We define “audit quality” as the outcome when audits are executed consistently, in line with the requirements and intent of applicable professional standards within a strong system of quality management.
All of our related activities are undertaken in an environment of the utmost level of objectivity, independence, ethics and integrity.
To that end, KPMG has a Global Quality Framework (GQF) which guides how we work and how we approach the audit. It helps ensure a consistent approach with quality at its heart. In this section, we show how the GQF is helping us do this with reference to each individual component of the framework. For three of the components - Live our culture and values; Be independent and ethical; and Nurture diverse skilled teams – we have redirected to other parts of the report.
In the UK, we support our Global Quality Framework with our Single Quality Plan; a dynamic and responsive plan that monitors our response to quality-related issues which is reviewed and refreshed throughout the year. This helps us focus on the key areas we have identified that will enable us to continue to deliver sustainable quality.
Alongside this, we recognise that harnessing new technology, including AI and machine learning, is key to the future of audit, especially as audited entities themselves integrate these technologies into their businesses. We have therefore continued to invest heavily, in the UK and across our global network, in building new technologies into how we work (embedded into our smart audit platform, KPMG Clara) and strengthening our significant partnerships with major technology providers such as Microsoft.
Our focus on delivering sustainable audit quality is at the heart of our strategy, supported by our other strategic priorities: empowering our people, supporting seamless delivery, and maintaining robust growth. Our risk management principles (see Quality control and risk management section) ensure we appropriately manage risk across the firm and help to support audit quality.
We are seeing the fruits of our strategy in our audit quality journey and our average results across FRC, ICAEW and our own internal inspections over the last two years show an upward trend.
KPMG has a number of regulators due to the types of services we provide. This includes the Financial Reporting Council (FRC), the Institute of Chartered Accountants in England and Wales (ICAEW), the Financial Conduct Authority (FCA), the Solicitors Regulation Authority (SRA), audit third country regulators, and other regulatory and oversight bodies (including HM Government). We’re committed to meeting the expectations of our regulators and ensuring our regulatory engagement is based on the principles of openness, transparency, integrity and accountability.
The regulatory environment continues to evolve and change. We continue to scan the horizon and prepare the firm for incoming regulatory changes. In particular, we continue to engage and work with the FRC to help shape the future for a profession that produces high-quality audits and acts in the public interest.
The results from the FRC and ICAEW inspections together with the results of our own internal monitoring programme, and those of any other regulator including the Public Company Accounting Oversight Board (PCAOB) in the US, provide an overview of our performance of quality engagements. In addition, the FRC’s Audit Firm Supervision (AFS) and Audit Market Supervision (AMS) teams perform inspections, reviews and deep dives into our firm-wide and audit-wide policies and procedures. The results of this work are shared with us throughout the year and the findings are published annually in our Audit Quality Inspection and Supervision report.
Audit quality is our number one priority, and we value the constructive input and challenge from the FRC through their inspection and supervision process. We continue to work closely with the FRC to understand their identified areas of good practice, and importantly where we need to continue to focus to ensure that we build trust and confidence in our profession and the markets.
74% of FRC inspections required no more than limited improvements
2022/23
(2021/22: 84%)
(2020/21: 59%)
78% of FTSE 350 inspections required no more than limited improvements
2022/23
(2021/22: 91%)
(2020/21: 75%)
One audit inspected required significant improvements
2022/23
(2021/22: None)
(2020/21: One)
FRC’s Audit Quality Inspection and Supervision Report, July 2023
The FRC's AQR report listed areas of good practice and aspects where improvement was required.
In individual audits, good practice included examples relating to risk assessment and planning, execution, and completion and reporting. Areas for improvement included instances relating to impairment, expected credit losses in banking audits, and accounting judgements and disclosures.
The report also included a section on our firm-wide quality control procedures, with examples of good practice and areas for improvement.
The final section of the report focused on the FRC’s forward-looking supervisory approach – identifying and prioritising what firms must do to improve audit quality and enhance resilience. There, we saw recognition of our efforts in developing the Single Quality Plan:
The firm has positively embraced the SQP initiative and embedded it throughout their business, as a framework to deliver sustainable audit quality.”
FRC’s Audit Quality Inspection and Supervision Report, July 2023
The report also noted that further actions are necessary to implement a comprehensive and robust Root Cause analysis process. We have taken those actions and described them here.
The FRC's report is available to read here.
11 inspections were performed by the Quality Assurance Department of the ICAEW
2022
(2021: 12)
(2020: 10)
91% of the ICAEW reviews were assessed as “Good / generally acceptable”
2022
(2021: 75%)
(2020: 100%)
One audit reviewed required improvements
2022
(2021: Three)
(2020: None)
FRC’s Audit Quality Inspection and Supervision Report, July 2023
The ICAEW identified good practice across all but one of the files reviewed. Broad themes were:
For a summary of the QAD’s review findings, refer to the FRC’s Audit Quality Inspection and Supervision report for KPMG LLP (July 2023).
KPMG in the UK is subject to inspection every three years by the US Public Company Accounting and Oversight Board (PCAOB). In accordance with this cycle, the PCAOB was due to inspect during 2021. However, as a result of the COVID-19 pandemic, the PCAOB deferred its inspection to 2022. We look forward to receiving the final report in 2024.
There were no on-going FRC investigations into matters announced in previous years at the end of the year1.
One new FRC investigation in respect of KPMG was announced during the year, relating to the audit of Carr’s Group plc for the period ended 28 August 2021. This investigation is on-going.
Four matters1 relating to periods between 2013 and 2020 were closed during the year:
Two ICAEW investigation outcomes were announced during the year. These related to audits of financial statements of entities and compliance with ethical standards by KPMG LLP and KPMG Audit Plc.
1 Where the FRC or other regulatory body has exercised discretion not to publicise a particular inquiry or investigation, the details of such matters are not disclosed in this report.
Quality monitoring and compliance programmes that are created by KPMG International are used by KPMG firms to identify quality issues, perform root cause analysis and develop remedial action plans, both for individual audits and for their overall System of Quality Management (SoQM). The programmes evaluate:
The internal monitoring and compliance programmes also contribute to the evaluation of our SoQM operating effectiveness. These programmes include:
The results and lessons from the integrated monitoring and compliance programmes are communicated at local, regional and global levels (as relevant) and we establish action plans to make improvements where needed. Results are also considered by KPMG International.
