Content 1100 styling change to allow custom header

Our firm


We manage risk responsibly and in the interest of our stakeholders and the public.

Risk management principles

The following statements articulate the principles through which we manage the risk we take across the firm, ensuring we act responsibly, in the public interest and in the interest of the entities we audit, our clients, our people, our regulators, and the markets and communities we work in.

We will:
  • Establish and maintain high standards in leadership, accountability, ethics and governance.
  • Act as stewards for the KPMG brand and take proactive steps to ensure that we support one another, both within the UK and across our member firms, in doing so.
  • Work with trusted partners and alliances, as well as engaging in mergers and acquisitions to obtain capability, where it meets our trust and growth objectives.
  • Carefully consider the clients, audited entities and the engagements we choose to accept, within the context of our ‘ACCEPT’ framework, a refreshed set of client and engagement acceptance guidance embedding our values, risk appetite and ESG commitments.
  • Comply with applicable laws, regulations and codes of conduct, including KPMG’s global standards and policies and KPMG’s tax principles.
  • Manage actual and perceived conflicts of interest.
  • Protect confidential information and ensure business service continuity.
  • Live Our Values through high standards of behaviour, and promote a culture of trust, empowerment, accountability and mastery that supports Our Values.
  • Anticipate and respond to changes in the competitor landscape, macro-economy and clients’ needs.
  • Deliver high-quality services – through experienced and appropriately resourced teams, integrated solutions and the use of robust technology.
  • Set financial targets that are consistent with achieving both the trust and growth elements of our strategy.
  • Be courageous in undertaking work in the public interest and in support of our wider purpose.
  • Be brave in working together, contributing to important issues in accordance with Our Values.
  • Develop our diverse, talented and motivated people through inclusive leadership.

Risk management

The identification, evaluation, management and monitoring of the most significant risks that face our firm and could threaten the achievement of our strategic objectives, or our business model, future performance or solvency, is the responsibility of our Board. The principal risks and uncertainties that the UK firm faces are set out in, and managed under, the firm’s Enterprise-Wide Risk Management (ERM) Framework. This framework is used by the Board throughout the year to ensure the timely identification of new and emerging risks and the development of appropriate mitigations and action planning, in line with the firm’s strategy.

The current framework was put in place at the beginning of FY22 following a comprehensive review in the prior year of how the information provided under it is used by the relevant governance bodies. The work undertaken as part of this review included:

  • Robust challenge of the firm’s risk taxonomy, reflecting developments in the firm’s risk landscape (current and longer term), changes made to KPMG International’s Risk Framework during the year and the results of a Dynamic Risk Assessment undertaken through facilitated workshops with the Board.
  • Setting of risk appetite, at firm-wide and Capability level.
  • Implementation of an automated Governance Risk and Compliance (GRC) tool to support specific aspects of our risk management.
  • The development of a horizon scanning tool, using input from the firm’s own experts in political, economic, social, technology, legal and environmental risks.
  • A review of the firm’s regular risk reporting to various governance groups.

The framework established and in place throughout FY22 was further reviewed by the Board Risk Committee in September 2022 to reflect the impact of external events during the year on the firm’s risk landscape, changes to our Markets structure, additional guidance issued by KPMG International and emerging best practice. A small number of changes to the firm’s risk appetite were approved to reflect the current political, economic and regulatory environment and specific risks within the FY23 Business Plan.

The firm’s Assurance Map, developed during the year to document the relationship between the firm’s risks, its controls and compliance and assurance activities across the first, second and third line of defence, was also approved in September 2022 and objectives were set for further improvement of the framework in FY23, including the extension of the firm’s risk analysis within the GRC tool and further enhancements to our ESG risk reporting.

Principal risks

The firm’s principal risks are set out within the firm’s four key risk ‘families’ of: Reputation, Regulation and Legal; Strategic; Operational; and Financial. For the year ending 30 September 2022, KPMG in the UK identified 11 principal risks across these four key risk ‘families’:

Reputation, Regulation and Legal

  • Trust
  • Regulation
  • Legal


  • Growth
  • Clients and audited entities


  • Execution – Quality
  • Execution – Delivery
  • People, Talent and Culture
  • Technology and information management
  • Business operation, resilience and controls


  • Financial management

During the year, further progress has been made in strengthening the firm’s governance, with additional investment in the firm’s second line of defence and regulatory compliance teams. These steps have all contributed to the mitigation of our principal risks.

Our assessment of how these risks have moved over time (trend), the current risk landscape and the mitigating actions we have put in place to address each risk can be found here.

Further information on our firm’s quality control and risk management policies and procedures can be found here.