Our culture is underpinned by a strong set of values and supporting policies and processes which aim to encourage the right attitudes and behaviors throughout the network. We strive to meet the high standards set by our Code of Conduct to earn the public trust. We promote a culture in which quality is recognized as everyone’s responsibility and consultation is encouraged and recognized as a strength.
Leadership plays a critical role in setting the right tone and leading by example — demonstrating an unwavering commitment to the highest standards of professional excellence and championing and supporting major initiatives. Leadership teams at both KPMG International and member firm levels are committed to building a culture based on quality, integrity and ethics and demonstrate this through their actions — written and video communications, presentations to teams and one-to-one discussions. A focused and consistent message across the network is important to reinforce our commitment to audit quality and public trust. This sets the right tone — that everyone involved in performing audits has a responsibility for audit quality. We use our Global People Survey to seek insights from our people — including on audit quality and tone at the top (refer to Our people).
Our values are what we believe in — they guide our actions and behaviors. They are important because we recognize that it is not just what we do that matters, it is also how we do it. Our values, therefore, form the foundation of our culture and set the tone at the top. They also form the foundation of our approach to audit and shape how we work together.
We communicate our values clearly to our people and embed them into member firms’ people processes — induction, performance development and reward.
KPMG’s reputation and success depend on the professionalism and integrity of each and every member firm partner and employee. Integrity is embedded in our values and is a critical characteristic that our stakeholders expect and rely on. Therefore, above all we ‘act with integrity’ and are constantly striving to uphold the highest professional standards, provide sound advice and rigorously maintain our independence. We aim to live the values, acting as role models and promoting ethical behavior. We will not hesitate to take action where we find non-compliance with the values.
Building on our values is our Global Code of Conduct, which all member firms and their personnel are required to comply with. The Global Code of Conduct defines who we are and how we act, and in summary it:
Member firms either adopt the Global Code of Conduct in its entirety or incorporate its principles into their own member firm code of conduct. All member firm personnel are required to:
The commitments in the Global Code of Conduct underlie our values-based quality culture.
Individuals are encouraged to raise their concerns when they see behaviors or actions that are inconsistent with our values or professional responsibilities and are required to do so when they see breaches of KPMG International policies, laws and regulations and professional standards. Each member firm is required to have procedures and established channels of communication so that personnel can report ethical and quality issues. In addition, the KPMG International hotline is a mechanism for KPMG partners, employees, clients and other external parties to confidentially report concerns they have relating to certain areas of activity by KPMG International itself, KPMG member firms or the senior leadership or employees of a KPMG member firm.
Senior leadership of KPMG International plays a critical role in setting the right tone. A number of global steering groups support and drive the execution of strategy with a focus on audit quality — the GASG, the Global Audit Quality Issues Council (GAQIC) and the GQRMSG. Each of these global groups has its specific areas of focus, and they work closely with one another on quality matters, along with regional and member firm leadership, to:
The overall governance structure of KPMG International and further detail on global leadership groups is provided in KPMG legal structure and governance.
Global Vice Chairman
Quality, Risk and Regulatory
Member firm leadership is responsible for quality and for the member firm’s system of quality control. Within each member firm, there is a Head of Audit who has primary responsibility for audit quality and is assisted by the member firm Risk Management Partner in maintaining the member firm’s system of quality control. Part of the selection criteria for these individuals is that they have sufficient and appropriate experience and ability, and have the necessary authority to properly discharge their roles.
Our audit strategy is discussed in the KPMG International Annual Review and includes a focus on quality and service delivery standards expected of member firm audit partners and employees, and a commitment to ethical principles, integrity and public trust. Our audit strategy supports our drive to innovate and to deliver independent assurance that provides confidence to stakeholders. The Global Head of Audit reinforces this in communications to member firm audit partners and employees during his periodic presentations.
How global policies are applied
KPMG International policies and procedures applicable to audit are designed to assist member firms in complying with relevant professional standards, regulatory and legal requirements, and in issuing reports that are appropriate in the circumstances.
