Risks
In the DESIGN module, the Risks tab is where system designers document and evaluate the firm’s quality risks. Risks are documented when there is a potential for adverse effects on one or more of the firm’s quality objectives.
Define risks
There are 2 types of risks:
-
Network risks - These risks are prescribed by the firm’s network firm, where relevant.
The network firm will distribute the prescribed risks, which are then imported in Settings.
-
Firm risks - These risks are recorded by the firm and are in addition to the network risks.
Note: There are no mandatory risks prescribed by the applicable quality management standards.
Complete a risk
To complete the Risk dialogue, system designers can add a new risk or modify a risk from the list of risks already included in the table.
To modify a risk see, Modify a risk.
To add a risk:
-
Select the Add icon (
) and select Risk.
-
Complete the Risk dialogue.
The Risk dialogue contains the following fields to be completed:
Note: When completing a network risk, some of the fields will be pre-populated and cannot be modified.
| Field | Input |
|---|---|
| Linked objectives | Risks are recorded when there is a possibility that one or more of the firm’s quality objectives may be adversely affected. The objective(s) that may be impacted by the risk, are listed in this field. |
| Title | Input a short title for this risk. |
| ID | Enter the unique identification number for this risk. |
| Type | No input required. |
| Relevant | Select Yes if the risk is relevant to the firm or select No if the risk is not relevant to the firm. The default is set to Yes. |
| Reason for not relevant | This field appears when the firm has indicated that the risk is not relevant to the firm. Enter a reason to address why the risk is not relevant to the firm. |
| Risk | Include a description of the firm risk. When a risk is selected from the library, the firm can modify the risk to align with the firm’s unique characteristics. Network risks cannot be modified. The Additional Description section can be used to provide more context to a prescribed risk. |
| Additional description | Include an additional description of the risk if necessary. You can also use this field to provide additional information for network risks if needed. |
| Applicable standard(s) | Select the standard(s) that the risk relates to. If the firm has only selected one applicable standard, then no selection is required. |
| Authoritative reference(s) | Include authoritative references where relevant. |
| Link(s) | Include links to external documentation, specifying the name and URL of each linked document. URLs can lead to Caseware Cloud instances or other locations. |
| Risk assessment: probability of occurrence | Select an option from the dropdown menu to reflect your assessment of the possibility that this risk may occur. |
| Risk assessment: effect on achievement of objectives | Select an option from the dropdown menu to reflect your assessment of the degree to which the risk may adversely affect the achievement of quality objectives. |
| Risk assessment result | No input required. |
| Response required | No input required. |
| Reason for risk rating | Input how and the degree to which conditions, events, circumstances, actions or inactions affect the firm’s assessment of the probability of occurrence and the effect on the achievement of objectives. |
| Response required – Judgement | If Apply judgement appears next to the Response required, select an option from the dropdown menu to record the type of response that has been decided on. |
| Reason for response required | Document the judgement made to decide which response is required for the assessed risk. |
| Note | Include any additional notes. |
| Linked policy responses | Previously recorded policy responses can be linked to this risk using the dropdown menu. When a policy response is recorded later, the link to this risk will be recorded when completing the Policy response dialog. |
| Effective from | Leave this field blank if the risk will become effective immediately. If the risk will become effective at a future date, enter that date in this field. The risk can then be recorded and published before the effective date. |
| Effective to | Leave this field blank if the risk will remain in effect for the foreseeable future. If the risk will no longer be in use after a specific date, record that date in this field. |
Note that fields marked with a red asterisk (*) are mandatory and must be filled out before the risk can be saved.
Fields marked with a blue asterisk (*) are not required to be completed before the risk can be saved, but must be completed before the risk can be signed off as prepared.
3. Once the dialogue has been populated, select SAVE.
Modify a risk
Note that existing risks can only be modified if the status is in Draft mode. If a risk has already been accepted or reviewed, the sign-off must be removed before the risk can be modified.
To modify a risk:
-
Click on the Expand icon (
) under the Relevant column to expand the risk.
-
Select the Edit icon (
) and modify the risk as required. -
To save the changes, select SAVE.
Delete a risk
Note: If a risk has been accepted or reviewed, the sign-off must be removed before the risk can be deleted.
To delete a risk:
Note: Network risks cannot be deleted.
-
Click on the Expand icon (
) under the Relevant column to expand the policy risk. -
Select the Delete icon (
).
-
In the delete confirmation prompt, select Delete.
Note: If the risk does not apply to a firm, it will be marked as Not relevant. Non relevant risks are not carried forward in the firm’s design of the system of quality management.
Sign-offs and approvals
Risks selected as relevant and signed off as prepared will be considered finalized and included in the draft system of quality management. Once the drafts are approved, they will be published.
