Professional Documents
Culture Documents
Transparency Report Quality Control and Risk Management
Transparency Report Quality Control and Risk Management
Introduction Accountability
We have numerous policies and procedures The Board has overall responsibility for risk management
in place within the UK firm to enable our and internal control:
compliance with professional standards. — The assessment and management of risk is supported
Partners and employees are responsible for by the Risk Committee.
complying with these policies and procedures, — Monitoring of internal controls is supported by the
and there are internal controls and processes in Audit Committee.
place to help them do so. The Firm has adopted KPMG’s Global
The Board annually assesses both the Independence Policies:
effectiveness of the firm’s internal controls and — All partners and partner equivalents are subject to a
its compliance with independence policies, and compliance audit at least once every five-year period,
and those partners in a Chain of Command role are
confirms the firm’s compliance with the Audit
audited at least once every three years.
Firm Governance Code.
— We provide all relevant personnel with annual firm
independence, personal independence and conflicts of
interest training.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
2
Quality Control and Risk Management
The policies and associated procedures within this framework Find out more about the approach we take to the monitoring
enable member firms to comply with relevant professional and evaluation of our SoQM here: Global Quality Framework
standards, and with regulatory and legal requirements, and help (1. Perform quality engagements – Internal monitoring).
our partners and employees act with integrity and objectivity,
performing their work with diligence. Statement on the effectiveness of the System
of Quality Management of KPMG UK LLP as at
KPMG in the UK supplements KPMG International’s quality
30 September 2023
framework with additional policies and procedures that address
its specific business risks as well as rules and standards issued As required by the International Auditing and Assurance
by the FRC, the ICAEW and other relevant regulators, such as Standards Board (IAASB)’s, International Standard on Quality
the US Public Company Accounting Oversight Board (PCAOB). Management (ISQM1), the Financial Reporting Council (FRC)’s
International Standard on Quality Management (UK) 1 (ISQM
ISQM1
(UK) 1), and KPMG International Limited Policy, KPMG UK LLP
ISQM1 was issued by the IAASB and became effective on (the “Firm” and/or “KPMG UK”) has responsibility to design,
15 December 2022, together with the UK version of the implement and operate a System of Quality Management for
standard issued by the Financial Reporting Council (FRC) audits or reviews of financial statements, or other assurance or
(the International Standard on Quality Management (UK) 1 related services engagements performed by the Firm.
(ISQM (UK) 1)). References to the application of ISQM 1 are
The objectives of the System of Quality Management are to
in accordance with ISQM (UK) 1 For each component in the
provide the Firm with reasonable assurance that:
standard, KPMGI has established globally consistent quality
objectives, quality risks and responses. The objective of this a) The Firm and its personnel fulfil their responsibilities in
centralised approach is to drive consistency, robustness accordance with professional standards and applicable legal
and accountability of responses for processes implemented and regulatory requirements, and conduct engagements in
across our global organisation. Where necessary, we have accordance with such standards and requirements; and
supplemented the KPMGI requirements with additional quality
b) Engagement reports issued by the Firm or engagement
objectives, quality risks and responses identified through a UK
partners are appropriate in the circumstances.
risk assessment process.
KPMG UK outlines how its System of Quality Management
Our Global Quality Framework outlines how we deliver quality
supports the consistent performance of quality engagements in
at KPMG. The principle of ‘Perform quality engagements’ sits at
the 2023 Transparency Report.
its core along with our commitment to continually monitor and
remediate our processes as necessary. Integrated quality monitoring and compliance programmes
enable KPMG UK to identify and respond to findings and quality
The Chief Executive assumes ultimate responsibility
deficiencies both in respect of individual engagements and the
and accountability for the UK’s System of Quality
overall System of Quality Management.
Management (SoQM).
If deficiencies are identified when KPMG UK performs its
The Head of Audit and Chief Operating and Financial Officer
annual evaluation of the System of Quality Management, KPMG
(COFO) assume operational responsibility for the UK’s SoQM.
