Quality is at the heart of our Audit strategy and every action we take is with the motivation of continually improving it.
We have made significant investment in audit quality over the past five years. This year we have introduced a Single Quality Plan, building on our previous Audit Quality Plan. This plan incorporating our Banking Audit Quality Improvement Plan as a top priority, brings together our key focus areas to drive sustainable improvements to audit quality across our business.
We are seeing the positive impact of this with the FRC’s external measure of audit quality placing us at the top of the Big Four professional services firms this year. We are pleased to see the benefit of our investment, but we are not complacent and continue to challenge ourselves on how the programmes in our Single Quality Plan will help us sustain and improve our performance.
Our investments in quality have re-engineered every aspect of our Audit practice. We have strengthened our governance and controls, standardised the way we execute audits, invested in market-leading technology which is central to audit delivery, and transformed the training and guidance we give to all auditors including in emerging areas such as ESG, cyber and cryptocurrencies. In this way, we are ensuring that we are preparing for the future of Audit as technology develops and regulations, requirements and stakeholder expectations change.
We also believe this stands us in good stead as external conditions continue to be volatile, unpredictable and, potentially, recessionary. These conditions will make some aspects of audit analysis and judgement more complex – but the investments we have been making, particularly in technology, people and processes - will strengthen our ability to perform high-quality audits that take account of all the data and performance indicators available.
Since 2018, our investment has brought additional people into our Audit practice, while at the same time ensuring we have the right number of audit engagements to remain focused on the delivery of high-quality audits. We have continued to look carefully at the shape and size of our audit portfolio, reflecting on Sir John Thompson’s remarks in the FRC’s ‘What makes a good audit?’ publication:
“…we also recognise the important contribution that the management of the audited entity and those charged with governance can make to a robust and comprehensive audit. A well governed company, which reports transparently, and has clear and robust evidence that underpins that reporting, as well as effective internal controls are all important in underpinning a high-quality audit.
Sir Jonathan Thompson / Chief Executive Officer, FRC As quoted in the FRC’s “What Makes a Good Audit?” paper, November 2021.
Our decisions in relation to our portfolio are always guided by our public interest responsibilities to deliver safely on our book of work.
Each year we consider all of the data we have on audit quality successes and challenges by looking internally and externally and delving into the results of our detailed work on root cause. This analysis allows us to assess which programmes and actions we must focus on in our annual quality plan to respond to current challenges or sustain improvements. This means we stay laser-focused on the things which will bring rigour, consistency and efficiency.
FRC Audit Quality Inspection and Supervision Report of KPMG LLP, July 2022
I am confident that the significant improvement we have seen in our external FRC inspections, which is aligned to our internal audit quality assessments, demonstrates the positive impact of the continued investment in our audit quality transformation - in particular the commitment and efforts of everyone in our Audit practice. But we are not complacent and our priorities for 2023 demonstrate our ongoing commitment to placing sustainable quality at the heart of our Audit strategy.
Cath Burnet / Head of Audit, KPMG in the UK
We are focused on sustaining our improvements with some clear priorities for the year ahead.
We will continue to embed our high challenge, high support culture, as well as embed and operate the requirements of the International Standard on Quality Management (ISQM1) which became effective from December 2022.
We embraced the FRC’s vision for a Single Quality Plan (SQP) for all Tier 1 firms and have developed our SQP, aligning it with our programmes in the Audit Quality Plan.
Over recent years we have made the quality of execution on banking audits and the methodology and guidance which underpins them, a top priority. This focus resulted in our root and branch Banking Audit Quality Improvement Plan (BAQIP), which was first created in 2020. Through this Plan we have benefited from helpful engagement with the FRC, underpinning iterative improvements each year. This has meant that over the past two years we have:
We were pleased to see a significant improvement in our banking inspection results this year, showing that our investment, strategy and commitment is making a difference. BAQIP will continue through the next year as a continued area of focus to ensure we sustain the improvements and embed the positive changes into business as usual.
Technology is at the heart of our efforts to enhance audit quality, create greater consistency and strengthen the monitoring of engagement milestones. It’s why we are making smart technology our business-as-usual mode of audit delivery – simply the way that modern audit work is carried out. We have been investing significantly in leading technology solutions to empower our Audit colleagues to deliver exceptional quality and enable smart, efficient working. KPMG is investing $5bn globally in innovations from 2020 to 2024.
The core platform behind a KPMG audit is KPMG Clara; our cloud-based, digital audit platform. Our deployment of KPMG Clara marks a step-change in how we are innovating, digitalising, and transforming the audit experience. The forthcoming year will see every audit engagement using KPMG Clara as standard.
