Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
6Activity
0 of .
Results for:
No results containing your search query
P. 1
Decoding Compliance Buzzwords: The Practical Application of Risk Assessment & Forensic Testing

Decoding Compliance Buzzwords: The Practical Application of Risk Assessment & Forensic Testing

Ratings: (0)|Views: 892|Likes:
Risk assessment is a phrase used to describe the process of identifying and estimating the exposure to real and potential risks. Forensic testing is colorful shorthand to refer to periodic tests used to evaluate the effectiveness of controls. However, the application of these notions goes beyond the simple definitions since risk assessment and forensic testing are pillars for a sound compliance program.
Risk assessment is a phrase used to describe the process of identifying and estimating the exposure to real and potential risks. Forensic testing is colorful shorthand to refer to periodic tests used to evaluate the effectiveness of controls. However, the application of these notions goes beyond the simple definitions since risk assessment and forensic testing are pillars for a sound compliance program.

More info:

Published by: SEC Compliance Consultants on Oct 27, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/09/2013

pdf

text

original

 
 
Telephone: 610.415.9261
Facsimile: 610.200.1463
seccc.com
1
This article was originally printed in Schwab Institutional's Compliance Review, April 2007,Volume 16 Issue 3.
D
ECODING
C
OMPLIANCE
B
UZZWORDS
:
 THE
P
RACTICAL
A
PPLICATION OF
R
ISK
A
SSESSMENT AND
F
ORENSIC
T
ESTING
 
By: Janaya Moscony and Robert Tull of SEC Compliance Consultants, Inc.Risk assessment is a phrase used to describe the process of identifying and estimating theexposure to real and potential risks. Forensic testing is colorful shorthand to refer toperiodic tests used to evaluate the effectiveness of controls. However, the application of these notions goes beyond the simple definitions since risk assessment and forensictesting are pillars for a sound compliance program.
Understanding the Risk Assessment Process
The Relevance of Risk Assessment for Investment Advisors
Risk assessment is arguably the most vital activity that Chief Compliance Officers(“CCO”) should oversee in the development of an adequate compliance program. Inadopting Investment Adviser Rule 206(4)-7 and Investment Company Rule 38-1, theCompliance Rules, the Securities and Exchange Commission (“SEC”) stated that “eachadviser, in designing its policies and procedures, should first identify conflicts and othercompliance factors creating risk exposure for the firm and its clients in light of the firm'sparticular operations, and then design policies and procedures that address those risks.”
1
 The intention is for each advisor to create a customized compliance program based on arisk assessment that is appropriate given the nature and scope of the advisor’s business.It is apparent that compliance expectations for investment advisors continue to escalate asthe industry swells in terms of assets.
1
 
Compliance Programs of Investment Companies and Investment Advisers
. Release No. IC-26299 andIA-2204 (December 17, 2003).
 
SEC Compliance Consultants, Inc.
 
