PCAOB 2025 Inspection Report for KPMG Hong Kong

2025 Inspection KPMG

(Headquartered in Hong Kong Special Administrative Region of the People’s Republic of China)

January 29, 2026

PORTIONS OF THE COMPLETE REPORT ARE OMITTED FROM THIS DOCUMENT IN ORDER TO COMPLY WITH SECTIONS 104(g)(2) AND 105(b)(5)(A) OF THE SARBANES-OXLEY ACT OF 2002

1 | PCAOB RELEASE NO. 104-2026-033

THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

TABLE OF CONTENTS

2025 Inspection ............................................................................................................................. 2

Overview of the 2025 Inspection and Historical Data by Inspection Year ................................... 3

Part I: Inspection Observations ..................................................................................................... 5

Part I.A: Audits with Unsupported Opinions ................................................................................ 6

Part I.B: Other Instances of Non-Compliance with PCAOB Standards or Rules ........................... 8

Part I.C: Independence.................................................................................................................. 9

Part II: Observations Related to Quality Control ........................................................................ 10

Appendix A: Firm’s Response to the Draft Inspection Report ..................................................... A-1

2025 INSPECTION

In the 2025 inspection of KPMG, the Public Company Accounting Oversight Board (PCAOB) assessed the firm’s compliance with laws, rules, and professional standards applicable to the audits of issuers. Our inspection was conducted in cooperation with the China Securities Regulatory Commission, the Ministry of Finance of the People’s Republic of China, and the Accounting and Financial Reporting Council of Hong Kong. We selected for review three audits of issuers, two with fiscal years ending in 2024 and one with a fiscal year ending in 2023. For each issuer audit selected, we reviewed a portion of the audit. We also evaluated elements of the firm’s system of quality control.

2025 Inspection Approach

In selecting issuer audits for review, we use a risk-based method of selection. We make selections based on (1) our internal evaluation of audits we believe have a heightened risk of material misstatement, including those with challenging audit areas, and (2) other risk-based characteristics, including issuer and firm considerations. In certain situations, we may select all of the firm’s issuer audits for review. When we review an audit, we do not review every aspect of the audit. Rather, we generally focus our attention on audit areas we believe to be of greater complexity, areas of greater significance or with a heightened risk of material misstatement to the issuer’s financial statements, and areas of recurring deficiencies. We may also select some audit areas for review in a manner designed to incorporate unpredictability. Our selection of audits for review does not necessarily constitute a representative sample of the firm’s total population of issuer audits. Additionally, our inspection findings are specific to the particular portions of the issuer audits reviewed. They are not an assessment of all of the firm’s audit work or of all of the audit procedures performed for the audits reviewed. View the details on the scope of our inspections and our inspections procedures.

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 2

OVERVIEW OF THE 2025 INSPECTION AND HISTORICAL DATA BY INSPECTION YEAR

The following information provides an overview of our 2025 inspection as well as data from the previous inspection. We use a risk-based method to select audits for review and to identify areas on which we focus our review. Because our inspection process evolves over time, it can, and often does, focus on a different mix of audits and audit areas from inspection to inspection and firm to firm. Further, a firm’s business, the applicable auditing standards, or other factors can change from the time of one inspection to the next. As a result of these variations, we caution that our inspection results are not necessarily comparable over time or among firms.

Firm Data and Audits Selected for Review

2025 2024 Firm data Total issuer audit clients in which the firm was the 1 1 lead/principal auditor Total issuer audits in which the firm was not the 16 15 lead/principal auditor Total engagement partners on issuer audit work13 12 1 Audits reviewed Total audits reviewed3 3 2 Audits in which the firm was the lead/principal auditor 1 1 3 Audits in which the firm was not the lead/principal auditor 2 2 Integrated audits of financial statements and 2 2 internal control over financial reporting (ICFR) Audits with Part I.A deficiencies 3 2 Percentage of audits with Part I.A deficiencies 100% 67%

The number of engagement partners on issuer audit work represents the total number of firm personnel (not necessarily limited 1 to personnel with an ownership interest) who had primary responsibility for an issuer audit (as defined in AS 1201, Supervision of

the Audit Engagement) or for the firm’s role in an issuer audit during the twelve-month period preceding the outset of the

inspection. The population from which audits are selected for review includes both audits for which the firm was the lead/principal auditor 2 and those where the firm was not the lead/principal auditor but played a role in the audit. The audit reviewed in 2025 pertained to the issuer’s fiscal year ending in 2023. 3

