ICI Releases Updated Framework For Financial Intermediary Controls And Compliance Assessment (FICCA) Engagements

[27847]

January 16, 2014

TO: ACCOUNTING/TREASURERS MEMBERS No. 1-14
BANK, TRUST AND RETIREMENT ADVISORY COMMITTEE No. 5-14
BROKER/DEALER ADVISORY COMMITTEE No. 4-14
COMPLIANCE MEMBERS No. 3-14
INVESTMENT COMPANY DIRECTORS No. 2-14
OPERATIONS MEMBERS No. 2-14
SMALL FUNDS MEMBERS No. 2-14
TRANSFER AGENT ADVISORY COMMITTEE No. 4-14 RE: ICI RELEASES UPDATED FRAMEWORK FOR FINANCIAL INTERMEDIARY CONTROLS AND COMPLIANCE ASSESSMENT (FICCA) ENGAGEMENTS

 

Today, the Investment Company Institute (ICI) is releasing an updated framework for FICCA engagements to assist mutual funds with their oversight of financial intermediaries that provide shareholder and recordkeeping services.

Background

In 2008, a working group of ICI members and representatives of the four national accounting firms developed the Financial Intermediary Controls and Compliance Assessment (FICCA) engagement framework. The framework calls for an omnibus account recordkeeper to engage an independent accounting firm to assess and issue a report on certain internal controls. Those controls relate to specified activities and contractual or regulatory requirements the intermediary is obligated to complete under the terms of its contractual agreement with a fund or as required by a prospectus. The auditor’s report expresses an opinion on its evaluation of an intermediary’s assertion that it has established specified control objectives and related controls that were suitably designed and operating effectively.

The FICCA framework describes multiple areas of focus where fund sponsors are seeking assurances, which include transaction processing, shareholder communications, recordkeeping, and document retention and among other things. Details regarding the 17 areas of focus are provided in Section II of the attached FICCA documentation. [1]

2014 FICCA Enhancements

A new working group of ICI members, representatives of the four national accounting firms, and financial intermediaries met throughout 2013 to review the 2008 FICCA framework. The review was conducted to enhance the performance of future engagements and improve the reports issued in order to promote broader use by intermediaries and funds.

The review of the FICCA framework culminated in a variety of enhancements that have been incorporated into the 2014 matrix document:

• The “Overview and Objective” section of the matrix now includes definitions of key terms and states that each of the 17 control areas (labeled “Areas of Focus”) should be addressed on an annual basis as part of the financial intermediary’s controls and compliance assessment engagement.
• A review of the 17 areas of focus resulted in two specific changes on the matrix. First, “Financial Viability” was removed because this topic is covered in the intermediary’s audited financial statements, not as part of a FICCA or SSAE 16 report. [2] Second, “Blue Sky Reporting” was added as a new area of focus on the 2014 matrix.
• The column in the 2008 version of the matrix titled “Sample Control Objectives” was renamed “Management Description or Controls Testing” and now also indicates whether each area of focus should be subject to controls testing or covered in a management narrative.
• The “Management Description or Controls Testing” and “Points to Consider” for the areas of focus were streamlined where appropriate to facilitate a more efficient engagement process for intermediaries and audit firms.
• Language was added to the “Points to Consider” section of the matrix to clarify that the points provided are not intended to be a checklist or comprehensive listing of all relevant factors that may be considered in each control environment or engagement.

Importantly, a key goal of the working group was to preserve flexibility for intermediaries when providing funds with independent assessments of the 17 control areas defined in the matrix. Because intermediaries may complete other attest engagements (such as an SSAE 16) in which certain controls defined on the matrix are already tested, the working group agreed that intermediaries should not be required to have independent audit firms perform duplicate testing or reporting. Consistent with the 2008 FICCA framework, an intermediary may cover the 17 control areas through one comprehensive report, or a combination of reports (e.g., a SSAE 16 report covering certain areas, and a FICCA report covering the remaining areas).

Additional Materials to Assist Industry Participants

The working group also developed the following new materials, which have been incorporated into the FICCA documentation, to enhance the understanding and efficiency of these engagements:

• A Glossary of Terms for the FICCA matrix (see Section III).
• A Sample Report of Independent Accountants and a Sample Management Assertion typically provided for a FICCA engagement (see Section IV).
• A FICCA Mapping Template for Control Reports that can be used by intermediaries to assist fund sponsors in determining where the 17 control areas defined in the FICCA matrix are covered, either as part of the FICCA report, the SSAE 16 (Type 2) service organization controls report, or a third-party vendor’s SSAE 16 (Type 2) report (see Section V).
• An Internal Control Reporting Standards Reference Guide that provides information on the types of audit standards that may be utilized to conduct control engagements, including the compliance attestation and SSAE 16 reporting standards (see Section VI).

These enhancements to the documentation are intended to serve as additional resources to assist the industry in using the FICCA framework. If you have any questions or comments about the FICCA documentation, please contact Marty Burns, ICI Senior Director of Operations and Distribution, at mburns@ici.org or 202-326-5980; or Greg Smith, ICI Senior Director of Fund Accounting, at smith@ici.org or 202-326-5851.

We would like to extend our appreciation to the members of the ICI FICCA working group that contributed to this effort.

 

Kathleen C. Joaquin
Chief Industry Operations Officer

Attachment

endnotes

[1] The FICCA documentation is available on the ICI website at www.ici.org/pdf/27847.pdf and may also be accessed through various ICI committee web pages.

[2] SSAE 16 reports, prepared in accordance with the AICPA’s Auditing Standards Board’s Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, are specifically intended to meet the needs of the management of user entities and the user entities’ auditors, as they evaluate the effect of the controls at the service organization on the user entities’ financial statement assertions.