UK evaluates the severity and pervasiveness of the identified
The Ethics and Independence Partner is responsible for deficiencies by investigating the root causes, and by evaluating
compliance with independence requirements under the UK’s the effect of the identified deficiencies individually and in
SoQM and also has operational responsibility in relation to the the aggregate, on the System of Quality Management, with
UK Firm’s ethics and independence requirements. consideration of remedial actions taken as of the date of the
evaluation.
The Chief Risk Officer has monitoring and remediation
responsibility for the UK Firm’s SoQM. Based on the annual evaluation of the Firm’s System of Quality
Management as of 30 September 2023, the System of Quality
In line with the KPMG Global SoQM Methodology, the Firm
Management provides the Firm with reasonable assurance
conducts an iterative risk assessment process (iRAP). This
that the objectives of the System of Quality Management are
continuous process, overseen by those with operational
being achieved.
responsibility for the SoQM and the Audit Committee looks
at a range of internal and external sources to assess whether
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
3
Quality Control and Risk Management
Responsibility for quality and risk management We view the outcome of a quality audit as the delivery of
an appropriate and independent opinion that complies
Quality control and risk management are the responsibility
with auditing standards. This means, above all, being
of all KPMG personnel, whether they are based in the UK or
independent, objective and compliant with relevant legal and
in one of our offshore locations. This responsibility includes
professional requirements.
the need to understand and adhere to policies and associated
procedures in carrying out their day-to- day activities.
Risk management principles
The Chief Risk Officer is responsible for setting overall
The following statements articulate the principles through
professional risk management and monitoring quality control
which we manage the risk we take across the Firm, ensuring we
policies and compliance for KPMG in the UK.
act responsibly, in the public interest and in the interest of the
The Chief Risk Officer has a direct reporting line to the Chief entities we audit, our clients, our people, our regulators, and the
Executive and sits on the Firm’s Executive Committee, markets and communities we work in.
underlining the importance of the role.
We will:
The Chief Risk Officer is supported directly by a team of
— Establish and maintain high standards in leadership,
partners and professionals, including a Risk Management
accountability, ethics and governance.
Partner in each of the Capabilities.
— Act as stewards for the KPMG brand and take proactive
The Ethics Partner is supported by a core team to help ensure
steps to ensure that we support one another, both within the
that we apply robust and consistent ethics and independence
UK and across our member firms, in doing so.
policies, processes and tools.
— Work with trusted partners and alliances, as well as
The Head of Audit, Head of Tax and Legal, Head of Deal
engaging in mergers and acquisitions to obtain capability,
Advisory and Head of Consulting are accountable to the
where it meets our trust and growth objectives.
Chief Executive for the quality of service delivered in their
respective capability areas. While many of our quality control — Carefully consider the clients, audited entities and
processes are cross-Capability and apply equally to Tax and engagements we choose to accept, within the context
Advisory work, the primary focus of the Transparency Report of our ‘ACCEPT’ framework (a refreshed set of client and
requirements relates to Audit. Our Global Quality Framework engagement acceptance guidance embedding our values,
provides more detail on the way it helps ensure the delivery of risk appetite and ESG commitments).
quality statutory audits.
— Comply with applicable laws, regulations and codes of
In the case of the Audit practice, the Head of Audit Quality conduct, including KPMG’s global standards and policies
chairs the Audit Quality Council which met on a monthly basis and KPMG’s tax principles.
during the year. These meetings, together with the monthly
— Manage actual and perceived conflicts of interest.
Emerging Issues Meeting chaired by the Chief Auditor,
addressed external regulatory matters (including progress on — Protect confidential information and ensure business
AQR and QAD reviews and actions to address their findings), service continuity.
our internal quality reviews, emerging audit quality issues and
— Live our values through high standards of behaviour, and
current matters from the central quality teams.
promote a culture of trust, empowerment, accountability
The Audit Leadership Team Risk & Quality sub-committee and expertise that supports them.
meets monthly to consider risk within the audited entity
— Anticipate and respond to changes in the competitor
portfolio and to ensure there are sufficient and appropriate
landscape, macro-economy and clients’ and audited
controls and mitigations in place to support engagement
entities’ needs.
leaders in performing a quality audit and in managing risk.
