The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

No human verification has been conducted of the converted content.
While we strive for accuracy errors or omissions may exist.
This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Audit Quality Inspection Report 2016/17 - KPMG LLP

About the FRC and its Audit Quality Review team

Our objective

The FRC's mission is to promote high quality corporate governance and reporting to foster investment. The Audit Quality Review (AQR) team contributes to this objective by monitoring and promoting improvements in the quality of auditing.

What we do

The FRC is the designated competent authority for statutory audit in the UK. It is responsible for the public oversight of statutory auditors and for ensuring that the various regulatory tasks set out in legislation are carried out by the FRC or the Recognised Supervisory Bodies to whom the FRC may delegate many of those tasks. These tasks include the monitoring of audit work. The FRC is responsible for monitoring the audit work of UK firms that audit Public Interest Entities (PIEs), and certain other UK entities, and the policies and procedures supporting audit quality at those firms. The monitoring work is undertaken by the AQR team.

The AQR team also reviews audits of entities incorporated in Jersey, Guernsey or the Isle of Man whose securities are traded on a regulated market in the European Economic Area.

The AQR team

The AQR team consists of approximately 35 professional and support staff. Collectively, our professional staff have extensive audit expertise (including appropriate professional education, relevant experience in statutory audit and financial reporting, specific training on quality assurance reviews and specialist expertise). Our audit quality review work is subject to rigorous internal quality control reviews. Independent non-executives advise on and oversee our work. Independence requirements for staff and non-executives are set out in Appendix B.

Working with Audit Committees (or equivalent bodies)

Audit Committees play an essential role in reviewing and monitoring the effectiveness of the audit process. We are committed to engaging with Audit Committees to improve the overall effectiveness of our reviews and to support our common objective of promoting audit quality. From 2017/18 we are increasing the level of our pre-review discussions with Audit Committee Chairs. We send our reports on each individual audit reviewed to the Chair of the relevant Audit Committee (or equivalent body) and offer them an opportunity to meet with us at that time. We also request feedback from Audit Committee Chairs on our report and discussions held with them.

Priority sectors and areas of focus

We adopt a risk-based approach to our work, as set out in Appendix B.

Our priority sectors for inspection in 2016/17 were natural resources/extractive industries; companies servicing the extractive industries; business/support services including the public sector; and media. We reviewed a number of audits from these sectors at the firms, together with a number of first year audits (this was identified as an area of focus given the extent of changes in auditors following increased audit tendering). We also paid particular attention to the audit of revenue recognition, IT controls and tax provisioning.

Thematic reviews

In addition to our annual programme of audit reviews, we undertake thematic reviews each year. We review firms' policies and procedures in respect of a specific area, and their application in practice, enabling us to make comparisons between firms with a view to identifying both good practice and areas for improvement.

This year we have published reports on Root Cause Analysis (September 2016). The Use of Data Analytics (January 2017) and Quality Control Review Processes (March 2017).

Developments in Audit 2016/17

In addition to reports on our audit quality reviews of the major firms, the FRC intends to publish later in 2017 an overall report on the quality of audit in the UK, covering work across the FRC in relation to audit quality and other relevant developments. The first such report was published in July 2016 and an update was issued in February 2017.

We expect all the firms we inspect to make continuous improvements such that, by 2019, at least 90% of FTSE 350 audits reviewed will be assessed as requiring no more than limited improvements.¹ The next Developments in Audit report will include aggregate information on firms' performance against this target.

1. Overview

This report sets out the principal findings arising from the 2016/17 inspection of KPMG LLP and KPMG Audit Plc (together “KPMG” or “the firm”) carried out by the Audit Quality Review team of the Financial Reporting Council (“the FRC”). We conducted this inspection in the period from January 2016 to February 2017 (“the time of our inspection”). We inspect KPMG, and report publicly on our findings, annually.

Our report focuses on the key areas requiring action by the firm to safeguard and enhance audit quality. It does not seek to provide a balanced scorecard of the quality of the firm's audit work. Our findings include matters arising from our reviews of individual audits. We had no significant findings in relation to the firm's policies and procedures which support and promote audit quality and we recognise the firm's continuing work to enhance them.

We are grateful for the co-operation and assistance received from the partners and staff of the firm in the conduct of our 2016/17 inspection.

Structure of report

Section 2 sets out our key findings requiring action and the firm's responses to these findings.

Appendix A provides details of the types of audits reviewed in 2016/17.

Appendix B sets out our objectives, scope and basis of reporting.

Appendix C explains how we assess audit quality.

