The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

No human verification has been conducted of the converted content.
While we strive for accuracy errors or omissions may exist.
This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

KPMG LLP Audit Quality Inspection and Supervision Report 2024

Using this publication

The Financial Reporting Council (FRC) is responsible for the regulation of UK statutory auditors and audit firms. We assess, via a fair evidence-based approach, whether firms are consistently delivering high-quality audits and are resilient.

This report sets out the FRC's findings on key matters relevant to audit quality at KPMG LLP (KPMG or the firm). It should be used alongside the FRC's Annual Review of Audit Quality, which contains combined results and themes for all Tier 1 firms¹ that are inspected annually.

Given our risk-based approach to selecting audits for inspection, it is important that care is taken when extrapolating our findings or assessment of quality to the whole population of audits performed by the firm. Given the sample sizes involved, changes from one year to the next cannot, on their own, be relied upon to provide a complete picture of a firm's performance.

This report also considers other, wider measures of audit quality such as results of audit inspections completed by the Institute of Chartered Accountants in England and Wales (ICAEW) and results from the firm's own internal quality reviews. The firm's response to the findings and the actions it plans to take as a result are included on page 5 and Appendix B.

This report is for general use by interested parties. However, we expect the following:

KPMG to use this report and its peers' reports to facilitate continuous improvement through actions in its Single Quality Plan (SQP).
Other audit firms of all sizes to use this report for examples of good practice.
Audit Committees to use this report to help them assess the quality of their audit/auditor and when appropriate as part of the process of appointing a new auditor.
Investors to use this report in making assessments about the quality of audit, transparency and accountability in the relevant markets.

Throughout this report, the following symbols are used:

Represents a key finding where the firm must take action to improve audit quality.
Represents examples of good practice we identified in our supervision, and we encourage other firms to consider applying these if appropriate to their circumstances.
Represents an observation relating to the firm's initiatives to improve audit quality.

Our Supervisory Approach

The audit supervisory teams in the FRC's Supervision Division work closely together to develop an overall view of the key issues for each firm to improve audit quality. We also collaborate to develop our future supervision work.

Further details on our approach to Audit Supervision can be found here. We also publish a separate inspection report on the quality of major local audits, the latest version of which can be found here and was published in December 2023.

The FRC does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.

© The Financial Reporting Council Limited 2024 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS

1. Overview – Firm and FRC actions

KPMG has made notable improvements in priority areas, achieved through focus and accountability by the firm's leadership. The firm's actions and positive responses in key areas, together with engagement by the FRC, has resulted in improvement in audit quality. The firm must maintain this momentum. Further actions should be designed and implemented to ensure that improvements in audit quality are consistent and sustained. The firm's banking practice has received particular investment since 2021, with enhancements in quality, culture, methodology and resourcing.

Regulatory audit inspection results at KPMG

Bar chart showing percentage of audits inspected by the FRC requiring no more than limited improvements (Section 2) for years 2019/20 to 2023/24.

2023/24: 89% (0 audits required significant improvements)
2022/23: 74%
2021/22: 84%
2020/21: 59%
2019/20: 61%

Bar chart showing percentage of audits inspected by the ICAEW classified as good / generally acceptable (Section 2) for years 2019 to 2023.

2023: 70%
2022: 91%
2021: 75%
2020: 100%
2019: 90%

Audit quality inspections

The percentage of audits inspected by the FRC requiring no more than limited improvements was 89%, with only two audits graded improvements required (one FTSE 350). This shows significant progress compared to the prior year. The findings that contributed most to this year's inspection results related to the audit of estimates and risk assessment. Both areas have arisen on previous cycles and the latter was mirrored in the firm's internal quality monitoring process. To respond to these findings the firm must reconsider the effectiveness of actions taken previously and enhance them. The overall results profile for inspections by the ICAEW was 70% classified as good or generally acceptable (page 11).

Firm's system of quality management (SoQM)

KPMG has implemented ISQM (UK) 1, including monitoring and remediation processes, and completed its first annual evaluation of its SoQM. The firm has invested considerable effort into implementing its new system. The firm has already begun the iterative process of improving and refining it, including in response to our feedback. The firm needs to strengthen aspects of its monitoring and evaluation processes, including how it assesses deficiencies and undertakes root cause analysis of those deficiencies.