 Bridging your Compliance Gap
Telephone: 610.415.9261
Facsimile: 610.200.1463
seccc.com
2
According to the 2006 study conducted by the
 Investment Adviser Association
and
 National Regulatory Services
,
 Evolution Revolution,
investment advisors have moreassets under management than ever before.
2
In fact, total AUM among registeredinvestment advisors increased 17.2 percent from 2005 to 2006, from $26.8 trillion up to$31.4 trillion. However, what is interesting about the study is that most of those assetsare managed by a small number of firms. The study found that 90 percent of registeredadvisors reported that they have 50 or fewer employees. Only 4 percent of the firmsreportedly manage 82 percent of the total discretionary AUM for all advisors. Accordingto the survey, the typical registered investment advisor - the median point in the data -has $96 million in discretionary AUM, six to 10 employees and 26 to 100 clients, whoconsist of individuals, high-net worth clients, pensions and profit-sharing plans.Therefore, it is conceivable that the vast majority of investment advisors will approachrisk assessment without the luxury of dedicated risk management resources.
 Risk Assessment Options
When determining how to approach risk assessment, an advisor should consider its sizeand the depth of its business. There are various theories and approaches with regard torisk assessment and management including, but not limited to, those enumerated in TheCommittee of Sponsoring Organizations of the Treadway Commission’s Internal Control– Integrated Framework,
3
Enterprise Risk Management,
4
Key Risk Indicators,
5
andStatement on Auditing Standards (SAS) No. 109,
6
to name a few. Many financial firmsrely on a variety of methodologies. However there is not a one-size fits all solution; apublicly traded large institution may require a much more technical process than a typicalinvestment advisor.In the context of an advisor’s compliance program, the rationale is to prevent, detect, andwhen necessary correct any areas where there may be violations. A violation is often theresult of a risk event. When formulating a risk assessment process, there are severaltypes of risks that an advisor should keep in mind; these risks can be classified by thepotential consequence, such as: financial risk, informational risk, reputational risk, andregulatory risk. Some of these risks have more obvious implications than others;however, the less obvious ones can be just as severe.
2
http://www.icaa.org/public/evolution_revolution-2006.pdf 
3
http://www.coso.org/publications/executive_summary_integrated_framework.htm
4
http://www.coso.org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf 
5
http://www.continuitycentral.com/BusinessSpecificKeyRiskIndicatorspartone.pdf http://www.continuitycentral.com/BusinessSpecificKeyRiskIndicatorsPart2.pdf 
6
https://www.aicpa.org/download/members/div/auditstd/SAS109.PDF
 
SEC Compliance Consultants, Inc.
 
 Bridging your Compliance Gap
Telephone: 610.415.9261
Facsimile: 610.200.1463
seccc.com
3
For example, at the 2005 NSCP National Membership Meeting, Lori Richards, Directorof the SEC’s Office of Compliance Inspections and Examinations, shared an anecdoteabout the importance of compliance and the implications to a firm’s reputation.
7
 According to Ms. Richards, a research analyst at a major wire house divided the top 25fund firms into three groups: those that were very much involved in the fund scandals,those that were somewhat involved, and those that were not touched at all. The analystthen calculated the growth rates of the firms in each category in the 18 month period afterthe scandals came to light. The funds that were very much involved shrank by 24%,while those that were somewhat involved grew by 13%, and those that were not involvedat all grew by 15%. Ms. Richards continued, “the next time someone says to you:‘compliance is a cost center, not a business center,’ you should reply, ‘when was the lasttime your department had a 15% impact on the growth of this business?’”The risk assessment process should be comprehensive, factoring in all relevant andpotential risks. Aside from the benefits to an advisor’s compliance program, conductinga risk assessment of your firm can add value by forcing an advisor to take newperspectives on operations, affiliations, relationships, and even outside industry practices.The desired outcome of every business decision should be to add value. Whenconsidering the risk of certain decisions versus the potential reward, advisors are not onlyconsidering the benefits presented to clients, but also shareholders of the entity itself.
 A Team Effort 
While the CCO should oversee or manage the process, an effective risk assessmentcannot be carried out by one person alone - regardless of size of the firm. Risk assessment requires insight into the essential functions within the firm and this is oftenonly available through input from operational personnel. Operational expertise andvarious perspectives add value to the process. It's very important that supervisors buyinto the risk assessment process, not only for the financial and reputational benefits but aspart of the firm’s culture of compliance.
 Documentation Tools
Documenting the risk assessment process has two primary benefits. First, documentationis one of the hallmarks of an adequate compliance program. Evidencing the risk assessment process adds credibility and confidence to the compliance program. Secondly,documentation can serve as a tool to navigate the risk assessment process.
7
 
 Remarks before the National Society of Compliance Professionals National Membership Meeting
byLori Richards. October 25, 2005. http://www.sec.gov/news/speech/spch102605lr.htm.

Activity (6)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
rickjerickson liked this
JoeAntarctica liked this
su2010 liked this
jpaul_dfw liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->