Scope of our 2016/17 inspection

We estimate that the firm audited 466 UK entities within the scope of independent inspection as at 31 December 2015. Of these entities, our records show that 280 had securities listed on the main market of the London Stock Exchange, including 26 FTSE 100 and 54 FTSE 250 companies.

We reviewed selected aspects of 23 individual audits in 2016/17. In selecting which aspects of an audit to inspect, we took account of those areas identified to be of higher risk by the auditors and Audit Committees, our knowledge and experience of audits of similar entities and the significance of an area in the context of the audited financial statements. The communications with the Audit Committee (or equivalent) were reviewed on all of these audits, and the audit of revenue was reviewed on nearly all of these audits. Other areas we reviewed across a number of these audits include the audit of impairment and journals as well as various aspects of group audit involvement.

We are now publishing the names of entities whose audits we reviewed periodically on our website.² The names are published after the entity's next annual report and accounts has been issued. The final list for our 2016/17 reviews will be published around the end of June 2017.

We also reviewed selected aspects of the firm's policies and procedures supporting audit quality.

The FRC issued a single revised Ethical Standard in 2016, effective at a firm-wide level from 17 June 2016 and applicable to individual audits for financial periods starting on or after this date. We discussed the firm's approach to implementing the revised Ethical Standard during our 2016/17 inspection. We will review this area in detail as part of our 2017/18 inspection, along with the firm's implementation of revised UK Auditing Standards effective for financial periods starting on or after 17 June 2016.³

In response to the findings from our last inspection, the firm undertook to implement certain actions. We reviewed the actions taken by the firm and the extent to which they have contributed to improvements in audit quality.

Progress made in the year

The firm carried out a root cause analysis for findings arising from both internal and external reviews, and identified various actions which have, in turn, been taken during 2016 and 2017. Despite these actions, there have been a number of recurring findings on our reviews. Appropriate, effective and timely actions to address our findings should minimise the number of recurring issues, providing that the root cause of a problem has been properly identified and understood.

We recognise that certain of the firm's actions took place after some of the audits included in our 2016/17 inspection were completed, as audits reviewed in this inspection cycle related to year ends from 30 June 2015 to 31 March 2016. The extent of recurring findings might, however, still suggest that either the root cause analysis did not fully identify the underlying cause of the issues or that the actions taken were subsequently found to be inappropriate, untimely or have not been fully effective.

In Autumn 2016 the firm launched its Audit Quality Improvement Plan. This supplements the detailed actions for each finding from the root cause analysis, adopting a more wide-ranging and behaviours-based approach to improving Audit Quality. The Plan includes changes to the firm's policies and procedures to address the issue of recurring findings. We are encouraged by the scope and objectives of the Plan but anticipate that its full impact will not be seen until the completion of our next two inspection cycles.

The firm has additionally enhanced other policies and procedures, including those in the following areas:

Consultation and approval processes for non-audit services: to date there has been new guidance issued and training given. This is the start of a 12 month plan which will introduce new standards of documentation, improve the consistency of consultations and introduce compliance testing to review the quality of the decisions taken.
Guidance and training: the firm has updated its guidance and training in a number of areas, including inventory, information produced by the entity and use of specialists.
Human Resources: there have been changes in a number of areas, particularly better integration of the firm's values and culture into its appraisals process feedback.

Good practice identified

Examples of good practice we identified in the course of our work include the following, in relation to certain individual audits that we reviewed:

A high standard of design and direction of the component auditors' work over significant risks.
The evaluation of IT control weaknesses and resulting additional detailed testing required and the IT controls work related to the valuation of financial instruments (two financial services audits).
The quality of instructions to and reports back from specialists.

Key findings in the current year requiring action

Our key findings in the current year requiring action by the firm, which are elaborated further in section 2 together with the firm's actions to address them, are that the firm should:

Improve the extent of challenge of management in relation to areas of judgment, in particular impairment reviews, loan loss provisions and other valuations.
Re-assess the firm's approach to the audit of revenue and the related training provided.
Strengthen the firm's audit approach for corporate entities in relation to defined benefit pension scheme assets and membership data.
Improve the accuracy or precision of the description of audit procedures performed in auditors' reports.

Assessment of the quality of audits reviewed

The bar chart below shows the results of our assessment of the quality of the audits we reviewed in 2016/17, with comparatives for the previous four years. The number of audits within each category in each year is shown at the top of each bar.

Bar chart showing assessment of the quality of audits reviewed (2012/13 - 2016/17)

The chart displays the percentage of audits in categories: "Good or limited improvements required", "Improvements required", and "Significant improvements required". For "Good or limited improvements required": 2016/17 (15), 2015/16 (15), 2014/15 (14), 2013/14 (10), 2012/13 (7). For "Improvements required": 2016/17 (6), 2015/16 (6), 2014/15 (4), 2013/14 (4), 2012/13 (6). For "Significant improvements required": 2016/17 (2), 2015/16 (2), 2014/15 (1), 2013/14 (2), 2012/13 (0).

