As reported recently in The Wall Street Journal, the SEC has reevaluated the manner with which it determines which investment advisers it will examine. According to the author, rather than ensuring that all advisers will receive an audit once every five years, firms are now divided it categories of risk based on a number of factors. Higher risk firms are more likely to have a more frequent audit timetable.
However, this does not necessarily mean that lower risk firms should consider themselves exempt from the audit process. For this reason, all firms should continue to establish strong compliance programs, an integral aspect of which must be the assessment of areas of compliance risk. The Chief Compliance Office should then establish and adopt policies and procedures to address those areas of compliance risk. Any policies adopted and procedures established should themselves be the subject of ongoing review by trained compliance professionals to ascertain their effectiveness and sufficiency.