KPMG Clara embeds the best new tools, processes and technologies that:
Future-proofed and built upon cutting-edge cloud technology and artificial intelligence, KPMG Clara is the foundation of our entire audit process.
The implementation of KPMG Clara workflows introduce a new way of working for our audit teams which delivers the refreshed global methodology and supports consistent performance of our audits across the global network.
The latest analytics, automation and artificial intelligence tools are integrated into the KPMG Clara platform. We perform data analytics to support thousands of audits, processing over 1.3 trillion rows of data in the last year in the UK alone. We are committed to continually investing to enhance our data analytics capabilities - both in proprietary tools and solutions with major technology providers (such as through our Microsoft alliance) and smaller specialist analytics companies.
Technology is fundamental to the successful delivery of our audit strategy. It underpins delivery of a quality audit, it drives joined-up execution, it helps us grow and it empowers our auditors. With the right technology in their hands auditors can work more accurately; partners can robustly challenge management teams, assess critical accounting judgements, and present their views in a coherent and meaningful way.
Matthew Campbell / Chief Technology Officer, Audit, KPMG in the UK
By utilising machine learning, predictive analytics and cognitive technology we equip our expert auditors with solutions that look forward, detect hidden anomalies and test scenarios – all of which support robust challenge and informed decision-making.
We are also investing in people in this space. We are training auditors in new advanced techniques, such as data science and modelling as well as expanding our central Clara team of 200+ colleagues (grown from 45 in 2017) which brings together data analytic specialists to support our audit teams and drive higher standards of quality.
Our training this year has reflected a mix of virtual and face-to-face delivery as COVID-19 restrictions eased.
The formal audit training programme continues to include mandatory audit technical training, industry-specific training and risk courses. This is supported by centrally-run fortnightly technical briefings, lunch and learns, drop-in clinics and locally run sessions using centrally-developed content.
We run an annual KPMG Audit University (KAU), which was delivered face-to-face in 2022 for the first time in three years and was attended by both Audit and IT Audit colleagues. The training covered content on ISA 315 Revised (Identifying and Assessing the Risks of Material Misstatement), fraud, estimates, the audit of IT, and updates on the workflows and functionality of KPMG Clara. It was delivered in a mix of plenary and breakout sessions and, for the first time, included live link-ups across multiple locations, supporting our ESG agenda by minimising attendees’ travel and optimising the use of our subject matter experts.
The mandatory curriculum also includes quarterly updates focusing on performing an effective audit with different topic areas included as relevant. An Audit Quality and Risk Workshop is delivered twice a year for engagement leaders and focuses on key messages driven by internal and external monitoring. This is extended to audit managers through live and recorded workshops.
To support our strategy of being the most trusted firm, there are three releases of ‘Building Trust’ risk training each year, covering a range of risk-related topics. This year it included a new ICAEW film “All Too Familiar” about Anti Money Laundering.
In addition, partners and audit professionals must complete training relevant to their grade and role. This includes sector specific training and training to support technical overlays, such as working on US engagements.
As well as the technical curriculum, auditors also spend time on skills programmes to support their career and professional development such as performance management, and leadership skills.
We adopt a holistic approach to support audit quality and monitor our progress. We have engaged with stakeholders, enhanced our governance and invested in our people, culture, controls and technology.
We are committed to achieving the highest levels of quality in our work. To do that, we not only follow auditing and ethical standards, but monitor our progress and use feedback to continuously improve.
Our Root Cause Analysis (RCA) process is our most impactful way of identifying opportunities for continuous improvement. We use the results of this analysis to consider how to enhance our processes and embed best practices. During the year we commissioned an independent review of our RCA process and have implemented the majority of the enhancement recommendations with substantially all actions to be completed this year.
Over this year, we have continued to broaden the depth and scope of our RCA programme, introduced further innovations to our approach and refreshed our pool of trained and accredited individuals supporting the programme. These steps have enabled us to gain more insight into the key factors that drive quality findings and also those that contribute to high-quality audits.
We take the results from our RCA programme and use them to focus action and target investments.
Regular monitoring of the impact of remedial actions is a key part of our RCA programme so that we can adapt our approach as new issues arise. We apply a mix of remedial actions including those focused on driving a sustainable high challenge, high support culture with supporting behaviours alongside technology and training enhancements. This is now led by a dedicated experienced individual.