FRC's firm-wide areas of focus (Section 3)	Good practice	Key finding
Area
The International Standard on Quality Management (UK) 1 (ISQM (UK) 1)²	✔
Compliance with the FRC's Revised Ethical Standard 2019	✔
ISQC (UK) 1: Training and methodology	✔

KPMG's response

We continue to benefit from our strategy of investing in the delivery of sustainable audit quality, resulting in stronger quality-related processes and 89% in our AQR inspections.
We are confident that our commitment to delivering high-quality audits, and our investment in our people, technology and quality framework will continue to drive sustainable audit quality, recognising the pivotal role audit plays in serving the public interest.
We are proud of how our people work together to deliver high-quality audits, and of the long list of good practice recognised in our audits of complex businesses and financial statements.
Our commitment to continuous improvement underpins our response to findings on estimates and risk assessment and we have taken actions to respond to these on a real-time basis with both impairment and risk assessment being priority programmes in our Single Quality Plan (SQP). The primary root causes in relation to this sample of engagements were: having the right team at the right time with an appropriate response to unexpected changes; understanding technical requirements; and behavioural factors including confirmation bias.
Following our significant investment in the first year adoption of ISQM (UK) 1 requirements, we have continued to invest in and further strengthen our system of quality management (SoQM).
We are pleased that our SQP continues to be recognised as good practice and we have appreciated the support of our Supervisor in driving improvements each year.

Appendix B provides further details of our firm response.

KPMG's actions

Many actions have already been initiated including our key programme, a continued focus on bringing work forward and reducing the peak of work typically done in the weeks before signing.
We will continue to evolve our root cause and remediation process, focusing on evaluating the effectiveness of actions.
We will improve our ISQM (UK) 1 processes, particularly in evidencing our assessment of other information and evaluation of deficiencies.
Our culture programme continues to focus on responding to behavioural root causes and ethical breaches. Our training and guidance will be enhanced, where required, to respond to findings.

FRC's actions

In response to this year's findings, we will take the following action:

Continue our inspection of completed audits alongside a joined up supervisory approach to respond to key findings and non-financial sanctions, specifically impairment and risk assessment.
Understand and assess the firm's enhancements to its monitoring and evaluation processes for its SoQM.
Maintain supervision of the root cause process with a focus on remediation to minimise the risks of recurrence and supporting the delivery of consistent improvements in audit quality.
Review the SQP, monitoring the actions taken to support high-quality audits.
Assess and corroborate the effectiveness of formal actions taken by the firm to respond to misconduct and ethical breaches.

KPMG LLP – at a glance

Infographic summarizing FRC's audit inspection scope, total audit fee income trends, responsible individuals, offices, corporate audits, and local audit breakdown.

[^3] Source - the FRC's analysis of the firm's PIE audits and other audits included within AQR scope as at 31 December 2023. [^4] Source - the FRC's 2022, 2023 and 2024 editions of Key Facts and Trends in the Accountancy Profession. Audit fee income relates to all audits performed by the firm, and not only those within the FRC's inspection scope. [^5] Source – the ICAEW's 2024 QAD Report on the firm. [^6] Excludes the inspection of local audits. [^7] Source - the FRC's analysis of Major Local Audits as of 31 March 2023. The FRC's inspections of Major Local Audits are published in a separate annual report. The December 2023 report can be found here.

2. Review of individual audits

Our assessment of the quality of KPMG audits reviewed – All

We reviewed 19 individual audits this year and assessed 17 (89%) as requiring no more than limited improvements. This result shows sustained consistent levels of high-quality audits.

Bar chart showing quality of KPMG audits reviewed (All) for years 2019/20 to 2023/24.

The chart shows the percentage breakdown of audits categorized as "Good or limited improvements required", "Improvements required", and "Significant improvements required" for each year.
2023/24: Good/limited: 89% (17 audits); Improvements: 11% (2 audits); Significant: 0% (0 audits).

FTSE 350

Of the eight FTSE 350 audits we reviewed this year, we assessed seven (88%) as requiring no more than limited improvements. This result shows sustained consistent levels of high-quality audits.

Bar chart showing quality of KPMG FTSE 350 audits reviewed for years 2019/20 to 2023/24.

The chart shows the percentage breakdown of FTSE 350 audits categorized as "Good or limited improvements required", "Improvements required", and "Significant improvements required" for each year.
2023/24: Good/limited: 88% (7 audits); Improvements: 12% (1 audit); Significant: 0% (0 audits).

The audits inspected in the 2023/24 cycle included above had year-ends ranging from June 2022 to May 2023. Changes to the proportion of audits falling within each category reflect a wide range of factors, including the size, complexity and risk of the audits selected for inspection and the individual inspection scope. Our inspections are also informed by the priority sectors and areas of focus as announced annually. For these reasons, and given the sample sizes involved, changes from one year to the next cannot, on their own, be relied upon to provide a complete picture of a firm's performance and are not necessarily indicative of any overall change in audit quality at the firm. Given our risk-based approach, it is important that care is taken when extrapolating our findings or assessment of quality to the whole population of audits performed by the firm.

Any inspection cycle with audits requiring more than limited improvements indicates the need for a firm to take action to achieve the necessary improvements.

We set out below the key findings in areas where, based on our inspections, we believe improvements in audit quality are required. These findings may also include those on individual audits assessed as requiring limited improvements, due to the extent of occurrence across the audits we inspected.

