A Kenya Revenue Authority tax audit can be stressful, particularly for organisations that are unsure what documentation they may be required to produce. Many businesses assume that filing returns and paying taxes is enough. In practice, KRA audits are evidence-based exercises. The outcome often depends not on what was declared, but on what can be proven through records.

Understanding what KRA may request, and how far back those requests can go, is essential for managing risk and maintaining compliance.

What triggers a KRA tax audit?

KRA audits may be triggered by a range of factors, including inconsistencies in tax returns, large VAT refund claims, unusual fluctuations in revenue, or discrepancies identified through third-party data such as banks or suppliers. In some cases, audits are routine or sector-based and not linked to any suspicion of wrongdoing.

Regardless of the trigger, once an audit begins, KRA will focus heavily on the quality, completeness, and availability of your records.

Core documents KRA commonly requests

Although the exact scope of an audit varies, KRA typically requests the following categories of documents.

Tax and financial records
These include filed tax returns, assessments, payment confirmations, VAT invoices, credit notes, and withholding tax schedules. KRA often reconciles these documents against bank statements and third-party records.

Accounting records
Auditors may request general ledgers, trial balances, management accounts, and audited financial statements for the relevant periods. These records are used to test consistency between declared income, expenses, and tax payments.

Business and legal documents
KRA may ask for your certificate of incorporation, CR12 or CR13, shareholder information, supplier and customer contracts, and lease agreements. These documents help establish ownership, control, and the nature of business activities.

Payroll and HR records
PAYE schedules, NSSF and NHIF remittances, employment contracts, and payroll summaries are commonly reviewed to confirm compliance with employment-related tax obligations.

How far back can KRA request documents?

Under the Tax Procedures Act, businesses are required to retain tax records for at least five years from the end of the reporting period. Many organisations assume this is a hard limit.

However, the law provides a critical exception. Where fraud, gross negligence, or wilful misrepresentation is suspected, KRA is legally permitted to request records going back indefinitely. In such cases, the burden of proof lies entirely with the taxpayer.

This means that an inability to produce historical documents can significantly increase exposure, even if taxes were properly paid at the time.

Common recordkeeping gaps that cause problems

In our experience, many audit challenges arise from avoidable recordkeeping issues. These include missing invoices, poorly archived paper files, incomplete audit trails, or documents lost during office moves, floods, or staff turnover. Reliance on individual employees to recall transactions is particularly risky when audits cover older periods.

Even well-run organisations can struggle to respond quickly when records are dispersed across departments or stored on-site without proper indexing.

Why organised records matter during an audit

KRA audits are time-bound and document-driven. Businesses that can retrieve complete records quickly tend to experience shorter audits, fewer disputes, and reduced penalties. Clear documentation demonstrates good faith and compliance, while missing or inconsistent records may raise unnecessary suspicion.

Proper records management is therefore not just an administrative function, but a key part of tax risk management.

How The Filing Room helps businesses prepare for KRA audits

The Filing Room has supported Kenyan banks, insurers, law firms, NGOs, and corporates for over 25 years. Our records management services are designed to help organisations remain audit-ready at all times.

We provide secure off-site storage for long-term tax and financial records, protecting original documents in controlled environments. Our digitisation and indexing services allow clients to retrieve documents quickly during audits, while scan-on-demand ensures urgent requests can be met without compromising security. We also offer records consultancy to help organisations define retention schedules and access controls, as well as certified destruction for documents that have reached the end of their approved lifecycle.

Practical steps businesses should take now

Businesses should begin by identifying where tax-related documents are held across finance, HR, and legal departments. High-risk and frequently requested records should be digitised and indexed. Older records should be moved to secure off-site storage rather than kept on-site, where they consume space and remain vulnerable to loss or damage. Clear retention and access policies should be documented and consistently applied.

Final thoughts

A KRA tax audit is not just a test of tax calculations, but of recordkeeping discipline. Organisations that treat records as a strategic asset are better positioned to defend themselves, reduce disruption, and maintain compliance.

The Filing Room helps businesses build practical, defensible records systems that stand up to audit scrutiny, today and in the years to come.

šŸ“§ info@filingroomkenya.com
šŸ“ž +254 20 2663263
šŸŒ filingroomkenya.com