Insights: A full overview of the SQM.
Responsibilities: Define responsibilities.
After roles are assigned, they must be accepted by the designated person and reviewed by another. Someone in the final-responsibility role may both accept and review.
Setup: Establish your system.
First verify which Applicable Standard has been selected:
❖ BE customers: ISQM-Belgium
❖ Lux customers: ISQM Luxembourg
These standards include not only the country’s main, mandatory norms but also the international ones.
In Risk Assessment, two criteria determine two risk levels—how to respond if an objective is not met:
❖ Probabilities: What is the chance it occurs?
❖ Effects: If it occurs, is it a major issue?
A default standard is provided here but may be adjusted as desired.
Understanding: A questionnaire covering various topics.
All questions must be answered, and you can already begin to identify risks as you go (e.g. How complex is my company? Do we work extensively with externals?).
You gain insight into your company’s structure and the files you handle; complex files may also affect quality.
Objectives: Determined by the norm selected in Setup.
The mandatory standards are established at the European level and are automatically integrated into the components. They are identifiable by the designation “Mandatory” and are obligatory.
A lot has already been automated here, and you must link the risks to the objectives.
❖ Network: Component imported by the company via Settings.
❖ Mandatory: Mandatory norm.
The structure is pyramid-like: every objective must link to one or more risks; each risk must link to one or more policy responses; policy details are further fleshed out in procedure responses, where you specify expectations
(e.g. an independence declaration must be signed annually).
Tasks => The actual execution of procedures.
Everything must be linked—objectives, risks, policy, procedure.
Tasks (forms) are optional; you may instead use Word or another document.
Risks: Internal to the firm.
There are no “Mandatory” types. For new clients this list starts empty, with type “Firm.”
Policy responses: General policies drawn from the norm (Mandatory).
Everything here is more general and will be further detailed under “Procedure responses”. Link each policy to its risk and to the appropriate procedure—both top-down and bottom-up.
Procedure response: Explain how your process works in detail.
This section goes into more depth than the “Policy responses” and requires significantly more detailed input.
For example, you must specify the "Nature" of the process: explain how you will implement or achieve it. Will you use a manual process or an application/technology? You must explain specifically how the process should be carried out. For instance, we will use forms under “Tasks,” or we will use a Word document.
You set timing yourself.
The person(s) responsible receive e-mail notifications of tasks only after the Design phase has been Approved and Published.
Tasks: Tasks are not mandatory.
If you choose to use tasks, the Editor form is recommended. Ensure a Submit button is present, otherwise users can fill in the form but not submit it. If the Submit button disappears, drag a Button onto the “Drag & drop form component” area to restore it.
A predefined form is available in the Library; you may add fields as long as nothing is Published.
Once everything is complete and error-free, you can Approve and Publish; employees will then receive notifications and can submit tasks.
Publish consists of 2 parts:
❖ Left side: Where errors (if any) appear.
❖ Right side: Everything contained in your SQM.
