We use an Enterprise Risk Management (ERM) framework to identify risks. Once identified, we take measures to prevent or mitigate these risks. Ultimately, risk management is the responsibility of our Board of Management. Twice a year, we review the effectiveness of our internal controls and risk-mitigation measures on an enterprise level. The Board of Management also regularly discusses risk with the Supervisory Board.
Our risk appetite
Our business is based on trust – we realize that any loss of trust could adversely affect our social or market position. Our objective – through risk management – is to ensure the long-term security of our business.
We operate in a complex environment. Some risks are inherent to our business. We will accept some net risk (i.e., the risk remaining after mitigation measures) on the condition:
That it is in line with our overall strategic objectives and contributes responsibly to achieving them
That it does not violate our core values or quality standards.
As a matter of principle, we will not take on net risk that promotes revenue growth at the expense of our sustainability standards or principles, as defined in our Impact Plan.
On decisions that may affect public trust in KPMG N.V., we have a relatively low appetite for risk (given the importance of trust to our business). For decisions relating to growth, our appetite is moderately higher.
Key risks
In the course of our business, we face both financial and strategic (including operational and compliance) risks.
Financial risks consist of financial reporting risks and financial positions risks. The financial reporting risk relates to the financial statements containing a material misstatement, either due to fraud or error. Financial position risks generally fall into three main categories: credit risk, liquidity risk and market risk. Strategic risks vary from non-compliance with laws and regulation, to a loss of public trust, breach of privacy, or failure to meet stakeholder expectations regarding management of environmental, social or governance (ESG) topics.
We carry out an annual assessment of our strategic risks, updated every six months. This assessment is based on detailed discussion with our Board of Management and other business leaders. As part of this assessment, risks are assessed according to impact and percentage likelihood.
See our Consolidated Financial Statements (new window) for further disclosures on our financial risks and Our material topics (new window) for how we manage risks and opportunities arising from our material topics.
Overview of our financial and financial reporting risks
Our risk appetite with regard to financial reporting is low. That is why the business is continuously monitored and managed through internal processes which include monthly financial reporting. We consider the risk as low. Estimates and complex valuations for example are used on a very limited basis.
Our risk appetite with respect to our financial risks is low, as the risks could be substantial, and for that reason we monitor the following financial position risks on a monthly basis. Based on the current state of affairs, the financial reporting is prepared on a going-concern basis.
|
Credit risk |
This relates to potential losses for KPMG N.V. in the event of a client or counterparty default. |
|
We keep our exposure under constant monitoring. Clients’ creditworthiness is routinely checked for transactions above a certain amount. All cash is deposited at banks with a minimum BBB credit rating. Our risk is also diversified, given the limited number of clients that may owe payments at any given time. |
|
|
Liquidity risk |
This relates to KPMG N.V. being unable to meet its financial commitments because of a lack of available liquidity. |
|
Our aim is to ensure, as far as possible, that there are always liquid funds available. This avoids financial loss and damage to KPMG N.V.’s reputation. Surplus funds are deposited in business savings accounts or held aside for specific periods. |
|
|
Market risk |
This relates to changes in market prices adversely affecting income or asset values. |
|
We aim to keep market risks within acceptable limits (while maximizing income). Changes in exchange and interest rates, if persistent, will have an impact on KPMG N.V.’s profit. |
Overview of strategic risks (including operational and compliance risks)
|
Risk |
Risk Appetite |
Potential impact |
Mitigation measures |
|---|---|---|---|
|
Failure to comply with quality or professional standards |
Low |
Loss of public trust; damage to reputation among clients; possible claims from clients or regulatory fines or even temporary or permanent loss of audit license |
Extensive system of quality management, including quality improvement programs, based on rigorous root cause analysis |
|
Engagement Quality Control Reviews (EQCRs), where appropriate |
|||
|
Implementation of clear standards and robust audit methodology |
|||
|
Board of Management “steering on quality” |
|||
|
Rigorous client and engagement acceptance procedures |
|||
|
Inability to adapt business to strategy, client base, brand positioning or changes in economic conditions |