Other focus areas of the sub-committee include monitoring — Deliver high-quality services – through experienced and
of regulatory matters, assessment of the risk watchlist and appropriately resourced teams, integrated solutions and the
consideration of other emerging risk areas. use of robust technology.
Our UK Audit practice is also a key contributor to our global — Set financial targets that are consistent with achieving both
thinking, with representatives on all major global audit quality the trust and growth elements of our strategy.
and development councils and teams. We use these forums
— Be courageous in undertaking work in the public interest
to understand how other member firms have tackled similar
and in support of our wider purpose.
issues, share our experiences and facilitate common solutions.
— Be brave in working together, contributing to important
At KPMG, audit quality is not just about reaching the right
issues in accordance with our values.
opinion, but how we reach that opinion. It is about the
processes, thought and integrity behind the audit report. — Develop our diverse, talented and motivated people
through inclusive leadership.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
4
Quality Control and Risk Management
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
5
Quality Control and Risk Management
Reputational risks
1. Trust — Continued regulator, public — A tone at the top which emphasises quality, ethics and integrity,
(FY23 Trend: No change) and colleague scrutiny of with Ethics Champions embedded in the business.
the Firm in the context
— Roll out of revised Partner balanced scorecard as part of FY24 goal
of both audit quality and
FY21 FY22 FY23 setting, strengthening the link between behaviours and rewards.
the outcome of historic
This will also be incorporated into FY24 goals for all colleagues.
regulatory investigations.
KPMG in the UK fails to
— A culture ambition guided by Our Values, Our KPMG, Our Impact,
maintain the trust of external — Eroding of societal trust in
a Culture Steering Committee and Conflicts of Interest Working
stakeholders, due to a failure professional services from
Group. Measurement of progress using culture metrics (incl. regular
to embed trust into the firm’s negative media coverage
colleague surveys) and oversight from a Culture Steering Committee.
strategy, failure to define and of issues, litigation, or
communicate the standards regulatory enforcement — Values Week (held in November 2022) and Values Immersion
of conduct expected by the in our competitors. sessions designed to ensure all partners and colleagues
Firm, and failure to develop a take greater ownership of living our values.
— A culture ambition
culture aligned to the Firm’s
centred on being values- — Refreshed Conflicts of Interest policy supported by mandatory
core values, resulting in led, operating to the training to relevant teams and Conflicts of Interest Working Group.
negative impact on the Firm’s highest ethical and
reputation at local, national quality standards. — Global ethical health survey to identify successes
and international levels. and areas for continued focus.
— Increasing importance of,
and societal expectations — Implementation of a ‘Trust index’ to aid with
surrounding, ESG and IDE. monitoring of external reputation.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
6
Quality Control and Risk Management
2. Regulation — New and changing — A dedicated Regulatory Affairs function, with constructive and proactive
(FY23 Trend: No change) regulatory requirements arrangements to meet our regulatory commitments introduced.
and expectations or
— Regular engagement with regulators and relevant government bodies
changing interpretations
FY21 FY22 FY23 to understand and plan for the developing regulatory landscape.
