Maintaining quality in our work

Ensuring quality is about more than complying with rules and regulations. It is at the core of everything we do – it is our license to operate.

For us, quality is about doing things right, doing the right things and continuous improvement.

  1. Doing things right: this is about making sure we have the right culture and the right ‘tone at the top’. Also that our teams are focused on the most important risk areas. And that our engagements are carried out consistently and in line with the highest professional standards.

  2. Doing the right things: this is about concentrating on what is most important to our clients and their ability to create long-term value. Increasingly, that means ESG, climate change, workforce diversity and digitalization – and suggesting to clients ways of strengthening their internal systems and controls.

  3. Continuous improvement: this is about measuring our own performance and continuing to improve where we can, and deploying new digital technologies so our people can concentrate on what they do best: advising clients and conducting high-quality audits.

KPMG recently adopted a new Global Quality Framework in line with the new International Standard on Quality Management (ISQM 1 (new window)), which will come into effect in December 2022. This new Framework also meets the requirements of the previous International Standard on Quality Control (ISQC 1 (new window)), as well as the following standards and regulations:

The Framework outlines how we ensure quality and accountability throughout the organization and, in line with ISQM 1 (new window), puts emphasis on quality management rather than quality controls.

Please note that, in this report, we have chosen to describe our new Global Quality Framework, which came into effect at the beginning of 2022/2023 (given that it meets the requirements of both ISQM 1 (new window) and ISQC 1 (new window)). See our previous integrated report (new window) for details of our previous quality control system, in operation during 2021/2022.

Quality management

The importance of quality is embedded in our corporate culture, values and behavior. It is central to our approach to clients, and at the heart of our Trust & Growth strategy. Quality is also the main factor for our people when deciding assignments, promotions and remuneration.

Our quality management system ensures compliance with professional standards, laws and regulations. Responsibility for this system extends across the firm:

  • Our Board of Management has ultimate responsibility for quality. The Board sets ‘tone at the top’ and makes sure we have the right skills and knowledge within the organization. Every year, the Board reviews the effectiveness of our System of Quality Management.

  • Within the business, the Heads of Assurance and Advisory manage and uphold our System of Quality Management, assisted by the Country Quality & Risk Management Partner, who reports to the CEO and works closely with other member firms across the KPMG network.

    All staff are required to understand and abide by quality management policies and procedures. To ensure this, staff undergo mandatory training and updates.

In addition, we have a Head of Audit Quality, whose role is to oversee all quality initiatives within Assurance, ensure we maintain our quality focus and identify possible areas of improvement within the practice. Our quality management policies apply to all KPMG member firms and are included in our Global Quality and Risk Management manual. Our Supervisory Board oversees our approach to quality, partly through the work of the Assurance Quality Committee (new window).

Our Global Quality Framework

Our quality framework is built around ten quality drivers, ranging from culture and values to knowledge application, effective communications and nurturing diversity. Formally, this framework applies to Assurance, but where appropriate we use the same basic framework for Advisory and Business Services as well[2]. In Assurance, we are also subject to regular inspections and use extensive Audit Quality Indicators (new window) (AQIs) to track our performance[3].

Core drivers

Perform quality engagements

We design and perform audits based on our assessment of likely risks. We consider all audit evidence, even if it’s contradictory or inconsistent. Each audit team member is required to exercise professional judgement throughout the engagement, and remain alert to possible biases.

Monitor and remediate

Integrated quality monitoring and compliance programs enable us to identify deficiencies, perform root cause analyses and take remedial steps where necessary.

Value drivers

Live our culture and values

Culture is vital to quality, starting with tone at the top. The other drivers all depend, to one degree or another, on having the right culture throughout the organization. Our values, behaviors and Code of Conduct all support our culture of quality.

Embrace digital technology

Technology helps us focus on the issues that matter. Across KPMG, we are committed to continuous innovation. We are increasingly using data analysis and new technologies to improve the quality of our audits.

Apply expertise and knowledge

We are committed to building on our technical expertise and knowledge – these factors are fundamental to conducting quality audits. We have a clear, consistent audit and assurance methodology, which goes beyond basic international standards, supported by our KPMG Clara smart audit platform.

