SQM How to | Design - Risks

Published: 04/08/2023

Objective

The objective of this page in SQM is to record and assess the firm’s quality risks.

Page position

RISKS can be found in the DESIGN module.

Page content

This page includes a table that contains the following types of risks:

Network risks: these risks are prescribed by the firm’s network firm, where relevant.

The network firm will distribute the prescribed risks, which are then imported in SETTINGS.

The firm must consider if they are relevant to the firm.

Firm risks: these risks are recorded by the firm and are in addition to the network risks.

There are no mandatory risks prescribed by the applicable quality management standards.

1. Complete risk

The risk dialog can be completed by either adding a new risk or by editing a risk from the list of risks already included in the table.

When completing a network risk, some of the fields will be pre-populated and cannot be edited.

The risk dialog contains the following fields to be completed:

FIELD	INPUT REQUIRED
Linked objectives	Risks are recorded when there is a possibility that one or more of the firm’s quality objectives may be adversely affected. The objective(s) that may be impacted by the risk, are listed in this field.
Title	The short title for this risk. The title is visible in tables and when selecting items from libraries. It should therefore be concise but clearly indicate what the risk is.
ID	The unique identification number for this risk.
Type	No input required. This field is automatically completed based on the process that was followed to include the risk.
Relevant	Select either ‘yes’ or ‘no’. The default is ‘yes’, to indicate that the risk is relevant to the firm.
Reason for not relevant	This field appears when the firm has indicated that the risk is not relevant to the firm. It is a compulsory field.
Risk	Include the wording of the risk for a firm risk. When a risk is selected from the library, the firm will edit the risk to align with the firm’s unique characteristics. Network risks cannot be edited and the ‘additional description’ can be used to provide more context to a prescribed risk.
Additional description	Include an additional description if considered necessary. Where network risks are selected as relevant, a firm may choose to provide more context to the risk in this field.
Applicable standard(s)	Select the standard(s) that the risk relates to. Where the firm has only selected one applicable standard, then no selection is required.
Authoritative reference(s)	Include authoritative references where relevant.
Link(s)	Include links to documentation elsewhere. Include a name and URL for each linked document. URLs can either be to a document in the Caseware Cloud instance or to another location, such as the firm’s SharePoint library.
Risk assessment: probably of occurrence	Select an option from the dropdown menu to reflect your assessment of the possibility that this risk may occur.
Risk assessment: effect on achievement of objectives	Select an option from the dropdown menu to reflect your assessment of the degree to which the risk may adversely affect the achievement of quality objectives.
Risk assessment result	No input required. This field automatically reflects the results determined in the firm’s risk assessment matrix which is recorded in DESIGN – SETUP.
Response required	No input required. This field automatically reflects the firm’s required level of response based on the risk assessment results. The required results are recorded in DESIGN – SETUP.
Reason for risk rating	In this field the firm documents how and the degree to which conditions, events, circumstances, actions or inactions affect the firm’s assessment of the ‘probability of occurrence’ and the ‘effect on the achievement of the quality objectives’.
Response required – Judgement	When the response required is indicated as ‘apply judgement’, select an option from the dropdown menu to record the type of response that has been decided on.
Reason for response required	Document the judgement made to decide which response is required for the assessed risk.
Note	Include any additional notes or comments.
Linked policy responses	Previously recorded policy responses can be linked to this risk using the dropdown menu. When a policy response is recorded later, the link to this risk will be recorded when completing the policy response dialog.
Effective from	This is an optional field and will be left blank if the risk will become effective immediately on publishing it to the firm’s system of quality management. When a risk is only effective from a specific date in the future, that effective date is recorded in this field. The risk can then be recorded and published before the effective date.
Effective to	This is an optional field and will be left blank if the risk will remain in effect for the foreseeable future. When it is decided that a risk will no longer be applicable from a specific date, the date on which the risk will no longer apply to the firm’s system of quality management is recorded in this field. The change can then be published to the firm’s system of quality management in advance and the risk itself, will be in operation until the sunset date is reached.

Fields indicated with a red asterisk (*) indicate fields that must be completed before the risk can be SAVED.

Fields indicated with a blue asterisk (*) is not required to be completed before the risk can be SAVED, but must be completed before the risk can be signed off as ‘prepared’.

When the relevant information has been recorded in the risk, SAVE the information in the dialog.

2. Edit risk

Risks included in the table can only be edited in ‘draft’ status.
If a risk has already been signed off as ‘prepared’, the sign off must be removed before the risk can be edited.
To edit a risk already in the table, click on the ‘expand’ button to show the record of the risk.

Select the ‘edit’ button to open the risk dialog.

The content of the risk is then edited as needed and the changes saved by clicking on the ‘save’ button.

3. Delete risk

Risks can be deleted by expanding the risk and selecting the ‘delete’ button.

If a risk has been signed off as ‘prepared’, the sign-off must be removed before the risk can be deleted.

Note: network risks cannot be deleted.

If the risk does not apply to a firm, it will be marked as ‘not relevant’ only.
These risks are therefore not carried forward in the firm’s design of the system of quality management.

4. Sign-offs and approvals

Only risks selected as ‘relevant’ and signed off as ‘prepared’ will be considered finalised and therefore

included in the draft system of quality management; and
published when the firm approves and publishes the draft system of quality management.

Every relevant risk must therefore be signed off as ‘prepared’ once finalised.

Page Outcomes

Before continuing with the rest of the design of the firm’s system of quality management, the firm should have:

Considered each network risk and indicated whether they are relevant or not (when part of a network).
Recorded any additional risks that have been identified.
Assessed all risks to determine whether a response is required.
Signed off all relevant risks as ‘prepared’.