Issues driving lower audit quality assessments

The principal issues resulting in two audits being assessed as requiring significant improvements in 2016/17 were as follows (where relevant, further details for our key findings are set out in section 2):

On one audit, the main drivers for our assessment were: weaknesses in the audit approach adopted for goodwill impairment, including insufficient professional scepticism and challenge of management's assessment; and insufficient evidence of involvement by the group team in the component auditor's work relating to a material acquisition.
On the second audit, there was insufficient evidence of an appropriate risk assessment and response in respect of material supplier income.

Other issues arising from our reviews of audits assessed as requiring more than limited improvements are included in section 2.

Root cause analysis

Thorough and robust root cause analysis is necessary to enable firms to develop effective action plans which are likely to result in improvements in audit quality being achieved. The firm has performed root cause analysis in respect of our key findings in this report.

The firm has continued to develop its process for identifying the causes for inspection findings and has implemented a number of the recommendations from our thematic report on the subject, including an increased focus on assessing the root causes of good practice identified and allocating more resource to this area.

Firm's overall response and actions:

We are pleased that the AQR has identified areas of good practice in our work (and in the thematic reviews undertaken during the year) but inevitably, given our aspiration to consistently deliver high quality audits, our focus is on areas where the AQR believe we can improve further.

We are passionate about audit quality and no one in the audit practice at KPMG sets out to do anything other than a first class job. Consequently we investigate fully all matters raised by the AQR and those identified from our internal and other external quality reviews. We use specifically trained individuals to apply our global root cause methodology; a methodology which reflects the good practices identified in the FRC thematic review in this area.

Following the AQR report issued in May 2016 we undertook a comprehensive review of our methods and processes to identify additional improvement actions that were incremental to those already launched in response to that AQR quality report. This was distilled into a multi-faceted and holistic Quality Improvement Plan (QIP) that was launched in October 2016. The 'lag' effect described by the AQR on page 7 means that this plan did not impact any of the engagements covered by this review cycle.

More training, new tools and expanded guidance have an important role to play but the QIP focusses on the mind-set of our teams as well as their technical capabilities. The actions in the QIP recognise that delivery of an evidenced based high quality audit can be difficult, and that achievement of this standard should be recognised and rewarded.

We are driving greater consistency between our teams in the way that we approach specific aspects of audits and the way findings are evidenced. This represents a change from our previous philosophy that encouraged all teams to exercise their professional judgment in all aspects of their audit approach.

This consistency is being driven and underpinned by our recently formed "Second Line of Defence" team. Made up of carefully selected managers and senior managers, its role is to support and coach engagement teams in how to apply more complex areas of methodology in the field and then evidence this work appropriately.

We have considered the findings of this cycle of reviews carefully, re-assessed the content of our QIP, and defined incremental actions where required.

We are disappointed to have two engagements assessed by the AQR as needing significant improvement. However, we are confident that our QIP has the ingredients necessary for success and, most importantly, the full and committed backing of everyone in KPMG.

2. Key findings requiring action and the firm's response

We set out below the key areas where we believe improvements are required to enhance audit quality and safeguard auditor independence. The firm was asked to provide a response setting out the actions it has taken or will be taking in each of these areas.

Improve the extent of challenge of management in relation to areas of judgment, in particular for impairment reviews, loan loss provisions and other valuations

The audit of valuations, loan loss provisions and impairment reviews requires appropriate use of professional judgment. Effective audit teams will consider management's assumptions and compare these to available audit evidence and, where appropriate, challenge management in relation to the basis of those assumptions. We continue to identify a number of concerns in relation to the audit of valuations, loan loss provisions and impairment reviews of goodwill and other intangibles. The issues largely related to the extent of audit teams' challenge of management, including:

Audit teams not adequately demonstrating their critical assessment of valuation assumptions or methodology relating to investments and inventory.
Insufficient challenge of management's assumptions in relation to the impairment of goodwill and other intangibles, with undue reliance placed on evidence which supported management's assumptions/position.
In relation to loan loss provisions our concerns, on both audits where this was relevant, related to there being insufficient procedures performed to corroborate certain of the inputs used. The work performed did not demonstrate sufficient scepticism and challenge of management regarding the appropriateness of the provisions.

Other concerns arose in relation to the identification of intangibles, the challenge of sensitivities considered by management and the compliance of impairment models with Accounting Standards.