The Audit QPR programme is the cornerstone of our efforts to monitor engagement quality. It assesses engagement level performance and identifies opportunities to improve engagement quality.
All engagement leaders of statutory and non-statutory audits and other assurance engagements are generally subject to selection for review at least once in a three-year cycle. A risk-based approach is used to select engagements.
We conduct the annual QPR programme in accordance with KPMG International QPR instructions, which promote consistency across the KPMG organisation. Reviews are overseen by an independent experienced lead reviewer from another KPMG firm. QPR results are reported to KPMG International.
Across the global organisation, consistent criteria are used to determine engagement ratings and KPMG firm Audit practice evaluations. Definitions of engagement ratings are explained below:
When the audit work performed, the evidence obtained and the documentation compiled fully comply with internal policies, auditing standards and legal and regulatory requirements; and key judgements concerning significant matters in the audit and audit opinion are appropriate.
When the auditor’s report is supported by evidence and is not incorrect in any material respects, but the independent reviewer required additional information to reach the same conclusion as the auditor; or where supplementary information obtained as part of the audit was not sufficiently documented in the audit; or where specific requirements of our audit methodology were not embedded. A ‘CIN’-rated engagement is not considered an adverse quality outcome.
When the auditor did not perform the engagement in line with KPMG’s professional standards and policies in a more significant area, or where there are deficiencies in the related financial statements. Where appropriate, in a limited number of cases we remediate engagement files to ensure the audit evidence obtained is adequately documented. Engagement teams undertake specific incremental or remedial training. In addition, engagement leaders receiving a Not Compliant rating are subject to at least one follow-up review.
Prior to the finalisation of the review, there is a rigorous moderation process to ensure consistency of grading. A remedial action plan is created for quality areas in which deficiencies were identified which are considered to be significant, applicable at an engagement and a firm level. We share our findings from the Audit QPR programme through internal training tools and in periodic partner, manager and team meetings. Any issues are also emphasised in subsequent monitoring and compliance programmes to gauge the extent of continuous improvement and the effectiveness of the implementation of remedial actions. Lead engagement partners are notified of Audit QPR not compliant ratings on their respective cross-border engagements.
Our Audit QPR programme is designed to hold audit teams to quality levels that assess not only compliance with auditing standards but also adherence to internal requirements such as the performance of specified procedures or completion of specific mandated consultations. As such, teams that perform audits that are very substantially compliant with auditing standards may receive a rating other than Compliant in our internal reviews. Accordingly, it is difficult to make direct comparisons between the results of our internal and external inspection processes.
Rating / Compliant
Rating / Compliant - improvements needed
Rating / Not Compliant
Number of engagements reviewed
The KQCE programme encompasses the testing and evaluation requirements of a KPMG firm’s SoQM which are necessary to support both their compliance with ISQM 1, and compliance with the firm’s quality and risk management policies. KQCE programme requirements are mandated for all KPMG firms. The 2023 KQCE program covered the period from 1 October 2022 to 30 September 2023.
Monitoring activities include:
The evaluation of the SoQM involves the identification and assessment of findings from monitoring, and of deficiencies. Judgement is required to assess whether findings result in a deficiency, and the severity and pervasiveness of any deficiencies, individually and in aggregate. Those judgements include considering both the significance of findings to the achievement of quality objectives and the extent to which actions taken up to the evaluation date mitigate the effects on the SoQM. Such judgements are made by the monitoring team, overseen by the Chief Risk Officer, and the final evaluation scrutinized and independently challenged by the Audit Committee.
Our evaluation of the effectiveness of our SoQM is set out here.
During the year, member firms were required to self-assess their overall levels of compliance with quality and risk management policies not in scope of the SoQM as either compliant, substantially compliant or non-compliant.
For the year ended 30 September 2023, our approach to quality and risk management policies was rated substantially compliant (defined as where significant compliance findings are not pervasive in nature and action plans to address their identified causes have either already been implemented or substantially implemented or are planned to be implemented within a timeline which will allow for compliance testing in the succeeding period).
Action plans to address the identified root causes of SoQM Deficiencies and Compliance Findings have been developed and are in the process of being delivered. The status of remediation is monitored by the Risk, Operations and Audit Executives and is overseen by the Audit Committee.
A GQCR is conducted by a KPMG International team, independent of the member firm. Firms are selected for review using a risk-based approach, which considers a number of factors, including financial conditions, country risks, results of monitoring programmes and people surveys, with each firm subject to a GQCR at least once in a four-year cycle.
The GQCR team performing the review comprises partners and managers who are independent of the firm subject to review. The overall objective of the GQCR programme is to assess the firm’s compliance with selected KPMG International policies, including those related to governance and SoQM.
The UK firm was subject to a GQCR review during 2021 when a number of opportunities for improvement were identified, including areas which were also generally identified by the UK firm’s Audit Quality and Banking Audit Quality Improvement Plans, Risk Compliance Programme (RCP)/KPMG Quality and Compliance Evaluation (KQCE) and other compliance and quality control processes. Implementation of these improvements is largely complete.
How an audit is conducted is as important as the result. Everyone at KPMG is expected to demonstrate behaviours consistent with our values and follow policies and procedures in the performance of effective and efficient audits.
We consider all audit evidence obtained during the course of the audit, including consideration of anything that is contradictory or inconsistent. This analysis requires each of our team members to exercise professional judgement, maintain professional scepticism and demonstrate appropriate challenge to obtain sufficient and appropriate audit evidence.
Professional judgement and scepticism training is embedded in our core audit technical training programme for junior staff and ongoing training and workshops for more experienced staff.
The engagement leader is responsible for the overall quality of the audit engagement and therefore for its direction, supervision and performance. Involvement and leadership from the engagement leader early in the process helps set the appropriate scope and tone for the audit. To reinforce this, we mandate the completion and review of audit planning activities within specified timeframes to evidence completion of the relevant planning activities.
The engagement leader reviews key audit documentation – in particular, documentation relating to significant matters arising during the audit and conclusions reached. The engagement manager assists the engagement leader in meeting these responsibilities as well as in the day-to-day liaison with the audited entity and monitoring of engagement milestones.
