Quality Risk Assessment

Like our audits, quality management is supported by risk assessment. A risk assessment process, which leads to appropriately designed responses to address the assessed risks, strengthens audit quality.

Our system of quality management requires the OAG to establish a process

• to review quality objectives, quality risks (identification and assessment), and responses
• to identify information that indicates the need for changes to the quality objectives, quality risks, or responses that are related to changes in the nature and circumstances of the OAG

Audit Services reviews the OAG’s quality risk assessment every 2 years at a minimum and proactively modifies it when changes affecting the system of quality management occur or when deficiencies are identified. Various sources of information, such as the following, are used in the process:

• the OAG’s corporate risk profile and assessment, including any updates
• the results of the monitoring and remediation process, including completed engagement inspections
• information from service providers (where applicable)
• complaints and allegations about the conduct of audits
• results of external inspections
• changes in the system of quality management that affect other aspects of the system, such as changes in the OAG’s resources
• other external sources, such as regulatory actions and litigation
• Group 40’s environmental scan
• post audit surveys
• internal audit reports
• peer review reports
• feedback from engagement quality reviewers
• feedback from learning events (course surveys)