal audit function for SMEs, NGOs and SACCOs
  • Board and Audit Committee reporting and support
  • Findings mapped to IIA standards and Kenyan regulatory requirements
Request a Risk Assessment
What's Included

Our Internal Audit & Risk Services

A complete internal audit function — whether you need a single targeted review or an ongoing outsourced partnership.

Risk-Based Audit Planning

We identify your highest-risk areas through a structured risk assessment and build an annual audit plan that prioritises where it matters most — saving time and maximising impact.

Internal Control Reviews

Systematic evaluation of your financial, operational and IT controls — identifying gaps and design flaws before external auditors or fraudsters find them first.

Fraud Risk Assessment

Identification of fraud schemes relevant to your organisation, assessment of existing anti-fraud controls and design of prevention and detection mechanisms.

Forensic Investigations

Investigation of suspected fraud, misappropriation or financial irregularities — with documented findings suitable for disciplinary action or legal proceedings.

Operational Audits

Reviews of key processes — procurement, inventory, payroll, revenue collection — to identify inefficiencies, compliance gaps and cost-saving opportunities.

Procurement & Supply Chain Audit

End-to-end review of your procurement cycle from requisition to payment — checking for compliance, value-for-money and conflicts of interest.

Outsourced Internal Audit

A fully managed internal audit function for organisations that don't have an in-house team — delivering all the benefits at a fraction of the cost of a full-time hire.

Board & Audit Committee Support

Attendance at Audit Committee meetings, presentation of findings, governance advisory and support for board-level risk oversight responsibilities.

Risk Coverage

Risk Areas We Assess

We evaluate risk across all dimensions of your organisation — not just finances.

High Priority

Financial Risk

Cash handling, bank reconciliation, financial reporting accuracy and misstatement risk across all accounts and ledgers.

High Priority

Fraud & Corruption

Segregation of duties, collusion risk, ghost workers, inflated procurement and diversion of funds from intended use.

Medium Priority

Compliance Risk

Tax obligations, labour laws, regulatory filings, donor conditions and sector-specific compliance requirements in Kenya.

Medium Priority

Operational Risk

Process breakdowns, inadequate documentation, system failures and over-reliance on key individuals within the organisation.

Medium Priority

IT & Data Risk

System access controls, data integrity, cybersecurity posture and accounting software configuration risks.

Lower Priority

Reputational Risk

Governance failures, disclosure weaknesses and control breakdowns that could damage stakeholder and donor trust.

Our Approach

How We Conduct an Internal Audit

A structured, risk-based methodology that minimises disruption and maximises value delivered.

1

Risk Assessment & Planning

Understand your organisation, identify risk areas and agree audit scope.

2

Fieldwork & Testing

Document controls, test transactions and gather evidence on-site.

3

Draft Report

Findings shared with management for factual accuracy and response.

4

Final Report Issued

Comprehensive report with risk ratings, root causes and actions.

5

Follow-Up Review

We verify that agreed management actions have been implemented.

Why MMA for Internal Audit & Risk?

We bring the rigour of a large firm with the personal service of a boutique practice. Based in Thika, our team has conducted internal audits across manufacturing, agriculture, NGOs, SACCOs and public-sector entities throughout Murang'a, Kiambu and Nairobi counties.

About Our Firm
  • Truly Independent — No conflicts of interest; we report only to your Board and Audit Committee
  • Practical Recommendations — Findings your team can act on, not theoretical checklists
  • Fast Turnaround — Draft reports within 10 working days of fieldwork completion
  • Strict Confidentiality — All findings handled with complete professional discretion
Common Questions

Frequently Asked Questions

Is an internal audit different from a statutory audit?
Yes. A statutory audit is an independent examination of your financial statements for regulatory and shareholder purposes. An internal audit is an ongoing evaluation of controls, processes and risk management to improve operations. Both are important but serve different purposes and audiences.
Do small businesses need internal audit?
Absolutely. Smaller organisations are often at higher risk because controls are less formalised and oversight is limited. Even a single engagement can identify improvements that save far more than the cost of the audit. Our services are scaled and priced appropriately for SMEs.
Can you investigate suspected fraud in my organisation?
Yes. We conduct forensic investigations into suspected fraud, theft or financial irregularities with findings documented to a standard suitable for HR disciplinary processes or police reports, while maintaining strict confidentiality throughout.
How often should we conduct internal audits?
Best practice for medium-sized organisations is quarterly internal audits with an annual comprehensive risk assessment. For NGOs and donor-funded projects, your grant agreement may specify audit frequency. Smaller businesses often start with one annual audit and increase frequency as they grow.
What is an outsourced internal audit function?
Instead of hiring an in-house internal auditor, you contract MMA to perform all internal audit activities for an agreed annual fee. You get senior-level expertise, full IIA-compliant methodology and Board reporting — typically at 30–50% of the cost of an in-house hire including benefits and overhead.

Is Your Organisation Truly Protected?

Don't wait for a fraud incident or a failed audit to find out. Let our team assess your risk exposure today.

Request a Risk Assessment Talk to an Auditor