Category Overview
Risk Category:GOVERNANCE_LEGALSubcategories: 5
Weight: Equal (1/7 of overall risk score)
Scoring Summary
5 Subcategories
1. Legal Structure Risk
Indicator: Appropriateness and soundness of legal entity structure What drives this score:- Legal Registration: Formal registration status (company, partnership, sole proprietor)
- Ownership Clarity: Clear documentation of ownership and shareholding
- Shareholder Agreements: Existence of formal agreements governing ownership and decision-making
- Limited Liability: Protection of owners from business liabilities
- Structural Appropriateness: Whether legal structure matches business scale and needs
| Risk Level | Score | Criteria |
|---|---|---|
| LOW | 0-30 | • Registered company (Ltd, PLC) with clear ownership • Comprehensive shareholder agreement • Limited liability protection • Structure appropriate for scale (e.g., company for >KES 10M revenue) • All registration documents current |
| MODERATE | 31-60 | • Registered business (company, cooperative, or partnership) • Basic ownership documentation • Some liability protection • Structure mostly appropriate • Minor registration updates needed |
| HIGH | 61-80 | • Informal registration (sole proprietor) or partnership without agreement • Unclear ownership or disputes • No limited liability • Structure inappropriate for scale • Registration lapsed or incomplete |
| CRITICAL | 81-100 | • Unregistered or illegal operation • Ownership disputes or litigation • Owners exposed to unlimited liability • Structure creates major legal/tax risks • No legal documentation |
- Business registration certificates
- Shareholder agreements or partnership deeds
- Articles of association or bylaws
- Ownership structure diagram
2. Contract Management Risk
Indicator: Quality and enforceability of contracts with customers, suppliers, and partners What drives this score:- Contract Formalization: Percentage of key relationships governed by written contracts
- Contract Quality: Legal review, enforceability, and clarity of terms
- Contract Compliance: Adherence to contract terms by all parties
- Dispute Resolution: Mechanisms for resolving contract disputes
- Contract Monitoring: Systems to track obligations and renewals
| Risk Level | Score | Criteria |
|---|---|---|
| LOW | 0-30 | • All key relationships have written contracts (customers, suppliers, partners) • Contracts legally reviewed and enforceable • High compliance with terms (both parties) • Clear dispute resolution mechanisms • Contract management system in place |
| MODERATE | 31-60 | • Most key relationships have written contracts • Contracts drafted but not legally reviewed • Generally compliant with some delays • Informal dispute resolution • Manual contract tracking |
| HIGH | 61-80 | • Few written contracts (mostly verbal agreements) • Contracts poorly drafted or unenforceable • Frequent contract breaches • No dispute resolution process • No contract tracking |
| CRITICAL | 81-100 | • No written contracts • Verbal agreements with no documentation • Chronic breaches and disputes • Litigation over contract failures • Complete lack of contract management |
- Sample contracts (customer, supplier, partner)
- Contract compliance records
- Dispute history or resolution records
- Contract management system documentation
3. Intellectual Property Risk
Indicator: Protection and management of intellectual property assets What drives this score:- IP Identification: Awareness of IP assets (brands, formulas, varieties, processes)
- IP Protection: Trademarks, patents, copyrights, or trade secrets
- IP Enforcement: Ability to defend IP against infringement
- IP Risk: Exposure to infringing others’ IP
- IP Licensing: Proper licensing of third-party IP if used
| Risk Level | Score | Criteria |
|---|---|---|
| LOW | 0-30 | • Key IP identified (brand, varieties, processes) • IP formally protected (registered trademarks, patents) • Active enforcement against infringement • No IP infringement risk • Proper licensing of third-party IP |
| MODERATE | 31-60 | • Some IP identified • Partial protection (brand registered, but not all assets) • Occasional enforcement • Low IP infringement risk • Mostly compliant with third-party IP |
| HIGH | 61-80 | • IP not systematically identified • Minimal or no protection • No enforcement capability • Some risk of infringing others’ IP • Unlicensed use of third-party IP |
| CRITICAL | 81-100 | • No awareness of IP assets • No IP protection • IP regularly stolen or copied • Active infringement of others’ IP • IP litigation or cease-and-desist orders |
- Trademark registrations
- Patent or variety protection certificates
- Brand and IP management policies
- Licensing agreements for third-party IP
4. Regulatory Compliance Risk
Indicator: Adherence to industry-specific regulations and government requirements What drives this score:- Business Licenses: Valid business and operating licenses