Key findings	Why it is important
Improve the quality and consistency of the audit of estimates, particularly for impairment assessments and expected credit loss provisions.	Auditors should adequately assess and challenge the reasonableness of management's impairment estimates and expected credit loss provisions as these often involves significant judgement and can be subject to management bias or error.
Improve the quality and consistency of risk assessment and response to internal control deficiencies.	Auditors should perform a robust risk assessment to identify significant and other risks, including those related to internal control deficiencies, and determine the appropriate audit response to mitigate them.

Further details of the above key findings are set out on the following pages, including the number of audits where we raised findings in these areas.

Improve the quality and consistency of the audit of estimates, particularly for impairment assessments and expected credit loss provisions

Last year, actions were needed to improve audit work over impairment and Expected Credit Loss estimates. This year, we reviewed estimates on all of the audits inspected and again had findings in this area, on six audits including two assessed as requiring improvements.

Impairment assessment for non-current assets: On three audits, insufficient procedures were performed to corroborate and challenge the reasonableness and achievability of management's short-term cash flow forecasts, including challenge of specific key assumptions such as revenue growth and discount rates.
Expected Credit Loss provision: One team did not obtain sufficient audit evidence over the appropriateness of the recorded provision. Weaknesses were identified in the evidence and procedures including to respond to a significant increase in credit risk.
Freehold property estate valuation: An audit team did not sufficiently challenge the accuracy of data used by management's expert in concluding on the valuation. Another audit team did not sufficiently evidence its assessment of the accuracy of data inputs.
Cost of sales adjustments: For one audit, there was insufficient challenge or evaluation of cost contingencies included in the estimate of project costs to complete used to calculate cost of sales.

Improve the quality and consistency of risk assessment and response to internal control deficiencies

We reviewed risk assessment on all of the audits that we inspected. We identified findings on seven audits, including one assessed as requiring improvements.

Risk assessment and response to control deficiencies: There was insufficient assessment of the extent of IT privileged access deficiencies and response to associated risk arising on one audit. There was inadequate evidencing of aspects of risk assessment and response to known IT control deficiencies in the entity's systems or non-IT key control deficiencies on three other audits.
Sufficiency of risk assessment procedures: On two audits, insufficient risk assessment procedures were performed to substantiate the audit approach adopted or justify limiting certain audit procedures.
Risk assessment criteria: An audit team did not sufficiently evidence why meeting at least five of the risk assessment criteria was illustrative of an outlier, requiring further procedures.

We also identified good practice in the audits we reviewed, including:

Risk assessment and planning

Lease accounting: A clear impact assessment was performed over the errors and adjustments identified from the prior year audit, which considered the impact these items might have on the current year audit approach.
Inventory: The audit team's approach to testing the existence of inventory was particularly thorough.

Execution

Impairment assessment for non-current assets: There was a clearly evidenced assessment over the multiple uncertainties within the assumptions on one audit. On another audit, there was good use of third-party research and benchmarking, and robust challenge of management's expert used to calculate discount rates.
Freehold property estate valuation: There was evidence of robust challenge of management's property valuation model on one audit, including independently identifying underperforming properties to challenge management's forecast assumptions.
Other challenge of management: We observed examples of well-evidenced challenge of management on six audits inspected. These included procedures in the areas of provisions; lease accounting; deferred revenue; deferred tax assets; inventory; and the going concern assessment.
Use of specialists: We saw examples of particularly effective involvement of audit team specialists on six audits, which supported enhanced audit procedures over insurance provisioning, pension scheme obligations, certain fair value measurements, going concern and IT assessment.
Group audit oversight: A staged approach to reviewing the component auditor's workpapers, allowed the group audit team time to evaluate and respond to matters arising on a timely basis.
Controls testing: There was comprehensive assessment of the operating effectiveness of a cost control.

Completion and reporting

Engagement Quality Control Review (EQCR): The EQCR provided strong challenge over the significant risk areas on one audit, which clearly enhanced the quality of the audit. The audit team responded by performing additional testing procedures and corroboration.

Monitoring review results by the Quality Assurance Department of ICAEW

ICAEW undertakes independent monitoring of the firm's non-PIE audits, under delegation from the FRC as the Competent Authority. ICAEW's work covers private companies, smaller AIM listed companies, charities and pension schemes. The FRC is responsible for monitoring the firm's firm-wide controls and ICAEW additionally reviews Continuing Professional Development records for a sample of the firm's staff involved in the audit work within ICAEW remit.

