In this section, we set out the ways in which member firms implement global policies and procedures to ensure quality and integrity at a local level.
Taking responsibility for audit quality at member firm level
While KPMG International creates the global framework and policies for audit quality, member firm leadership is responsible for the delivery of that quality and for local quality control. Within each member firm, there is a Head of Audit who has primary responsibility for audit quality and is assisted by the member firm Risk Management Partner (RMP) in maintaining a system of quality control.
Performing effective and efficient audits
We understand that skills build over time and through exposure to different experiences.
Embedding ongoing mentoring, supervision and review
To invest in building the skills and capabilities of KPMG professionals, member firms promote a continuous learning environment and support a coaching culture.
Ongoing mentoring, coaching and supervision during an audit involves:
- engagement partner participation in planning discussions
- tracking the progress of the audit engagement
- considering the competence and capabilities of the individual members of the engagement team, including whether they have sufficient time to carry out their work, whether they understand their instructions and whether the work is being carried out in accordance with the planned approach to the engagement
- helping engagement team members address any significant matters that arise during the audit and modifying the planned approach appropriately
- identifying matters for consultation with more experienced team members during the engagement.
A key part of effective mentoring and supervision is timely review of the work performed so that significant matters are promptly identified, discussed and addressed.
Engagement quality control (EQC) reviews
The EQC is an important part of KPMG's framework for quality. An EQC reviewer is required to be appointed for audits, including any related review(s) of interim financial information, of all listed entities, non-listed entities with a high public profile, engagements that require an EQC review under applicable laws or regulations, and other engagements as designated by the Risk Management Partner or country Head of Audit.
EQC reviewers are independent of the engagement team and have the appropriate experience and knowledge to perform an objective review of the more critical decisions and judgments made by the engagement team and the appropriateness of the financial statements. KPMG is continually seeking to strengthen and improve the role that the EQC review plays in member firm audits and has taken a number of actions to reinforce this, including issuing leading practices guidance, incorporating specific review requirements into our audit workflow, and developing policies relating to recognition, nomination and development of EQC reviewers.
The audit is completed only when the EQC reviewer is satisfied that all significant questions raised have been resolved, though the engagement partner is ultimately responsible for the resolution of accounting and auditing matters.
Enabling access to the right knowledge
Training and experience requirements for IFRS and US GAAP engagements
Specific requirements apply for partners, managers and EQC reviewers working on IFRS engagements in countries where IFRS is not the predominant financial reporting framework.
Similar policies apply for engagements performed by member firms outside of the US to report on financial statements or financial information prepared in accordance with US GAAP and/or audited in accordance with US auditing standards, including reporting on the effectiveness of the entity's internal control over financial reporting (ICOFR). These require that the partner, manager, EQC reviewer and other key individuals involved on the audit have completed relevant training and that the engagement team, collectively, has sufficient experience, including regarding the financial reporting framework that is not otherwise applicable in their jurisdiction, to perform the engagement or has implemented appropriate safeguards to address any shortfalls.
Access to specialist networks
Engagement teams have access to a network of KPMG specialists – either within their member firm or in other KPMG member firms. These specialists receive the training they need to ensure they have the competencies, capabilities and objectivity to appropriately fulfill their role. They also receive a global annual update on global quality performance issues.
The need for specialists to be assigned to an audit engagement in areas such as information technology, tax, treasury, actuarial, forensic and valuations is considered as part of the audit engagement acceptance and continuance process, as well as during the conduct of the engagement.
Developing business understanding and industry knowledge
A key part of quality is having a detailed understanding of the client's business and industry.
For significant industries, global audit sector leads are appointed to support the development of relevant industry information, which is made available to audit professionals through our audit workflow. This knowledge comprises examples of industry audit procedures and other information (such as typical risks and accounting processes). In addition, broader thematic industry overviews are available, as well as a summary of the industry knowledge provided in our audit workflow.
Association with the right clients
KPMG has established policies and procedures for determining whether to accept or continue a client relationship, or perform a specific engagement. Rigorous client acceptance and continuance policies are vital to our ability to provide high-quality professional services.