KPMG International policies and procedures apply to all member firms and are made available through the Global Quality & Risk Management (GQ&RM) Manual. These policies and procedures are based on the ISQC 1 issued by the International Auditing and Assurance Standards Board (IAASB) and on the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA). Both of these are relevant to member firms that perform statutory audits and other assurance and related services engagements.
Individual member firms are required to implement KPMG International policies and procedures and adopt additional policies and procedures that are designed to address rules and standards applicable to their own jurisdictions as well as applicable legal and regulatory requirements.
KPMG International’s policies reflect individual quality control elements to help member firms’ personnel act with integrity and objectivity, perform their work with diligence, and comply with applicable laws, regulations and professional standards.
Amendments to KPMG International risk and quality policies, including ethics and independence (E&I) policies, are communicated through quality and risk management alerts to member firms. Member firms are required to implement changes specified in the alerts and this is checked through internal monitoring.
Raising ethical and quality issues
KPMG International policies require KPMG member firm personnel to ‘raise their hands’ and report suspected and actual breaches of KPMG International policy or of laws, regulations or professional standards through established channels. When issues are raised, member firms are required to have procedures to enable them to be properly documented and addressed on a timely basis, and to be communicated to those charged with governance or to any other appropriate authority as required by professional standards or laws and regulations.
Each member firm is required to have procedures and established channels of communication so that personnel can report ethical and quality issues. Individuals who report in good faith will not suffer any adverse impact regardless of whether the concern is ultimately substantiated. If someone does not feel comfortable using these mechanisms, KPMG International has an International hotline that can be used by anyone inside or outside KPMG.
Client acceptance process
Each member firm is required to undertake an evaluation of every prospective client.
This involves an assessment of the prospective client’s principals, its business and other service-related matters. This also involves obtaining and analyzing ’know your client’ information on the prospective client, its key management and significant beneficial owners. A key focus is on the integrity of management at a prospective client. The evaluation considers breaches of law and regulation, antibribery and corruption, and ethical business practices, including human rights, among the factors to consider. A second partner, as well as the evaluating partner, approves each prospective client evaluation. Where the client is considered to be ‘high risk’ the member firm’s Risk Management Partner or experienced delegate is involved in approving the evaluation.
Engagement acceptance process
Each prospective engagement is required to be evaluated to identify potential risks. A range of factors are considered as part of this evaluation, including potential independence and conflict of interest issues (using KPMG’s web-based global conflicts and independence checking system — Sentinel™) as well as factors specific to the type of engagement, including, for audit services, the competence of the client’s financial management team and the skills and experience of personnel assigned to staff the engagement.
The evaluation is made in consultation with senior member firm personnel and includes review by the member firm’s quality and risk management leadership as required. Where audit services are to be provided for the first time, the prospective engagement team is required to perform additional independence evaluation procedures, including a review of any non-audit services provided to the client and of other relevant business and personal relationships.
Specific procedures must be followed by member firms to identify and evaluate threats to independence for prospective audit clients that are public interest entities. These procedures, also referred to as ‘the independence clearance process’, must be completed prior to accepting audit engagements for these entities.
Depending on the overall risk assessment of the prospective client and engagement, additional safeguards may be introduced to help mitigate the identified risks. Any potential independence or conflict of interest issues are required to be documented and resolved prior to acceptance. A prospective client or engagement will be declined if a potential independence or conflict issue cannot be resolved satisfactorily in accordance with professional standards and KPMG policies, or if there are other quality and risk issues that cannot be appropriately mitigated.
An annual re-evaluation of all audit clients is required to be undertaken by member firms.
The re-evaluation should identify any issues in relation to continuing association and any mitigating procedures that need to be put in place — this may include the assignment of additional professionals, such as an Engagement Quality Control (EQC) reviewer or the need to involve additional specialists on the audit.
Recurring or long-running non-audit engagements are also required to be subject to re-evaluation. In addition, clients are required to be re-evaluated if there is an indication that there may be a change in their risk profile.
If a member firm obtains information that indicates it should withdraw from an engagement or from a client relationship, it is required to consult internally and identify any required legal and regulatory steps. It is also required to communicate as necessary with those charged with governance and any other appropriate authority.
