Managing risk

We use an Enterprise Risk Management (ERM) framework to identify risks. Once identified, we take measures to prevent or mitigate these risks. Ultimately, risk management is the responsibility of our Board of Management. Twice a year, we review the effectiveness of our internal controls and risk-mitigation measures on an enterprise level. The Board of Management also regularly discusses risk with the Supervisory Board.

Our risk appetite

Our business is based on trust – we realize that any loss of trust could adversely affect our social or market position. Our objective – through risk management – is to ensure the long-term security of our business.

We operate in a complex environment. Some risks are inherent to our business. We will accept some net risk (i.e., the risk remaining after mitigation measures) on the condition:

  • That it is in line with our overall strategic objectives and contributes responsibly to achieving them

  • That it does not violate our core values or quality standards.

As a matter of principle, we will not take on net risk that promotes revenue growth at the expense of our sustainability standards or principles, as defined in our Impact Plan.

On decisions that may affect public trust in KPMG N.V., we have a relatively low appetite for risk (given the importance of trust to our business). For decisions relating to growth, our appetite is moderately higher.

Key risks

In the course of our business, we face both financial and strategic (including operational and compliance) risks.

Financial risks consist of financial reporting risks and financial positions risks. The financial reporting risk relates to the financial statements containing a material misstatement, either due to fraud or error. Financial position risks generally fall into three main categories: credit risk, liquidity risk and market risk. Strategic risks vary from non-compliance with laws and regulation, to a loss of public trust, breach of privacy, or failure to meet stakeholder expectations regarding management of environmental, social or governance (ESG) topics.

We carry out an annual assessment of our strategic risks, updated every six months. This assessment is based on detailed discussion with our Board of Management and other business leaders. As part of this assessment, risks are assessed according to impact and percentage likelihood.

See our Consolidated Financial Statements (new window) for further disclosures on our financial risks and Our material topics (new window) for how we manage risks and opportunities arising from our material topics.

Overview of our financial and financial reporting risks

Our risk appetite with regard to financial reporting is low. That is why the business is continuously monitored and managed through internal processes which include monthly financial reporting. We consider the risk as low. Estimates and complex valuations for example are used on a very limited basis.

Our risk appetite with respect to our financial risks is low, as the risks could be substantial, and for that reason we monitor the following financial position risks on a monthly basis. Based on the current state of affairs, the financial reporting is prepared on a going-concern basis.

Credit risk

This relates to potential losses for KPMG N.V. in the event of a client or counterparty default.

We keep our exposure under constant monitoring. Clients’ creditworthiness is routinely checked for transactions above a certain amount. All cash is deposited at banks with a minimum BBB credit rating. Our risk is also diversified, given the limited number of clients that may owe payments at any given time.

Liquidity risk

This relates to KPMG N.V. being unable to meet its financial commitments because of a lack of available liquidity.

Our aim is to ensure, as far as possible, that there are always liquid funds available. This avoids financial loss and damage to KPMG N.V.’s reputation. Surplus funds are deposited in business savings accounts or held aside for specific periods.

Market risk

This relates to changes in market prices adversely affecting income or asset values.

We aim to keep market risks within acceptable limits (while maximizing income). Changes in exchange and interest rates, if persistent, will have an impact on KPMG N.V.’s profit.

Overview of strategic risks (including operational and compliance risks)


Risk Appetite

Potential impact

Mitigation measures

Failure to comply with quality or professional standards


Loss of public trust; damage to reputation among clients; possible claims from clients or regulatory fines or even temporary or permanent loss of audit license

Extensive system of quality management, including quality improvement programs, based on rigorous root cause analysis

Engagement Quality Control Reviews (EQCRs), where appropriate

Implementation of clear standards and robust audit methodology

Board of Management “steering on quality”

Rigorous client and engagement acceptance procedures

Inability to adapt business to strategy, client base, brand positioning or changes in economic conditions


Weaker market position; increased risk of litigation; inability to develop, maintain or monetize high-quality assets and services

Priorities and focus areas clearly identified as part of strategy

Code of conduct and detailed policies governing client and engagement acceptance, auditor independence

Continuous monitoring of resource availability and review of business model

Investment in key client products and services

Failure to create a fast, innovative and inclusive culture


Lower employee engagement; reduced ability to compete in labor market; eventual loss of efficiency and quality

Clear values and behaviors

Identification of culture as a business differentiator

Strategic investments in digital technologies, data and AI

Performance KPIs cascaded through organization

Failure to execute strategy or business plans successfully


Missed targets or objectives; loss of confidence in management reduced morale among partners and other professionals

Clear governance procedure and independent Supervisory Board

Regular reporting on progress to Board of Management

Constant monitoring against strategic priorities

Cascading strategic key performance indicators to individual professionals

Inability to attract or retain talented professionals to work for KPMG N.V.


Disengaged staff; lower productivity; potential lost revenue and market share; failure of succession planning

KPMG Story, encompassing the group's purpose, values, vision, strategy and promise

Extensive system of workforce planning

Clear career paths, succession planning and global mobility program

Firm-wide inclusion, diversity & equity program

Impact of hostile political, social or media environment


Reputational damage, weakening in social license to operate

Contingency programs to manage impact on brand and reputation

Independent Supervisory Board with responsibility to take into account interests of stakeholders

Not making full use of the collaboration within the KPMG network


Missed opportunities to share knowledge; potentially inadequate resources for investment

Alignment with network strategy and investment priorities

Increasing international collaboration with KPMG International and other member firms

Inability to scale resources or skills in changing economic conditions


Loss of market opportunities; reduced ability to attract new clients or talent

Strengthening technical capacity, as well as enhancing ESG and digital skills

Extensive training and education programs

Innovative resourcing model

Failure to meet regulators’ expectations or correct non-compliance with laws and regulations


Loss of public trust; reputation damage; potential fines or other regulatory sanctions

Regular, constructive dialogue with regulators

Qualified individuals appointed to leadership positions

Internal policies and controls to reduce risk of non-compliance

Strict approval process for products and services

Breaches of privacy, loss of data or other technology risk


Possible loss of service delivery, Reputation damage and possible loss of clients, Potential litigation or regulatory sanctions (including fines)

Robust IT security policies and processes

ISO 27001 accreditation for cyber security management

Ongoing training and awareness campaigns

Business continuity management

Fraud risk assessment

We believe our fraud risk with a financial impact is relatively low; this is because preventing and detecting fraud is an inherent part of our business. Fraud risk may be detected through regular risk assessments because of its potentially significant impact on other strategic and financial risks. Even so, we recognize that fraud risk is structurally present in our business. We take measures to mitigate this risk, including policies, procedures, training, monitoring and regular reporting, as well as clear values in our Code of Conduct and elsewhere. We have found these measures to be effective in reducing “net risk” to acceptable levels.

Note on climate change risk

Climate risk is incorporated into our overall risk management processes, along with other ESG risks. As an office-based company, KPMG N.V. is not responsible for significant carbon emissions. We do, however, work with clients exposed to greater climate risk (including energy and resources, infrastructure and financial services). Our main climate risk relates to clients operating in these sectors, i.e. that they may face sanctions or fines, damage to their reputation, or fail to adopt more sustainable, low-carbon technologies quickly enough. To counter climate-related risks, we are embedding ESG issues, including climate, across our Assurance, Advisory and Business Services units. We are also executing our Impact Plan to reduce emissions from our own business activities and extending our reporting on climate and the environment. For more information, please see Managing our environmental, social and governance impact (new window).