Fund Audits – Key processes and best practices

The audit of Collective Investment Schemes (CIS), in line with other audits that we carry out, requires an in-depth understanding of the fund, its service providers and its processes.

A Collective Investment Scheme pools money from multiple investors to invest in diversified assets. The collective Investment Scheme would offer the investor professional management services, diversification, lower entry costs, and liquidity, thus making Collective Investment Schemes a cornerstone of modern investment strategies.

Investment funds would typically operate under one of three structures:

1. Standalone structures – A single fund with its own investment strategy.
2. Umbrella / Multi-fund structures – Multiple sub-funds under one legal entity, each with distinct strategies.
3. Master/Feeder structures – A master fund would invest pooled assets, while a feeder fund would channel investor contributions into the master fund.

Malta offers several fund licenses, each with unique regulatory requirements and investor profiles. These include:

• UCITS – A Collective Investment Scheme offered to retail and non-retail investors
• Alternative Investment Funds (AIFs)
• Notified AIFs (NAIFs)
• Professional Investor Funds (PIFs)
• Notified PIFs (NPIFs)

Within each type of fund, one would identify multiple stakeholders, including:

• Investment Manager
• Fund Administrator
• Custodian
• Broker
• Compliance Officer
• Money Laundering Reporting Officer (MLRO)

‍

ISA 315 (Revised) deals with the identification and assessment of the risks of material misstatement within an audit and requires auditors to understand the entity’s environment, financial reporting framework, and internal controls, while also identify and assess the risks of material misstatement at both the financial statement and assertion levels. The standard makes reference to the five inherent risk factors as a ‘tool’ to assist auditors in identifying such risk factors within an audit. These factors/tools include subjectivity, uncertainty, complexity, change and the susceptibility to management bias or fraud.

Through use of the inherent risk factors within risk assessment procedures, auditors can better assess where relevant risk factors lie within specific assertions to the financial statement line items. For example, should the valuation of investments in a fund audit be deemed to be a complex exercise, resulting in a significant magnitude / impact or high likelihood of a material misstatement, then such area should be noted to be of significant risk. Consequently, it warrants heightened audit focus and attention during the procedures performed.

‍

Core audit processes within a fund audit

The core audit processes within a fund audit are the key business processes we need to be understanding and testing and involve associated risks and controls. The core audit processes that auditors need to be understanding typically include:

• Financial assets
• Cash and cash equivalents
• Subscriptions and redemptions

‍

Financial assets

The processes surrounding financial assets would typically involve understanding how an entity executes additions and disposals in a fund and how such financial assets are valued in line with the offering documents.

The process for executing purchases of financial assets would involve the investment decision and approval, the execution of the trade, settlement of the trade and finally the relevant accounting entries within the books. Meanwhile, disposals would firstly involve the decision to dispose of a financial asset, trade execution and settlement, the relevant accounting entries, including relevant compliance checks to confirm adherence to investment restrictions.

A key point for auditors to understand would involve the service provider that is affecting such transactions. Typically, additions and disposals would be processed by the broker.

It is imperative for auditors to ensure that relevant agreements are in place with service providers, while risks associated with financial assets are addressed accordingly. Such risks could involve breach of the investment policy in place as stipulated within the relevant Offering Supplements, lack of best execution policy, improper documentation or approval of documents or failed or delayed settlements, among others. The possible mitigation of such risks could only be carried out through relevant controls in place within the fund administrator, which could include a formal investment policy in place, a formal best execution policy in place, investment committee review and approval procedures, as well as relevant audit trails for decision-making.

‍

Cash and cash equivalents

When auditing the cash and cash equivalents within a fund, one would need to understand the relevant processes surrounding deposits, payments and reconciliations on valuation days. Relevant risks that could be evident within cash and cash equivalents could include the misallocation of funds, unauthorised payments or fraud, including unrecorded deposits or payments.

In order for such risks to be mitigated, relevant controls should include the performance of regular bank reconciliations, dual authorisation procedures including timely postings.

‍

Subscriptions and redemptions

Subscriptions within a fund relate to the investor injecting money into the fund through the purchase of shares or units. Such process, in summary, would typically involve the investor completing an application form, transferring money to the fund, with the fund issuing shares to the investor at the most recent Net Asset Value (NAV) per share.

Meanwhile, redemptions arise when investors take money out of a fund and essentially are selling back their shares to the fund. Such process would involve the investor submitting a redemption request, the fund calculating the NAV and accordingly paying the investor the corresponding amount. This would therefore result in the cancellation of such shares.

The above two processes control the flow of money in and out of the fund and accordingly would affect the fund’s liquidity and investment strategy. However, such processes do involve certain risks that need to be considered during our audits, and these could typically include incomplete or incorrect KYC documentation, ineligible investors, incorrect NAV application, unauthorised or fraudulent requests, misallocation or timing errors, breach of Offering Memorandum or regulatory limits or even liquidity shortfalls.

In order to address such risks, it is imperative that the fund has relevant controls in place within its fund administration processes. Such controls could include KYC verification, investor eligibility checks, as well as verification of NAV per share and NAV validation and sign-off procedures.

While the above examples do provide typical procedures we can expect to perform on a fund’s business processes, suggested procedures are not exhaustive and are dependent on the relevant activities within the fund.

Fund audits require a deep understanding of regulatory frameworks, operational structures, and inherent risks. By ensuring a proper understanding of the fund being audited, including an understanding of the relevant service providers and processes in place, auditors can ensure that relevant risks are mitigated through tailored and specific audit procedures carried out, thereby ensuring adherence to best practices, transparency, improved compliance, and investor confidence.