Zero-tolerance approach to bribery
KPMG International policy prohibits involvement in any type of bribery — even if such conduct is legal or permitted under applicable law or local practice. We also do not tolerate bribery by third parties, including by member firm clients, suppliers or public officials. KPMG International requires member firms to have appropriate internal controls in place to mitigate the risk of involvement in bribery by the member firm and its personnel.
On joining, and every 2 years thereafter, all KPMG member firm personnel are required to take training covering compliance with laws and regulations, anti-bribery and corruption, and reporting suspected or actual non-compliance with laws and regulations.
Client confidentiality, information security and data privacy
KPMG International has information security policies and procedures governing the handling of confidential client information and of personal information. KPMG member firm personnel must maintain confidentiality of all client and former client information, and must affirm their understanding of the rules governing confidential client information in writing once a year as part of the annual E&I confirmations. KPMG International imposes minimum technical requirements on member firm IT systems to enhance the protection of such information. Data privacy policies are in place governing the handling of personal information, and associated training is required for all KPMG personnel.
Each member firm is required to have a formal document retention policy concerning the retention period for audit documentation and other records relevant to an engagement in accordance with the relevant IESBA requirements as well as other applicable laws, standards and regulations.
An auditor being independent of mind and in appearance from its clients is a cornerstone of international professional standards and regulatory requirements. Audit reform legislation in a number of jurisdictions means businesses and their auditors face a variety of differing and increasingly complex independence regulations.
To facilitate compliance, KPMG International has detailed independence policies and procedures that incorporate the requirements of the IESBA Code of Ethics. These are set out in the GQ&RM Manual. Automated tools facilitate compliance with these requirements. These tools must be used for every prospective engagement to identify potential independence and conflict of interest issues. Where there are additional applicable independence standards locally, member firms add specific procedures to network-wide processes.
KPMG International has a Partner-in-Charge of the Global Independence Group, who is supported by a core team of specialists to help ensure that KPMG International has robust and consistent independence policies and procedures, as well as tools to help member firms and personnel comply with these requirements. Each member firm has a designated E&I Partner who has primary responsibility for the direction and execution of E&I policies and procedures in that member firm.
Amendments to KPMG International’s E&I policies in the course of the year are communicated through regular quality and risk alerts to member firms. Member firms are required to implement changes as specified in the alerts, and this is checked through internal monitoring programs described in Our monitoring.
KPMG personnel are required to consult with their member firm’s E&I Partner on certain independence matters as defined in the GQ&RM Manual. Depending upon the facts and circumstances, additional consultation may be required with the Global Independence Group and others within the KPMG network. Guidance and tools are available to facilitate the documentation of these consultations.
Member firms are required to provide all relevant personnel (including all partners and client service professionals) with independence training that is appropriate to their grade and function on an annual basis. New personnel who are required to complete this training must do so by the earlier of (a) 30 days after joining their member firm or (b) before providing any services to, or becoming a member of the chain of command for, any audit client, including any of its related entities or affiliates.
KPMG International develops, and makes available to member firms, training courses to help them meet both of these training requirements. Member firms may tailor these courses or develop their own to meet local requirements, however, the GQ&RM Manual sets out the requirements for tailored or locally-developed training.
Upon acceptance of employment, all KPMG personnel are required to confirm that they are in compliance with, and will abide by, applicable E&I rules and policies. Thereafter, all KPMG personnel are required to sign an annual confirmation stating that they have remained in compliance with applicable E&I policies throughout the year covered by the confirmation.
In addition to online tools and training, KPMG member firm personnel are provided with leadership and guidance on independence issues through access to experienced and knowledgeable professionals within each member firm (through its E&I Partner) and through the Global
The operation of the independence policies and processes is monitored through annual independence confirmations and compliance audits within member firms, as well as through the network’s wider monitoring programs described in Our monitoring.
KPMG International’s E&I policies and procedures in key areas are described in more detail below.
KPMG International policies require that each member firm and its personnel must be free from prohibited financial interests in, and prohibited relationships with, audit clients, their management, directors and significant owners.
