Building on our audit quality foundations
This section provides details on our system of quality control.
This section provides details on our system of quality control.
Leading through tone at the top
As a global organization, we recognize that strong and clear leadership from the center is critical to set the tone from the top and provide the blueprint to all firms.
Our global leadership, working with regional and firm leaderships, plays a critical role in establishing our commitment to quality and the highest standards of professional excellence. A culture based on quality, integrity and ethics is essential in an organization that carries out audits and other services on which stakeholders and investors rely.
KPMG’s global leadership drives an awareness that everyone across the network who is involved in performing an audit, or any client engagement across tax and advisory, has a responsibility and a part to play.
This is one of the key factors that connects everyone at KPMG.
Clear values and a strong Code of Conduct
Our commitment to integrity and quality is enshrined in the KPMG values that lie at the heart of the way we do things. They define our diverse and inclusive culture and our commitment to the appropriate personal and professional conduct, emphasizing that, above all, we act with integrity. We communicate our values clearly to our people and embed them into member firms’ people processes — induction, performance development and reward.
We strive to live the values, acting as role models and promoting ethical behavior. We will not hesitate to take action where we find behavior that is incompatible with them.
Building on our values is the KPMG Global Code of Conduct, which defines who we are and how we act. All member firms and their partners and employees are expected to act in line with the Code of Conduct.
Everyone at KPMG is required to take regular training covering the Code and to confirm their compliance with it.
Individuals are encouraged to speak up when they see something that makes them uncomfortable or that is inconsistent with our values.
Moreover, everyone at KPMG is responsible for reporting — and is required to report — any activity that could potentially be illegal or in violation of our values, KPMG policies, applicable laws, regulations or professional standards.
To safeguard this, each KPMG firm is required to have procedures and established channels of communication so that anyone working there can report ethical and quality issues. No KPMG firm, partner or employee may in any way retaliate against individuals who ‘raise their hand’ and speak up in good faith.
In addition, the KPMG International hotline is a mechanism for KPMG partners, employees, clients and other third parties to confidentially report concerns they have relating to certain areas of activity by KPMG International itself, activities of KPMG firms or KPMG personnel.
Driving standards through a system of quality control
Tone at the top, leadership and a clear set of values and conduct are essential to set the framework for quality. However, these must be backed up by a system of quality control that ensures our performance meets the highest professional standards.
To help all audit professionals concentrate on the fundamental skills and behaviors required to deliver a quality audit, KPMG has developed the Audit Quality Framework, based on International Standards on Quality Control (ISQC 1), issued by the International Auditing and Assurance Standards Board (IAASB), and on the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA), which apply to professional services firms that perform audits of financial statements.
The IAASB has proposed revisions to the International Standard of Quality Control — to modernize the requirements to be more suited to the evolving and increasingly complex environment in which we are operating — reflecting the impact of technology on the audit, networks and the use of external service providers. We have already started to reinforce our audit quality foundations by integrating this new thinking into our audit quality control systems.
KPMG’s audit quality framework introduces a common language that is used by all KPMG firms to describe what drives audit quality and to help highlight to their audit professionals how they contribute to its delivery.
‘Tone at the top’ sits at the core of the Audit Quality Framework’s seven drivers of audit quality and helps encourage the right behaviors across all KPMG firms. All of the other drivers create a virtuous circle because each driver is intended to reinforce the others.
While this KPMG Transparency Report summarizes KPMG’s approach to audit quality, it may also be useful for stakeholders interested in KPMG firms’ Tax and Advisory services, as many KPMG quality control procedures and processes are cross-functional and apply equally to all services offered.
Consistent quality and risk management policies
A robust and consistent system of quality control is essential to delivering quality services. Accordingly, KPMG International has quality control policies that apply to all KPMG firms. These are included in KPMG’s Global Quality & Risk Management Manual (GQ&RM Manual), which is available to, and applies to, all KPMG partners and employees.