(in respect to historical
practices). — Monitoring of regulatory compliance by relevant regulatory
KPMG in the UK fails to
affairs specialists and the firm’s Public Interest Committee.
meet the expectations of — More proactive,
our regulators, due to poor intrusive and better- — Regulatory horizon scanning introduced with regular
relationships with regulators, connected regulatory reporting to relevant governance groups.
regulatory non-compliance supervisors leading to
increased monitoring — Money Laundering Risk Officer function to meet our
and lack of regulatory horizon
and reporting to ensure obligations in relation to anti-money laundering and financial
scanning to prepare for
the Firm is compliant. crime, and regular financial crime training provided on topics
incoming regulatory changes,
such as money laundering, bribery and corruption.
resulting in regulatory
— Continued enhanced
sanctions and enforcement supervisory approach as — Maintenance of firm-wide and personal independence policies and
action. FRC transitions to ARGA. systems (Sentinel™, KPMG Independence Compliance System,
etc.) to ensure compliance, and additional approvals required for PIEs
— Incoming and significant (Public Interest Entities) and OEPIs (Other Entity of Public Interest).
regulatory changes affecting
multiple parts of the Firm, — Regular updating of firm policies and procedures to ensure compliance
including audit reform and by all our people, on all our clients, with all applicable regulations.
the transition to ARGA. — Annual mandatory firm and personal independence training
— FRC published updated and annual personal independence confirmation by all
principles and timeline partners, colleagues and (where relevant) contractors.
for operational separation — Rolling programme of personal compliance audits and compliance
of the Audit practice. monitoring of certain key areas by the firm-wide independence team.
— Emerging regulation — ESG Corporate Reporting team, focused on ensuring
regarding innovations such timely adoption and compliance with developing
as artificial intelligence (AI). ESG regulatory and reporting requirements.
— Greater public attention/
interest and changing
regulatory standards
as to how we assess
which clients we choose
to do business with.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
7
Quality Control and Risk Management
3. Legal — Increasing complexity of — In-house Office of General Counsel team to assist the business
(FY23 Trend: No change) contracting environment, with contracting and compliance with regulation, including
in particular in relation to specialists in regulation, data privacy and employment law.
long-term nature of large
FY21 FY22 FY23 — Close liaison with KPMG Global through International
advisory engagements
Office of General Counsel and liaison with other
and increasingly complex
KPMG in the UK fails to network firms’ offices of General Counsel.
legal and regulatory
comply with legal obligations, frameworks (e.g., in — Active participation in Global Governance and Committees to oversee
including contractual relation to liability caps network controls and potential reputational and other risks.
obligations with clients, and information security
audited entities, third parties and data requirements). — Legal input to both Deal Boards, Client and Engagement Acceptance
and colleagues etc., due and Continuance Committee and Conflicts Working Group, to
— Increased complexity ensure that the appropriate approvals are in place and legal/
to a failure to identify and
of global sanctions contracting risks are considered before pursuing new opportunities
understand these obligations,
framework post Russia- and agreeing scope and terms of engagement deliverables.
or put in place appropriate
Ukraine conflict.
controls and monitoring — Comprehensive client and engagement acceptance
frameworks to ensure that — Sanctions environment procedures, including in relation to contracting with all
these obligations are met, has continued to evolve stakeholders and recipients of our services/deliverables.
resulting in litigation, legal due to the war in Ukraine.
costs and reputational — Framework of policies, underpinned by regular training, in relation
— Risk of damage to the UK to compliance with external regulation and legal requirements
damage.
firm’s reputation through (including in relation to financial crime and fraud management).
The UK firm fails to negative media coverage
appropriately monitor and of issues, litigation, or — Engagement Quality Control Reviewers (EQCRs) and
mitigate the impact of regulatory enforcement other ‘first line’ quality control processes, including
reputational damage arising within the KPMG Global in relation to legal and contracting matters.
from actions taken by other network of firms. — Annual ‘second line’ compliance processes (including QPR and
KPMG member firms. Global KQCE) in relation to contracting and legal compliance.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
8
Quality Control and Risk Management
Strategic risks
4. Growth Continued levels of market — Board approved three-year planning exercise with
(FY23 Trend: Increasing) uncertainty in relation to yearly refreshes and regular review.
the external environment,
— Our Board and Executive Committee continuously monitor the
including:
FY21 FY22 FY23 performance of our firm and appropriate management action
— the impacts of ongoing is taken when necessary to adjust to market conditions.
