I & M Bank House 3rd Floor, 2nd Ngong Avenue

Governance, Risk Management, & Compliance (GRC)

Governance, risk management, and compliance (GRC) is a corporate management system that incorporates these three crucial functions into the processes of every department within an organization.

The main goal of GRC is to reduce risks, costs and duplication of effort. It is a strategy that necessitates organization-wide cooperation to produce outcomes that adhere to internal standards and procedures established for each of the three core functions.

Governance/ Corporate Governance

Good corporate governance is essential for Businesses as it creates transparent rules and controls, provides guidance to leadership, and aligns the interests of shareholders, directors, management, and employees.

In order to demonstrate excellent governance, the appropriate framework of guidelines, processes, procedures, and accountability systems must be established.

At Bellmac, we assist you to develop a cutting-edge governance structure that is efficient and apply GRC technologies to keep you on track as you accomplish your objectives.

Risk Management/ Enterprise Risk Management

The goal of the enterprise risk management program is to secure value while optimizing risk profile and achieving company objectives. Prioritizing stakeholder expectations and providing them with accurate information are both parts of this process.

We provide managed services, consultancy, risk culture and business continuity assessments, as well as advice on the full range of risk management.

Compliance/ Corporate Compliance

Regulatory compliance failures can lead to enormous financial loss and severe reputational damage. Organizations must adhere to rules, policies, standards, and laws set forth by industries and/or government agencies and be prepared to keep up with regulatory and ethical changes, ensure compliance in a cost-effective manner, and respond to risks or incidents.

Bellmac offers a full spectrum of integrated control, compliance, and certification solutions across all sectors. We offer you Advice and support on a wide range of Regulatory Compliance and Registration issues relating to Kenya Revenue Authority, National Social Security Fund, National Hospital Insurance Fund, Kenya Investment Authority, Communications Authority, Betting Control and Licensing Board, Energy Regulatory Commission, Export Promotion Council, Kenya Bureau of Standards, National Environment Management Authority, Sacco Societies Regulatory Authority and the Tourism Regulatory Authority.

Our Governance, Risk Management, and Compliance (GRC) Services include:

1. Legal & Compliance Audit

The primary goal of a legal and Compliance Audit is to ensure an organization complies with the Law. The Audit will reveal whether or not the organization being audited is aware of certain pertinent laws and whether or not they are being complied with.

Legal and Compliance Audits are advantageous for businesses of all sizes across all industries. Non-compliance with the applicable laws and regulations may result in severe penalties and fines. We provide support on the entire range of corporate activities including:

Our Legal and Compliance Audits

Each industry has different requirements, but primarily our Legal and Compliance Audits are performed on the following legal matters:

  • Statutory Law Compliance – This audit assists in identifying the strength of compliance of the organization’s policies, operating and risk management procedures to the applicable legal and regulatory framework.
  • Employment and Labour Laws Compliance. The preservation of Employee rights is an area of compliance that is most closely examined. The Department of Labor regularly audits businesses to make sure they are abiding by the relevant laws and guidelines.
  • Data Security requirements compliance– A company that keeps private customer information is legally obligated to keep it secure from theft and misuse. A compliance audit would determine whether or not a company takes extra precautions to keep the information private and from being misused, as well as whether it employs appropriate, modern communication software and hardware with the most recent password security.
  • Compliance Checklists and Compliance Reports– We draft compliance checklists to be used to monitor legal compliance and compliance reports which includes recommendations and proposals on the corrective measures to address areas of non-compliance discovered during Legal and Compliance Audits.
  • Regulatory Health Checks– Regulatory Health Regulatory Health Checks aim to provide reasonable security that your business has compliance controls in place to assist mitigate risk Failure and compliance with applicable rules and regulations. Controls may include: Documentation of policies and procedures, training, organization, etc. Structure, management information, self-management, verifications or approvals. Our regulatory health checks involves checking for:
    • Staff Awareness and Compliance with the latest laws, guidelines and regulations.
    • Effectiveness of the regulatory compliance controls.
    • Identification and addressing of Non-compliance.
  • Training on compliance issues- We offer training on compliance issues for the Business and its employees.