Low |
Weaker market position; increased risk of litigation; inability to develop, maintain or monetize high-quality assets and services |
Priorities and focus areas clearly identified as part of strategy |
|
Code of conduct and detailed policies governing client and engagement acceptance, auditor independence |
|||
|
Continuous monitoring of resource availability and review of business model |
|||
|
Investment in key client products and services |
|||
|
Failure to create a fast, innovative and inclusive culture |
Low |
Lower employee engagement; reduced ability to compete in labor market; eventual loss of efficiency and quality |
Clear values and behaviors |
|
Identification of culture as a business differentiator |
|||
|
Strategic investments in digital technologies, data and AI |
|||
|
Performance KPIs cascaded through organization |
|||
|
Failure to execute strategy or business plans successfully |
Low |
Missed targets or objectives; loss of confidence in management reduced morale among partners and other professionals |
Clear governance procedure and independent Supervisory Board |
|
Regular reporting on progress to Board of Management |
|||
|
Constant monitoring against strategic priorities |
|||
|
Cascading strategic key performance indicators to individual professionals |
|||
|
Inability to attract or retain talented professionals to work for KPMG N.V. |
Low |
Disengaged staff; lower productivity; potential lost revenue and market share; failure of succession planning |
KPMG Story, encompassing the group's purpose, values, vision, strategy and promise |
|
Extensive system of workforce planning |
|||
|
Clear career paths, succession planning and global mobility program |
|||
|
Firm-wide inclusion, diversity & equity program |
|||
|
Impact of hostile political, social or media environment |
Medium |
Reputational damage, weakening in social license to operate |
Contingency programs to manage impact on brand and reputation |
|
Independent Supervisory Board with responsibility to take into account interests of stakeholders |
|||
|
Not making full use of the collaboration within the KPMG network |
Low |
Missed opportunities to share knowledge; potentially inadequate resources for investment |
Alignment with network strategy and investment priorities |
|
Increasing international collaboration with KPMG International and other member firms |
|||
|
Inability to scale resources or skills in changing economic conditions |
Low |
Loss of market opportunities; reduced ability to attract new clients or talent |
Strengthening technical capacity, as well as enhancing ESG and digital skills |
|
Extensive training and education programs |
|||
|
Innovative resourcing model |
|||
|
Failure to meet regulators’ expectations or correct non-compliance with laws and regulations |
Low |
Loss of public trust; reputation damage; potential fines or other regulatory sanctions |
Regular, constructive dialogue with regulators |
|
Qualified individuals appointed to leadership positions |
|||
|
Internal policies and controls to reduce risk of non-compliance |
|||
|
Strict approval process for products and services |
|||
|
Breaches of privacy, loss of data or other technology risk |
Low |
Possible loss of service delivery, Reputation damage and possible loss of clients, Potential litigation or regulatory sanctions (including fines) |
Robust IT security policies and processes |
|
ISO 27001 accreditation for cyber security management |
|||
|
Ongoing training and awareness campaigns |
|||
|
Business continuity management |
Fraud risk assessment
We believe our fraud risk with a financial impact is relatively low; this is because preventing and detecting fraud is an inherent part of our business. Fraud risk may be detected through regular risk assessments because of its potentially significant impact on other strategic and financial risks. Even so, we recognize that fraud risk is structurally present in our business. We take measures to mitigate this risk, including policies, procedures, training, monitoring and regular reporting, as well as clear values in our Code of Conduct and elsewhere. We have found these measures to be effective in reducing “net risk” to acceptable levels.
Note on climate change risk
Climate risk is incorporated into our overall risk management processes, along with other ESG risks. As an office-based company, KPMG N.V. is not responsible for significant carbon emissions. We do, however, work with clients exposed to greater climate risk (including energy and resources, infrastructure and financial services). Our main climate risk relates to clients operating in these sectors, i.e. that they may face sanctions or fines, damage to their reputation, or fail to adopt more sustainable, low-carbon technologies quickly enough. To counter climate-related risks, we are embedding ESG issues, including climate, across our Assurance, Advisory and Business Services units. We are also executing our Impact Plan to reduce emissions from our own business activities and extending our reporting on climate and the environment. For more information, please see Managing our environmental, social and governance impact (new window).