KPMG in the UK fails to global conflicts;
— Defined strategies (at Firm and Capability/Market level) approved
define and execute a strategy
— the wider political by leadership with Board input and oversight and aligned
that is supported by an
landscape and growing with Global strategy and Our Impact plan (see below).
appropriately resourced
economic uncertainty;
operational plan, that is — Executive Committee sponsorship of strategic growth
underpinned by further — UK economic performance. initiatives with an investment allocation and governance
development of relevant While the worries about a process to prioritise and monitor investment.
services and propositions, deep recession have largely
gone away, the prospects — Enterprise-Wide Risk Management Framework with matrix reporting
and which can be measured
of high interest rates, across Capability, Market and Firm-wide risks to support Board and
objectively. In addition, the UK
continued uncertainty, and Committee governance and Executive decision-making. Capability,
firm fails to design its strategy
low productivity are set Market and Regional risk officers in place to support second line
to be able to adapt or respond
to provide headwinds to management/oversight of risk policies, practices and decision-making.
to changes in the external
economic and regulatory growth in the near term; — Separate governance for Audit, including Audit Board, with
environment, or to maximise — Impact of operational impact of operational separation on delivery of the Firm’s strategy
opportunities from the KPMG separation of audit on reflected in both Audit and firm-wide business planning.
global network, resulting in a our growth strategy; — A Global and UK impact plan which set out our own environmental,
failure to achieve the desired
— Increasing importance social and governance (ESG) commitments – holding us
levels of growth.
of, and stakeholders’ accountable for progress towards a more sustainable future.
expectations — Globally aligned ESG solutions to address
surrounding, ESG. current market demand and needs.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
9
Quality Control and Risk Management
5. Clients and audited — New and changing business — Comprehensive acceptance procedures undertaken before
entities models and service needs engaging with clients and audited entities for the provision of
(FY23 Trend: No change) at scale and speed from services, including KYC checks and global conflict checking
clients/audited entities to support the management of independence when working
arising from changing with audited entities or potential audit targets.
FY21 FY22 FY23
market and their responses
— Client and Engagement Acceptance and Continuance Committee
to the current external and
KPMG in the UK fails to work consideration for higher risk clients and engagements to
economic environment,
with the right clients and ensure that risks are considered, and appropriate internal
increasing digitalisation
audited entities, maintain approvals obtained, before pursuing new opportunities.
and growth in importance
a balanced portfolio across of the ESG agenda. — Conflicts Working Group (as sub-committee of the Risk
sectors and industries,
Executive) and mandatory annual firm-wide Conflicts of Interest
optimise its use of strategic — Changes in client/audited
training to support adherence to conflicts of interest policy.
alliances and build both a entity portfolio mix and/
unique and innovative brand or focus that could result — Continued challenge of audited entities where improvements
proposition and a holistic go- in over-concentration in to systems, controls and governance are required and careful
to-market strategy, resulting sectors/industries/clients. management of transition where we decide to resign from audited
in declining market share or entities, with reference to our public interest responsibilities.
— Accepting clients/audited
over-concentration in specific entities because of the — ACCEPT framework to further support colleagues in making
sectors and a failure to current external and decisions about who we work with and what work we do
achieve its strategy and ESG economic environment in line with Our Impact plan, supported by firm-wide and
commitments. and potential impacts on engagement leader training and communications.
perceived public interest/
reputational risk. — Monitoring period of audit tenure for audited PIEs in order to
comply with mandatory tendering and rotation requirements.
— Impact of the firm’s ESG
strategy on the acceptance — Extensive independence policies, guidance and processes
and delivery of services to supported by annual mandatory firm-wide training on
clients and audited entities. personal and firm independence and regular compliance
monitoring (see further details in Principal Risk 2).