2. Corporate Governance Audit

Strong corporate governance is the foundation of a safe and sound business. An effective governance framework supports profitability, competitiveness, and resilience to changing economic and market conditions by incorporating objectives, policies, and risk limits appropriate to the size, complexity, and risk profile of organization.

The Board of Directors are responsible for providing a clear governance framework and overseeing its compliance by employees.

The Firm has accredited Governance Auditors who conduct governance audits for statutory bodies, Government bodies, NGO’s and private companies whilst combining benchmarking knowledge and experience with organizational knowledge to ensure your business runs successfully.

Our Corporate Governance Audits

  • We Audit the following parameters: The Board of Directors, Ethical Leadership and Corporate Citizenship, Accountability, Risk Management and Internal Control, Transparency and disclosure, Shareholder Rights and obligations, Stakeholder Relationships, Compliance with Laws and Regulations and Sustainability and Performance Management.
  • We draft Governance reports that identify governance gaps with recommendations to address the gaps identified.
  • We assist to develop and review policies, procedures and technical safeguards to enhance governance.
  • Board Workshops and Trainings on Corporate Governance- We offer Board trainings and workshops on Corporate Governance.

3. Bellmac Social & Ethical Audits

Companies are facing greater responsibility for all aspects of their value chains. Compliance with laws, international standards, and best practices is crucial in demonstrating the social and ethical impact of their products and services. In addition, the fair treatment of workers is becoming increasingly regulated and is viewed by consumers as an important aspect of product quality.

Our social and ethical audit service is designed to help companies evaluate and improve their social performance, ethical practices and compliance with relevant laws and regulations.

We provide a comprehensive assessment of your Company’s policies, procedures, and operations to identify potential risks and opportunities for improvement.

Our team of experienced auditors follows a rigorous process to ensure that all relevant areas are covered, including but not limited to, contracts, environmental, social risk, community, corporate governance, financial reporting, data privacy, anti-corruption, and human rights.

Our Social and Ethical Audits

  • Customized Approach: We recognize that each Company has unique needs and challenges, and therefore, we tailor our audit approach to fit your specific requirements. We work closely with you to understand your business operations, goals, and values to ensure that our audit is relevant and effective.
  •  Comprehensive Assessments: Our audit covers a broad range of areas that impact your Company’s social and ethical practices. Our audit includes a review of your contracts, environmental, social risk, community, corporate governance, financial reporting, data privacy, anti-corruption, and human rights practices.
  • Experienced Auditors: Our team of auditors has extensive experience in conducting Social and ethical audits for companies of all sizes and across various industries. Our auditors are highly trained and have a deep understanding of social and ethical practices, laws, and regulations that apply to businesses.
  • Actionable Recommendations: After completing the audit, we provide you with a detailed report that includes actionable recommendations to improve your Company’s social and ethical practices. Our recommendations are specific and practical, taking into account the unique needs and challenges of your business.
  • Follow-Up Support: We understand that implementing changes can be challenging, and therefore, we provide follow-up support to help you successfully implement our recommendations. Our team of experts are available to answer any questions and provide guidance as needed.

Audit Areas

Social and ethical audits generally involve a review of a Company’s policies, procedures, and practices related to social performance, ethical behavior and compliance with applicable laws and regulations. Key audit areas in social ethical audits include:

