We manage risk responsibly and in the interest of our stakeholders and the public.
The following statements articulate the principles through which we manage the risk we take across the firm, ensuring we act responsibly, in the public interest and in the interest of the entities we audit, our clients, our people, our regulators, and the markets and communities we work in.
The identification, evaluation, management and monitoring of the most significant risks that face our firm and could threaten the achievement of our strategic objectives, or our business model, future performance or solvency, is the responsibility of our Board. The principal risks and uncertainties that the UK firm faces are set out in, and managed under, the firm’s Enterprise-Wide Risk Management (ERM) Framework. This framework is used by the Board throughout the year to ensure the timely identification of new and emerging risks and the development of appropriate mitigations and action planning, in line with the firm’s strategy.
The current framework was put in place at the beginning of FY22 following a comprehensive review in the prior year of how the information provided under it is used by the relevant governance bodies. The work undertaken as part of this review included:
The framework established and in place throughout FY22 was further reviewed by the Board Risk Committee in September 2022 to reflect the impact of external events during the year on the firm’s risk landscape, changes to our Markets structure, additional guidance issued by KPMG International and emerging best practice. A small number of changes to the firm’s risk appetite were approved to reflect the current political, economic and regulatory environment and specific risks within the FY23 Business Plan.
The firm’s Assurance Map, developed during the year to document the relationship between the firm’s risks, its controls and compliance and assurance activities across the first, second and third line of defence, was also approved in September 2022 and objectives were set for further improvement of the framework in FY23, including the extension of the firm’s risk analysis within the GRC tool and further enhancements to our ESG risk reporting.
The firm’s principal risks are set out within the firm’s four key risk ‘families’ of: Reputation, Regulation and Legal; Strategic; Operational; and Financial. For the year ending 30 September 2022, KPMG in the UK identified 11 principal risks across these four key risk ‘families’:
Reputation, Regulation and Legal
During the year, further progress has been made in strengthening the firm’s governance, with additional investment in the firm’s second line of defence and regulatory compliance teams. These steps have all contributed to the mitigation of our principal risks.
Our assessment of how these risks have moved over time (trend), the current risk landscape and the mitigating actions we have put in place to address each risk can be found here.
Further information on our firm’s quality control and risk management policies and procedures can be found here.