Skip to article navigation Skip to content

Risk mitigation and controls

A page refresh occures when a subject is selected.

Skip article navigation.

Financial risks

Financial instruments

We use financial instruments in the normal course of our business and in mitigating risk. These instruments include share capital, receivables from and liabilities to (former) equity partners.

Credit risk

Relates to losses that may be incurred if a client or counterparty defaults:

  • We constantly monitor our exposure in this area. The creditworthiness of clients is routinely checked for transactions above a certain amount. All cash is deposited at banks with a minimum BBB credit rating. Our risk is also diversified, given the number of clients that may owe amounts to the firm at any given time.

Liquidity risk

Related to the firm being unable to meet its financial liabilities because of a lack of available liquidity:

  • Our aim is to ensure, as far as possible, that there are always liquid funds available. This avoids financial loss and damage to the firm’s reputation. Surplus funds are deposited in business savings accounts or held aside for specific periods.

Market risk

Relates to changes in financial market prices adversely affecting the firm’s income or the value of its assets:

  • We aim to keep market risks within acceptable limits (while maximising income). Changes in exchange and interest rates, if persistent, will have an impact on the firm’s profits. 

During 2020/2021, none of the risks above had a significant or material impact on our financial performance. See our consolidated financial statements for further disclosures.

Strategic risks

The table below details our main strategic risks, their potential impact and the measures taken over the past year to prevent or mitigate these risks:

Strategic risk

Potential impact

Mitigation measures taken

Failing to comply with quality standards

Failing, during engagement, to comply with applicable professional standards, resulting in litigation or regulatory action

  • Loss of audit clients due to reputational damage

  • Attracting new talent into the firm becomes harder

  • Possible regulatory fine(s) or even temporary or permanent loss of audit licence

  • Additional litigation and claims by clients

  • Increased ‘steering on quality’ monitoring by members of Board of Management

  • Continuous quality improvement programmes, based on root cause analysis

  • Maintaining robust quality management system

  • Rigorous client and engagement acceptance procedures

  • Implementation of clear standards and robust audit methodology

  • Engagement quality control reviews, where appropriate

Unfavourable or hostile political / media sentiment

Failing to act following potentially damaging incident with respect to attitude towards clients, delivery of services, professional conduct or impact on society

  • Damage to firm’s reputation, resulting in loss of major clients or inability to attract talent

  • Possible regulatory sanctions

  • Loss of long-term social licence to operate

  • Increased risk of litigation

  • Independent Supervisory Board and Public Interest Committee

  • External member appointed to Board of Management

  • Active dialogue with stakeholders

  • Procedures to ensure effective issue management between Brand & Reputation, Quality & Risk, Management and Legal departments

  • Contingency programmes to manage impact of incidents on firm’s reputation

Failing to meet expectations of external or internal regulators

Failing to maintain constructive relations with regulators or to meet their expectations following inspection findings or potential non-compliance with laws and regulations

  • Reputational damage in industry as a result of negative press publicity

  • Inability to attract talent and possible loss of major audit clients

  • Possible regulatory sanctions

  • Specific individuals with responsibility for maintaining dialogue with regulators

  • Implementation of clear framework to manage regulatory issues

  • ‘Qualified individuals’ appointed to leadership positions

  • Regulatory findings shared with senior management

  • Policies, procedures and controls in place to reduce risk of non-compliance

Failing to create a fast, innovation, collaborative, high-performance culture

Inability to create or implement an effective corporate culture, with respect to quality or ethical behaviour, or an unwillingness to improve performance in critical areas of activity

  • Reduce morale among partners and other professionals

  • Loss of talent leading to service delivery problems and a reduction in quality

  • Loss of revenue opportunities from multi-disciplinary engagements

  • Loss of reputation in wider industry as an ‘employer or choice’

  • Increased risk of quality loss and non-compliance

  • Failure to adhere to Code of Conduct and corporate values

  • ‘Tone from the top’, emphasising importance of quality, ethics and integrity

  • Internal controls governing recruitment, personal development and assignments

  • ‘Closed-loop’ approach to address feedback from people surveys

  • ‘People’ managers embedded in the firm’s senior leadership

  • Regular roadshows to share experience and success stories

  • KPMG Story, encompassing the group’s purpose, values, vision, strategy and promise