  1. Economic – The Audit assesses the costs and benefits of a project or practice, analyzing resource allocation and the impact on community development, healthcare infrastructure, and housing needs in impoverished areas.
  2. Environmental – The Audit considers the environmental impact of a project or practice, including potential pollution of soil, water, or air and its effect on human health. A social audit in this area examines the project’s responsible execution.
  3. Social risk – The Audit assesses the risk of negative consequences, such as protests, violence, litigation, or criminal activities, and examines specific impacts on marginalized groups, such as indigenous peoples, women, children, and migrants.
  4. Community –The Audit Examines community-based projects that offer services or employment to residents in a specific area and empowers communities to take ownership of these opportunities.
  5. Human Rights- The Audit conducts checks for human rights abuses in certain areas, including child labor, freedom of association and assembly, freedom from discrimination, and indigenous people’s rights.
  6. Contracts – The Audit evaluates a project’s impact on individuals under contract with a company, assessing fair pay, humane treatment, and accessibility to medical treatment if injured on the job.
  7. Governance and Board Oversight: The effectiveness of the board of directors and its role in setting the tone at the top of the organization is a critical area of review in ethical audits. The audit assesses the board’s composition, independence, and decision-making processes related to ethical and compliance matters.
  8. Code of Conduct and Ethics: The code of conduct and ethics is the primary document that sets out a Company’s expectations for ethical behavior. The audit reviews the adequacy of the code of conduct and ethics and assess whether it is effectively communicated and understood by employees.
  9. Risk Management: The audit assesses the Company’s risk management processes related to ethical and compliance matters, including the identification, assessment, and mitigation of risks.
  10. Whistleblower Program: The audit assesses the effectiveness of the Company’s whistleblower program, including the policies and procedures for reporting and investigating allegations of ethical or legal violations.
  11. Vendor and Supplier Management: The audit assesses the Company’s vendor and supplier management processes, including due diligence and monitoring procedures, to ensure that the Company is not working with unethical or non-compliant partners.
  12. Employee Training and Communication: The audit assesses the effectiveness of the Company’s employee training and communication programs related to ethical behavior and compliance with applicable laws and regulations.

Key Steps in Our Social and Ethical Audits

At Bellmac, ensuring that our clients have a strong social performance, ethical culture and commitment to ethical conduct is a critical component of our services. To achieve this, we undertake the following key steps in our Social and Ethical Audits:

  • Records of charitable contributions: We examine records of charitable contributions this includes information about the organization’s donations to charitable causes, as well as its involvement in philanthropic activities.
  • Volunteer events: This involves examining the organization’s involvement in community service and volunteer work, such as organizing and participating in local events.
  • Transparency within the organization: This includes an assessment of the organization’s communication and decision-making processes to ensure that they are open and transparent.
  • Work Environment: This involves an examination of the organization’s policies and practices related to employee safety, health, and well-being.
  • Salaries and wages of the workforce
    This involves an assessment of the organization’s compensation policies to ensure that they are fair and equitable.
  • Community initiatives
    This includes an assessment of the organization’s efforts to engage with and support the communities in which it operates.
  • Diversity in the workplace
    This involves an examination of the organization’s policies and practices related to diversity and inclusion, including its hiring practices and employee training programs.
  • Accounting and Financial Transparency
    This involves an assessment of the organization’s financial reporting practices to ensure that they are accurate and transparent.
  • Company Values
    We examine whether the organization has clearly stated values to establish its culture of ethics and compliance. Values that shape a Company’s ethical culture through daily work practice which can include: integrity, respect, diversity, safety, conscientiousness, creativity.
  • Code of Ethics and Conduct
    We assess the following:

    • Whether the Company values identified above are reflected in the code of ethics that governs decision-making and behavior.
    • Whether The Code of Conduct is aligned with the code of ethics and provides guidelines for ethics and compliance risk areas.
    • Whether the code of conduct provides direction to employees on how to apply the code of ethics to specific issues that are relevant to the Company. For instance, if an employee is working in a foreign country, the code of conduct should offer guidance on complying with the relevant laws and regulations including Foreign Corrupt Practices Act rules regarding gifts, gratuities, and entertainment.
    • Whether the Company has effectively communicated the Code of Conduct to all employees, directors, and agents.
    • What the Company is doing to ensure that employees understand the Code of Conduct and are familiar with its requirements.
    • The effectiveness of the employee code of conduct training in ensuring that employees understand its requirements. The ultimate goal is to ensure that the code of ethics and code of conduct are not just words on paper, but are understood and internalized by employees in their daily work experience.
  • Risk Assessment
    After reviewing the Code of Ethics and Conduct guidelines, we conduct a Risk Assessment to identify potential risks and compliance issues, taking into account changes in the business environment, including changes in laws and regulations. We assess risks related to specific business practices, such as anti-kickback and anti-bribery policies, as well as broader issues related to the protection of Company assets and the prevention of harassment.
    The risk assessment is conducted for each business unit and is tailored to the specific risks and compliance issues faced by that unit. The results of the risk assessment are used to develop effective risk management strategies, including policies, procedures, and training programs that address the identified risks and ensure compliance with relevant laws and regulations.
  • Ethics and Business Conduct Policies
    Our Audit team will examine the list of policies to ensure that high-risk areas identified in the risk assessment and the code of conduct are adequately addressed. We will then conduct interviews with employees to assess their awareness and understanding of the policies.
    Our team will identify policies with which the majority of the employees were not familiar so that additional training can be provided in those areas.
  • Awareness Training Audit
    We assess the effectiveness of the Company’s ethics and compliance training programs which is crucial to mitigating risk and maintaining its reputation. The Assessment includes:

