We commit to continually improve the quality, consistency and efficiency of our audits. Our integrated quality monitoring and compliance programs enable member firms to identify quality issues, to perform root cause analysis and develop, implement and report remedial action plans in response to those issues.
Quality and compliance programs
KPMG member firms commit to continually improve the quality, consistency and efficiency of the audits. Integrated quality monitoring and compliance programs enable member firms to identify quality issues, to perform root cause analysis, and develop implement and report remedial action plans both in respect of individual audit engagements and the member firm’s system of quality control. The integrated quality and monitoring programs include Quality Performance Reviews (QPR), Risk Compliance Programs (RCP) and Global Compliance Reviews (GCR).
Our quality monitoring and compliance programs are globally administered and consistent in their approach across member firms, including the nature and extent of testing and reporting. Member firms are required to compare the results of internal monitoring programs with the results of those of any external inspection program and take appropriate action. Participation in our quality monitoring and compliance programs is a condition of ongoing membership of the KPMG network.
Our integrated quality monitoring and compliance program covers all member firms and requires assessment of the relevance, adequacy, and effective operation of key quality control policies and procedures and engagement delivery. The results and lessons from the programs are communicated within each member firm, the overall results and lessons are considered and appropriate action is taken at regional and KPMG International levels. The internal monitoring program also contributes to the assessment of whether the member firm’s system of quality control has been appropriately designed, effectively implemented and operates effectively. Further detail on QPR, RCP and GCR are provided below.
Audit Quality Performance Reviews (QPR)
The QPR program assesses engagement level performance and identifies opportunities to improve engagement quality. Each audit engagement leader is reviewed at least once in a 3 year cycle as part of QPR. A risk-based approach is used to select engagements.
Member firms conduct the annual QPR program in accordance with global QPR instructions. The reviews are performed at the member firm level and are monitored regionally and globally. Member firm audit QPR reviews are overseen by a senior experienced lead reviewer independent from the member firm under review.
There are robust criteria for selection of reviewers. Training is provided to review teams and others overseeing the process, with a focus on topics of concern identified by audit oversight regulators and the need to be as rigorous as external reviewers.
Consistent criteria are used to determine engagement ratings and member firm Audit practice evaluations. Audit engagements selected for review are rated as ‘Satisfactory’, ‘Performance Improvement Needed’ or ‘Unsatisfactory.’
Findings from the QPR program are disseminated to member firm professionals through written communications, internal training tools, and periodic partner, manager and staff meetings.
These areas are also emphasized in subsequent monitoring programs to gauge the extent of continuous improvement. Lead audit engagement partners are notified of less than satisfactory engagement ratings on their respective cross-border engagements. Additionally, lead audit engagement partners of parent companies/head offices are notified where a subsidiary/affiliate of their client group is audited by a member firm where significant quality issues have been identified during the Audit QPR.
Risk Compliance Program (RCP)
KPMG International develops and maintains quality control policies and processes that apply to all member firms. These policies and processes, and their related procedures, include the requirements of International Standard on Quality Control 1 (ISQC 1). During the annual RCP, the member firms perform a robust assessment program consisting of documentation of quality controls and procedures, related compliance testing and reporting of exceptions, action plans and conclusions. The objectives of the RCP include monitoring, documenting and assessing the extent of compliance of the member firm’s system of quality control and key legal and regulatory requirements. Where deficiencies are identified the member firm is required to develop appropriate action plans.
Global Compliance Review (GCR)
Every member firm is subject to a GCR conducted by the global GCR team, independent of the member firm, at least once in a 3 year cycle. The GCR provides external validation of a member firm’s system of quality control, including:
- the member firm’s commitment to quality and risk management (tone at the top) and the extent to which its overall structure, governance and financing support and reinforce this commitment
- the member firm’s compliance with policies and procedures related to professional services delivery risk, and requirements that drive consistency in reporting of global information
- the completeness and robustness of the member firm’s RCP. The member firm is required to develop action plans to respond to all GCR findings and agree to these with the GCR team. The member firm’s progress on action plans is monitored by a global GCR central team.
Root Cause Analysis
Member firms perform root cause analysis (RCA) to identify and address audit quality issues in order to prevent them from recurring and help identify good practices as part of continuous improvement. In 2016, we developed and delivered RCA training, based on our Global RCA 5 Step Principles, targeted at those individuals at member firm level who will be performing RCA or directing those performing RCA. The Global RCA 5 Step Principles are as follows:
It is the responsibility of member firms to perform RCA and thereby identify and subsequently develop appropriate remediation plans for the audit quality issues identified. Heads of Audit are responsible for the development and mplementation of action plans including identification of solution owners. Risk Management Partners monitor their implementation.
At a global level through the GAQIC and the GRMSG, we review the results of the quality monitoring programs, analyze member firm root causes and action plans and develop additional global remedial actions as required.
Our GAQIC, established by the GASG, considers network-wide issues arising from internal quality control reviews and external inspections, monitors progress being made in addressing audit quality issues and makesrecommendations to the GASG on audit quality issues.
Global remediation plans to date include holistic actions aimed at culture and
behavior, and at driving consistent engagement team performance. The global actions also include training, tools and guidance to drive consistency, ensure we have the fundamentals right and that we share best practices across the network.
Dialogue – internal and external
At an international level, KPMG International has regular two-way communication with the International Forum of Independent Audit Regulators (IFIAR) to discuss audit quality findings and actions taken by KPMG International and member firms to address such issues. We value the open, honest and transparent dialogue that IFIAR facilitates on global audit quality issues. At a regional level, we also have regular dialogue with representatives from the Committee of European Auditing Oversight Bodies (CEAOB) – formerly known as the European Audit Inspection Group (EAIG) – as well as the ASEAN Audit Regulators Group (AARG).
We proactively seek feedback from clients through in-person conversations and third-party surveys to monitor their satisfaction with our services. We endeavor to take this feedback and make dynamic changes at both the engagement level and firm level to meet clients’ needs.
*Unless the context otherwise requires, throughout this document “KPMG” and “KPMG network” (“we”, “our”, and “us”) generally refers to the member firms of the KPMG network of independent firms affiliated with KPMG International, a Swiss entity that services as a coordinating entity for the KPMG network. KPMG International provides no client services.