In general the audit work we review continues to be of a satisfactory standard. Seven files were either good or generally acceptable, two files required improvements and one file required significant improvement. On the file requiring significant improvement, there were flaws in substantive analytical procedures and the parent company financial statements materially overstated investments in subsidiaries. One file requiring improvement lacked sufficient consideration of the potential capitalisation of development costs and the financial statements misclassified a current liability to its parent company as non-current. The other file requiring improvement did not identify a classification error in equity arising from a restructuring transaction. The results reflect the re-grading of two of these three files following the reviews, due to additional information identified during the subsequent audit and notified to ICAEW. A detailed report summarising the audit file review findings and any follow-up action proposed by the firm will be considered by ICAEW's Audit Registration Committee.

Bar chart showing monitoring review results by ICAEW's Quality Assurance Department for years 2021 to 2023.

The chart shows the percentage breakdown of audits categorized as "Good/generally acceptable", "Improvement required", and "Significant improvement required" for each year.
2023: Good/generally acceptable: 70% (7 audits); Improvement required: 20% (2 audits); Significant improvement required: 10% (1 audit).

Good practice

ICAEW identified good practice across the files reviewed. Examples included:

Clear evidence of challenge to management in areas including impairment testing, property valuations, revenue and going concern.
Well-organised work on contract and non-contract revenue.
Comprehensive documentation including group audit considerations, borrowings and going concern.

ICAEW assesses audit quality as 'good', 'generally acceptable', 'improvement required', or 'significant improvement required'. File selection is focused towards higher risk and more complex audits. Given the sample size, changes from one year to the next cannot be relied upon to provide a complete picture of a firm's performance or overall change in audit quality.

3. Review of the firm's system of quality management

In this section, we set out the key findings and good practice identified in our review of the firm's system of quality management (SoQM). ISQM (UK) 1 replaced the quality control standard (ISQC (UK) 1), which firms had been applying for many years, and introduced a fundamental change for firms' quality management approaches. KPMG has invested considerable effort in implementing and operating the ISQM (UK) 1 requirements and has responded positively to our feedback.

2023/24 was a transitional inspection cycle covering both standards (details of our new ISQM (UK) 1 & 2 rotational testing can be found here). A glossary of some key ISQM (UK) 1 terms can be found in Appendix C.

ISQM (UK) 1 - Risk Assessment, Governance and Leadership, Acceptance and Continuance, Monitoring and Remediation, and Annual Evaluation

We reviewed the firm's implementation of ISQM (UK) 1, focusing on its risk assessment processes and completeness of risks, the design and implementation of responses to mitigate quality risks in the Governance and Leadership and Acceptance and Continuance components, and the design of monitoring procedures over these responses and the attainment of the firm's quality objectives. We also reviewed a small sample of the monitoring procedures performed to assess the operating effectiveness of responses. This sample focused on responses containing significant elements of judgement, such as management review controls.

We reviewed the process, evidence, and outcome for the firm's annual evaluation of its SoQM. This included how other sources of information on audit quality and the firm's SoQM were considered, and how matters were aggregated. We did not independently perform, or reperform, the firm's overall annual evaluation.

As ISQM (UK) 1 is focused on how firms achieve iterative improvement, we considered how the firm is developing its SoQM, including in response to the findings we shared during the inspection period. Our inspection findings in this area are reflective of our assertive and forward-looking approach as we seek to support firms in their development of effective, proportionate SoQMs.

Key findings

Monitoring: In the small sample reviewed, for the monitoring of the elements of responses with high levels of judgement, the firm did not demonstrate how a robust review was performed.
Assessment of other sources of findings: The firm did not sufficiently demonstrate how it assessed how certain other sources of information, including root causes and trends from audit quality findings and prior year adjustments, and staff survey results could indicate a finding in its SoQM, with consideration of the extent to which actions had already been taken to address these matters.
Assessment of deficiencies as not severe: The firm did not sufficiently evidence its basis for assessing two deficiencies as not severe, including consideration of the effectiveness of remediating and mitigating actions, what contraindicators provided assurance, and how it sufficiently assessed and considered the root causes of these deficiencies.

Good practice

The firm identified granular and tailored risks, to identify what could go wrong. This enabled a clearer mapping of risks to responses. The firm also, in many instances, identified granular responses and performed robust design assessments to explain how risks were mitigated.

Relevant ethical requirements - Compliance with the FRC's Revised Ethical Standard 2019

In the current year, we evaluated the firm's compliance with the Ethical Standard. We focused our work on non-audit services. Our targeted sample testing included: checking for the provision of prohibited services; reviewing independence threats and safeguards assessments; and evaluating the completeness of independence reporting made by component auditors to the group auditors.

Whilst we had no key findings to report on our testing in the current year, we continue to assess the firm's remediation actions, including training, to prevent network firms providing non-audit services alongside audit engagements without obtaining relevant UK approvals.

Good practice

The firm's approval system will not proceed unless a checklist, detailing non audit fees, type of work and approvals obtained is uploaded and reviewed.