    • Evaluating the delivery method of the training program
      We determine whether the training program is delivered online or through live sessions. This is because some employees may prefer one method over the other, and it is important to ensure that the method used is adequate to reach all employees who must take the ethics and compliance courses.
    • Determining how completion of the course is measured
      Establishing a clear definition of what constitutes completion of the course. This may include a quiz after the training course with a minimum score requirement, or other forms of assessment. This ensures that employees have understood and retained the information provided during the training.
    • Tracking completion status of required courses
      If a tracking mechanism is used to monitor completion of required courses, we establish what percentage of employees have completed their required courses. This information can help determine the effectiveness of the training program and identify areas where improvements can be made. Additionally, we establish what recourse is taken to follow up with employees who have not completed or passed training, to ensure that they are adequately trained and compliant with ethical and compliance policies.
  • Inquiry and Reporting Mechanisms
    We conduct an assessment of the process for investigating concerns reported employees, suppliers, customers and others who do business with your Company to ask questions or report concerns about ethics or violations of laws, regulations, and Company policies through various mechanisms, such as the Company hotline, emails, suggestion boxes. To achieve this, our assessment involves the following:

    • Prioritization of Concerns
      We assess whether the Company has a system in place to prioritize concerns based on their severity. This system should ensure that critical issues are addressed immediately, while less severe issues are dealt with in a timely manner.
    • Formal Investigation Protocol
      Evaluating whether the Company has a formal protocol for deciding who investigates what concerns. This protocol should ensure that investigations are carried out by the appropriate personnel, with the necessary skills and expertise to conduct a thorough investigation.
    • Investigation Guidelines and Consistent Standards
      We assess whether the Company has established guidelines and consistent standards for investigating concerns. These guidelines should ensure that investigations are carried out with thoroughness, objectivity, and consistency.
    • Documentation of Investigations
      We evaluate the systems the Company has in place to document all investigations formally. This system should ensure that all relevant information related to the investigation is captured and recorded in a formal report.
    • Adherence to Established Timelines
      We evaluate whether the Company completes investigations within the established timeline. This ensures that the investigation process is efficient and effective in resolving concerns.
    • Thoroughness of Investigations
      We assess whether investigations are thorough enough to reach a conclusion regarding the validity of the concerns raised. This ensures that the Company’s investigation process is reliable and trustworthy.
    • Explanation for Actions Taken
      We assess whether the Company provides an explanation for the actions taken or not taken as a result of the concerns raised and investigations conducted. This ensures that the Company’s decision-making process is transparent and accountable.
    • Appropriate Management Approvals
      We assess whether ensuing actions are taken with appropriate management approvals and consultation with functional experts, such as legal or HR. This ensures that the Company’s response to concerns raised is consistent with established policies and procedures.
    • Communication with Callers
      We evaluate the Company’s communication system of the results of the investigations to the callers. This ensures that the callers are informed of the actions taken in response to their concerns, and the Company demonstrates its commitment to transparency and accountability.
  • Communication Program
    We evaluate the Company’s communication plan in increasing ethics awareness and emphasizing the importance of ethics and compliance within the organization.
  • Ethics and Compliance Program Assessment and Evaluation
    We evaluate the implementation of the existing ethics and compliance program. There should be regular internal and external audits of the Company’s ethics program, and an assessment of how often internal controls are tested. A constant vigilance and program evaluation is necessary to maintain a strong culture of ethics.
  • Leadership Commitment
    Our Audits evaluate the Company’s Leadership’s commitment from the top in creating the perception that ethics and compliance for the Company. This is fundamental throughout the Audit that management take responsibility for demonstrating through their actions the importance of ethics and compliance. This includes the following:

    • Reviewing the CEO’s statement and whether it formally articulates the organization’s commitment to ethical conduct in all aspects of the business.
    • Evaluating the Ethics organization and reporting structure including direct reports of unethical violation to the Board of Directors or Chief Executive Officer.
    • Assess and evaluating the Ethics and Compliance Committee and its role in providing leadership and oversight to the ethics program.

Automated Social and Ethical Audits and Anonymized Unethical Violation Reporting

As the world becomes increasingly complex, businesses need to ensure that their actions are not only profitable but also ethical. Ethics violations can lead to legal trouble, reputational damage, and loss of customer trust, among other negative outcomes.

To assist companies, stay on the right side of ethical practices, we offer automated Social and Ethical audits and anonymized unethical violation reporting.


Our automated social and ethical audits use sophisticated software to analyze a Company’s operations and identify potential ethics violations. The audit covers a range of areas, including financial reporting, employee conduct, vendor relationships, and more. Our software is designed to flag any potential issues and provide actionable recommendations for remediation.

Service Description

The service is divided into three main components: data collection, analysis, and reporting.

  • Data Collection
    Our team of experts will work with the Company to gather relevant data, including policies, procedures, and employee records. This data will be used to build a comprehensive understanding of the Company’s operations and identify areas where social and ethical violations may occur.
    Our Team develops an anonymized customized questionnaire based on the understanding of the Company’s operations above to collect data on social and ethical practices. The questionnaire will be designed to collect data on a range of social activities and ethical areas, including bribery and corruption, discrimination and harassment, conflicts of interest, data privacy, discrimination, and harassment.
    Our questionnaires are customized to suit the unique needs and requirements of each business.
  • Data Analysis
    Once the data has been collected, it will be analyzed using advanced algorithms and machine learning techniques. This analysis will identify any patterns or anomalies in the data that may indicate social and ethical violations.
    Our team of experts will review the analysis to ensure that any potential violations are accurately identified and properly categorized.
  • Reporting:
    The final component is the reporting of the findings. The report will be comprehensive and will include a detailed analysis of any potential social and ethical violations, as well as actionable recommendations for addressing these issues.
    The report will be presented to the Company’s management team in a clear and concise format, with recommendations prioritized based on the severity of the potential violation.

Anonymized Social and Ethical Violations Reporting

In addition to conducting automated social and ethical audits, our service also includes a mechanism for reporting social and ethical violations in a secure online portal.

Employees can use the anonymous reporting system to report any potential violations they witness. The portal allows businesses to investigate and respond to reports of social violations and unethical behavior promptly.

These reports are reviewed by our team of experts, who will work with the Company to investigate the issue and provide recommendations for addressing the violation.

How your Company stands to benefit from our Automated Social and Ethical Audits and Social and ethical Violations Reporting Mechanism

  • Comprehensive Analysis
    Our software covers a range of areas to ensure that all potential social and ethics violations are being addressed.
  • Real-Time Monitoring
    Companies can access our software on an ongoing basis to monitor their operations and identify any new potential social and ethics violations as they arise.
  • Actionable Recommendations
    Our software provides practical recommendations for remediation, so companies can take steps to address any potential issues before they escalate.
  • Cost-Effective
    Automated audits are more cost-effective than traditional audits, as they require fewer resources and can be performed more quickly.
  • Reputation Management
    By proactively addressing potential social and ethics violations, companies can protect their reputation and avoid negative publicity.
  • Compliance
    Our audits help companies stay compliant with relevant laws and regulations, reducing the risk of legal trouble and fines.

Social and Ethical Training

Bellmac’s Social and Ethical Training Service is a comprehensive program designed to help businesses of all sizes and industries promote good social and ethical practices and values within their organizations.