Nurture diverse, skilled teams

This is about ensuring KPMG professionals have the right skills, experience and diversity. Quality is built into our HR processes from recruitment to reward and promotion.

Supporting drivers

Be independent, objective and ethical

To ensure quality, our professionals must be independent and objective. They must live up to the highest ethical standards. Independence is built into professional standards and regulations.

Assess risks to quality

We continuously assess risks to audit quality[1] – the issue is built into our approach to risk management. Failure to comply with quality or other professional standards is included as one of our strategic risks.

Communicate effectively

Key to a good audit is open, honest and effective communication – that means obtaining feedback from clients and other stakeholders, and acting on it as promptly as possible.

Associate with the right clients and engagements

When taking on new work, we work with strict acceptance criteria. We don’t want to work with clients who pose an unacceptable, financial, operational or ethical risk.

  • 1We define audit quality as performing audits to high standards and principles, while meeting legitimate stakeholder needs.

Onboarding clients

We conduct thorough assessments before accepting new clients and engagements. These assessments include background checks on management and ownership, possible conflicts of interest, potential issues of independence, any breaches of laws or regulations, including those related to corruption and human rights. If necessary, we ask for additional safeguards, or decline a client if issues can’t be resolved or we don’t receive sufficient information to carry out our assessment.

Personal independence and rotation

For all our employees, we have clear policies on personal independence and a regular systematic rotation of partners and other senior team members in compliance with the legislation and standards, so that no partner or senior team member remains longer than allowed or appropriate with a single assurance client. In 2021/2022, we carried out 173 personal independence audits (compared with 188 the previous year).

Technical support

All our employees have access to technical support, provided by the Department of Professional Practice (DPP), the Internal Audit & Compliance Office and/or the Quality & Risk Management Group. Auditors can also access support through the KPMG global network. In 2021/2022, there were 774 formal technical consultations with the DPP on difficult or contentious issues (compared with 627 the previous year)[4]. Approximately a third of these consultations were related to ‘going concern’ issues, or fraud, money laundering and anti-bribery.

Engagement Quality Control Reviews

For many engagements, we appoint independent Engagement Quality Control Reviewers (EQCRs) to oversee decisions made by teams on the ground[5]. In 2021/2022, EQCRs reviewed 30%[6] of all legal audit engagements (compared with 31% the year before). We expect partners to be closely involved in engagements – and measure this as an audit quality indicator (AQI). Partners’ involvement helps set the right tone and ensures audit teams get maximum benefit from the partner’s skills and experience. Partners and directors must demonstrate their commitment to quality before being promoted to these positions[7].

Quality monitoring and compliance

Across KPMG, we have quality monitoring and compliance programs. These include our regular Quality Performance Reviews (QPRs) and our KPMG Quality & Compliance Evaluation (KQCE) program. In addition, to support continuous improvement, we perform root-cause analyses based on five distinct steps (see illustration below). In 2022, we disbanded our Audit Quality Improvement Council (AQIC), previously responsible for root-cause analysis (RCA). Instead, to streamline our processes, all analysis is now performed directly by an RCA team, part of our Audit Quality department. During the year, we carried out a number of root-cause analyses - results showed the importance of the following:

  • Culture, behavior and accountability of those involved in each audit

  • Communications within KPMG

  • Continued efforts to evaluate and improve the quality of our engagements

Five-step process for root-cause analysis

Internal quality reviews

For our assurance business, QPRs are conducted by our Internal Audit & Compliance Office, using reviewers at both partner and senior management level. Engagements are rated as follows:

  • Compliant: all relevant audit, assurance, accounting and other professional standards have been complied with in all significant respects.

  • Compliant – improvement needed: standards have been complied with in all significant respects, but minor instance(s) of non-compliance were also identified.

  • Not compliant: standards have not been complied with in significant respects and remediation is required.  

In Advisory, QPRs are performed by the Functional Quality & Risk Management Partner. Advisory engagements are rated on two criteria: engagement set-up and engagement execution. Ratings are green, amber or red; both green and amber are considered satisfactory.

Internal reviews are conducted throughout the year to assess quality and identify areas of possible improvement. Findings are communicated to professionals within the firm and benchmarked against KPMG’s global quality baselines.