How should I prepare if I know my firm is being audited?

An RIA Audit Checklist of best practices to consider before and during your firm's audit.

1. Designate a point person

We strongly recommend designating a point person and making sure everyone in the office knows who this person is—typically the CCO. If you have various staff members assigned to RIA compliance procedures, select one person to serve as the main contact with the auditors.

2. Give the auditors a comfortable place to work

It’s always a good idea to have a conference room or office available that is away from the everyday activities. Show the RIA examiner(s) where the coffee and restrooms are located, but don't be offended if they refuse even a cup of coffee.

3. Prepare a brief presentation on your firm

Perhaps prepare a brief 5 minute introduction of your firm for the auditors; introducing your firm persons and identifying the services offered. This should match the information found in your RIA firm's Form ADV 2A and 2B regulatory filings. It’s a nice introduction by you to the auditors to show your firm's preparation and respect for the regulatory audit process. This is also the time to emphasize your firm’s commitment to a “Culture of Compliance” which sets the proper tone for the balance of the audit. Keep in mind that the auditors will likely already know a lot of this information but will want to hear how you describe your firm.

4. Know where all important documents are located

In an optional entrance interview, the auditors will typically discuss why they are there and begin to ask preliminary questions about your RIA firm. This may also be the time when the examiners present their checklist used to conduct the exam if you haven’t received a document request when the audit was announced. Be ready, able and willing to assist the auditors with their requests for additional information or documents.

5. Have a system in place to retrieve requested items

The auditor will request numerous documents throughout the audit and will likely ask for copies to take back to their office. If you store all your documents electronically, consider creating a separate online electronic folder that the auditors can access, etc. These requests should go through your “point person”. Remember to make copies of, or keep a listing of, all documents the auditors ask to take. If you’re using paper files, it is good practice to remove the entire file from the file cabinet, and take it back to where the auditors are working

6. Explain any potential deficiencies

Once the regulators are finished with the in-office portion of the audit, they will normally speak with you before they leave. This is called an exit interview and may consist of the auditors’ findings and should give you an idea of what you can expect on a follow-up deficiency letter. Sometimes, you can clear up any potential deficiencies with brief explanations during this interview. 

7. Gather the necessary records

SEC Rule 204-2 requires SEC-registered RIA firms to maintain and keep current the records listed below. State regulators will generally use the same list with some slight additions depending on your jurisdiction. The auditors typically review these items in detail and
compare them with your updated disclosure documents and current practice.