Firm's actions:

This is a broad topic and one where we have always left a great deal to the judgment of individual engagement leaders. Their experience and judgment has been central to the audit approaches they tailored for each client.

The primary root cause identified where our work has been identified as requiring improvement is the failure to adequately evidence all elements of the thought process and the basis for the decisions made.

Going forward, we will drive more consistent approaches from our teams and ensure their findings are evidenced using mandatory templates. Where practical, consistency will be achieved using data analysis tools which we have already developed.

These solutions will be followed up by the Second Line of Defence teams to ensure adoption and check consistency of application.

Revenue is an important driver of a company's operating results and is often identified as a key performance indicator on which investors and other users of financial statements focus. It may be open to manipulation as a result, and auditors, therefore, need to evaluate and address fraud risks in relation to revenue recognition.

We reviewed the audit of revenue on the majority of audits that we inspected and identified a number of issues:

Analytical review procedures were often used to obtain substantive audit evidence in relation to revenue. These procedures were sometimes ineffective due to a failure either to set sufficiently precise expectations formed from independent sources or to corroborate management explanations adequately.
Insufficient revenue testing was performed on certain audits. One audit team did not perform the planned procedures over customer contracts or substantive analytical procedures for two components. On two audits we identified insufficient understanding and testing of system-generated interest income, in particular regarding the associated IT controls.

Our concerns in relation to the ineffective use of substantive analytical review procedures have recurred over a number of our annual inspections, with similar findings in the firm's own internal quality reviews. The firm's actions to address the quality of work through increased training and guidance have, to date, not proved sufficiently effective. The firm should therefore re-assess its overall approach to the audit of revenue.

Firm's actions:

The findings in relation to the audit of revenue are broad in nature with few repeat matters. We have performed root cause analysis over the specific findings and have already taken a number of actions.

In particular, we have reviewed again the use of Substantive Analytical Procedures (SAPs) in the audit of revenue and are now significantly restricting their use except where revenue flows are highly predictable.

We have also reviewed the take up of our data analysis tools in the area of auditing revenue and understood the practical issues that have inhibited more accelerated deployment. We are now implementing a more targeted approach to the use of such tools in the audit of revenue to accelerate their use in the field as part of our response to a move away from the use of SAPs and as an alternative to more traditional audit techniques.

Strengthen the firm's audit approach for corporate entities in relation to defined benefit pension scheme assets and membership data

The market value of assets within defined benefit schemes is usually significant and the management of pension funds by independent custodians can present challenges for auditors. Audit procedures should provide sufficient assurance over asset valuation and ownership. We identified a number of concerns where we reviewed the work performed relating to defined benefit pension scheme balances. In particular, our concerns related to:

Insufficient evidence of procedures performed in relation to the accuracy and completeness of membership data.
The level of work performed over the valuation and ownership of scheme assets was inconsistent. Our concerns included: failure to obtain confirmations directly from the custodian; sole reliance on confirmations; not obtaining control reports from custodians or investment managers and a lack of independent testing of asset values.

We recommend that the firm considers improving the clarity of its methodology in this area.

Firm's actions:

In response to the matters raised by the AQR (which relate to the audit of IAS19 balances within financial statements rather than the audit of pension schemes themselves) we have already issued interim requirements.

We note this area has recently been scheduled as part of the FRC's work for the forthcoming year (2017) and will engage constructively with the FRC to ensure our approach meets with expectations.

However, in creating new guidance we are aware we must ensure we strike the necessary balance between obtaining sufficient audit evidence and recognising the roles of (and evidence provided by) the multiple professional third parties other than the audited entity itself (including trustees, pension fund administrators, investment managers, custodians and third party actuaries) involved in the preparation of the information used in the preparation of the entity's financial statements.

Improve the accuracy or precision of the description of audit procedures performed in auditors' reports

Extended auditors' reports have improved the transparency of the audit procedures performed in response to those risks identified by the auditors. It is important to ensure that the procedures performed are described accurately, so that users of the financial statements are properly informed of the audit approach taken to respond to those risks. We observed one good practice point in this area, relating to the transparent and informative presentation of risks and the auditor's response. In some cases however, the accuracy or precision with which certain procedures were described continued to require improvement. We noted the following examples:

No evidence, that membership data used in the pension scheme valuation had been obtained or verified to source documentation as described.
Testing of inventory was described as Data Analytics without sufficient clarity as to the nature of audit procedures performed. This may have over-stated the work performed.
In relation to the testing of controls and disclosures regarding uncertain tax provisions, the audit team did not ensure the accuracy of the descriptions of the work performed.
In two reports it was unclear how the critical assessment or focus of testing as described matched the work performed.