Privacy breaches, loss of data or other technology risk

Failing to protect personal or client data confidentiality – or business disruption as a result of technology failures or over-dependency

  • Possible loss of service delivery

  • Reputation damage and possible loss of clients

  • Potential litigation or regulatory sanctions (including fines)

  • Robust IT security policies and processes

  • ISO 27001 accreditation

  • Ongoing training and awareness campaigns

  • Business continuity management

Redesign failure of previously competitive and profitable long-term business models

Failing to align client base with strategy, ESG or brand positioning, unsuccessfully redesigning a profitable business model based on inappropriate metrics, or developing new assets and services that are illegal, unethical, or don’t comply with relevant professional standards or our own corporate values

  • Inability to develop, maintain or monetise high quality assets and services.

  • Loss of reputation in industry

  • Possible regulatory sanctions, including temporary loss of licence

  • Loss of major clients

  • Increased risk of litigation

  • Clear client and engagement acceptance procedures (including proprietary systems for checking for conflicts of interest)

  • Detailed policies and procedures governing auditor independence

  • Strict new approval process for products and services

  • Continuous review of firm’s business model (as it relates to strategy)

  • Code of Conduct, corporate values, compliance programmes and whistle-blower hotline

  • Procedures for reporting money laundering

Not responding to economic changes and /or increased competition from new business models

Inability to respond quickly enough to changes in the economy, or increased competition from new, disruptive technologies

  • Failure to capitalise on growth opportunities, resulting in loss of revenue

  • Failure to allocate resources to areas of higher demand (leading to rising costs elsewhere in the business)

  • Inability to allocate human resources effectively, resulting in possible loss of quality

  • Audit-only firms undermining firm’s multi-disciplinary business model

  • Further prohibition or restrictions on professional services

  • Constant monitoring of resource availability

  • Clear career paths and development plans for partners

  • Partner succession planning

  • Global mobility programme (for those employees wishing to work in other countries)

  • Clear client and engagement acceptance procedures

  • Centralised innovation programme

  • Structured dialogue with regulators

  • Robust contingency planning

Attracting and retaining talent

Failing to attract and retain talent because of high workloads, uncompetitive pay or a lack of career opportunities;

Failing to train new and junior employees because of increase in remote working, or excessive focus on compliance rather than improving quality

  • Disengaged staff, leading to possible problems with service delivery and quality

  • Loss of reputation with clients and /or position as employer of choice

  • Loss of talented employees, leading to possible problems with service delivery and quality

  • Lower productivity

  • Failure to adhere to Code of Conduct and corporate values

  • Succession planning ‘fails’

  • Loss of revenue opportunities from multi-disciplinary engagements

  • KPMG Story, encompassing the group’s purpose, values, vision, strategy and promise.

  • ‘People’ managers embedded in the firm’s senior leadership

  • Extensive performance, pay and promotions processes

  • Ongoing review of global performance management and development programmes

  • ‘Closed-loop’ approach to address feedback from people surveys

  • Defined career paths and development framework

  • Succession planning for partners and leadership development

  • Diversity task force and dedicated Inclusion & Diversity programme

Failure to implement strategy

Failing to implement our Trust & Growth strategy in line with business planning

  • Loss of reputation as an ‘employer of choice’

  • Failure to achieve stated objectives, goals or ambitions

  • Reduced morale among partners and other professionals

  • Central project management office

  • Clear governance procedures and external Supervisory Board

  • Cascading strategic key performance indicators to individual professionals

  • Constant monitoring of progress /business planning against strategic priorities

Fraud risk assessment

We estimate our fraud risk as relatively low; this is because preventing and detecting fraud is an inherent part of our business. We also know, from our risk assessments, that fraud risk may be detected because of its potentially significant impact on other enterprise risks. Even so, we recognise that fraud risk is structurally present in our business; we implement a range of measures to mitigate this risk. Essentially, these measures include having clear core values, policies, procedures, training, monitoring and reporting; in recent years, we have found these measures to be effective in reducing our ‘net risk’ to an acceptable level.