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
10
Quality Control and Risk Management
Operational risks
6. Execution – Quality — Sustained public and — System of Quality Management (SoQM) to drive the assessment
(FY23 Trend: No change) regulatory scrutiny of the of risks and controls and to ensure audit quality.
firm’s ability, independence
— Programme to implement ISQM1 as part of the firm’s System of
and qualification to
FY21 FY22 FY23 Quality Management, in advance of mandatory adoption date in
deliver engagements
December 2022, including close liaison with KPMG International’s
to a high standard.
KPMG in the UK fails to meet ISQM1 Programme team and creation of newly established System
the expectations of clients, — Impact of changing ways of Quality Management team to support the annual ISQM1 risk
audited entities, regulators of working on the ability to assessment and oversee our compliance post implementation.
and other interested parties in deliver quality services.
— Continued investment in our Audit Quality Plan which prioritises
relation to the quality of work
— Pressure on audit actions with the biggest impact on audit quality, and the Banking
delivered.
profession potentially Audit Quality Improvement Plan, supported by the development
leading to fewer people and implementation of the KPMG Clara Audit workflows.
joining the profession, and
— Mandated Global Quality Framework, encompassing
experienced professionals
global methodologies, mandatory training (including KPMG
leaving the profession
Audit University), accreditation requirements (including for
which may negatively
specialists) and audit quality review programmes.
impact audit quality.
— Mandated engagement quality controls including the use of
— Increased risk of failure
standardised methodologies and tools, accreditation requirements,
of clients/audited entities
targeted involvement of Engagement Quality Control reviewers,
due to challenging
Accounting and Auditing specialists, Risk Panels and Deal Boards.
economic environment.
Enhanced processes for complex, longer-term engagements.
— Increasing complexity of
— Audit Regulatory Compliance function, with a remit to deliver a
products and services,
dedicated audit compliance programme, testing outcomes to
as well as contracting/
provide assurance that the processes, procedures and controls in
commercials, or new and
place to meet regulatory requirements are operating effectively.
innovative service lines
(where expertise is limited), — Regular review of Client Insights programme and requests
posing challenges to the for feedback in relation to quality of delivery.
quality of work delivered.
— Engagement watchlists maintained at Capability and Risk Executive
Committee level, with escalation of issues as appropriate.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
11
Quality Control and Risk Management
7. Execution – Delivery — Increasingly competitive — Global Quality & Risk Management Manual supplemented
(FY23 Trend: No change) market for recruitment by UK requirements set out in Capability-specific risk
of talent. management manuals, policies and guidance.
FY21 FY22 FY23 — Increased reliance on — Comprehensive client and engagement acceptance
reliable and appropriate procedures, including ACCEPT framework for decision-
KPMG in the UK experiences technology and connectivity making, Client and Engagement Acceptance and Continuance
failures in its delivery of due to hybrid working. Committee and Conflicts Working Group as described
services to clients and under Principal Risk 5: Clients and Audited Entities.
— Increasing complexity
audited entities due to taking
of the work we are — Engagement watchlists maintained at Capability and Risk Executive
on inappropriate clients or
performing, the client/ Committee level, with escalation of issues as appropriate.
engagements, ineffective
audited entity situations
engagement setup, — Increased monitoring (including in-flight reviews)
we are supporting.
poorly managed projects, and reporting of higher risk engagements.
contracting and financials, — Increased complexity of
— The roll-out of ProFinda, which provides a single inventory of all
lack of adequate resourcing commercial models and
colleagues’ skills and experience so we can be more rigorous when
or identification and contracting processes,
resourcing projects, matching skills and resources effectively.
management of third parties in particular in relation
in its supply chain, resulting to multi-year framework — Template engagement letters and Office of General
in preventable losses and services and work delivered Counsel/risk review requirements for contracting.
missed opportunities. for the public sector.
— Inter-firm contracting protocols when working with
— Increased use of other KPMG International member firms.
technology to deliver
services or licensing of — Input from Commercial teams on pricing and terms, as well as
technology to clients. Deal Boards for non-audit engagements, and controls in place
when working with sub-contractors and alliance partners.