These policies and associated procedures are designed to assist member firms in complying with relevant professional standards, and regulatory and legal requirements, and in issuing reports that are appropriate to the circumstances.
They are based on the ISQC 1 and on the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA). Both of these are relevant to member firms that perform statutory audits and other assurance and related services engagements.
KPMG firms are required to implement KPMG International policies and procedures and adopt their own additional policies and procedures that are designed to address rules and standards applicable to their own jurisdictions as well as applicable legal and regulatory requirements.
Our global leadership takes responsibility for audit quality
KPMG global leadership plays a critical role in driving the quality agenda for the organization. In respect of audit quality our Global Head of Audit Quality provides reports to the Global Audit Quality Committee of the Global Board, comprising senior KPMG personnel, and has responsibility for oversight of audit quality across KPMG. A number of global steering groups drive the execution of the quality strategy. Each of these global groups has its specific areas of focus, and they work closely with one another on quality matters, along with regional and member firm leadership, to:
- establish and communicate appropriate audit, quality and risk management policies
- enable effective and efficient processes to promote audit quality
- proactively identify and mitigate critical risks to the network
- drive strategy implementation in member firms’ audit functions, including standards of audit quality
- assess and monitor audit quality issues, including those arising from quality performance and regulatory reviews, and focus on best practices that reduce audit quality findings.
The overall governance structure of KPMG International and further detail on global leadership groups is provided in the ‘Governance and leadership’ section of this report.
Associating with the right clients
Rigorous global client acceptance and continuance policies are vital to being able to provide quality professional services.
KPMG’s client and engagement acceptance and continuance systems and processes are designed to identify and evaluate any potential risks prior to accepting or continuing a client relationship, or performing a specific engagement.
KPMG firms must evaluate whether to accept or continue a client relationship, or perform a specific engagement. Where client/engagement acceptance (or continuance) decisions pose significant risks, additional approvals are required.
Client acceptance process
Every KPMG firm is required to undertake an evaluation of every prospective client. This involves obtaining sufficient information about the prospective client and its key management and significant beneficial owners, and then properly analyzing the information to be able to make an informed acceptance decision. This evaluation includes completion of a questionnaire to assess the client’s risk profile and obtain background information on the client and its key management, directors and owners. In addition, each firm obtains any further information required to satisfy local legal or regulatory requirements.
Engagement acceptance process
Each prospective engagement is required to be evaluated to identify potential risks. A range of factors are considered as part of this, including potential independence and conflict of interest issues (using KPMG’s web-based global conflicts and independence checking system — Sentinel); the intended purpose and use of engagement deliverables; public perception; and factors specific to the type of engagement, including, for audit services, the competence of the client’s financial management team and the skills and experience of individuals assigned to staff the engagement.
An annual re-evaluation of all audit clients is required to be undertaken by all firms.
Recurring or long-running non-audit engagements are also subject to periodic re-evaluation. In addition, clients are required to be re-evaluated if there is an indication that there may be a change in their risk profile (e.g. in instances where there is information casting doubt on the perceived integrity of current senior management, other key client personnel or principal owner).
If a firm obtains information that indicates it should withdraw from an engagement or client relationship, it must consult internally and identify any required legal, professional and regulatory responsibilities. It is also required to communicate as necessary with those charged with governance and any other appropriate authority.
Insisting on the highest standards of independence and ethical transparency
Auditor independence and strong ethical conduct are cornerstones of international professional standards and regulatory requirements.
KPMG International’s detailed independence policies and procedures, which incorporate the IESBA Code of Ethics requirements, are set out in the Global Quality & Risk Management Manual, which applies to all KPMG firms. Automated tools, which must be used for every prospective engagement to identify potential independence and conflict of interest issues, facilitate compliance. Where there are additional applicable independence standards locally, firms add specific procedures to network-wide processes.