Our Second Line of Defence team is a group made up of senior auditors which supports our higher risk engagements with a focus on public interest and listed entities. The team performs in-flight reviews of audits to improve the quality of audit execution and documentation, including effective challenge of management in judgemental areas. These senior auditors also help throughout the audit cycle, to identify issues before they impact audit quality. This has a dual purpose: firstly, to enable coaching of teams and, secondly, to act as another level of review and challenge to help engagement teams in the delivery of high-quality audits. In addition, it informs our ongoing horizon scanning for emerging issues that may require broader responses.
Our engagement teams have access to a network of specialists, which may include involving UK specialists or those from other KPMG member firms. Our audit methodology requires the involvement of relevant specialists in the core audit engagement team when certain criteria are met or where the audit team considers it appropriate or necessary.
Our Engagement Quality Control Reviewers (EQCRs) are independent of the engagement team and have appropriate experience and knowledge to perform an objective review and challenge of the more critical and judgemental elements of the audit. The audit report can only be released when the EQCR is satisfied that all significant questions raised have been resolved.
An EQCR is appointed for the audits, including any related review(s) of interim financial information, of all listed entities, non-listed entities with a high public profile, engagements that require an EQCR under applicable laws or regulations, and other engagements as designated by the Audit Risk Management Partner or the Chief Auditor.
To invest in building the skills and capabilities of our professionals, we adopt a continuous learning environment. We support a coaching culture throughout KPMG as part of enabling colleagues to achieve their full potential.
Our Coaching for Quality programme, which was developed with the support of external behavioural psychologists, gives colleagues the tools they need for productive coaching conversations.
New engagement leaders are also provided with an experienced mentor to support their transition into this critical role.
Audit documentation records the audit procedures performed, evidence obtained, and conclusions reached on significant matters on each audit engagement. Our policies require review of documentation by more experienced engagement team members.
Standardised approaches and workpapers assist our audit teams with appropriately supported and documented conclusions.
The results of our external and internal monitoring processes can be found in ‘Activities during the year’ tab above.
At the centre of our Global Quality Framework is continuous improvement. The FRC’s requirement for Tier 1 firms to consolidate their audit quality programmes and actions into a Single Quality Plan (SQP) has been a positive development which has helped us provide better focus to our programmes and respond to issues or trends as they emerge. Audit quality must keep pace with the risks audited entities face and our SQP supports us in being dynamic to respond to emerging issues. We have been pleased with the recognition of the quality and utility of our SQP as we have worked to embed it in our processes, use it to monitor our progress, and support us in identifying areas for remediation.
Our SQP supports us in evaluating information from a range of data points including our Emerging Issues process, inspection and review findings, Second Line of Defence themes, root cause analysis reporting, the Annual Risk Review and executive meetings such as Quality Council and Audit Executive meetings.
Every month we assess what topics have escalated in priority or have been resolved and we track these movements on our dynamic heat map. The heat map helps us identify and keep focus on both our transformational programmes and our foundational programmes. The status of these programmes can change throughout the year as we evaluate the effectiveness of actions taken and the associated KPIs.
Our transformational programmes at the start of the year were:
By the end of the year our deployment of KCw was complete and all engagement teams were working on KCw – so the oversight of the technology and methodology related to KCw moved to business as usual with the implementation considered successful.
Following findings in two consecutive years of AQR inspections and internal monitoring, we prioritised activities relating to our audit of impairment and other valuations using short-term cashflow forecasts into an Impairment transformational programme. This programme is focused on interventions to better support the execution of teams’ work in this complex area.
Our foundational programmes, which we expect to be an enduring focus as they support our ability to deliver sustainable audit quality, are:
Each month we assess our progress through a combination of progress and effectiveness KPIs which are a blend of qualitative and quantitative measures, linked to the objectives of each programme. As these measures can fluctuate during the year, we look for trends and evidence that the measures we are taking are being effective. This will be key in ensuring we have an effective response to audit quality related issues.
Responding to feedback from our Audit Board and our regulator, we have invested in both our root cause and remediation teams over the past year to ensure that we learn from the findings of both internal and external reviews, have robust processes to embed best practices, and have appropriate actions plans developed to address learnings. Both teams have been set up to be operationally separate from audit teams and report through the Chief Auditor to the Head of Audit Quality.
The root cause team performs reviews on the findings from AQR, QAD and internal monitoring inspections as well as evaluating a number of data points to identify risks and issues associated with audit quality to determine what other projects are required in the year. The root cause team uses a variety of data points to inform interview questions and seeks to get to the bottom of why the issues occurred.
The remediation team takes the outputs from the root cause team to develop appropriate responses and monitors the effectiveness of these actions, proposing adjustments where they are not having the desired impact. Regular monitoring of the impact of remedial actions is a key part of our RCA programme so that we can adapt our approach as new issues arise. We apply a mix of remedial actions including those focused on driving a sustainable high challenge, high support culture with supporting behaviours alongside technology and training enhancements. This is now led by a dedicated, experienced individual.
In the past year we have increased the size of both teams, drawing from a pool of experienced auditors with skill sets that complement the role. Improvements completed to date are:
In addition, the RCA taxonomy was reviewed and updated at the end of the 2022/23 RCA cycle. Different levels of aggregation and disaggregation have been created to enable clear identification of root causes and enhance the design of targeted remedial actions. Categories have been redrawn so that Quality Monitoring, Skills and External Factors are separately identified.
The severity of root causes is now assessed with the classifications being primary, secondary or contributory. Primary and secondary are subject to aggregation and reporting.
We are confident that the changes we are making will enable us to have a more robust root cause process which really gets to the source of any quality issues that arise.
The adoption of KCw as our global audit tool has enhanced the independent monitoring of the status of our audits. We have developed milestones that audit teams are challenged to meet through the audit cycle with the objective of completing as much work as possible in advance of the post year end compressed time frame, ensuring that teams have the requisite time to stand back and assimilate their audit findings before signing their opinions. This, together with the use of data mining tools to detect the need for direct intervention to provide additional support to teams, helps ensure that the right work is being undertaken by the right people at the right time.
During the year we developed and published an engagement dashboard to show each engagement leader a dynamic picture of the status of their audit, so they have full visibility of the information we are monitoring centrally. In addition, the quality and business leads for each of the three Performance Groups have access to a dashboard for their part of the business so they can help support completion and design responsive actions for teams who are falling behind.