— Greater collaboration
with third parties/alliance — Significant investment in our colleague proposition, Our KPMG, and
partners in engagement recruitment, performance management and wellbeing support, to
delivery, increasing the ensure we can continue to attract and retain the talent we need to meet
challenges around quality, demand now and in the future (see further detail in Principal Risk 8).
independence, security, — Contractors and associates receive training on Our
and contracting. Code and Our Values on joining and annually.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
12
Quality Control and Risk Management
8. People, Talent and — Intense competition — Significant investment in colleague reward, and an
Culture for talent and skills attractive employee value proposition, Our KPMG,
(FY23 Trend: No change) shortage, impacting on against results of annual salary benchmarking.
ability to recruit at all
— Range of projects ongoing to ensure we are able to recruit and retain
colleague levels. Evolving
FY21 FY22 FY23 the skills we need in the current environment, including in relation
expectations of employees
to improving our people systems, workforce planning strategy
including the need for
KPMG in the UK fails to and addressing complexities in immigration and onboarding.
a comprehensive talent
appropriately attract and
management programme — Defined performance management cycle and processes which
recruit, engage, develop,
and succession planning, includes goal setting, feedback and performance appraisal.
retain and reward talent at all risks the attractiveness Regular training delivered to Performance Managers and
levels of seniority, resulting in of the firm reducing 360 feedback programme for leaders across the Firm.
a lack of expertise, capability over time. Increased
and capacity (onshore immigration complexity. — Inclusion, Diversity and Equity Policy and firm-wide mandatory
and offshore) to meet the training for all KPMG partners and employees. Several dedicated
medium- and long-term — Management of, and ability programmes including GROW, Black Heritage Allyship Programme
demands of the business, to meet, expectations in and Cross Company Allyship Programme. Ambitious leadership
loss of top talent and gaps relation to the medium- 2030 targets across six historically under-represented groups
in key leadership roles and to-long term, changing with supporting firm-wide and local action plans in place.
succession plans. In addition, ways of working,
including the move — Our Social Mobility Network – UpBringing – empowers colleagues
the UK firm fails to define and
towards hybrid working. from lower socio-economic backgrounds to achieve tangible personal
develop a culture in alignment
and professional development goals, raise their profile within the firm
with its core values and — Current challenging and in the marketplace and make an impact across our communities.
strategy. economic environment Opening Doors to Opportunities aims to empower the next generation
and impact of increased to thrive by inviting schools into our offices across the UK, as part of a
cost of living on employee new commitment we’re making to give one million young people the
wellbeing and morale. opportunity to develop their skills by 2030. Comprehensive wellbeing
offering including mental wellbeing, bereavement support, a Domestic
— Continued focus on
Violence and Abuse Policy statement, an employee assistance
developments in Inclusion,
programme, remote GP, private medical insurance (for relevant
Diversity and Equity (IDE)
colleagues), counselling service and number of wellbeing apps.
and ability to meet IDE
improvement objectives — Employee networks to support and engage with the various
(including social mobility). communities across the firm and an Employee Business Forum,
which represents views within the firm to leadership.
— Increasing importance
of reaching our Culture — Regular feedback on People strategy and practices sought
Ambition and maintaining through annual Global People Survey and regular Pulse
an environment where Surveys, with action plans in place where required.
poor employee or partner
conduct is identified — Culture Ambition guided by Our Values, and a refreshed
and addressed. Code of Conduct (reviewed by Institute of Business Ethics). Firm-
wide Culture Steering Committee responsible for approving and
steering the firm-wide culture strategy, plan and priorities – which
include a firm-wide Values Week and People Awards, building trust
through developing a speak-up culture and a psychologically safe
environment and building out our leadership and management
capability to support our magnet for talent agenda.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
13
Quality Control and Risk Management
9. Technology and — Increased risk of cyber- — Governance/approval requirements in place for technology investment
information management attacks as a result of and changes: Technology Assurance Group, DMTAP (Demand
(FY23 Trend: Increasing) global political conflicts. Management and Technology Assurance Process) and CTO Forum.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
14
Quality Control and Risk Management
10. Business operations, — Importance of maintaining — Three lines of defence model, including internal audit, to review
resilience and controls robust business processes the design and operating effectiveness of key controls.