The findings from our RCA are reported to internal and external stakeholders, including the FRC and the ICAEW. In the 2021/22 cycle, the most frequent findings indicated:
Key positive messages from RCA
Key areas where improvement is needed
During the year we spoke to more than 300 individuals. These findings are then analysed and categorised into themes including knowledge, resource allocation and behaviours.
Engaging with regulators
KPMG has a number of regulators due to the types of services we provide. This includes the Financial Reporting Council (FRC)1, the Institute of Chartered Accountants in England and Wales (ICAEW)2, the Financial Conduct Authority (FCA), the Solicitors Regulation Authority (SRA), audit third country regulators, and other regulatory and oversight bodies (including HM Government). We’re committed to meeting the expectations of our regulators and ensuring our regulatory engagement is based on the principles of openness, transparency, integrity and accountability.
From a regulatory change perspective, the environment remains challenging, and we continue to scan and prepare the firm for incoming regulatory changes. In particular, we continue to engage and work with the FRC to help shape the future for a profession that produces high-quality audits and acts in the public interest. Audit quality is our number one priority, and we value the constructive input and challenge from the FRC through their audit quality inspection and supervision process. We continue to work closely with the FRC to understand their identified areas of good practice, and importantly where we need to continue to focus to ensure that we build trust and confidence in our profession and the markets.
We are subject to external annual reviews, primarily by:
FRC
The Financial Reporting Council (FRC) Audit Firm Supervision (AFS), Audit Market Supervision (AMS) and Audit Quality Review (AQR) teams in the FRC’s Supervision Division work closely together to develop an overall view of the key issues for each firm to improve audit quality.
Find out more information below
ICAEW
The Quality Assurance Department (QAD) of the ICAEW.
For a summary of the QAD’s review findings, refer to the FRC’s Audit Quality Inspection and Supervision report for KPMG LLP (July 2022).
In October 2022, the FRC published its Audit Quality Inspection report relating to Major Local Audits. The FRC inspected two in-scope audits whilst the QAD inspected none at KPMG in this cycle due to the proportion of in-scope audits at KPMG.
PCAOB
KPMG in the UK is subject to inspection every three years by the US Public Company Accounting and Oversight Board (PCAOB). In accordance with this cycle, the PCAOB was due to inspect during 2021. However, as a result of the COVID-19 pandemic, the PCAOB deferred its inspection to 2022. The inspection is in the final stages and we look forward to receiving the report in 2023.
1https://www.frc.org.uk/auditors/audit-quality-review
2https://www.icaew.com/regulation/working-in-the-regulated-area-of-audit/audit-monitoring-for-all-icaew-audit-registered-firms
Uplift in AQR inspection results
The combined impacts of our investments in quality, governance and technology are starting to become clear. There were notable improvements in our 2022 AQR inspection results – giving us the best results, and the most significant improvement in results, amongst the Big Four professional services firms.
These results are particularly pleasing given that these audits were conducted largely remotely due to the COVID-19 pandemic, when our teams and audited entities had to adapt to significant changes to how our audits were delivered.
We recognise that there is more to do and will remain focused on driving further, continuous enhancements as we pursue our vision of being the most trusted audit firm: by our regulators, the organisations we audit, investors, the public and our people.
In its July 2022 report, the FRC highlighted good practices and areas for improvement, in respect of its review of individual audits and its review of the firm’s quality control procedures. Below we set out a summary of the FRC’s findings (as previously noted, full details are available on the FRC’s website).
Section 2 of FRC’s AQR report - Review of individual audits
Good practices identified in individual audits inspected:
Areas of improvement from the inspection of individual audits:
Section 3 of FRC’s AQR report - Review of the firm’s quality control procedures
Good practices identified within KPMG in the UK’s firm-wide procedures:
Areas identified for improvement within KPMG in the UK’S firm-wide procedures3:
In response to the FRC’s findings in its AQR report, the firm confirmed that, Audit quality is our number one priority, and we are committed to consistently delivering high quality audits. We value the constructive input and challenge from the FRC throughout this year’s audit quality inspection and supervision process. We continue to work closely with the FRC and thanks to their input, we are clear on areas of good practice, and importantly where we need to continue to focus to ensure that we build trust and confidence in our profession and the markets.
3 More detail on individual actions is included in our responses in the FRC public report, which is available on the FRC website: FRC website.
Regulatory investigations and sanctions
We are committed to continuing to work with our regulators on concluding and learning from a number of historical investigations.
FRC investigations4 into two matters announced in previous years remained ongoing at the end of the year:
No new FRC investigations in respect of KPMG were announced during the year.
