Audit quality monitoring and remediation
We expect all KPMG firms to continually improve the quality, consistency and efficiency of their audits.
We expect all KPMG firms to continually improve the quality, consistency and efficiency...
Rigorous quality and compliance programs
Our quality monitoring and compliance programs are created globally, with member firms being expected to implement, test and report them consistently across the network.
The programs evaluate both:
- engagement performance in compliance with the applicable standards, applicable laws and regulations, and KPMG International policies and procedures; and
- member firm compliance with KPMG International policies and procedures and the relevance, adequacy and effective operation of key quality control policies and procedures.
Our internal monitoring programs include:
- Quality Performance Reviews (QPR) and Risk Compliance Programs (RCP), which are conducted annually across member firms’ Audit, Tax and Advisory functions
- a cross-functional Global Compliance Review (GCR) program, which is conducted at least every 3 years.
KPMG member firms have to take part in the QPR, RCP and GCR programs to remain part of the organization.
Firms communicate the results of the programs internally and take action to make improvements where needed. The results are also considered at a wider regional and network level.
We give more detail on these programs and how they work in the following sections.
Global Audit Quality Monitoring Group (GAQMG)
The GAQMG comprises a team of partners, directors and senior managers experienced in performing QPR program reviews of listed and related entity (LRE) audit engagements. The team also includes partners and professionals with experience in auditing general information technology controls and application controls.
Audit Quality Performance Reviews (QPR)
The QPR program assesses audit engagement performance and identifies opportunities to improve quality. Each audit engagement partner is reviewed at least once in a 3-year cycle as part of QPR.
KPMG International helps ensure that firms’ QPRs are fair and objective, and that they are overseen by an independent experienced lead reviewer who is from a different member firm or who is part of the GAQMG.
PMG International provides training to review teams and others overseeing the process, with a focus on topics of concern identified by audit oversight regulators and the need to be as rigorous as external reviewers.
KPMG International helps ensure that consistent criteria are used to award engagement ratings and audit practice evaluations, which can then be used to measure improvements in the future.
Lead audit engagement partners are notified of less than satisfactory engagement ratings on their respective cross- border engagements. Additionally, lead audit engagement partners of parent companies/head offices are notified where a subsidiary or affiliate of their client group is audited by a member firm where significant quality issues have been identified during the audit QPR.
Risk Compliance Program (RCP)
During the annual RCP, member firms perform a robust assessment program that includes documenting quality controls and procedures, related compliance testing, reporting of exceptions, action plans and conclusions. The objectives of the RCP are to:
- document, assess and monitor the extent to which the member firm’s system of quality control complies with Global Quality & Risk Management policies, as well as key legal and regulatory requirements; and
- help member firms evaluate its compliance with relevant professional standards and applicable legal and regulatory requirements.
If shortcomings are identified, the member firm must develop appropriate action plans to address them.
Global Compliance Review (GCR)
A GCR is carried out by KPMG’s GCR team at every member firm at least once in a 3-year cycle. The GCR team, which is completely independent of any member firm, looks in detail at:
- a firm’s commitment to quality and risk management (including tone at the top from leadership) and the extent to which its overall structure, governance and financing support reinforce this commitment
- a firm’s compliance with key KPMG policies and procedures; and
- the robustness with which the firm performs its own compliance program (RCP).
KPMG firms must develop action plans to respond to all GCR findings and agree to these with the GCR team. A firm’s progress with its action plan is monitored by a global GCR central team. Results are reported to the Global Quality & Risk Management Steering Group (GQRMSG) and, where necessary, to relevant KPMG International and regional leadership, to encourage timely remedial actions.
Conducting root cause analysis
Root cause analysis is important in order to identify and address audit quality issues and prevent them from recurring in the future. We expect all firms to carry out such analysis.
All firm Heads of Audit are responsible for the development and implementation of action plans including appointing remediation owners. Risk Management Partners monitor their implementation.
At a global level, we continue to strengthen our root cause analysis process and drive consistency across the organization by delivering face-to-face training and workshops for individuals in KPMG firms who will be performing or overseeing root cause analysis.
Taking effective remedial actions
Through the Global Audit Quality Council and the GQRMSG, KPMG International reviews the results of the quality monitoring programs, analyzes member firm root causes and action plans, and develops additional global remediation plans as required.
Remediation plans are implemented with the support of global training, tools and guidance to drive consistency. This helps ensure the fundamentals are right and that leading practices are shared across the organization.