(FY23 Trend: Increasing) and controls and adapting
— Enterprise-Wide Risk Management Framework with matrix reporting
where appropriate so that
across Capability, Market and firm-wide risks to support Board and
they remain fit for purpose
FY21 FY22 FY23 Committee governance and Executive decision-making. Capability,
in the current environment.
Market and Regional risk officers in place to support second line
KPMG in the UK fails to — Conclusion of ISQM1 management/oversight of risk policies, practices and decision-making.
define, implement and implementation programme
— Regular updates to the Board on operational performance based on
monitor the effectiveness and transition to ‘business
extensive MI; three-year business planning with yearly refreshes
of its policy, procedure and as usual’ System of
and regular review by Operations Executive and COOs.
control framework, including Quality Management.
in relation to its suppliers, — Operations Executive oversight of both internal
— Impact of rising global
and to ensure continuity and external operational quality reviews.
costs and increasing
in business operations. In
global political conflicts on — Operation Executive oversight role in reviewing KPIs, performance
addition, the UK firm fails to
the ability of third-party and risk at its regular meetings which is a core mechanism for
manage change effectively, suppliers to deliver goods overall performance and operational risk management.
resulting in control failure, and services to KPMG.
and disruption to business — Defined business continuity and crisis management
operations and the services — Importance of ensuring plans, and controls in place to support IT, Third Party,
provided to clients and business processes and People, Facilities & Data disaster recovery.
audited entities. controls align to the firm’s
ESG strategy, as well — Specialist Operational Resilience team which follows business
as the expectations of continuity best practice guidelines and complies with ISO
external stakeholders. 22301 (as confirmed by independent internal audit).
— Further work with the relevant ESG, Operations and Corporate Affairs
teams to ensure that an appropriate level of information is captured in
relation to climate risks to satisfy increasing external requirements.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
15
Quality Control and Risk Management
Financial risks
11. Financial management — Need to continually invest — Budgets which are subject to various levels of approval, through a
(FY23 Trend: Increasing) in our services, people thorough budgeting process, with appropriate sensitivity analysis
and processes to ensure and planning based on emerging economic landscape.
that the business model
FY21 FY22 FY23 — Board role in budget and performance oversight and
is fit for the future.
Executive Committee budgetary challenge.
The UK firm fails to execute — Current challenging external
— Monthly financial analysis at firm and functional
against financial targets economic environment
level, including regular refresh of downside scenario
or manage medium- to with impact on demand for
planning based on early warning indicators.
long-term financial position KPMG services, increasing
and performance, for cost base and ability to — Appointment of new Capability FDs and Chief Accounting Officer
example due to delivering collect payment for the to bring rigour and discipline to accounting treatments.
unprofitable services, poor services delivered to clients
and audited entities. — Pricing panels, pipeline monitoring, WIP management processes and
investment decisions, and
regular tracking of overdue invoices. Tools available across the firm.
failure to ensure a resilient
— Inherent uncertainty with
balance sheet, resulting in respect to any outstanding — Approval and monitoring controls over investments,
poor business performance, regulatory investigations investment decisions and capital retention strategy.
inability to achieve growth and civil litigation matters — Closely controlled procurement process and
and negative impacts to the although this is reducing approvals, via technology platform.
financial health of the firm. as we resolve our legacy
regulatory cases. — Finance policies, including the Spend Control Policy,
Timesheet Policy and Expenses Policy.
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
16
Quality Control and Risk Management
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
17
Quality Control and Risk Management
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
18
Quality Control and Risk Management
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
19
Quality Control and Risk Management
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent
member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
kpmg.com/uk
© 2024 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated
with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.