The information from monitoring activity is considered when determining which engagements need to be escalated for further support. We are continuously refining the data and using what we learn from this year to continuously improve and evolve our monitoring processes. This will allow us to more proactively monitor and support our entire engagement portfolio.
Integrated quality monitoring and compliance programs enable KPMG firms to identify quality deficiencies, to perform root cause analysis and develop, implement and report remedial action plans, both in respect of individual audit engagements and the overall SoQM.
We focus on ensuring our work continues to meet the needs of participants in the capital markets. To achieve this goal, we employ a broad range of mechanisms to monitor our performance, respond to feedback and understand our opportunities for continuous improvement:
This is at the heart of how we drive a mindset focused on quality and continuous improvement.
The People and culture section sets out in detail how we are placing a culture of “High Challenge, High Support” at the centre of our values-based approach, to help drive audit quality and create an environment of continuous improvement.
It’s not just what we do at KPMG that matters — we also pay attention to how we do it. The KPMG values are our core beliefs, guiding and unifying our actions and behaviours. Shared across all colleagues and in every country, jurisdiction and territory in which we operate, they are the foundation of KPMG’s unique culture.
The People and culture section sets out in detail how we are embedding these factors to help drive audit quality and create an environment of continuous improvement.
Robust application of our well-established acceptance and continuance policies enables us to make swift, consistent and good decisions about which entities we work with and what work we do.
We evaluate all prospective audited entities at a number of points in the onboarding process, starting with the decision to participate in a tender. Checks cover areas including conflicts of interest, independence and the identity and integrity of management and owners.
All evaluations are reviewed by a second partner; high risk evaluations are reviewed by the Chief Risk Officer for Audit. The review process may identify additional mitigations to be put in place against specific audit risks including delivery risks such as information security and data privacy.
We reconsider whether to continue as auditor on each audit annually. We take into consideration weaknesses within the audited entity’s governance structure, control environment, finance function, culture and behaviours, and where applicable any known or suspected non-compliance with laws and regulations. Where there are issues that pose a significant risk to audit quality, we may impose conditions on our continuance as auditor.
The issuing of conditions on continuance, in writing, to those charged with governance allows the engagement leader to document the issues experienced during the course of the audit and to outline the necessary steps and/or actions that need to be taken by those charged with governance.
We have developed tools to support engagement leaders who have imposed conditions on continuance in performing regular ongoing monitoring of progress against the conditions. Where there is little evidence of progress, the engagement leader will escalate the case to the Head of Business Risk for consideration of next steps which could include a formal continuance panel.
During the year we delivered on-screen training to all our people on the importance of following our acceptance and continuance policies, including using our ACCEPT framework to support and articulate our acceptance and continuance decisions. We work with audited entity management to agree any conditions on continuance and monitor progress against commitments.
Rigorous client and engagement acceptance and continuance policies are vital to being able to provide high-quality professional services.
We evaluate all prospective audited entities before accepting them. This includes a review of any non-audit services provided to the entity and of other relevant relationships and matters which may have a bearing on our independence. We also perform background checks on the prospective audited entity, its key management and beneficial owners. A key focus is on the integrity of management.
A second partner, as well as the evaluating partner, approves the prospective audited entity evaluation. Where the audited entity is considered to be ‘high risk’, the Risk Management Partner is involved in approving it. Each prospective engagement is also evaluated. The engagement leader evaluates this in consultation with other senior colleagues and Risk Management leadership as required.
Controls are built into our engagement management system to ensure we complete the audited entity and engagement acceptance process appropriately.
Additional safeguards may be introduced to help mitigate any identified risks and potential independence or conflict of interest issues are documented and resolved prior to acceptance.
We will decline a prospective audit engagement if a potential independence or conflict issue cannot be resolved satisfactorily.
Audit services are reviewed at least annually. Ongoing monitoring means that audited entities are re-evaluated earlier if there is an indication that there may be a change in their risk profile. Recurring or long-running engagements are also subject to periodic re-evaluation.
We are committed to being a place where diverse talent can flourish and recognise that it is the quality of our people that will ultimately determine our success.
The People and culture section explains the measures and policies we have in place to ensure we remain focused on diversity, skills and quality.
Across the global organisation KPMG people make the real difference and are instrumental in shaping the future of audit at KPMG. We put quality and integrity at the core of our audit practice. KPMG auditors have diverse skills and capabilities to address complex problems.
We are committed to equipping our people with the skills and tools they need to deliver high-quality work for our stakeholders and for the entities that we audit.
One of the key drivers of quality is making sure we assign people with the right level of skills and experience to the right engagements. This requires a focus on recruitment, development, promotion and retention of our people and the development of robust capacity, accreditation and resource management processes.
You can read more about our UK people strategy in the People and culture section.
Completing the transition to the KPMG Clara workflow (KCw) this year means that it will be easier for our people to execute high-quality audits and respond consistently to identified risks.
This is accompanied by the KPMG Audit Execution Guide (KAEG) which sets out our methodology requirements. The methodology is based on the requirements of the International Standards on Auditing (ISAs) and all member firms are required to follow it. KAEG also includes additional requirements that go beyond the ISAs and which KPMG believes enhance the quality and value of our audits. At KPMG in the UK, we add local requirements and guidance to comply with additional professional, legal or regulatory requirements specific to the UK and our own internal policies.
As ever, in the UK we will continue to develop our audit methodology to remain in step with changes in laws and regulations, and to proactively respond to economic or industry events. KPMG Clara provides our audit teams with access to such requirements and industry knowledge with smart libraries embedded within the tool. This allows for a consistent approach, tailored by industry, and focused on key audit risks.
To further support our teams, standardised workpapers and guidance assist our audit teams in consistent delivery. During the year we implemented a new online tool, the UK Audit Requirements Tool, to deliver this content to our people in a manner that is consistent with, and complementary to, the KPMG Clara workflow.
We are committed to ensuring that audit professionals have appropriate audit, accounting and industry knowledge, experience and training. Our accreditation process enables us to ensure the right partners and employees are assigned to engagements and are licensed where necessary.
Our formal audit training programme supports the development of technical expertise and knowledge within our audit practice. It includes mandatory audit and accounting technical training, industry-specific training and risk courses. This is supported by centrally run fortnightly technical briefings, lunch and learns (including a new programme on core audit skills and fundamental knowledge), drop-in clinics and locally run sessions using centrally developed content.
