3.1 Risk Assessment Process Overview

CSQM 1 requires a Firm to have a risk assessment process, the purpose of which is to:

• Establish quality objectives
• Identify and assess risks to the achievement of the quality objectives
• Design and implement responses to address the quality risks                                                                            

In applying a risk-based approach, the Firm is required to take into account the nature and circumstances of the Firm and of the engagements it performs.

Establish Quality Objectives (What are you trying to achieve?)

The Firm is required to establish quality objectives for each of the operating components. The quality objectives are outlined in the standard and have been pre-populated in the SQMT.

Identify and Assess Quality Risks (What could go wrong?)

The next step in the risk assessment process is to identify and assess quality risks. That is, what can go wrong in achieving the quality objectives. A quality risk is one that has a reasonable possibility of occurring and a reasonable possibility of adversely affecting the achievement of one or more quality objectives. A library of potential quality risks has been included in the SQMT. The next lesson will help you identify quality risks and we will assess the identified quality risk during the in-person workshop.

Design and implement risk responses (What are you going to do about it?)

Finally, the Firm is required to design and implement responses that are based on, and responsive to, the reasons given for the quality risks assessments. A library of risk responses including policies and procedures has been included in the SQMT. During the in-person workshop, we will explore the risk responses to help you design your system of quality management.

Next up . . . brainstorm about the nature and circumstances of your Firm and the engagements it perform to identify potential quality risks.