- Sector Regulations: Compliance with agriculture, food safety, or environmental regulations
- Tax Compliance: Up-to-date tax filings and payments (VAT, corporate, PAYE)
- Labor Compliance: Adherence to employment laws (contracts, NSSF, NHIF)
- Regulatory Inspections: History of inspections and violations
| Risk Level | Score | Criteria |
|---|---|---|
| LOW | 0-30 | • All licenses and permits current • Full compliance with sector regulations (e.g., KEBS, PCPB) • Tax filings and payments up to date • Labor laws fully complied with • Clean inspection record |
| MODERATE | 31-60 | • Most licenses current, some renewals pending • Generally compliant with minor gaps • Tax mostly current with occasional delays • Mostly compliant labor practices • Minor violations corrected |
| HIGH | 61-80 | • Some licenses expired or missing • Significant regulatory gaps • Tax arrears or unfiled returns • Labor violations (informal workers, unpaid benefits) • Regulatory warnings or fines |
| CRITICAL | 81-100 | • Operating without licenses • Major regulatory violations (e.g., banned pesticides, food safety) • Tax evasion or fraud • Serious labor abuses • Regulatory sanctions, shutdowns, or prosecutions |
- Business licenses and permits
- Tax compliance certificates (KRA)
- Labor compliance records (NSSF, NHIF, contracts)
- Inspection reports or regulatory correspondence
5. Reporting & Transparency Risk
Indicator: Quality and timeliness of financial and operational reporting What drives this score:- Financial Reporting: Frequency and quality of financial statements
- External Audits: Independent audits of financial statements
- Reporting Standards: Compliance with accounting standards (e.g., IFRS for SMEs)
- Disclosure Transparency: Willingness to share information with stakeholders
- Record Keeping: Quality of financial and operational records
| Risk Level | Score | Criteria |
|---|---|---|
| LOW | 0-30 | • Audited financial statements (annual) • Compliance with accounting standards • Timely reporting (monthly or quarterly) • Full transparency with stakeholders • Comprehensive record keeping |
| MODERATE | 31-60 | • Management accounts (not audited) • Partial compliance with standards • Periodic reporting (quarterly or annual) • Moderate transparency • Adequate record keeping |
| HIGH | 61-80 | • Informal financial records • No accounting standards • Infrequent or no reporting • Low transparency (opaque to stakeholders) • Poor record keeping |
| CRITICAL | 81-100 | • No financial reporting • No accounting system • Refuses to disclose financial information • Complete lack of transparency • No records or lost records |
- Financial statements (audited or management accounts)
- External audit reports
- Accounting system documentation
- Reporting schedules and samples
Risk Mitigation Strategies
Legal Structure Formalization
Legal Structure Formalization
- Register business as appropriate legal entity (company, cooperative)
- Draft shareholder agreements to clarify ownership and governance
- Update registration documents to current status
- Consult legal advisor on optimal structure for scale and sector
- Ensure limited liability protection for owners
Contract Management Improvement
Contract Management Improvement
- Formalize all key relationships with written contracts
- Have contracts legally reviewed before signing
- Implement contract management system (tracking, alerts)
- Establish dispute resolution mechanisms (arbitration clauses)
- Train staff on contract compliance
Intellectual Property Protection
Intellectual Property Protection
- Identify and inventory all IP assets
- Register trademarks and brands with KIPI (Kenya IP Institute)
- Protect plant varieties or product formulations
- Monitor for IP infringement and enforce rights
- Ensure proper licensing of third-party IP
Regulatory Compliance Enhancement
Regulatory Compliance Enhancement
- Renew all licenses and permits
- Conduct compliance audit across all regulatory areas
- Clear tax arrears and regularize filings
- Formalize employment contracts and benefits
- Respond promptly to regulatory inspections
Reporting & Transparency Strengthening
Reporting & Transparency Strengthening
- Implement proper accounting system (e.g., QuickBooks, Zoho)
- Conduct annual external audits
- Adopt accounting standards (IFRS for SMEs)
- Establish regular reporting schedules
- Improve record keeping and documentation
Data Sources
Governance & Legal Risk analysis draws from:- Legal Documents: Registration certificates, shareholder agreements, licenses
- Contracts: Sample customer, supplier, and partner agreements
- Compliance Records: Tax certificates, labor compliance, inspection reports
- Financial Reports: Audited statements or management accounts
- Guided Interview: Management’s legal awareness and compliance practices
Related Documentation
- Risk Model Overview
- Behavioral Risk - Governance and ethics overlap
- Financial Risk - Financial reporting quality