Client acceptance process
Every KPMG member firm is required to undertake an evaluation of every prospective client. This involves obtaining sufficient information about the prospective client, its key management and significant beneficial owners, and then properly analyzing the information to be able to make an informed acceptance decision. This evaluation includes completion of a questionnaire to assess the client's risk profile and obtain background information on the client and its key management, directors and owners. In addition, each member firm obtains additional information required to satisfy legal or regulatory requirements.
Engagement acceptance process
Each prospective engagement is required to be evaluated to identify potential risks. A range of factors are considered as part of this, including potential independence and conflict of interest issues (using KPMG's web based global conflicts and independence checking system – Sentinel), the intended purpose and use of engagement deliverables, as well as factors specific to the type of engagement, including, for audit services, the competence of the client's financial management team and the skills and experience of individuals assigned to staff the engagement.
An annual re-evaluation of all audit clients is required to be undertaken by member firms.
Recurring or long-running non-audit engagements are also required to be subject to re-evaluation. In addition, clients are required to be re-evaluated if there is an indication that there may be a change in their risk profile (e.g. in instances where there is information casting doubt on the perceived integrity of current senior management, other key client personnel or principal owner).
If a member firm obtains information that indicates it should withdraw from an engagement or client relationship, it must consult internally and identify any required legal, professional and regulatory responsibilities. It is also required to communicate as necessary with those charged with governance and any other appropriate authority.
"For us, integrity and independence are non-negotiable. That means we take decisive action when individual behavior or events occur that are not in line with our values or that run counter to achieving rigorous, independent audits." — Ed Cannizzaro, Global Head of Quality, Risk and Regulatory, KPMG International
Insisting on the highest standards and ethical transparency
Auditor independence is a cornerstone of international professional standards and regulatory requirements.
Practicing Ethics & Independence (E&I), integrity and objectivity
KPMG International's detailed independence policies and procedures, which incorporate the IESBA Code of Ethics requirements, are set out in the GQ&RM Manual. Automated tools, which must be used for every prospective engagement to identify potential independence and conflict of interest issues, facilitate compliance. Where there are additional applicable independence standards locally, member firms add specific procedures to network-wide processes.
The Partner-in-Charge of the Global Independence Group is supported by a core team of specialists to help ensure that KPMG has robust and consistent independence policies and procedures, as well as tools to help member firms and their partners and staff comply with requirements. Each member firm has a designated E&I Partner (EIP) who has primary responsibility for the direction and execution of E&I policies and procedures locally.
KPMG partners and staff are required to consult with their member firm's EIP on certain specific independence matters as defined in the GQ&RM Manual. Consultation may also be required with the Global Independence Group and others within the KPMG network, depending upon the facts and circumstances. Guidance and tools are available to facilitate documenting these consultations.
Member firms must clearly communicate their independence policies and procedures to their partners and staff. Compliance with independence policies and processes is monitored through annual independence confirmations and compliance audits within member firms, as well as through the network's wider monitoring programs described in the 'Network level monitoring' section of this report.
E&I – Training and confirmations
All KPMG partners and client service professionals, as well as certain other individuals, must complete independence training that is appropriate to their grade and function upon joining their member firm and on an annual basis thereafter.
Upon acceptance of employment, all KPMG partners and staff are required to confirm that they are in compliance with, and will abide by, applicable E&I rules and policies. Thereafter, all KPMG individuals are required to sign an annual confirmation stating that they have remained in compliance with applicable E&I policies throughout the year.
KPMG's E&I policies and procedures in key areas are described in more detail below.
Personal financial independence
KPMG partners and staff must be free from prohibited financial interests in, and prohibited relationships with, audit clients, their management, directors and significant owners. All partners – irrespective of their member firm and function – are prohibited from owning securities of any audit client of any member firm.
A web-based independence compliance system (KICS), which contains an inventory of publicly available investments, assists professionals in complying with personal independence investment policies.
KPMG partners and all manager grade or above client-facing professionals are required to use the KICS system prior to entering into an investment to identify whether they are permitted to do so. They must also maintain an up-to-date record of all of their investments in KICS, which automatically notifies them if any investment subsequently becomes restricted. Newly restricted investments must be disposed of within 5 business days of the notification.
Any KPMG professional providing services to an audit client is required to notify the member firm's EIP if he or she intends to enter into employment negotiations with that audit client. For partners, this requirement extends to any audit client of any member firm that is a public interest entity.