ISQC (UK) 1: Training and methodology

Given the transition to ISQM (UK) 1 we performed our final supervision of training and methodology under ISQC (UK) 1. We reviewed the firm's processes for identifying methodology updates and training needs. We also considered how the methodology updates and training were then designed, approved, and communicated to the audit practice. We paid specific attention to revisions following changes to ISA (UK) 240 and ISA (UK) 315. We also reviewed the firm's training processes, including monitoring attendance and evaluation of learning objectives.

No key findings were identified at the firm.

Good practice

The firm delivered detailed training to specialists, with the required learning dependent on the type of specialist.
In response to ISA (UK) 240 revised, the firm introduced a specific audit template to be completed by forensic specialists. This helps to ensure that documentation by that specialist is clear and consistent.
The firm requires audit teams to evidence confirmation, prior to finalising the audit, that they have considered the impact of any recent updates to audit templates which were not adopted.

Our SoQM inspection work is undertaken on a risk-focused, cyclical basis. This is supported by targeted thematic work on particular aspects of firms' SoQMs. In this current year, we conducted four audit thematic reviews on the Tier 1 firms to complement our monitoring of ISQM (UK) 1. The areas covered in these thematic reviews were: Sampling; Hot Reviews; Network Resources and Service Providers; and Root Cause Analysis. Published reviews can be found here.

4. Forward-looking supervision

We take a risk-based, assertive and proportionate approach to the supervision of firms, which is complementary to our programme of inspections. We balance holding firms to account to take prompt action to address quality findings, with acting as an improvement regulator and sharing good practice to facilitate improvements across the sector. A Supervisor dedicated to each firm draws together evidence and indicators of risks, identifying and prioritising what firms must do to improve audit quality and enhance resilience, alongside identifying what could go wrong in the future.

Our observations from the work we have conducted this year, and updates on what more the firm must do in respect of previous observations are set out below. Where we raise key findings, we require the firm to include actions in their Single Quality Plan (SQP).

Single Quality Plan and other quality initiatives

We require all Tier 1 firms to maintain an SQP to drive measurable improvements in audit quality and resilience, and to demonstrate the effectiveness of actions taken. The SQP ensures that action in the most critical areas is prioritised and enables firms to be held to account by us and their non-executives.

Observations

The firm's SQP is at the forefront of the firm's regulatory strategy, integral to the business and a driver to sustained audit quality.

The SQP's prominence and use by the audit leadership and audit non-executives, ensures they are actively aware of evolutions and are accountable for key areas of priority.
SQP actions are mapped to relevant ISQM (UK) 1 components and are assessed to determine if they are indicative of a deficiency.
Balanced, reasonable and regularly assessed KPIs measure the effectiveness of actions taken.
Evidence to substantiate completed actions is retained.
Independent monitoring of closed actions is performed.

Root cause analysis

RCA is an important part of an effective continuous improvement cycle designed to identify the causes of quality issues so that action can be taken to address the risk of recurrence. Further, ISQM (UK) 1 has made RCA a requirement for all firms when deficiencies are identified in the system of quality management.

Observations

The firm has responded positively to feedback on its RCA process – investing significantly in the RCA team, redesigning the approach and refreshing the categories of causes. The benefits have been visible through the FRC's engagement in 2023, including in the RCAs performed by the firm on six of the 2023/24 AQR inspections. The changes helped to ensure a clear thought process with multiple data sources when identifying the root cause.

The firm must evaluate the effectiveness of changes made to RCA and consider further enhancements to how root causes are grouped.
Remediation is a key part of the RCA process. The firm must ensure appropriate and responsive remedial action is taken to minimise the risk of recurrence.

Continuous engagement and holding the firm to account

We hold firms to account to take prompt action to address quality findings and set an appropriate tone from the top.

Observations

Tone at the Top: The firm is clear and consistent in its communications around the importance of audit quality, its audit strategy and commitment to the public interest.
Constructive engagement: We have engaged with the firm on two constructive engagement cases, one of which is ongoing. The firm is sharing the changes they have made to policies, procedures, guidance and training to prevent future recurrence of the matters raised.
Non-Financial Sanctions (NFS): KPMG has four open NFS at various stages of implementation. During the first half of 2024 we have satisfactorily closed seven NFS and the changes made to policies and procedures should help mitigate recurrence. Two of the open NFS include aspects of risk assessment where, as highlighted in Section 2, findings continue to occur.
Ethical conduct: In our 2023 report we noted that we had seen examples of misconduct including exam cheating and breaches of integrity impacting the whole profession. We continue to see examples of this occurring across firms. This behaviour is unacceptable and we are pleased to note that the firm is taking robust, timely action to respond to these matters. Consequences of misconduct have been included in the firm's training programme.
Risk assessment: The firm must evaluate the risk assessment findings arising on audit inspections, outlined in Section 2, relevant NFS from enforcement cases and the firm's internal cold file reviews. Given the findings in this area the firm must enhance its policies and procedures.