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 3

If we include a deficiency in Part I.A of our report, it does not necessarily mean that the firm has not addressed the deficiency. In certain cases, the firm may have performed remedial actions after the deficiency was identified. Depending on the circumstances, remedial actions may include performing additional audit procedures, informing management of the issuer of the need for changes to the financial statements or reporting on ICFR, or taking steps to prevent reliance on prior audit reports. Our inspection may include a review, on a sample basis, of the adequacy of a firm’s remedial actions, either with respect to previously identified deficiencies or deficiencies identified during the current inspection. If a firm does not take appropriate actions to address deficiencies, we may criticize its system of quality control or pursue a disciplinary action. If we include a deficiency in our report — other than those deficiencies for audits with incorrect opinions on the financial statements and/or ICFR — it does not necessarily mean that the issuer’s financial statements are materially misstated or that undisclosed material weaknesses in ICFR exist. It is often not possible for us to reach a conclusion on those points based on our inspection procedures and related findings because, for example, we have only the information that the auditor retained and the issuer’s public disclosures. We do not have direct access to the issuer’s management, underlying books and records, and other information.

Audit Areas Most Frequently Reviewed

This table reflects the audit areas we have selected most frequently for review in the 2025 inspection and the previous inspection. For the issuer audits selected for review, we selected these areas because they were generally significant to the issuer’s financial statements, may have included complex issues for auditors, and/or involved complex judgments in (1) estimating and auditing the reported value of related accounts and disclosures and (2) implementing and auditing the related controls. 2025 2024 Audit area Audits reviewed Audit area Audits reviewed Revenue and related accounts Revenue and related accounts 3 3 Inventory Inventory 2 2 Related party transactions Related party transactions 2 2 Investment securities Business combinations 1 1 Cash and cash equivalents Cash and cash equivalents 1 1

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 4

PART I: INSPECTION OBSERVATIONS

Part I.A of our report discusses deficiencies, if any, that were of such significance that we believe the firm, (1) at the time it issued its audit report(s), had not obtained sufficient appropriate audit evidence to support its opinion(s) on the issuer’s financial statements and/or ICFR or (2) in audit(s) in which it was not the lead/principal auditor, had not obtained sufficient appropriate audit evidence to fulfill the objectives of its role in the audit. Part I.B discusses certain deficiencies, if any, that relate to instances of non-compliance with PCAOB standards or rules other than those where the firm had not obtained sufficient appropriate audit evidence to support its opinion(s) or fulfill the objectives of its role in the audit(s). This section does not discuss instances of apparent non-compliance with rules related to maintaining independence. Part I.C discusses instances of apparent non-compliance with rules related to maintaining independence. Consistent with the Sarbanes-Oxley Act (“Act”), it is the Board’s assessment that nothing in Part I of this report deals with a criticism of, or potential defect in, the firm’s quality control system. We discuss any such criticisms or potential defects in Part II. Further, you should not infer from any Part I deficiency, or combination of deficiencies, that we identified a quality control finding in Part II. Section 104(g)(2) of the Act restricts us from publicly disclosing Part II deficiencies unless the firm does not address the criticisms or potential defects to the Board’s satisfaction no later than 12 months after the issuance of this report.

Classification of Audits with Part I.A Deficiencies

Within Part I.A of this report, we classify each issuer audit in one of the categories discussed below based on the Part I.A deficiency or deficiencies identified in our review. The purpose of this classification system is to group and present issuer audits by the number of Part I.A deficiencies we identified within the audit as well as to highlight audits with an incorrect opinion on the financial statements and/or ICFR.

Audits with an Incorrect Opinion on the Financial Statements and/or ICFR

This classification includes instances where a deficiency was identified in connection with our inspection and, as a result, an issuer’s financial statements were determined to be materially misstated, and the issuer restated its financial statements. It also includes instances where a deficiency was identified in connection with our inspection and, as a result, an issuer’s ICFR was determined to be ineffective, or there were additional material weaknesses that the firm did not identify, and the firm withdrew its opinion, or revised its report, on ICFR. This classification does not include instances where, unrelated to our review, an issuer restated its financial statements and/or an issuer’s ICFR was determined to be ineffective. We include any deficiencies identified in connection with our reviews of these audits in the audits with multiple deficiencies or audits with a single deficiency classification below.

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 5

Audits with Multiple Deficiencies

This classification includes instances where multiple deficiencies were identified that related to a combination of one or more financial statement accounts, disclosures, and/or important controls in an ICFR audit.

Audits with a Single Deficiency

This classification includes instances where a single deficiency was identified that related to a financial statement account or disclosure or to an important control in an ICFR audit.

