SQM How to - Design - Risks
Design - Risks
The following describes the functionality and features included in SQM.
Objective
The following describes the functionality and features included in SQM.
Page position
Risks can be found in the design module.
Page content
This page includes a table that contains the following types of risks:
• Network risks: these risks are prescribed by the firm’s network firm, where relevant.
The network firm will distribute the prescribed risks, which are then imported in SETTINGS.
The firm must consider if they are relevant to the firm.
• Firm risks: these risks are recorded by the firm and are in addition to the network risks.
There are no mandatory risks prescribed by the applicable quality management standards.
1. Complete risk
The risk dialog can be completed by either adding a new risk or by editing a risk from the list of risks already included in the table.
When completing a network risk, some of the fields will be pre-populated and cannot be edited.
The risk dialog contains the following fields to be completed:
Linked Objective | Risks are recorded when there is a possibility that one or more of the firm’s quality objectives may be adversely affected. The objective(s) that may be impacted by the risk, are listed in this field. |
Title | The short title for this risk. The title is visible in tables and when selecting items from libraries. It should therefore be concise but clearly indicate what the risk is. |
ID | The unique identification number for this risk. |
Type | No input required. This field is automatically completed based on the process that was followed to include the risk. |
Relevant | Select either ‘yes’ or ‘no’. The default is ‘yes’, to indicate that the monitoring activity is relevant to the firm. |
Reason for not relevant | This field appears when the firm has indicated that the risk is not relevant to the firm. It is a compulsory field. |
Risk | Include the wording of the risk for a firm risk. When a risk is selected from the library, the firm will edit the risk to align with the firm’s unique characteristics. Network risks cannot be edited and the ‘additional description’ can be used to provide more context to a prescribed risk. |
Additional description | Include an additional description if considered necessary. Where network risks are selected as relevant, a firm may choose to provide more context to the risk in this field. |
Applicable standard(s) | Select the standard(s) that the risk relates to. Where the firm has only selected one applicable standard, then no selection is required. |
Authoritative reference(s) | Include authoritative references where relevant. |
Link(s) | Include links to documentation elsewhere. Include a name and URL for each linked document. URLs can either be to a document in the Caseware Cloud instance or to another location, such as the firm’s SharePoint library. |
Risk assessment: probability of occurrence | Select an option from the dropdown menu to reflect your assessment of the possibility that this risk may occur. |
Risk assessment: effect on achievement of objectives | Select an option from the dropdown menu to reflect your assessment of the degree to which the risk may adversely affect the achievement of quality objectives. |
Risk assessment result | No input required. This field automatically reflects the results determined in the firm’s risk assessment matrix which is recorded in DESIGN – SETUP. |
Response required | No input required. This field automatically reflects the firm’s required level of response based on the risk assessment results. The required results are recorded in DESIGN – SETUP. |
Reason for risk rating | In this field the firm documents how and the degree to which conditions, events, circumstances, actions or inactions affect the firm’s assessment of the ‘probability of occurrence’ and the ‘effect on the achievement of the quality objectives’. |
Response required – Judgement | When the response required is indicated as ‘apply judgement’, select an option from the dropdown menu to record the type of response that has been decided on. |
Reason for response required | Document the judgement made to decide which response is required for the assessed risk. |
Note | Include any additional notes or comments. |
Effective from | This is an optional field and will be left blank if the risk will become effective immediately on publishing it to the firm’s system of quality management. When a risk is only effective from a specific date in the future, that effective date is recorded in this field. The risk can then be recorded and published before the effective date. |
Effective to | This is an optional field and will be left blank if the risk will remain in effect for the foreseeable future. When it is decided that a risk will no longer be applicable from a specific date, the date on which the risk will no longer apply to the firm’s system of quality management is recorded in this field. The change can then be published to the firm’s system of quality management in advance and the risk itself, will be in operation until the sunset date is reached. |
Fields indicated with a red asterisk (*) indicate fields that must be completed before the risk can be saved.
Fields indicated with a blue asterisk (*) is not required to be completed before the risk can be saved, but must be completed before the risk can be signed off as ‘prepared’.
When the relevant information has been recorded in the risk, save the information in the dialog.
2. Edit risk
Risks included in the table can only be edited in ‘draft’ status.
If a risk has already been signed off as ‘prepared’, the sign off must be removed before the risk can be edited.
To edit a risk already in the table, click on the ‘expand’ button to show the record of the risk.
Select the ‘edit’ button to open the risk dialog.
The content of the risk is then edited as needed and the changes saved by clicking on the ‘save’ button.
3. Delete risk
Risks can be deleted by expanding the risk and selecting the ‘delete’ button.
If a risk has been signed off as ‘prepared’, the sign-off must be removed before the risk can be deleted.
Note that network risks cannot be deleted.
If the risk does not apply to a firm, it will be marked as ‘not relevant’ only.
These risks are therefore not carried forward in the firm’s design of the system of quality management.
4. Sign-offs and approvals
Only risks selected as ‘relevant’ and signed off as ‘prepared’ will be considered finalised and therefore
• included in the draft system of quality management; and
• published when the firm approves and publishes the draft system of quality management.
Every relevant risk must therefore be signed off as ‘prepared’ once finalised.
Page outcomes
Before continuing with the rest of the design of the firm’s system of quality management, the firm should have:
• Considered each network risk and indicated whether they are relevant or not (when part of a network).
• Recorded any additional risks that have been identified.
• Assessed all risks to determine whether a response is required.
• Signed off all relevant risks as ‘prepared’.
Related Articles
Enabling SQM for Staff
After SQM has been enabled on your firm’s CaseWare Cloud site, a Cloud administrator will need to assign the app to the relevant staff to access and use. This is done one of two ways, as set out in the instructions below. NOTE: Both options below ...This page is restricted for SQM users. Please contact the Caseware Cloud Administrator for access.
Staff members may experience the following error when accessing SQM: This error occurs when staff members have not been assigned the appropriate advanced SQM role on a staff or group level. Staff members who need to work on SQM, view risks and raise ...What is SQM?
SQM is an Efficient Quality Management System. Whether you are a small accounting firm or a global audit leader, SQM provides an efficient solution to design, operate, monitor and evaluate your system of quality management. Responsible parties are ...SQM Overview
Easily design, implement and operate your system of quality management, providing you with reasonable assurance that the firm and its staff have fulfilled their responsibilities in terms of ASQM1 standards.SQM How to - Design - Understanding
Design - Understanding The following describes the functionality and features included in SQM. Objective The objective of this page in SQM is to document an understanding of the nature and circumstances of the firm and the engagements performed by ...