KPMG International’s policies go beyond those of the IESBA Code of Ethics by prohibiting all partners — irrespective of their member firm and function — from owning securities of any audit client of any member firm.
KPMG professionals are responsible for making appropriate inquiries and taking other appropriate actions on an ongoing basis to ensure that they do not have any personal financial, business or family interests that are restricted for independence purposes.
Member firms use a web-based independence compliance system (KICS) that assists their professionals in complying with personal independence investment policies. This system contains an inventory of publicly available investments.
Partners and all client-facing professionals who are manager grade or above are required to use the KICS system prior to entering into an investment to identify whether they are permitted to do so. They are also required to maintain an up-to-date record of all of their investments in KICS, which automatically notifies them if their investments subsequently become restricted.
They must dispose of newly restricted investments within 5 business days of the notification. Member firms monitor compliance with this requirement as part of a program of independence compliance audits conducted annually that cover a sample of partners and professionals.
Any KPMG member firm professional providing services to an audit client, irrespective of function, is required to notify the member firm’s E&I Partner if they intend to enter into employment negotiations with that audit client. For partners, this requirement extends to any audit client of any KPMG member firm that is a public interest entity.
Former members of the audit team or former partners of a member firm are prohibited from joining an audit client in certain roles unless they have disassociated from the member firm financially and have ceased participating in the member firm’s business and professional activities.
Any former partner who has a financial relationship with a member firm must notify the E&I Partner if they intend to enter into employment negotiations with any listed audit client of any KPMG member firm. In all cases, threats to independence are evaluated and appropriate safeguards are put in place to eliminate the threats or reduce them to an acceptable level.
Key audit partners and members of the chain of command for an audit client that is a public interest entity are subject to time restrictions (referred to as ‘cooling-off’ periods) that preclude them from joining that client in certain roles until a defined period of time has passed.
Member firms are required to communicate and monitor requirements in relation to employment of KPMG professionals by audit clients.
Member firms must also use KICS to record their own investments in Securities and Exchange Commission (SEC) entities and affiliates (including funds), locally listed companies and funds, direct and material indirect investments held in pension, and employee benefit plans (including nonpublic entities and funds).
Additionally, member firms are required to record in the system all borrowing and capital financing relationships, and custodial, trust and brokerage accounts that hold member firm assets. On an annual basis, member firms confirm they have complied with independence requirements as part of the Risk Compliance Program (refer to Our monitoring).
KPMG International rotation policies are consistent with the IESBA Code of Ethics and require compliance with any stricter applicable rotation requirements. Member firm partners are subject to periodic rotation of their responsibilities for audit clients under applicable laws, regulations, independence rules and KPMG policy. These requirements generally place limits on the number of consecutive years that partners in certain roles may provide statutory audit services to a client, followed by a ‘time-out’ period during which time these partners may not participate in the audit or in any way influence the outcome of the audit. Member firms are required to monitor the rotation of audit engagement leaders (and any other key roles where there is a rotation requirement) and develop transition plans to enable allocation of partners with the necessary competence and capability to deliver a consistent quality of service to clients. The rotation monitoring is subject to compliance testing.
In certain jurisdictions member firms are required to act as an auditor for a specific audit client for a maximum period and not to act as auditor for that client for a specified period thereafter. Where required, member firms have processes in place to track and manage audit firm rotation.
KPMG International’s policies recognize that self-interest or intimidation threats may arise when the total fees from an audit client represent a large proportion of the total fees of the member firm expressing the audit opinion. In the event that the total fees from a public interest entity audit client and its related entities represent more than 10 percent of the total fees received by a particular member firm for 2 consecutive years:
KPMG member firms are required to comply with IESBA principles and applicable laws and regulations, which address the scope of services that can be provided to audit clients.