The Partner-in-Charge of the Global Independence Group is supported by a core team of specialists to help ensure that KPMG has robust and consistent independence policies and procedures, as well as guidance and tools to help member firms and their partners and staff comply with these requirements. The Global Independence Group communicates regularly to KPMG firms through announcements and alerts, headlining policy changes and enhancements as well as providing guidance on complying with the independence standards. The Global Independence Group holds various workshops and also provides ad hoc training over the course of each year.
Each KPMG firm has a designated Ethics & Independence Partner (EIP) who has primary responsibility for the direction and execution of E&I policies and procedures locally. The EIP is responsible for communicating and implementing KPMG global policies and procedures and ensuring that local policies and procedures are established and effectively implemented when they are more stringent than the global requirements.
KPMG partners and employees are required to consult with their member firm’s EIP on certain specific independence matters as defined in the GQ&RM Manual. The EIP may also be required to consult with the Global Independence Group depending upon the facts and circumstances. Guidance and tools are available to facilitate documenting these consultations.
Member firms must clearly communicate their independence policies and procedures to their partners and staff.
Compliance with independence policies and processes is monitored through annual independence confirmations and compliance audits within member firms, as well as through the network’s wider monitoring programs described in the ‘Audit quality monitoring and remediation’ section of this report.
E&I — Training and confirmations
All KPMG partners and client service professionals, as well as certain other individuals, must complete independence training that is appropriate to their grade and function upon joining their firm and on an annual basis thereafter.
Upon acceptance of employment, all KPMG partners and employees are required to confirm that they are in compliance with, and will abide by, applicable E&I rules and policies.
Thereafter, all KPMG individuals are required to sign an annual confirmation stating that they have remained in compliance with applicable E&I and other key policies throughout the year.
KPMG’s E&I policies and procedures in key areas are described in more detail below.
Personal financial independence
KPMG partners and employees must be free from prohibited financial interests in, and prohibited financial relationships with, assurance and audit clients (by definition, ‘audit client’ includes its related entities or affiliates), their management, directors and, where required, significant owners. All partners — irrespective of their member firm and function — are generally prohibited from owning securities of any audit client of any member firm.
A web-based independence compliance system (KICS), which contains an inventory of publicly available investments, assists professionals in complying with personal independence investment policies.
All partners and manager grade or above client-facing professionals are required to use the KICS system prior to entering into an investment to identify whether they are permitted to do so. They must also maintain an up-to-date record of all of their investments in publicly traded entities in KICS, which automatically notifies them if any investment subsequently becomes restricted. Newly restricted investments must be disposed of within 5 business days of the notification.
The Global Independence Group provides guidance and suggested procedures relating to the audit and inspection by KPMG member firms of personal compliance with KPMG’s independence policies. This includes sample criteria including the minimum number of professionals to be audited annually.
Any KPMG professional providing services to an audit client is required to notify the member firm’s EIP if he or she intends to enter into employment negotiations with that audit client. For partners, this requirement extends to any audit client of any member firm that is a public interest entity.
Former members of the audit team or former partners of a member firm are prohibited from joining an audit client in certain roles unless they have disengaged from all significant connections to the firm, including payments which are not fixed and predetermined and/or would be material to the member firm, and have ceased participating in the member firm’s business and professional activities.
Any former partner who has a financial relationship with a member firm must notify the EIP if they intend to enter into employment negotiations with any listed audit client of any member firm.
Key audit partners and members of the chain of command for an audit client that is a public interest entity are subject to time restrictions (referred to as ‘cooling-off’ periods) that preclude them from joining that client in certain roles until a defined period of time has passed.
Firm financial independence
KPMG firms must also be free from prohibited interests in, and prohibited relationships with, audit clients and their management, directors and, where required, significant owners. KICS is used to record member firm direct and material indirect investments in listed entities and funds (or similar investment vehicles) as well as in non-listed entities or funds. This includes investments held in pension and employee benefit plans.