This year, our flagship training programme, KPMG Audit University (KAU), ran over three days and was attended by 3,062 (FY22: 2,728) Audit and IT Audit colleagues. The training was based around a case study which participants worked through in teams, mirroring a real audit team structure. The content included risk assessment, controls, sampling, journals testing and fraud, and introduced new technology in the audit in the form of AI transaction scoring. We also spent time on what the future of audit means to us all and how our audit practice is evolving to respond to the macro-driven changes. The content was delivered in a mix of plenary and breakout sessions. As well as linking multiple UK locations for the event kick-offs, we also ran some sessions directly with our offshore KPMG Global Services (KGS) colleagues, who completed the same content at their events.
The mandatory learning curriculum includes quarterly updates focusing on performing an effective quality audit with different topic areas included as relevant. An Audit Quality and Risk Workshop is delivered twice a year for engagement leaders and focuses on key messages driven by internal and external monitoring findings. This content is also extended to audit managers and senior managers through live and recorded workshops.
In addition, partners and audit professionals must complete training relevant to their grade and role. This includes sector-specific training as well as training to support staff in their roles, such as working on US engagements, and has included a new global banking curriculum this year.
Our curriculum extends beyond audit technical learning. For example, our ‘Building Trust’ risk training has this year focused on conflicts of interest, client acceptance, our Code of Conduct, protecting information, and firm and personal independence.
As well as the technical curriculum, auditors also spend time on skills programmes to support their career and professional development.
Internal consultation, both formal and informal, is a fundamental contributor to quality; it is always encouraged and is mandated in certain circumstances. We provide appropriate consultation support to audit engagement professionals through professional practice resources – this includes our Chief Auditor, Chief Accountant, DPP (Department of Professional Practice) Accounting & Reporting, DPP Audit and Audit Risk Management.
The mandatory consultation requirements include matters such as where we identify non-compliance with laws and regulations, where a team proposes to deviate from our standard methodology, or where certain risks such as issues with going concern are identified. Consulting on issues is a fundamental part of our high challenge, high support culture – this year we have sought to improve the support to teams by introducing service level agreements and extending the scope of consultations in some areas to include review of certain documentation on the audit file.
We have also established Audit Risk Panels, led by an audit quality or audit risk management partner and supported by an experienced field partner. These enable direct challenge of the approach to the key audit issues on our highest risk audits and support the team in reaching robust conclusions on approach and timing.
The Second Line of Defence team provide coaching and technical support through their hot review programme which provides feedback on both the audit approach and the clarity of audit documentation. Our US Accounting and Reporting group (USARG) based in London provides coaching and technical support for our US engagement teams and further technical support is also available through our International Standards Group as well as the US Capital Markets Group based in New York, for work on SEC registrants.
Across the global organisation, KPMG is committed to continuing to build on our professionals’ technical expertise and knowledge recognising its fundamental role in delivering quality audits.
We are committed to ensuring that audit professionals have appropriate audit, accounting and industry knowledge, experience and training. Our accreditation process enables us to ensure the right partners and employees are assigned to engagements and are licensed where necessary.
KPMG International (“KPMGI”) has established a quality framework across its network of member firms based on the International Standard on Quality Management (ISQM1) issued by the International Auditing and Assurance Standards Board (IAASB) and the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA), which apply to professional services firms that perform statutory audits and other assurance and related services engagements.
The policies and associated procedures within this framework enable member firms to comply with relevant professional standards, and with regulatory and legal requirements, and help our partners and employees act with integrity and objectivity, performing their work with diligence.
KPMG in the UK supplements KPMG International’s quality framework with additional policies and procedures that address its specific business risks as well as rules and standards issued by the FRC, the ICAEW and other relevant regulators, such as the US Public Company Accounting Oversight Board (PCAOB).
Refer to: Quality control and risk management (Our quality control and risk management systems)
We continue to refine our processes and controls to ensure we can mitigate and respond to risks which could affect audit quality. Our key quality control processes include:
The Audit Quality Council is a forum for the leaders of our Audit Quality central teams and those with a role in driving audit quality activity in our Audit Performance Groups to discuss and agree on actions to implement our audit quality strategy. The Council meets monthly and receives updates from our Audit Quality central teams on their observations and activity for the month together with consideration of actions to address any emerging issues. Progress on both internal and external inspections are discussed and also the monitoring of remedial actions from prior reviews and inspections. Our audit learning plan is also approved at the Quality Council on an annual basis. The meeting is chaired by the Head of Audit Quality with members of the Quality Council including the heads of the Audit Quality teams e.g., Departments of Professional Practice, Second Line of Defence, Chief Auditor, Chief Accountant, and heads of internal and external inspections. The meeting is also attended by the Chief Risk Officer (CRO) for Audit, Audit Learning Director, Head of Culture for Audit and the partners who lead on Quality in the Audit Performance Groups including our offshore Quality Team.
The Audit Risk & Quality sub-committee meets on a monthly basis to assess and proactively address the risks that threaten audit quality. This could be across our Public Interest Entity, Other Entities of Public Interest or wider audited entity portfolios. The main areas considered by the sub-committee include the assessment and challenge of the safeguards and mitigations in place in response to the movement in internally calculated risk scores associated with individual audited entities and sectors; the response to the Second Line of Defence team’s assessment of individual audit engagements; updates on regulatory developments and the status of associated regulatory commitments; and the identified actions in response to entities, engagements and themes included on the capability risk watchlist. Membership of the sub-committee includes the Audit Chief Risk Officer as Chair, Head of Audit Quality, Chief Auditor, Chief Accountant, Head of Audit Regulatory Compliance and representatives from the key performance groups across the Audit capability.
The Chief Risk Officer for Audit attributes red, amber or green ratings to engagement leaders based on the size, nature and risk profile of their portfolios. These ratings may then be adjusted upwards to take account of other risk-based factors such as high hours, low holidays, high sickness and high managed volume. Engagement leaders discuss their rating, portfolio, wellbeing and any other concerns they may have in an interview as part of the Annual Risk Review. Findings are reported to Audit Risk Management and Audit Leadership, who take action as required.
To drive continuous improvement of audit quality we need to have the right people, with the right skills doing the right work at the right time.
Our audit portfolio has been divided into segments based on the risk and nature of the entities subject to audit. This has resulted in three defined main accreditation segments for managers and above – Listed and Regulated, Private Capital and Public Sector.