In addition to identifying potential conflicts of interest, Sentinel™ facilitates compliance with auditor independence requirements. Certain information on all prospective engagements, including service descriptions and fees, must be entered into Sentinel™ as part of the engagement acceptance process. Using Sentinel™, lead audit engagement partners are required to maintain group structures for their publicly traded and certain other audit clients, as well as their affiliates, and identify and evaluate any independence threats that may arise from the provision of a proposed non-audit service and the safeguards available to address those threats. For entities for which group structures are maintained, Sentinel™ enables lead audit engagement partners to review and approve, or deny, any proposed service for those entities worldwide.
All KPMG member firms and personnel are responsible for identifying and managing conflicts of interest, which are circumstances or situations that have, or may be perceived by a fully informed, reasonable observer, to have an impact on a member firm or its personnel in their ability to be objective or otherwise act without bias.
All KPMG member firms must use Sentinel™ for potential conflict identification so that these can be addressed in accordance with legal and professional requirements.
Each member firm has one or more risk management resources (‘Resolvers’) who are responsible for reviewing an identified potential conflict and working with the affected member firms to resolve the conflict; the outcome of which must be documented. Additional safeguards may be necessary, for example, establishing formal dividers between engagement teams serving different clients so that the confidentiality of all clients’ affairs is maintained.
Escalation and dispute resolution procedures are in place for situations in which agreement cannot be reached on how to manage a conflict. If a potential conflict issue cannot be appropriately mitigated, the engagement is declined or terminated.
Conflicts of interest can arise in situations where KPMG personnel have a personal connection with the client that may interfere, or be perceived to interfere, with their ability to remain objective, or where they are personally in possession of confidential information relating to another party to a transaction. Consultation with the member firm’s Risk Management Partner or the E&I Partner is required in these situations.
All KPMG personnel are required to report an independence breach as soon as they become aware of it.
Each member firm is required to have a documented disciplinary policy in relation to breaches of independence policies. In the event of failure to comply with KPMG International’s independence policies, whether identified in a compliance review, self-declared or otherwise, KPMG member firm professionals are subject to disciplinary policy. The disciplinary policy should be communicated to all professionals and applies to all breaches of independence rules, incorporating incremental sanctions reflecting the seriousness of any violations. Any breaches of auditor independence regulations are required to be reported to those charged with governance at the audit client, on the basis agreed with them.
Matters arising are factored into promotion and compensation decisions and, in the case of engagement leaders, are reflected in their individual quality and compliance metrics (refer to Our people).
KPMG International encourages a strong culture of consultation that supports member firm personnel throughout their decision-making processes and is a fundamental contributor to audit quality. KPMG International promotes a culture in which consultation is recognized as a strength, and that encourages personnel to consult on difficult or contentious matters.
To assist their audit professionals in addressing difficult or contentious matters, member firms are required to have established protocols for consultation and documentation of significant accounting and auditing matters, including procedures to facilitate resolution of differences of opinion on engagement issues. In addition, the GQ&RM Manual includes mandatory consultation requirements on certain matters such as client integrity.
We are committed to technical excellence. Technical auditing and accounting support is available to member firms through the Global Service Centre (GSC) and the International Standards Group (ISG) as well as the US Capital Markets Group for SEC foreign registrants.
The GSC develops, maintains and deploys KPMG’s global audit methodology and technology-based tools used by member firms’ audit professionals to facilitate effective and efficient audits, with emphasis on global quality and consistency. More information about KPMG’s global audit methodology and technology-based tools is included in Our approach.
The ISG works with Global International Financial Reporting Standards (IFRS) and International Standards on Auditing (ISAs) Topic Teams with geographic representation from around the world, to promote consistency of interpretation of IFRS and auditing requirements between member firms, identify emerging issues and develop global guidance on a timely basis.
In summary, the ISG:
ISG also supports the following groups to facilitate information sharing between the Department of Professional Practices (DPP) network, and to help ensure sector-specific issues are dealt with proactively.
Member firms provide consultation support on auditing and technical accounting matters to their audit engagement professionals through professional practice resources (referred to as DPP). DPP also assists engagement teams where there are differences of opinion either within teams or with the EQC reviewer. Unresolved differences are required to be escalated to senior partners for final resolution. The ISG is also available for consultation when required.
KPMG International policies include minimum requirements for member firm DPPs.