Emerging risks and trends

Our forward-looking supervision aims to aid firms by identifying risks from emerging trends before quality issues occur.

Observations

Execution Risk: It is imperative that the improvements driven by substantial investment and leadership accountability in 2023 are sustained and delivered consistently. In 2024/25 we will continue to challenge robustly the effectiveness of remedial action to ascertain if improvements in quality are consistent and sustained.
Tendering and sector exposure: Recognising the firm's established governance processes in this area, we are engaging with KPMG and others to understand factors which may affect future tender activity, sector exposure and the impact this may have on the attractiveness of the firm and the public interest. The FRC is pleased that the firm is re-entering the local government audit market.
Hot review process: The firm's second line of defence (2LD) team, which coach and challenge the quality of audit work, and the engagement quality reviewer's evaluation are both key to support consistent high-quality audits. We will monitor the degree of challenge, resolution, and the resourcing of these processes, through our regular inspection activity and SQP engagement.

Recruitment: KPMG has taken strong action to mitigate the risk of cheating in its recruitment process by refreshing the assessment content, increasing randomisation and monitoring patterns and behaviours. All final stage interviews are in person and include confirming compliance with the firm's integrity statement.

Appendix A – Firm's internal quality monitoring

This appendix sets out information prepared by the firm relating to its internal quality monitoring for individual audit engagements (Quality Performance Review, or QPR). We have not verified the accuracy or appropriateness of these results. The appendix should be read together with the firm's Transparency Report for 2023 which provides further detail of the firm's internal quality monitoring approach, results, root cause analysis, remediation, and wider system of quality control. Due to differences in how inspections are performed and rated, the results of the firm's internal quality monitoring are not directly comparable to those of other firms or external regulatory inspections.

Results of internal quality monitoring 3

The results of the firm's 2023 QPR and two previous years are set out below. The firm's 2023 QPR comprised inspections of 120 audit engagements (2022: 102), covering periods ending between 31 December 2021 and 31 March 2023.

Bar chart showing results of internal quality monitoring for years 2021, 2022, and 2023.

The chart shows the percentage breakdown of audits categorized as "Compliant", "Compliant - Improvements Needed (CIN)", and "Not Compliant" for each year.
2023: Compliant: 59%; CIN: 26%; Not Compliant: 15%.

Themes arising from internal quality monitoring

In 2023, 85% of audits reviewed had no or only minor findings, consistent with prior years. The most frequently occurring issues identified through the 2023 QPR programme remain consistent with the prior year and included: the audit of high-risk journals; evidencing risk assessment decisions; sampling and specific item testing; and aspects of work over estimates.

Of the 15% (18) engagements which received non-compliant ratings, the most frequent issues were: insufficient clarity or evidence to allow an independent reviewer to understand the basis for individual conclusions; and insufficient procedures and weaknesses in the performance or documented explanation of certain substantive audit procedures.

Appendix B – KPMG's responses and actions

Our vision is to be the most trusted audit firm: by our regulators, the businesses we audit, investors, the public and our people. Our focus on delivering sustainable audit quality is at the heart of our strategy, supported by our other strategic priorities: empowering our people, embracing technology-enabled delivery, and maintaining robust growth.

Our strong FRC AQR results, closure of historic investigations, and reduction in non-financial sanctions, all demonstrate the progress we have made as we look positively to the future. We are very proud of our people and how they work together to deliver these outcomes.

We continue to build on the open and transparent relationship we have with the FRC, seeing significant progress on the areas we have worked on with our Firm Supervisor. We have also benefited from a joined-up approach to Supervision and Inspections which keeps us focused on emerging areas requiring attention so we can respond appropriately.

Achieving results of 89% from our AQR inspections recognises the sustained improvements to audit quality we have made through our audit quality transformation programme and into our targeted improvement programmes, embedded in the business through our Single Quality Plan (SQP). We were pleased to see five good practice comments and no key findings in respect of our SQP which reflects the investment and focus of this plan as a driver of sustainable audit quality.

We are particularly proud of the long list of good practice recognised across a broad spectrum of areas from teams auditing complex businesses and financial statements. Our commitment to continuous improvement-underpins our response to the findings on estimates and risk assessment. It reinforces our continued emphasis on rephasing our audits, appropriately responding to challenges and underlines the skill of clearly articulating an auditor's thought process, challenge and conclusions through the iterative audit processes.

Our ICAEW results saw a slight decline this year. Our continuing commitment to enhancing audit quality saw two teams challenging prior period accounting in the year following the reviews. They identified an arising difference in the subsequent period's financial statements which the firm reported to the ICAEW, prior to the finalisation of their review. We consider it good practice for teams to continuously improve audit quality and realise the benefit from the independent challenge of reviews.