Former members of the audit team or former partners of a member firm are prohibited from joining an audit client in certain roles unless they have disengaged from all significant connections to the firm, including payments which are not fixed and determined and/or would be material to the member firm and ceased participating in the member firm's business and professional activities.
Any former partner who has a financial relationship with a member firm must notify the EIP if they intend to enter into employment negotiations with any listed audit client of any member firm.
Key audit partners and members of the chain of command for an audit client that is a public interest entity are subject to time restrictions (referred to as 'cooling-off' periods) that preclude them from joining that client in certain roles until a defined period of time has passed.
Firm financial independence
KPMG member firms must also be free from prohibited interests in, and prohibited relationships with, audit clients and their management, directors and significant owners. KICS is used to record member firm investments in SEC entities and affiliates (including funds), locally listed companies and funds, and direct and material indirect investments held in pension and employee benefit plans (including non-public entities and funds).
Additionally, member firms are required to record in KICS all borrowing and capital financing relationships, and custodial, trust and brokerage accounts that hold member firm assets.
KPMG partner rotation policies are consistent with the IESBA Code of Ethics and require compliance with any stricter local applicable rotation requirements. These requirements generally place limits on the number of consecutive years that partners in certain roles may provide statutory audit services to a client, followed by a 'time-out' period during which these partners may not participate in the audit or in any way influence the outcome of it. Member firms are required to monitor the rotation of audit engagement leaders (and any other key roles where there is a rotation requirement) and develop related transition plans.
In certain jurisdictions member firms are permitted to act as an auditor for a specific audit client for a maximum period and not to act as auditor for that client for a specified period thereafter. Where required, KPMG member firms have processes in place to track and manage audit firm rotation.
Self-interest or intimidation threats may arise when the total fees from an audit client represent a large proportion of the total fees of the member firm conducting the audit. In the event that the total fees from a public interest entity audit client and its related entities represent more than 10 percent of the total fees received by a particular member firm for 2 consecutive years:
- disclosure is required to those charged with governance at the audit client
- a senior partner from another member firm is appointed as the EQC reviewer.
KPMG is required, at a minimum, to comply with IESBA principles and applicable laws and regulations related to the scope of services that can be provided to audit clients.
Sentinel, a web-based application, facilitates compliance with auditor independence requirements and identifies potential conflicts of interest for prospective engagements. Certain information on all prospective engagements, including service descriptions and fees, must be entered into Sentinel as part of the engagement acceptance process. Lead audit engagement partners (LAEPs) are required to maintain group structures for their publicly traded and certain other audit clients, as well as their affiliates, in Sentinel. They are also responsible for identifying and evaluating any independence threats that may arise from the provision of a proposed non-audit service and the safeguards available to address them. For entities for which group structures are maintained, Sentinel enables LAEPs to review and approve, or deny, any proposed service for those entities worldwide.
Avoiding conflicts of interest
All KPMG partners and staff are responsible for identifying and managing conflicts of interest, which are circumstances or situations that may reasonably be expected to have an impact on the ability to be objective or act without bias.
KPMG engagement teams are required to use Sentinel to identify potential conflicts so that these can be addressed in accordance with legal and professional requirements.
Each member firm has one or more allocated risk management individuals ('Resolvers') who are responsible for reviewing an identified potential conflict and working with the affected member firms to resolve the conflict, the outcome of which must be documented.
Escalation and dispute resolution procedures are in place for situations in which agreement cannot be reached on how to manage a conflict. If a potential conflict issue cannot be appropriately mitigated, the engagement is declined or terminated.
Conflicts of interest can arise in situations where KPMG partners and staff have a personal connection with the client that may interfere, or be perceived to interfere, with their ability to remain objective, or where they are personally in possession of confidential information relating to another party to a transaction. Consultation with the member firm's RMP or the EIP is required in these situations.
All KPMG partners and staff are required to report an independence breach to their member firm EIP as soon as they become aware of it. Any breaches of auditor independence regulations are required to be reported to those charged with governance at the audit client on the basis agreed with them but at a minimum on an annual basis.
Each KPMG member firm is required to have a documented and communicated disciplinary policy in relation to independence breaches that incorporates incremental sanctions reflecting the severity of any breach. In the event of non-compliance with KPMG's independence policies, irrespective of how that non-compliance is identified, KPMG member firm professionals will be subject to the disciplinary policy.