Our trainings are tailored to meet the unique needs and challenges of your Company, with a focus on promoting a culture of integrity, accountability, and responsible decision-making.


Our Social and Ethical Training Service is designed to provide your employees with the knowledge, skills, and tools they need to make social and ethical decisions in the workplace. Our program covers a wide range of topics, including:

  1. The Concept of Corporate Social Responsibility- What is CSR, the importance of Companies to be socially responsible and the benefits of CSR for businesses and society.
  2. Stakeholder Engagement-Who are the stakeholders of the company, and why is it important to engage with them and How can the company engage with its stakeholders effectively.
  3. Sustainability-What is sustainability, and how can the company incorporate sustainable practices into its operations and the examples of sustainable practices that the company can adopt.
  4. Corporate Philanthropy- Concept of corporate philanthropy, and how the company can use it to make a positive impact on society and the examples of successful corporate philanthropy programs.
  5. Diversity, Equity, and Inclusion –Concept of diversity, equity, and inclusion, and the importance for companies to prioritize these values and How can companies create a more diverse, equitable, and inclusive workplace.
  6. Socially Responsible Investing – Concept of socially responsible investing, and how the company can attract socially responsible investors and the benefits of socially responsible investing for companies and society.
  7. Corporate Social Responsibility Reporting – How the company can report on its CSR activities effectively and the best practices for CSR reporting.
  8. Impact Measurement and Evaluation – How the company can measure the impact of its CSR activities and the tools and methodologies for impact measurement and evaluation.
  9. Understanding the importance of ethics in business.
  10. Identifying ethical issues and dilemmas.
  11. Developing ethical decision-making skills.
  12. Understanding legal and regulatory requirements.
  13. Creating a code of ethics.
  14. Reporting ethical concerns and violations.
  15. Promoting ethical behavior in the workplace.
  16. Handling conflicts of interest.
  17. Conducting ethical audits and assessments.

Our Approach

We believe that effective social and ethical training is not just about providing employees with information, but also about engaging them in a meaningful and interactive way. Our training approach is designed to be engaging, interactive, and relevant to your employees’ day-to-day work experiences.

We use a variety of training methods, including:

  • Case studies and real-world examples
  • Role-playing and simulations
  • Group discussions and exercises
  • Videos and multimedia presentations

Our trainers are experienced professionals who are knowledgeable about the latest trends and best practices in social and ethics practices. They are skilled at creating a supportive learning environment that encourages open discussion and active participation.


Our Business Social and Ethical Training Service provides a range of benefits for your Company, including:

  • Improved employee morale and engagement
  • Increased trust and confidence in your organization
  • Reduced risk of ethical violations and legal consequences
  • Improved reputation and brand image
  • Enhanced customer loyalty and satisfaction

Our social and ethical Training Service is a valuable investment for any Company that wants to promote ethical practices and values in the workplace. We believe that by working together, we can help your organization build a culture of integrity, accountability, and responsible decision-making.

4. Environmental, Health And Safety (EHS) Audit

There are numerous environmental and Health and safety laws that all businesses must comply with. The law covers areas such as waste management, air pollution, hazardous substances, water use/disposal, pollution and energy and the duty to provide competent staff with adequate plant and equipment, a safe place of work and a safe working system.

Our environmental laws, compliance audits provide an environmental legal register and ensure compliance with all relevant environmental laws including the Environmental Management and Co-ordination Act (EMCA, 1999) and the regulations thereto.

Our health and safety compliance audits provide a statutory health and safety register and ensure compliance with all relevant health and safety laws including the Occupational Safety and Health Act (Chapter 514 of the Laws of Kenya).

Environmental, Health and Safety Audits offer a range of benefits to the organization including:

  • Avoiding penalties, fines and criminal prosecution.
  • Assists to Verify compliance with local and national laws.
  • Assists to evaluate whether suitable risk assessments are in place for all activities within your organization.
  • Safety audits assists employers keep their employees out of danger
  • Minimizes and avoids legal risks including litigation.
  • Assists businesses operate in compliance with health and safety laws and regulations.