Content 1100 styling change to allow custom header

Our firm


We manage risk responsibly and in the interest of our stakeholders and the public.

Risk management principles

The following statements articulate the principles through which we manage the risk we take across the firm, ensuring we act responsibly, in the public interest and in the interest of the entities we audit, our clients, our people, our regulators, and the markets and communities we work in.

We will:
  • Establish and maintain high standards in leadership, accountability, ethics and governance.
  • Act as stewards for the KPMG brand and take proactive steps to ensure that we support one another, both within the UK and across our member firms, in doing so.
  • Work with trusted partners and alliances, as well as engaging in mergers and acquisitions to obtain capability, where it meets our trust and growth objectives.
  • Carefully consider the clients, audited entities and engagements we choose to accept, within the context of our ‘ACCEPT’ framework (a refreshed set of client and engagement acceptance guidance embedding our values, risk appetite and ESG commitments).
  • Comply with applicable laws, regulations and codes of conduct, including KPMG’s global standards and policies and KPMG’s tax principles.
  • Manage actual and perceived conflicts of interest.
  • Protect confidential information and ensure business service continuity.
  • Live our values through high standards of behaviour, and promote a culture of trust, empowerment, accountability and expertise that supports them.
  • Anticipate and respond to changes in the competitor landscape, macro-economy and clients’ and audited entities’ needs.
  • Deliver high-quality services – through experienced and appropriately resourced teams, integrated solutions and the use of robust technology.
  • Set financial targets that are consistent with achieving both the trust and growth elements of our strategy.
  • Be courageous in undertaking work in the public interest and in support of our wider purpose.
  • Be brave in working together, contributing to important issues in accordance with our values.
  • Develop our diverse, talented and motivated people through inclusive leadership.

Risk management

It is the responsibility of our Board to identify, evaluate, manage and monitor the most significant risks that face our firm and could threaten the achievement of our strategic objectives, or our business model, future performance or solvency. The principal risks and uncertainties that the UK firm faces are set out in, and managed under, the Firm’s Enterprise-Wide Risk Management (ERM) Framework. This framework is used by the Board throughout the year to ensure the timely identification of new and emerging risks and the development of appropriate mitigations and action planning, in line with the Firm’s strategy.

The ERM framework is subject to a comprehensive review and refresh on an annual basis. This involves robust challenge of the Firm’s risk taxonomy, reflecting developments in the Firm’s risk landscape (current and longer term), changes made to KPMG International’s Risk Framework during the year, and the results of a Dynamic Risk Assessment. In September 2023, we provided an update on this to the Board Risk Committee. Key developments during the prior year included:

  • Reviewing and updating our risk appetites at firm-wide and Capability level to align to the actual appetite more closely in individual Capabilities.
  • Reviewing the impact of changes to the Coverage/Markets leadership model on the ERM framework and embedding these in the framework.
  • Further engagement with Level 1 risk owners to enhance communication/oversight of Level 2 risks and actions across the matrix of firm-wide, Markets and Capability ownership.
  • Introduction of an emerging themes section into the monthly Watch List for emerging risks that require separate focus.
  • Identifying any inconsistencies in the reporting of Level 2 risks by Capabilities and Markets.
  • Further work with the relevant ESG, Operations and Corporate Affairs teams to ensure that an appropriate level of information is captured in relation to climate risks to satisfy increasing external requirements.
  • Implementation of an automated Governance, Risk and Compliance (GRC) tool to support specific aspects of our risk management.
  • Identifying and agreeing Level 3 risks ready for inclusion in the ERM framework.

The Firm’s Assurance Map documents the relationship between the Firm’s risks, its controls and compliance and assurance activities across the first, second and third line of defence, and is reviewed and updated on an annual basis.

Principal risks

The Firm’s principal risks are set out within the four key risk ‘families’ of: Reputational; Strategic; Operational; and Financial. For the year ending 30 September 2023, KPMG in the UK identified 11 principal risks across these four areas:


  • Trust
  • Regulation
  • Legal


  • Growth
  • Clients and audited entities


  • Execution – Quality
  • Execution – Delivery
  • People, Talent and Culture
  • Technology and information management
  • Business operation, resilience and controls


  • Financial management

The risks are not shown in order of priority.

Our assessment of how these risks have moved over time, the current risk landscape and the mitigating actions we have put in place to address each risk can be found here.