Four matters4 relating to periods between 2010 and 2018 were closed during the year:
Three ICAEW investigation outcomes were announced during the year. Two related to audits of financial statements of entities and the third related to a KPMG partner who was not registered to sign an Irish audit report.
In November 2022, the PCAOB announced disciplinary orders in respect of two matters:
In February 2022, the FRC published a new policy for ethics breach reporting for auditors of public interest entities (PIEs) which sets out a standardised format and timeline of reporting in addition to requiring approval of the reporting by the firm’s Ethics Partner (or equivalent).
Our systems and processes help our people and our firm comply with the requirements of the FRC’s 2019 Ethical Standard (ES). Where we identify breaches, we take prompt action: we assess the significance of the breach and how it has impacted on our independence and objectivity as auditor of the entity concerned, and we report our conclusions to those charged with governance. The Ethics Working Group considers the sanctions to be applied in respect of the breaches arising (including both financial sanctions and any additional remedial measures necessary). In line with the regulator’s requirements, we submit a report of breaches to the FRC every six months. Reporting occurs outside of this cycle if the nature of the breach is such that the FRC would expect to be made aware. In the year ended 30 September 2022, we identified 24 breaches of the FRC’s Ethical Standard (2021: 16 breaches).
4 Where the FRC or other regulatory body has exercised discretion not to publicise a particular inquiry or investigation, the details of such matters are not disclosed in this report.
Internal monitoring programs are created by KPMG International and applied across KPMG firms. The programs evaluate both:
Our internal monitoring programs also contribute to the assessment of whether our system of quality management has been appropriately designed, effectively implemented, and operates effectively.
There are three components to our internal monitoring:
The results and lessons from the integrated monitoring programs are communicated internally and appropriate action is taken at local, regional and global levels.
The QPR programme is the cornerstone of KPMG’s efforts to monitor engagement quality. It assesses engagement level performance and identifies opportunities to improve engagement quality. It is also how we make sure that member firms collectively and consistently meet both KPMG International’s requirements and professional standards.
All engagement leaders of statutory and non-statutory audits and other assurance engagements are generally subject to selection for review at least once in a three-year cycle. A risk-based approach is used to select engagements.
Our firm conducts the annual QPR programme in accordance with KPMG International QPR instructions. The reviews are performed at a UK level and are monitored regionally and globally.
There are robust criteria for selection of reviewers. Reviews are overseen by a senior experienced lead reviewer who is independent of KPMG in the UK.
Training is provided to review teams and others overseeing the process, with a focus on topics of concern identified by audit oversight regulators and the need to be as rigorous as external reviewers.
Consistent criteria are used to determine engagement ratings and member firm Audit practice evaluations. During the year our rating structure for QPR findings was refined to align more closely with market practice. These changed from S (Satisfactory), PIN (Performance Improvement Necessary) and U (Unsatisfactory) to the new ratings explained below:
Compliant
When the audit work performed, the evidence obtained and the documentation compiled fully comply with internal policies, auditing standards and legal and regulatory requirements; and key judgements concerning significant matters in the audit and audit opinion are appropriate.
Compliant - improvements needed
When the auditor’s report is supported by evidence and is not incorrect in any material respects, but the independent reviewer required additional information to reach the same conclusion as the auditor; or where supplementary information obtained as part of the audit was not sufficiently documented in the audit; or where specific requirements of our audit methodology were not embedded. A ‘CIN’-rated engagement is not considered an adverse quality outcome.
Not Compliant
When the auditor did not perform the engagement in line with KPMG’s professional standards and policies in a more significant area, or where there are deficiencies in the related financial statements. Where appropriate, in a limited number of cases we remediate engagement files to ensure the audit evidence obtained is adequately documented. Engagement teams undertake specific incremental or remedial training. In addition, engagement leaders receiving a Not Compliant rating are subject to at least one follow-up review. We take the ratings from the annual QPR programme into account, together with the results of external reviews and other quality features, when assessing the performance and remuneration of all engagement leaders and managers.
Prior to the finalisation of the review there is a rigorous moderation process to ensure consistency of grading. If the reviewer notes any significant deficiencies, a remedial action plan is created, applicable at an engagement and firm level. We share our findings from the QPR programme, through internal training tools and in periodic partner, manager and team meetings. Any issues are also emphasised in subsequent inspection programmes to gauge the extent of continuous improvement and effectiveness of the implementation of remedial actions.
Our QPR programme is designed to hold audit teams to quality levels that assess not only compliance with auditing standards but also adherence to internal requirements such as the performance of specified procedures or completion of specific mandated consultations. As such, teams that perform audits that are very substantially compliant with auditing standards may receive a rating other than Compliant in our internal reviews. Accordingly, it is difficult to make direct comparisons between the results of our internal and external inspection processes.
