The SAS 70 auditing standard looks to become a vital component of the proposed changes for the Investment Advisers Act of 1940. In short, the recent scandals and ponzi schemes that resulted in the loss of billions of dollars for investors is receiving a wakeup call from the Securities and Exchange Commission (SEC).
The SEC released a draft of proposed changes regarding “Custody of Funds or Securities of Clients by Investment Advisers” (File No. S7-09-09). This lengthy document is proposing the use of “surprise examinations” and a “internal control report” on entities that have custody of client funds or securities or instead serves as a qualified custodian for client funds or securities.
Currently the “surprise examination” is discussed as a “written report from an independent public accountant” while the “internal control report” is essentially described as a SAS 70. Though still in the proposal stages (and waiting on comments from the industry, which are due by July 2009), two things are almost certain: 1. There will be more regulatory oversight and 2. the SAS 70 auditing standard will likely be utilized for both the “surprise examination” and the “internal control report”.
If you are an investment adviser or related person that has custody of client funds or securities and you perform custodial operations, then it is time to understand the SAS 70 audit process and how it will impact your organization. You can obtain a sample SAS 70 Type II Report and list of sample custodial control objectives by visiting the SAS 70 Resource Guide.