PART I.A: AUDITS WITH UNSUPPORTED OPINIONS

This section of our report discusses the deficiencies identified, by specific issuer audit reviewed, in the audit work (1) supporting the firm’s opinion on the issuer’s financial statements and (2) in audit(s) in which it was not the lead/principal auditor, to fulfill the objectives of its role in the audit. We identify each issuer by a letter (e.g., Issuer A). Each deficiency could relate to several auditing standards, but we reference the PCAOB standard that most directly relates to the requirement with which the firm did not comply. We present issuer audits below within their respective deficiency classifications (as discussed previously). Within the classifications, we generally present the audits based on our assessment as to the relative significance of the identified deficiencies, taking into account the significance of the financial statement accounts and/or disclosures affected, and/or the nature or extent of the deficiencies.

Audits with an Incorrect Opinion on the Financial Statements and/or ICFR

None

Audits with Multiple Deficiencies Issuer A – Health Care

Type of audit and related areas affected In our review, we identified deficiencies in the financial statement audit related to Revenue, Contract Liabilities, and Related Party Transactions. Description of the deficiencies identified With respect to Revenue and Contract Liabilities:

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 6

To reduce the extent of its substantive procedures for certain revenue and contract liabilities, the firm tested and placed reliance on controls. The following deficiencies were identified:  The firm selected for testing an automated control that consisted of the configuration of an information technology system to automatically perform a function based on a pre-established parameter, and the firm used a “test of one” approach to test this control. The firm’s testing of this automated control using a sample of only one instance was not sufficient because the firm did not evaluate the programming of the control or perform other procedures that would have provided sufficient appropriate audit evidence that the control was designed and operated effectively. (AS 2301.19 and .21)  The firm did not perform procedures to evaluate the relevance and reliability of certain reports prepared by a third party that were used by the firm to substantively test this revenue and related contract liabilities. (AS 1105.04 and .06) With respect to Related Party Transactions: The firm did not identify and evaluate a departure from IFRS related to the issuer’s omission of a disclosure required by IAS 24, Related Party Disclosures. (AS 2410.17; AS 2810.30 and .31)

Issuer B – Information Technology

Type of audit and related area affected In our review of an audit in which the firm played a role but was not the principal auditor, we identified deficiencies in connection with the firm’s role in the financial statement and ICFR audits related to Inventory. Description of the deficiencies identified The following deficiencies were identified:  The firm selected for testing a control over the issuer’s review and approval of manual adjustments to inventory quantities. The firm used a system-generated report to make its selections for testing the operating effectiveness of this control and relied on its testing of this report from the prior year’s audit. The firm did not perform procedures to test, or identify and test any controls over, the accuracy and completeness of this report, beyond the procedures performed during the prior year’s audit and inquiry of management regarding any changes to the report since it was last tested. (AS 1105.10)  The firm selected for testing a control that consisted of the issuer’s reconciliation of certain inventory to the general ledger. The firm did not identify and test any controls over the accuracy and completeness of certain data that the control owners used in the operation of this control. (AS 2201.39) In addition, the firm did not perform procedures to test the completeness of this data, which it also used to make its selections to test the operating effectiveness of the control. (AS 1105.10)

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 7

 To substantively test the existence of inventory at year-end, the firm observed the counting of inventory. The sample size for these procedures was reduced through reliance on a control that the firm had selected for testing, which consisted of the issuer’s performance of periodic inventory cycle counts. The sample size the firm used to perform this inventory observation was too small to provide sufficient appropriate audit evidence because these procedures were designed based on a level of control reliance that was not supported, as the firm did not obtain evidence that this control was operating effectively throughout the entire period of reliance. (AS 2301.16, .18, and .37; AS 2315.19, .23, and .23A)

Audits with a Single Deficiency Issuer C

Type of audit and related area affected In our review of an audit in which the firm played a role but was not the lead auditor, we identified a deficiency in connection with the firm’s role in the ICFR audit related to Related Party Transactions. Description of the deficiency identified The firm did not identify and test any controls over the issuer’s identification of related parties and relationships and transactions with related parties. (AS 2201.39)

PART I.B: OTHER INSTANCES OF NON-COMPLIANCE WITH PCAOB STANDARDS OR RULES

This section of our report discusses certain deficiencies that relate to instances of non-compliance with PCAOB standards or rules other than those where the firm had not obtained sufficient appropriate audit evidence to support its opinion or fulfill the objectives of its role in the audit(s). This section does not discuss instances of apparent non-compliance with rules related to maintaining independence. When we review an audit, we do not review every aspect of the audit. As a result, the areas below were not necessarily reviewed on every audit. In some cases, we assess the firm’s compliance with specific PCAOB standards or rules on other audits that were not reviewed and include any instances of non- compliance below. The deficiencies below are presented in numerical order based on the PCAOB standard or rule with which the firm did not comply. We identified the following deficiencies:  In one audit reviewed, other auditors used by the firm had obtained letters of representation from management for certain of the issuer’s components, but the firm did not obtain, and review and retain, one of these letters. In this instance, the firm was non-compliant with AS 1215, Audit

Documentation.