Firm's actions:

We are pleased that our actions taken previously have reduced the level of findings in this area but recognise that this is an area where continuous focus is required as indicated by the AQR's findings.

Our root cause analysis indicates that, whilst we have shared examples of matters that have been challenged, some teams have not yet fully recognised the level of precision required in the description of the audit response.

Our response is greater consistency of approach and evidence complemented by the specific focus of the Second Line of Defence team.

Audit Quality Review

FRC Audit and Actuarial Regulation Division

June 2017

Appendix A – Audits reviewed in 2016/17

The following chart provides a breakdown of the audits inspected in 2016/17 by type of entity:

Bar chart showing breakdown of audits inspected in 2016/17 by type of entity

FTSE 100: 6 reviews
FTSE 250: 10 reviews
Other listed: 3 reviews
AIM: 2 reviews
Other: 2 reviews

The following chart provides comparative information for the audits inspected in 2015/16:

Bar chart showing comparative breakdown of audits inspected in 2015/16 by type of entity

FTSE 100: 4 reviews
FTSE 250: 6 reviews
Other listed: 2 reviews
AIM: 2 reviews
Other: 1 review

Appendix B – Objectives, scope and basis of reporting

| Matter | Explanation
The The Financial Reporting Council (FRC) is the UK's independent regulator responsible for promoting high quality corporate governance and reporting to foster investment. The FRC sets the UK Corporate Governance and Stewardship Codes and UK standards for accounting and actuarial work; monitors and takes action to promote the quality of corporate reporting; and operates independent enforcement arrangements for accountants and actuaries. As the Competent Authority for audit in the UK the FRC sets auditing and ethical standards and monitors and enforces audit quality.

The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.

The Financial Reporting Council Limited 2017 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS

Appendix C – How we assess audit quality

We assess the quality of the audit work we inspect using the following four categories:

Good (category 1);
Limited improvements required (category 2A);
Improvements required (category 2B); and
Significant improvements required (category 3).

The assessments of the quality of the audits we reviewed in our public reports on individual firms combine audits assessed as falling within categories 1 and 2A.

These four categories have been used consistently since 2008, although there have been some minor refinements to the category descriptions over the years. They reflect our assessment of the overall significance of the areas requiring improvement that we have reported to the Audit Committee and the auditor. We expect the auditor to make appropriate changes to its audit approach for subsequent years to address all issues raised.

An audit is assessed as good where we identified no areas for improvement of sufficient significance to include in our report. Category 2A indicates that we had only limited concerns to report. Category 2B indicates that more substantive improvements were needed in relation to one or more issues.

An audit is assessed as requiring significant improvements (category 3) if we have significant concerns in relation to the sufficiency or quality of audit evidence, the appropriateness of key audit judgments or other matters identified. In such circumstances we may request some remedial action by the firm to address our concerns and to confirm that the audit opinion remains appropriate. We will generally review a subsequent year's audit to confirm that appropriate action has been taken.

We exercise judgment in assessing the significance of issues identified and reported. Relevant factors in assessing significance include the materiality of the area or matter concerned, the extent of concerns regarding the sufficiency or quality of audit evidence, whether appropriate professional scepticism appears to have been exercised, and the extent of non-compliance with Standards or a firm's methodology.

Our inspections focus on how selected aspects of a particular audit were performed. They are not designed to assess whether the information being audited was correctly reported. An assessment that an audit required significant improvements, therefore, does not necessarily mean that an inappropriate audit opinion was issued, the financial statements failed to show a true and fair view or that any elements of the financial statements were not properly prepared.

Equally, assessing an audit as requiring significant improvements does not necessarily imply that the conduct of the relevant audit firm, or one or more individuals within the firm, may warrant investigation and/or enforcement action by the FRC.

Financial Reporting Council 8th Floor 125 London Wall London EC2Y 5AS

+44 (0)20 7492 2300 www.frc.org.uk

Footnotes

FRC Plan and Budget 2016/17 ↩
https://www.frc.org.uk//Our-Work/Audit-and-Actuarial-Regulation/Audit-Quality-Review/AQR-Audit-Reviews.aspx ↩
The FRC has established a Technical Advisory Group (TAG) to provide guidance on implementation issues relating to the revised Standards. The output from TAG meetings is published on the FRC's website. ↩
Changes to the proportion of audits falling within each category from year to year reflect a wide range of factors, which may include the size, complexity and risk of the individual audits selected for review and the scope of the individual reviews. For this reason, and given the sample sizes involved, changes from one year to the next are not necessarily indicative of any overall change in audit quality at the firm. ↩