Additionally, KPMG firms are required to record in KICS all borrowing and financing relationships, as well as custodial, trust and brokerage accounts that hold member firm assets.
KPMG has policies and procedures in place that are designed to ensure its business relationships with audit clients are maintained in accordance with the IESBA Code of Ethics and other applicable independence requirements, such as those promulgated by the US Securities and Exchange Commission (SEC).
All KPMG firms are required, at a minimum, to comply with the IESBA Code of Ethics and applicable laws and regulations related to the scope of services that can be provided to audit clients. Sentinel, a web-based application, facilitates compliance with auditor independence requirements and identifies potential conflicts of interest for prospective engagements.
Certain information on all prospective engagements, including service descriptions and fees, must be entered into Sentinel as part of the engagement acceptance process. When the engagement is for an audit client, an evaluation of potential threats and safeguards is also required to be included in the Sentinel submission.
Lead Audit Engagement Partners (LAEPs) are required to maintain group structures for their publicly traded and certain other audit clients, as well as their related entities or affiliates, in Sentinel. They are also responsible for identifying and evaluating any independence threats that may arise from the provision of a proposed non-audit service and the safeguards available to address them. For entities for which group structures are maintained, Sentinel enables LAEPs to review and request revision to approve, or deny, any proposed service for those entities worldwide.
Self-interest or intimidation threats at a firm-wide level may arise when the total fees from an audit client represent a large proportion of the total fees of the member firm conducting the audit. In the event that the total fees from a public interest entity audit client and its related entities represent more than 10 percent of the total fees received by a particular member firm for 2 consecutive years:
- disclosure is required to those charged with governance at the audit client; and
- a senior partner from another member firm is appointed as the engagement quality control (EQC) reviewer.
Avoiding conflicts of interest
All KPMG professionals are responsible for identifying and managing conflicts of interest, which are circumstances or situations that may reasonably be expected to have an impact on the firm’s ability to be objective or act without bias.
KPMG engagement teams are required to use Sentinel to identify potential conflicts so that these can be addressed in accordance with legal and professional requirements.
Conflicts of interest can arise in situations where KPMG partners or employees have a personal connection with the client that may interfere, or be perceived to interfere, with their ability to remain objective, or where they are personally in possession of confidential information relating to another party to a transaction. Consultation with the member firm’s Risk Management Partner (RMP) or the EIP is required in these situations.
Policies are also in place to prohibit KPMG partners and employees from accepting gifts and hospitality from audit clients, unless the value is trivial and inconsequential, is not prohibited by relevant law or regulation, and is not deemed to have been offered with the intent to improperly influence the behavior of the audit team member or the member firm.
Resolving conflicts of interest
Each KPMG firm has one or more allocated risk management individuals who are responsible for reviewing an identified potential conflict and working with the affected member firms to resolve the conflict, the outcome of which must be documented.
Escalation and dispute resolution procedures are in place for situations in which agreement cannot be reached on how to manage a conflict. If a potential conflict issue cannot be appropriately mitigated, the engagement is declined or terminated.
All KPMG partners and employees are required to report an independence breach to their member firm EIP as soon as they become aware of it. Any breaches of auditor independence regulations are required to be reported to those charged with governance at the audit client on the basis agreed with them but at a minimum on an annual basis. Significant breaches of independence rules must be reported to those charged with governance as soon as possible.
Each KPMG firm is required to have a documented and communicated disciplinary policy in relation to independence breaches that incorporates incremental sanctions reflecting the severity of any breach. In the event of non-compliance with KPMG’s independence policies, irrespective of how that non-compliance is identified, KPMG professionals will be subject to the disciplinary policy.