Rating / Compliant
Rating / Compliant - improvements needed
Rating / Not Compliant
Number of engagements reviewed
KPMG International develops and maintains quality management policies and processes that apply to all KPMG firms. These policies and processes, and their related procedures, include the requirements of the Global Quality & Risk Management (GQ&RM) Manual, ISQC 1 and the implementation requirements of ISQM 1 for this transition period.
The objectives of the KQCE programme are to:
For FY22 member firms are required to self-assess their overall levels of compliance as green, yellow or red. A green rating indicates that the firm is substantially compliant with KPMG’s policies and procedures; yellow indicates that the firm is substantially compliant with KPMG’s policies and procedures and, although there may be several instances of non-compliance, these do not indicate serious deficiencies within the firm as a whole; while red indicates there are serious deficiencies.
The firm’s evaluation also considers the results and status of action plans arising from other reviews assessing risk, quality and compliance, including QPRs and GQ&CRs. Where exceptions are identified, we are required to develop appropriate action plans and then monitor the status of each action item.
In 2022 our self-assessment found that our overall level of compliance is yellow (2021: yellow).
Each KPMG member firm is subject to a GQ&CR conducted by KPMG International’s GQ&CR team, independent of the member firm, at various intervals based on identified risk criteria.
The GQ&CR team performing the review is independent of the firm and is objective and knowledgeable of GQ&RM policies. GQ&CRs assess compliance with selected KPMG International policies and procedures and share best practices among member firms.
The GQ&CR provides an independent assessment of:
KPMG in the UK develop action plans to respond to all GQ&CR findings that indicate improvement is required and agree these with the GQ&CR team. Our progress on action plans is monitored by the GQ&CR central team. Results are reported to the GQ&RM Steering Group and where necessary, to appropriate KPMG International and regional leadership.
The UK firm was subject to a GQ&CR inspection during 2021 when a number of opportunities for improvement were identified, including areas which were also generally identified by the UK firm’s Audit Quality and Banking Audit Quality Improvement Plans, RCP/KQCE and other compliance and quality control processes.
We have an investor engagement programme which is sponsored by the Board and Audit Executive, reported to (and challenged by) our Audit Board and Public Interest Committee, and delivered with the support of some of our most experienced Audit Partners. In the current year, we have continued to extend our engagement with investors and investor organisations to better understand their needs and to inform how we can best respond.
At these meetings, we focus on topics of interest to investors, such as ESG factors, the government’s response to the Department for Business, Energy and Industrial Strategy (BEIS) consultation “Restoring Trust in Audit and Corporate Governance”, and key trends and new requirements in financial reporting. We also discuss the measures we are taking to continue to drive audit quality to the high standards expected of us by regulators and users of financial statements, and how the scope of Audit might need to change to meet the evolving needs of users of corporate reporting.
In addition, we make investors aware of the governance structures and reporting processes that corporates need in place themselves in order to facilitate a robust audit (and meet the likely requirements arising from the Restoring Trust consultation).
A selection of our events is attended by our INEs. This year, this included our Annual Audit Review where we discussed the future of Audit with investors, audit committee chairs and finance directors.
Looking ahead, the ongoing initiatives to reform corporate governance regulation, corporate reporting and audit have been important topics to explore in our conversations with investors, generating valuable insight into how Audit might need to change to better meet investors’ needs. We have incorporated that feedback into our responses to the various reviews of the audit profession.
We greatly value the insight and challenge provided by investors over the course of this year and encourage investors to continue to engage with us as we help shape the future of Audit.
Our Audit Committee Institute (ACI) helps audit committee members enhance their awareness, commitment and ability to implement effective processes – with a view to contributing positively to the long-term sustainability of UK plc.
The ACI in the UK now has around 3,100 (2021: 2,800) members across both the private and public sectors. 67 FTSE 100 companies (2021: 79) have engaged with the programme through the active attendance of one or more board members and the audit committee chairs of 74 FTSE 100 companies (2021: 72) are members – receiving our thought leadership, guidance, updates and surveys.
As a leading professional services firm, we recognise the importance of engaging with politicians, policy makers and our regulators on issues of importance to business and society. We are committed to ensuring that our political engagement is based on principles of transparency, integrity and accountability, and we maintain a position of political neutrality at all times. We have recently refreshed our political relationships and activity policy for all colleagues to ensure we demonstrate best practice in conducting political engagement at all levels of government.
Further details of our approach to political engagement can be found here.