One of our key programmes in the SQP this year is a continuing focus on changing the shape of our audits, rephasing the peak of work typically done in the weeks before signing without compromising our primary objective of delivering high-quality audits. This increases the time available for teams to stand back from the evidence gathered, ensuring sufficiency, consistency and clarity in their risk assessment and conclusions, and building in resilience to deal with unexpected challenges. This is beneficial not only from an audit quality point of view, but important for the well-being of both our audit teams and preparers of accounts.

The pace of change in auditing standards, accounting standards and regulatory requirements continues at speed; to manage through change effectively, it is imperative we are well-planned, agile and resilient as an audit business. We have invested in technology to enable monitoring of engagements which will provide enhanced support to our people.

We have continued our multi-year investment in our system of quality management (SoQM), and this year we invested in this further to meet the requirements of ISQM (UK) 1. Our SQP operates as part of our SoQM to prioritise our response to any emerging audit quality issues and measures the effectiveness of our response. We will continue to invest in and improve our SoQM following the first year of ISQM (UK) 1 implementation, particularly in evidencing our monitoring processes, assessment of other sources of findings and evaluation of deficiencies.

Root cause of findings and good practice

Root cause analysis is an important component of our system of quality management to support our continuous incremental improvement. We focus on identifying underlying factors leading to both good practice and areas needing improvement by using inspection results and other audit wide projects. This year benefited from our significant investment in the root cause analysis team, leading to much greater data to support the 'why' conclusion.

We have increased the extent and breadth of reviews performed to 89 in the 2023/24 cycle (from 57 in the 2021/22 cycle). As part of the analysis, we reflect on whether the root causes identified are specific to the circumstances of the engagement, or indicative of a wider systemic issue, and design responsive actions accordingly.

As we embed our improved processes, we are now focusing on how we measure and assess the effectiveness of remedial actions in responding to root causes, and expect to evolve this during the year.

The primary root causes we identified in aggregate from all of the projects performed in the year were:

The right team at the right time

To deliver a high-quality audit, the right composition of skills and experience for the right duration at the right time is key. We had instances of engagements reviewed in this cycle where there were weaknesses in one or more elements of team composition. We actively manage our resource activities to effectively balance the demand according to risk and priority for audit services and the supply of auditors and other specialists. This year, we introduced a flexible resource pool to give us greater agility to respond to the changing demands within our business, such as scope changes at an audited entity or to cover for last minute changes, e.g. sickness. This has improved our ability to respond to the needs of our colleagues and our audited entities as scope and resource requirements change.

Quality of project management

On audits where there was strong project management of both the audit process and entity management to ensure the timely provision of good quality information, this contributed to a higher quality audit. Where there were weaknesses in project management and/or the audit response to the quality of management information or late delivery, this impacted outcomes. We have had success in using new technologies to support our milestone monitoring programme this year and will continue to focus on improved project management, including clarity in how we contract with management on our expectations of timing and sharing best practice with them, to support us in successfully bringing work forward.

Critical thinking and confirmation bias

In instances where teams relied on assumed knowledge from previous audits, information obtained at an interim date or through discussion with management, this led to lower quality outcomes. This also led to weaknesses in the evidence of audit challenge, particularly in the area of estimates. We also observed good practice and higher quality audit work where the audit team interact regularly and share relevant knowledge with specialist teams, and vice versa, including the timely follow up on matters raised in specialist reporting. Our culture programme activities remain focused on how we recognise and respond to biases that can occur in audits, and our second line processes continue to focus their challenge on identifying areas where this has occurred.

Understanding our requirements

Where we concluded that individuals performing engagements did not have sufficient knowledge of auditing standards and/or KPMG guidance, we saw this was linked to either the related guidance not being clear and detailed enough or that time pressure had compromised the individual's ability to seek out the right resources to answer their questions. These findings have informed our guidance and training programme for the following period, particularly as it relates to ISA 315 revised.

We were pleased to see three areas of good practice and no key findings in the FRC's work relating to our processes for designing, delivering and monitoring training and methodology which also supports our conclusion that we have no systemic methodology and training issues.

Looking ahead

The emerging risks and trends highlighted in section 4 of this report align with areas of focus we have through both priority programmes and targeted actions within our SQP, which is seen as good practice.

We set clear expectations with the right tone from the top and respond appropriately where we identify instances of behaviour which are not either compliant with our processes or compatible with our values. We have responded to such instances through strengthening controls, enhancing our processes and dealing with individuals on a timely basis. One example of these actions is reflected in the good practice related to changes we made in our recruitment process.

Regarding tendering, we have well established governance processes for continually assessing our sector exposure, portfolio mix, skills and experience and the public interest when determining which markets to enter and which tenders to participate in. We do this in addition to assessing annually, through continuance procedures, the governance and attitude to audit within the entities we audit today.

Looking ahead, while our strong AQR results demonstrate the progress we've made through our commitment to delivering sustainable audit quality, we know it is a journey of continuous investment, learning and improvement.