KPMG partner rotation policies are consistent with or exceed the requirements of the IESBA Code of Ethics and require compliance with any stricter local applicable rotation requirements. These requirements generally place limits on the number of consecutive years that partners in certain roles may provide audit services to a client, followed by a ‘time-out’ period during which these partners may not participate in the audit or in any way influence the outcome of it. They should also not lead or coordinate other professional services delivered to the client or oversee the relationship of the firm with them, nor have any other significant or frequent interaction with senior management or those charged with governance. Member firms are required to monitor the rotation of audit engagement leaders (and any other key roles where there is a rotation requirement) and develop related transition plans.
In certain jurisdictions, member firms are only permitted to act as an auditor for a specific audit client for a maximum period and not to act as auditor for that client for a specified period thereafter. KPMG firms in these jurisdictions are required to have processes in place to track and manage such issues of audit firm rotation.
Zero-tolerance approach to bribery and corruption
KPMG policy prohibits involvement in any type of bribery — even if such conduct is legal or permitted under applicable law or local practice. We also do not tolerate bribery by third parties, including by member firm clients, suppliers or public officials. KPMG International requires firms to have appropriate internal controls in place to mitigate the risk of involvement in bribery by the firm and its partners and employees.
All KPMG firm partners and employees are required to take training covering compliance with laws, regulations and professional standards relating to anti-bribery and corruption, including the reporting of suspected or actual non-compliance.
More about KPMG lnternational’s position on bribery and corruption is available here.
Bringing technical excellence and industry expertise
We are committed and continue to build on our technical excellence recognizing its fundamental role in delivering quality audits.
Technical consultation and global resources
Technical auditing and accounting support is available to member firms through the KPMG Global Solutions Group (KGSG) and the International Standards Group (ISG).
KPMG Global Solutions Group (KGSG)
Effective 1 January 2019, the Global Services Centre was renamed the KPMG Global Solutions Group to better reflect the Group’s purpose.
KGSG supports member firms through collaboration, innovation and technology. Key areas of work performed at KGSG include:
- developing innovative audit capabilities and deploying and using advanced audit solutions
- deploying KPMG Clara — our smart audit platform, incorporating advanced technologies, data science, audit automation, data visualization and more
- maintaining KPMG’s audit methodology, workflow and knowledge used by member firms’ audit professionals.
With three international locations, one in each region (Americas, EMA and ASPAC), the KGSG team is made up of professionals with backgrounds in audit, IT, data science, mathematics, statistics and more, from around the world, who bring diverse experiences and innovative ways of thinking to further evolve KPMG’s audit capabilities.
More information about KPMG’s global audit methodology and technology-based tools is included in the ‘Innovating and evolving our audit processes’ section of this report.
International Standards Group (ISG)
The ISG focuses on the application of International Financial Reporting Standards (IFRS) and International Standards on Auditing (ISAs).
To promote consistency of interpretation of IFRS and ISAs between member firms, Topic Teams with geographic representation from around the world identify emerging issues and develop global guidance on a timely basis. In summary, the ISG:
- monitors emerging practice issues identified through quality performance reviews, by regulators and through root cause analysis activities
- develops guidance on interpretation and application of international standards and, where appropriate, in response to quality issues emerging from review, drives consistency across the network
- provides feedback to international standard setters on proposed changes to standards and consultations
- consults on technical matters with KPMG firms in connection with client-specific issues.
The ISG also supports the Global ISA and IFRS Panels and the Global Topic Teams to facilitate information sharing between the Department of Professional Practices (DPP) network (see ’Delivering audit quality on the ground’ section), and to help ensure sector-specific issues are dealt with proactively.
Developing business understanding and industry knowledge
As well as technical knowledge, a key part of quality is having a detailed understanding of the client’s business and industry.
For significant industries, global audit sector leads are appointed to support the development of relevant industry information, which is made available to all audit professionals through our audit workflow. This knowledge comprises examples of industry audit procedures and other information (such as typical risks and accounting processes). In addition, broader thematic industry overviews are available, as well as a summary of the industry knowledge provided in the workflow.