Effective Date: December 31, 2021
The purpose of this Guidance Note is to provide guidance with respect to minimum audit procedures for the confirmation of mutual fund money and positions. As a minimum, part D of rule 41001 requires that the following audit procedures be performed:
- obtain written confirmation of money and mutual fund positions with all mutual fund company(s) (clause 4182(2)(ii)), and
- review and test the balancing and reconciliation of mutual fund money and positions (section 4179) and ascertain adequate margin provision for any out-of-balance amounts.
Note: Mutual funds are considered non-certificated instruments.
- 1In this Guidance, all rule references are to the IIROC Rules unless otherwise specified.
Mutual fund companies maintain virtually all their records on electronic databases. Both Panel Auditors and Dealer Members (Dealers) have raised concern regarding the requirement to obtain 100% confirmation of all mutual fund money and positions between the Dealer and mutual fund company(s). For each mutual fund company control account, there are thousands of line items relating to mutual fund clients for each of several funds. Natural timing differences between the records of Dealers and mutual fund management companies add to the complexity of the process, and these timing differences are only reconcilable at a very detailed level – making the confirmation and reconciliation processes in the audit a very time intensive effort.
From IIROC’s perspective, unreconciled client account differences are required to be deducted from the regulatory capital of the Dealer, and therefore, there is a need to ensure that the accounts are confirmed and reconciled against independent account records. The 100% audit confirmation requirements for mutual fund positions and money balances with all mutual fund companies is an important substantive audit procedure for ascertaining margin provision for out-of-balance differences.
How the confirmation process works in practice
All Dealers have processes in place to ensure differences between internal and mutual fund company records are cleared. Mutual fund company records are received by the Dealer in any of three different standard formats, as follows:
- direct downloads from Fundserv,
- electronic data file provided by the mutual fund company, and
- paper based documentation.
The records of the various mutual fund company(s) are then cross-referenced with the Dealer’s records and all differences are identified and reconciled. The most common differences are of a timing nature, based on transactions in process. Other differences would include changes in semi-permanent data, and errors. All differences are cleared and corrections made, if necessary. Any unreconciled differences are charged against the Dealer’s capital.
In the past, Panel Auditors have generally tried to obtain written confirmation of the mutual fund positions and money balances from all the mutual fund companies. In practice, this method of confirmation is difficult for the mutual fund company(s) to comply with since the scope of the confirmation is too broad and the level of detail requires significant effort, which many mutual fund companies have declined to undertake. Consequently, the Panel Auditors have carried out alternative procedures to cover the majority of the work in respect of confirmation for mutual fund companies. While these procedures have helped meet audit reporting objectives, they have not met the audit confirmation expectations of IIROC.
Alternative approach to “confirmation”
To meet the prescribed IIROC audit requirements, the Panel Auditor must be able to obtain reasonable assurance that the mutual fund company(s) data used in the account reconciliation process comes from an independent source, that the data has not been manipulated or changed, and that all differences are cleared and acted upon or otherwise included as a reduction in capital. These requirements can be achieved by the use of electronic testing of the underlying data.
Electronic information is normally coded with fields that log the source and the time the underlying information was created. These identity fields are normally controlled by the systems themselves and are less susceptible to manipulation without detection than fields which include manually created or entered data. Therefore, the auditor should be able to obtain reports that authenticate the data source and time of creation/modification.
To meet the independent data requirements, the Panel Auditor will need to evaluate:
- the risk of errors resulting from possible manipulation,
- the requisite assurance which can be provided from an understanding of how vulnerable the records are, and
- the security environment surrounding access to the mutual fund company records within the Dealer’s network.
In the event that the Panel Auditor:
- cannot reasonably determine the validity of the data source,
- concludes that the data is simply too vulnerable to potential manipulation, and/or
- decides traditional confirmations to verify the source and integrity of the mutual fund data is inefficient,
then the auditor can obtain the information electronically direct from Fundserv or the mutual fund company(s) and run diagnostic tests using appropriate tools to compare the independent data against the records used by the Dealer in the reconciliation process, and to identify any differences. Obtaining the information directly from the mutual fund company(s) or Fundserv should be under the control of the Panel Auditor, and preferably, would be coordinated as a second copy received direct at the time the information is provided to the Dealer as at the date of audit.
This alternative method of confirmation in obtaining “electronic source data” from Fundserv or the mutual fund company(s), subject to data integrity and reliance testing by the Panel Auditor(s), is acceptable for purposes of clause 4182(2)(ii).
Mutual fund reconciliations
For purposes of reviewing and testing whether the mutual fund reconciliation process of the Dealer is effective, the Panel Auditor should first obtain an understanding of how the process works. This includes, understanding the sources of information, how account items are matched between internal and external data sources, how differences are identified and logged, the process through which differences are cleared and/or corrected, and how uncleared items are handled. The process will need to be tested to ensure that the process matches records properly, detects and logs differences, and that the differences are cleared or controlled such that they are appropriately handled in the capital calculation. The auditor uses professional judgement in determining the exact nature and extent of tests of these processes and underlying controls – though the timing of the tests will be directed at the year-end account balances. Uncleared items should be cross-referenced to the corresponding reduction in capital.
The review of selected mutual fund reconciliations by the Panel Auditor(s) must include audit procedures to verify the integrity of the source data used in the reconciliation process by the Dealer to confirmed source data by the auditor (i.e. the source data used in the tests of the Dealer’s reconciliation process should be agreed to both the information obtained by traditional or alternative confirmation methods and to the Dealer’s recorded adjustments).
IIROC Rules this Guidance Note relates to:
- Rule 4100.
Previous Guidance Note
This Guidance Note replaces FC099-06 - Alternative Confirmation Procedures for Mutual Funds.
This Guidance Note is published under Notice 21-0190 - IIROC Rules, Form 1 and Guidance.