We are confident that the actions we have taken in delivering our audit strategy; through empowering our people, providing enabling technologies and in strengthening our quality framework, leave us well positioned to respond to stakeholder demands for the audit of the future.

We also recognise the pivotal role audit plays in serving the public interest and are clear in our focus on continuing to build trust and confidence in our profession and beyond.

Appendix C - ISQM (UK) 1 Glossary

The following definitions were extracted from ISQM (UK) 1⁴.


System of quality management (SoQM)	A system designed, implemented and operated by a firm to provide the firm with reasonable assurance that: The firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements; and Engagement reports issued by the firm or engagement partners are appropriate in the circumstances. A system of quality management under ISQM (UK) 1 addresses the following eight components: - The firm's risk assessment process; - Governance and leadership; - Relevant ethical requirements; - Acceptance and continuance of client relationships and specific engagements; - Engagement performance; - Resources; - Information and communication; and - The monitoring and remediation process. Firms are required to perform their first annual evaluation of the SoQM by 15 December 2023.
Quality objectives	The desired outcomes in relation to the components of the system of quality management to be achieved by the firm.
Quality risk	A risk that has a reasonable possibility of: Occurring; and Individually, or in combination with other risks, adversely affecting the achievement of one or more quality objectives.
Response	Policies or procedures designed and implemented by the firm to address one or more quality risk(s) in relation to its system of quality management: Policies are statements of what should, or should not, be done to address a quality risk(s). Such statements may be documented, explicitly stated in communications or implied through actions and decisions. Procedures are actions to implement policies.
Findings	Information about the design, implementation and operation of the system of quality management that has been accumulated from the performance of monitoring activities, external inspections and other relevant sources, which indicates that one or more deficiencies may exist.


Deficiency	A deficiency in a firm's system of quality management exists when: A quality objective required to achieve the objective of the system of quality management is not established; A quality risk, or combination of quality risks, is not identified or properly assessed; A response, or combination of responses, does not reduce to an acceptably low level the likelihood of a related quality risk occurring because the response(s) is not properly designed, implemented or operating effectively; or An other aspect of the system of quality management is absent, or not properly designed, implemented or operating effectively, such that a requirement of this ISQM (UK) 1 has not been addressed.
Ultimate responsibility	Individual(s) assigned ultimate responsibility and accountability for the firm's SoQM should evaluate the SoQM, on behalf of the firm, and shall conclude, on behalf of the firm, whether or not the SoQM provides the firm with reasonable assurance that the objectives of the SoQM are being achieved, required under ISQM (UK) 1 paragraph 54.

Deficiency

A deficiency in a firm's system of quality management exists when:

A quality objective required to achieve the objective of the system of quality management is not established;
A quality risk, or combination of quality risks, is not identified or properly assessed;
A response, or combination of responses, does not reduce to an acceptably low level the likelihood of a related quality risk occurring because the response(s) is not properly designed, implemented or operating effectively; or
An other aspect of the system of quality management is absent, or not properly designed, implemented or operating effectively, such that a requirement of this ISQM (UK) 1 has not been addressed.

Ultimate responsibility

Individual(s) assigned ultimate responsibility and accountability for the firm's SoQM should evaluate the SoQM, on behalf of the firm, and shall conclude, on behalf of the firm, whether or not the SoQM provides the firm with reasonable assurance that the objectives of the SoQM are being achieved, required under ISQM (UK) 1 paragraph 54.

Circular diagram illustrating the eight components of an ISQM (UK) 1 Annual Evaluation, including Governance & Leadership, Risk Assessment, and Resources.

Footnotes

The six Tier 1 firms in 2023/24 were: BDO LLP, Deloitte LLP, Ernst & Young LLP, KPMG LLP, Mazars LLP, and PricewaterhouseCoopers LLP. With effect from 1 June 2024, Mazars LLP changed its name to Forvis Mazars LLP. We have published a separate report for each of these firms along with a cross-firm Annual Review of Audit Quality. ↩
The new standard is a significant change to ISQC (UK) 1, requiring firms to take a more proactive and risk-based approach to managing quality. The standard also required a step change in firms' monitoring, as well as the introduction of a self-evaluation of their SoQM. Page 10 of the Annual Review of Audit Quality sets out the key differences. ↩
The grading categories used by the firm are: Compliant – audits that comply with relevant standards in all significant respects; Compliant – Improvements Needed (CIN) - audits that have an audit report supported by evidence but required additional information in the view of the reviewer, documentation of evidence obtained, or did not follow the firm's methodology in a specific area; and Not Compliant - audits that were not performed in line with relevant standards in a more significant area or had a deficiency in the financial statements. ↩
https://media.frc.org.uk/documents/ISQM_UK_1_Issued_July_2021_Updated_March_2023.pdf ↩

KPMG LLP Audit Quality Inspection and Supervision Report 2024

File

Is this page useful?