Each main accreditation segment is in turn made up of a number of sub-segments, enabling targeted competence and capability requirements within the overall accreditation segment.
Additional technical audit requirements apply to individual audits of certain entities. Each technical overlay has additional technical capabilities and some involve specific training over and above those of the three accreditation segments. Those technical overlays without specific training requirements are awarded at the discretion of the Audit CRO or Chief Auditor.
Accreditation requirements are determined at the engagement level and are driven by the sub-segment of the audited entity.
On an annual basis, all auditors from Manager to Partner are awarded a Certificate of Accreditation on the basis of their experience and training.
During the year we implemented new software – eQualify – to track whether individuals hold the accreditations needed to work on an audit in a more robust fashion. eQualify is a one-stop solution to people’s accreditations. Phase one deals with technical overlays, which are requirements specific to individual audited entities as discussed above. Each individual in KPMG in the UK and KGS in India has a profile in eQualify and can see at a glance what Audit Technical overlays they hold. They can also see if they need any further technical overlays which are linked to the jobs in their portfolio. If they do, the detail in the technical overlay links directly to our Learning Management system and each person can assign themselves the relevant training without the need to consult. Once they have completed the relevant training, the technical overlay is automatically marked “green” in the audited entity on which they are working.
With effect from 5 December 2022, new regulations introduced by the FRC require all audit engagement leaders who sign UK public interest entity audits to be registered on the PIE Auditor Register (“PAR”). Our accreditation process supports our assessment of those engagement leaders registered to audit UK PIEs. Currently 101 audit engagement leaders are included on the PAR.
Audit risk panels are held at planning and completion stage on high-risk engagements to challenge the audit team on their key judgements and planned audit approach. These panels are held prior to key communications with audit committees and include a review of the planned communications and financial statements. Each panel is chaired by an audit quality partner and supported by an experienced field partner and includes key members from the engagement team as well as the Second Line of Defence reviewer. Actions coming from the panel in previous years have been to delay signing, to consult further with a technical expert, to adjust the audit approach or to amend clarity of disclosures in the annual report. In a survey of engagement teams, an overwhelming majority found them a useful process for challenging and refining their approach.
Our Second Line of Defence team seeks to mitigate execution risk in the most significant areas of the audit for relevant engagements by evaluating and providing feedback on both the audit approach and the clarity of audit documentation. We have continued to grow our Second Line of Defence team in the current year and to enhance the approach that is followed. Notable developments this year included:
Our Second Line of Defence reviewers provide monthly reporting to the Performance Group Leaders with an assessment of the engagements they are supporting with a RAG (red, amber, green) rating of the risks facing the engagement team from a resourcing or quality point of view. The RAG rating will alert the Performance Group Leader to the need to take remedial action to mitigate any risks.
For listed or high-risk entities, an independent review of financial statements is carried out by the Department of Professional Practice prior to the audit report being signed. This review seeks to identify instances of material non-compliance with reporting requirements and areas where disclosures are unclear or could be improved.
The pre-issuance review is, of necessity, conducted when the final financial statements are available, which tends to be towards the end of the audit. This year we have developed our pre-issuance review guidance and process to further support audit teams and enhance the quality of the audit. We have improved communication between pre-issuance reviewers and audit teams by holding more upfront planning discussions and encouraging greater dialogue between the audit team and the reviewer.
For the largest and highest-risk engagements, pre-issuance reviewers are now identified much earlier in the audit cycle and audit teams are encouraged to discuss accounting and reporting matters with the reviewer throughout the audit. This aims to reduce the issues identified late in the audit process.
In addition, we are encouraging entities to prepare their annual reports earlier to facilitate conducting pre-issuance reviews on an earlier draft of the document. Where this is not possible, the pre-issuance reviewer can review individual disclosure notes where these are new or considered by the audit team to be higher risk.
The Emerging Issues (EI) process is a standard reporting framework which captures emerging audit quality issues, to determine and evaluate common issues identified across our technical teams, findings from internal and external quality reviews, and other external sources. The purpose of the EI process is to stay abreast of issues arising and take necessary action. Actual or potential emerging issues are identified from a number of sources including audit leadership, field auditors, the Audit Centre of Excellence (ACE) and audit quality monitoring activities (on both live and completed engagements). In addition, other potential emerging issues are identified from third party sources such as FRC announcements, press comments and other regulatory announcements. This allows us to capture an inventory of possible emerging issues, based on the activities of ACE and more widely across the audit practice. The EI process aggregates themes, prioritises them and provides mitigating responses to the audit practice in a timely manner.
The Chief Auditor presents a monthly summary discussion paper at the Audit Quality Council (AQC) for approval of the proposed actions. Root Cause Analysis (RCA) will be used to investigate selected issues where more detailed insight is needed before a response can be developed and deployed. This complements the existing RCA process focused on quality review findings.
The EI framework is designed to capture emerging issues and deliver timely responses to them. However, we recognise that, from time to time, a faster reaction may be needed. For example, issues may arise that are considered by the AQC to be of sufficient significance (i.e., they relate to a matter that audit teams more generally need to be aware of in short order to ensure audit quality) as to require a more immediate response, or an interim response while a longer-term solution is developed. These urgent escalations will either be in the form of communication in the DPP Bulletin or via an immediate communication from relevant audit leadership if an even swifter response is required.
We monitor the effectiveness of actions taken through existing monitoring processes in liaison with the action owners.
The quality of a KPMG audit rests on our SoQM and KPMG’s global approach to ISQM 1 emphasizes consistency and robustness of controls within KPMG firms’ processes.
Our key quality control processes include:
In line with the KPMG Global SoQM Methodology, KPMG in the UK conducts an iterative risk assessment process (iRAP). This continuous process, overseen by those with operational responsibility for the SoQM and the Audit Committee looks at a range of internal and external sources to assess whether there are any additional risks relevant to the System of Quality Management (SoQM) that may require the implementation of additional controls or formal inclusion of existing controls within the SoQM. Once identified, controls are subject to monitoring and evaluation activities.
Under ISQM1 we are required to evaluate the effectiveness of our system of quality management on an annual basis.
Technology is at the heart of our efforts to enhance audit quality, create greater consistency and drive efficiencies in how we deliver our audits. It’s why we are making smart technology our business-as-usual mode of audit delivery – it’s simply the way a modern audit is carried out.