 In one audit reviewed, the firm did not make a required communication to the audit committee related to the name, location, and/or planned responsibilities of other accounting firms or other

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 8

persons not employed by the firm that performed audit procedures in the audit. In this instance, the firm was non-compliant with AS 1301, Communications with Audit Committees.  In one audit reviewed, the firm did not perform procedures to determine whether all individuals who participated in the audit were in compliance with independence requirements. In this instance, the firm was non-compliant with AS 2101, Audit Planning.

PART I.C: INDEPENDENCE

PCAOB Rule 3520, Auditor Independence, requires a firm and its personnel to be independent of the firm’s audit clients. This requirement encompasses not only an obligation to satisfy the independence criteria set out in PCAOB rules and standards but also an obligation to satisfy all other independence criteria applicable to an engagement, including the independence criteria set out by the SEC in Regulation S-X, 17 C.F.R. § 210.2-01, Qualifications of Accountants. In the 2025 inspection, we did not identify, and the firm did not bring to our attention, any instances of apparent non-compliance with PCAOB Rule 3520. Although this section does not include any instances of apparent non-compliance with PCAOB Rule 3520 that we identified or the firm brought to our attention, there may be instances of non-compliance with rules related to independence that were not identified through our procedures or the firm’s monitoring activities. While the firm did not bring to our attention any instances of apparent non-compliance with PCAOB Rule 3520, the number, large or small, of firm-identified instances of apparent non-compliance may be reflective of the size of the firm, including the number of associated firms; the design and effectiveness of the firm’s independence monitoring activities; and the size and/or complexity of the issuers it audits, including the number of affiliates of those issuers. Therefore, we caution against making any comparison of firm-identified instances of apparent non-compliance across firms.

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 9

PART II: OBSERVATIONS RELATED TO QUALITY CONTROL

Part II of our report discusses criticisms of, and potential defects in, the firm’s system of quality control. We include deficiencies in Part II if an analysis of the inspection results, including the results of the reviews of individual audits, indicates that the firm’s system of quality control does not provide reasonable assurance that firm personnel will comply with applicable professional standards and requirements. Generally, the report’s description of quality control criticisms is based on observations from our inspection procedures. This report does not reflect changes or improvements to the firm’s system of quality control that the firm may have made subsequent to the period covered by our inspection. The Board does consider such changes or improvements in assessing whether the firm has satisfactorily addressed the quality control criticisms or defects no later than 12 months after the issuance of this report. When we issue our reports, we do not make public criticisms of, and potential defects in, the firm’s system of quality control, to the extent any are identified. If a firm does not address to the Board’s satisfaction any criticism of, or potential defect in, the firm’s system of quality control within 12 months after the issuance of our report, we will make public any such deficiency.

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | 10

APPENDIX A: FIRM’S RESPONSE TO THE DRAFT INSPECTION REPORT A-

Pursuant to Section 104(f) of the Act, 15 U.S.C. § 7214(f), and PCAOB Rule 4007(a), the firm provided a written response to a draft of this report. Pursuant to Section 104(f) of the Act and PCAOB Rule 4007(b), the firm’s response, excluding any portion granted confidential treatment, is attached hereto and made part of this final inspection report. The Board does not make public any of a firm’s comments that address a nonpublic portion of the report unless a firm specifically requests otherwise. In some cases, the result may be that none of a firm’s response is made publicly available. In addition, pursuant to Section 104(f) of the Act, 15 U.S.C. § 7214(f), and PCAOB Rule 4007(b), if a firm requests, and the Board grants, confidential treatment for any of the firm’s comments on a draft report, the Board does not include those comments in the final report. The Board routinely grants confidential treatment, if requested, for any portion of a firm’s response that addresses any point in the draft that the Board omits from, or any inaccurate statement in the draft that the Board corrects in, the final report.

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | A-1

KPMG, PCAOB Release No. 104-2026-033, January 29, 2026 | A-2

A-1 |