Matching the power of smart technology with curious and inquisitive minds and professional scepticism will enhance audit quality. We are now using our smart audit platform, KPMG Clara, on all of our audits and this is having a positive impact.
We continue to use data analytics to identify and respond to risks, ensuring our work is data-driven; in FY23 we processed 1.433 trillion rows of data through our proprietary analytics tools.
During the last year we’ve invested in a range of emerging technologies, focusing on artificial intelligence but also ensuring we have solutions in place to audit cryptocurrency balances and to automate our audit work in response to the latest financial reporting standards (e.g., IFRS 17).
Internationally, KPMG has invested $5bn in technology and innovation over the last four years and during 2023 announced a further multi-billion-dollar investment with Microsoft.
KPMG Clara is our global, digital audit platform. It is used worldwide by over 85,000 auditors on over 100,000 audits.
KPMG Clara is built on four key capabilities:
During the last year, in the UK we have transitioned all our audits from our former audit software to our next-generation, cloud-enabled audit workflow tool, KPMG Clara workflow (KCw). This is faster, more intuitive and has a clearer connection between risk assessment and audit response. The new tool also provides our central quality monitoring team with the ability to monitor our teams’ progress and highlight where additional support may be needed to ensure effective and timely planning.
Half of the audits in this year’s FRC AQR inspection were delivered using KCw and the results compare favourably to the audits delivered using our previous software.
AI will transform the future of audit, so we are making significant investments in both AI technology and training. Our Microsoft Alliance is key to this.
Emerging technology like generative AI will have a significant impact on all professional services, including audit. That is why we are investing and collaborating with Microsoft to bring generative AI to life in how the audit is conducted. KPMG will adopt Microsoft Copilot and we are layering Microsoft’s state-of-the-art machine learning models, natural language processing capabilities and enhanced analytics into KPMG Clara. We are also integrating Microsoft Fabric into our platform, bringing KPMG teams the ability to directly access data instead of having to extract and ingest it into our audit tools. This is a key component in helping our teams perform audits on a more real-time basis.
A further significant development during the year was our strategic alliance, announced in May 2023, with MindBridge, to bring increased levels of machine learning into KPMG Clara. By combining KPMG’s in-depth industry experience and MindBridge’s advanced risk discovery and anomaly detection techniques, we will digitally transform audits, providing increased quality and value to our audited entities and enhancing public trust.
We continue to invest in our central audit technology team, increasing headcount from 208 at the end of FY22 to 258 by the end of FY23. The team works closely with auditors across the business to develop and deploy the latest technology into our digital audits.
Alongside this, we have a comprehensive training and upskilling programme for all our audit professionals in new technology, innovation, data analytics and AI – working to create the ‘Next Generation’ of auditors as we embrace digital and the quality and performance benefits it can deliver.
At KPMG, we are anticipating the technologies that can shape our near future and are driving an ambitious innovation agenda. KPMG has transformed the audit experience for KPMG professionals and clients. The alliances and leading technologies used across the global organization are enhancing audit quality by increasing our ability to focus on the issues that matter.
Technology is at the heart of our efforts to enhance audit quality, create greater consistency and drive efficiencies in how we deliver our audits. It’s why we are making smart technology our business-as-usual mode of audit delivery – it’s simply the way a modern audit is carried out.
Matching the power of smart technology with curious and inquisitive minds and professional scepticism will enhance audit quality. We are now using our smart audit platform, KPMG Clara, on all of our audits and this is having a positive impact.
We continue to use data analytics to identify and respond to risks, ensuring our work is data-driven.
We’re also investing in a range of emerging technologies, focusing on artificial intelligence but also ensuring we have solutions in place to audit cryptocurrency balances and to automate our audit work in response to the latest financial reporting standards (e.g., IFRS 17).
Effective communication is critically important, both externally to key stakeholders and internally to staff and audit teams.
External communication audiences include our regulators through reporting and regular dialogue, as well as investors and other interested parties primarily via our audit reports. We also communicate with the entities we audit through two-way channels. Confidentiality, information security and privacy are also essential concerns that we take extremely seriously.
Wider communication to all stakeholders who may take an interest in our business is a growing priority too – as evidenced by the time and resource we commit to our public reporting via this Transparency Report and other reports linked to our Annual Review such as our: Planet Impact Report; Community Impact Report; Pay Gap Report; Partner Diversity Report; Climate, Energy and Carbon Report; and our Members’ Report and Financial Statements. This is all hosted on Our Impact, which is the home for all of KPMG in the UK’s corporate reporting.
Strong internal communication is also key, to ensure that our people know what is expected of them, how the practice is performing, and priorities moving forward – and also to give our staff a mechanism to have their views and feedback heard by audit leaders.
In Q4 2022, and in response to an invitation from the Audit Committee Chairs’ Independent Forum (ACCIF), a group of experienced audit committee chairs, auditors, and executives from the Financial Reporting Council (the Group) first came together to see how they could further advance their common objective to enhance audit quality and the wider understanding of the subject.
The Spring Report was the outcome of these deliberations.
The Group’s discussions were focused at the company level and on the enhancements that could be made to support a high-quality statutory external audit. Quality improvements can be found in recognising that audit is a dynamic process, requiring continuous engagement between the auditor and company at all levels.
The outcome from this project has been a series of key learnings that, if embraced by all stakeholders, the Group believes will enhance audit quality in both its form and execution as well as its role and understanding in the wider stakeholder community. These are summarised in four areas:
The Key Learnings Discussion by the Group highlighted that delivering a high-quality audit relies on the auditor, management and those charged with governance (boards and their audit committees) working effectively together. It was also acknowledged by all Group members that a company’s audited statutory accounts are the sole responsibility of the Board of Directors and are not, as some have suggested, the “auditor’s accounts”.
The key learnings from the Spring Report were shared with KPMG’s audit partners and directors to enable them to have the relevant discussions with the audit committee chair of audited entities so that the key learnings can be put into practice on audit engagements.
Throughout the year, the firm has been actively involved in the latest Audit and Corporate Governance reform developments. This includes engaging with and responding to consultations and calls for evidence from the FRC and the Department for Business and Trade.
In our view it’s essential that the UK’s regulatory framework retains and builds on its world-leading position so that we continue to be an attractive destination for business, investment and talent. As a firm we are supportive of reducing any unnecessary red tape.
We believe that reliable corporate reporting is vital to well-functioning financial markets, business investment and growth. In particular, we believe that resilience statements and revised capital maintenance disclosures, together with a new framework for internal controls reporting and the creation of the new regulator ARGA (the Audit, Reporting and Governance Authority) with statutory powers to regulate across the boardroom, have the greatest potential to make a positive impact.
Although it was disappointing to see the statutory instrument which introduced new corporate reporting requirements withdrawn, we look forward to continuing to engage with the next stage in the process and, in particular, the revised UK Corporate Governance Code and the forthcoming consultation on the UK Stewardship Code.
Our Audit Committee Institute (ACI) helps audit committee members enhance their awareness, commitment and ability to implement effective processes – with a view to contributing positively to the long-term sustainability of UK plc.
The ACI in the UK now has around 2,277 (2022: 3,100) members across both the private and public sectors. 56 FTSE 100 companies (2022: 67) have engaged with the programme through the active attendance of one or more board members. The audit committee chairs of 61 FTSE 100 companies (2022: 74) are members – receiving our thought leadership, guidance, updates and surveys.
High-quality information and effective governance are an essential foundation for strong capital markets. KPMG’s Investor Insights programme has been set up to facilitate communication between auditors, who provide vital assurance over financial statements issued to the markets, and investing shareholders, who rely on that assurance.
Our programme aims to:
The programme is sponsored by the Audit Executive, reports to (and is challenged by) our Audit Board and Public Interest Committee and is delivered with the support of some of our most experienced audit partners. In the current year, we have continued to extend our engagement with investors and investor organisations to better understand their needs and inform how we can best respond.
Ongoing initiatives to reform corporate governance regulation, corporate reporting and audit have been important topics to explore in our conversations with investors, generating valuable insight into how the audit might need to change to better meet investors’ needs. We have incorporated that feedback into our responses to the various reviews of the profession.
We greatly value the insight and challenge provided by investors over the course of this year and encourage investors to continue to engage with us as we help shape the future of audit.
ESG and climate change in the financial statements and audit
Investors remain heavily focused on ESG (especially climate change) and how it is being captured and reflected in the financial statements. We continue to engage with the investor community to better understand the calls for additional transparency in our audit reports and discuss how material climate risk exposures are factored into our audit process.
We have provided investors with clarity on the topic by including a section in all Long Form Audit Reports for the FTSE 350 explaining the impact of climate risk on our approach to the audit and including the link between these risks to our key audit matters and significant judgements and estimates, where relevant.
We have a dedicated ESG Assurance team working closely with audit teams and are offering those that are ready, additional assurance over KPIs that are of most interest to investors.
As a leading professional services firm, we recognise the importance of engaging with politicians, policy makers and our regulators on issues of importance to business and society. We are committed to ensuring that our political engagement is based on principles of transparency, integrity and accountability, and we maintain a position of political neutrality at all times. We have a firm-wide political relationships and activity policy that all colleagues must comply with to ensure we demonstrate best practice at all levels of engagement.
Further details of our approach to political engagement can be found here.
Talking Audit is our monthly online news publication, supporting the cascade of progress and updates aligned to our strategic priorities for Audit (Empowering Our People, Delivering Sustainable Quality, Supporting Seamless Delivery, and Maintaining Robust Growth). We are increasingly shaping our storytelling around our Future of Audit vision, all of which underpin our ambition to become the most trusted firm.
Cath Burnet, Head of Audit, shares practice and firm-wide updates via a monthly video, and we spotlight leaders and colleagues to drive further engagement across topics and teams. Our monthly People Stories explore the variety of roles and career paths within the practice, helping bring to life our approach to supporting Inclusion, Diversity and Equity and our High Challenge, High Support culture.
To ensure leadership are informed on topical updates (from economic, regulatory and governance to strategy, quality and people matters), monthly calls for the Audit partner and director population are hosted via Teams, supported with the opportunity to ask questions and complementary key messages and actions.
A regional roadshow schedule also supports both leadership visibility and colleague opportunity to have open and honest dialogue in an informal face-to-face setting, with conversation themes informing all our communications.
We recognise that another important contributor to upholding audit quality is to obtain and promptly act upon feedback from key stakeholders.
Effective communication is critically important, both externally to key stakeholders and internally to staff and audit teams.
External communication audiences include our regulators through reporting and regular dialogue, as well as investors and other interested parties primarily via our audit reports. We also communicate with the entities we audit through two-way channels. Confidentiality, information security and privacy are also essential concerns that we take extremely seriously.
Wider communication to all stakeholders who may take an interest in our business is a growing priority too – as evidenced by the time and resource we commit to our public reporting via this Transparency Report and other reports linked to our Annual Review, such as our: Planet Impact Report; Community Impact Report; Pay Gap Report; Partner Diversity Report; Climate, Energy and Carbon Report; and our Members’ Report and Financial Statements. This is all hosted on Our Impact, which is the home for all of KPMG in the UK’s corporate reporting.
Strong internal communication is also key, to ensure that our people know what is expected of them, how the practice is performing, and priorities moving forward – and also to give our staff a mechanism to have their views and feedback heard by audit leaders. Annually, all KPMG colleagues are invited to participate in KPMG’s Global People Survey, to share their perception on their experience of working at KPMG. Each member firm is responsible for taking appropriate actions to communicate and respond to its findings.
These are crucial attributes for anyone connected to Audit.
The Quality control and risk management section explains the processes and controls we have in place to ensure we meet the standards required.
Auditor independence is a cornerstone of international professional standards and regulatory requirements.
As described in the Quality control and risk management section, we have adopted the KPMG Global Independence Policies which are derived from the IESBA Code, and, in the UK, supplement them with other policies to ensure compliance with the FRC’s 2019 Ethical Standard.
These policies and processes cover areas such as firm independence, personal independence, firm financial relationships, employment relationships, partner rotation, and approval of audit and non-audit services.
Compliance with laws, regulations and standards is a key aspect for everyone at KPMG. In particular, we have zero tolerance of bribery and corruption.
We prohibit involvement in any type of bribery – even if such conduct is legal or permitted under applicable law or local practice. We also do not tolerate bribery by third parties, including by the entities we audit, our suppliers or public officials.
More about KPMG lnternational’s position and policies on anti-bribery and corruption can be found on the anti-bribery and corruption site.
