CEFEX conducts assessments according to the principles of the international standard
ISO/IEC 17021: Conformity Assessment – Requirements for bodies providing
audit and certification of management systems. Observance of these principles is
intended to ensure that CEFEX operates its management system certification in a
competent, consistent and impartial manner, thereby facilitating the recognition
of CEFEX and the acceptance of its certifications on a national and international
basis. The ISO 17021 standard serves as a foundation for facilitating the recognition
of CEFEX certification in the interests of national and international trade.
Certification of a management system provides independent demonstration that the
management system of the organization:
a) conforms to specified requirements,
b) is capable of consistently achieving its stated policy and objectives, and
c) is effectively implemented.
The assessment thereby provides value to the organization, its customers and interested
parties. The overall aim of certification is to give confidence to all parties that
a management system fulfils specified requirements. The value of certification is
the degree of public confidence and trust that is established through an impartial
and competent assessment by a third-party. Parties that have an interest in certification
include, but are not limited to:
a) the clients of the certification bodies,
b) the customers of the organizations whose management systems are certified,
c) governmental authorities,
d) non-governmental organizations, and
e) consumers and other members of the public.
Principles for inspiring confidence include impartiality, competence, responsibility,
openness, confidentiality, and responsiveness to complaints.
CEFEX has an external committee, the CEFEX Advisory Council, to safeguard the impartiality
of the activities of the certification body with the following roles:
a) to assist in developing the policies relating to impartiality of its certification
b) to counteract any tendency on the part of a certification body to allow commercial
or other considerations to prevent the consistent, objective provision of certification
c) to advise on matters affecting confidence in certification, including openness,
public perception and governmental oversight.
CEFEX has legally enforceable agreements with Analysts to safeguard the confidentiality
of the information obtained or created during the performance of certification.
All information, except for information that is made publicly accessible by the
client, is considered confidential. Information about a particular client or individual
is not disclosed to a third party without the written consent of the client or individual
concerned. Where CEFEX is required by law to release confidential information to
a third party, the client or individual concerned shall, unless regulated by law,
be notified in advance of the information provided.
Information about the client from sources other than the client (e.g. complainant,
regulators) shall be treated as confidential.
Personnel, including any committee members, contractors, personnel of external bodies
or individuals acting on behalf of CEFEX, keep confidential all information obtained
or created during the performance of activities for CEFEX.
The assessment program includes an initial audit, and annual renewal assessments.
The determination of the extent of assessment considers the size of the client organization,
the scope and complexity of its management system, products and processes, as well
as demonstrated level of management system effectiveness and the results of any
The CEFEX assessment is based on the international standard, ISO 19011: Guideline
for quality and/or environmental system auditing, and is adjusted so as to align
with the needs of the investment industry.
The assessment contains the following elements:
In determining the time required for an assessment, CEFEX considers, among other
things, the following:
a) the requirements of the relevant management system standard;
b) size and complexity;
c) technological and regulatory context;
d) outsourcing of any activities included in the scope of the management system;
e) the results of any prior assessments; and
f) the number of sites to be assessed.
Where a candidate’s management system covers the same activity in various locations,
CEFEX allows for the sampling of locations to ensure a representative assessment
of the system. In this situation, only a sample of the candidate’s locations would
require an on-site visit, at each assessment.
Readiness Assessment (optional)
The optional on-site Readiness Assessment conducted prior to the Certification
Assessment, allows for the identification of any major issues with practice implementation
and feedback regarding the candidates readiness for the Certification Assessment.
It is typically conducted in one day. In addition, it provides additional insight
to both the Analyst and the candidate for planning the Certification Assessment.
The Analyst will provide an informal written report listing potential areas of non-conformity
and/or opportunities for improvement. To ensure the impartiality of the Certification
Assessment, the Analyst cannot provide consultative advice on how to correct the
Off-site document review
The Analyst will typically request documentation from the candidate which can be
transmitted electronically or by mail/courier delivery.
This is an agreement with the candidate regarding the conduct and scheduling of
The objective of the assessment is
a) to examine and verify the structure, policies, processes, procedures, records
and related documents of the candidate’s management system,
b) to determine that these meet all the requirements relevant to the intended scope
c) to determine that the processes and procedures are established, implemented and
maintained effectively, to provide a basis for confidence in the candidate's
management system, and
d) to communicate to the candidate, for its action, any inconsistencies between
the client's policy, objectives and targets (consistent with the expectations
in the relevant standard) and the results.
CEFEX provides a written report for the assessment. The Analyst may identify opportunities
for improvement (OFI) but should not recommend specific solutions.
The Analyst may also identify nonconformities. Communicated in a Nonconformity Report
(NCR), these stop the registration process, and the candidate is given 90 days to
institute corrective action for the elimination of the NCR.
The final decision for registration is made at the independent CEFEX Registration
Committee (CRC) meeting, where the Analyst presents the assessment package. Prior
to making a decision for registration, the CRC confirms that:
a) the information provided by the Analyst is sufficient with respect to the certification
requirements and the scope for certification; and
b) it has reviewed, accepted and verified the effectiveness of correction and corrective
actions, for all nonconformities.
The objective of the CRC is to ensure a consistently rigorous evaluation of candidate’s
adherence to the relevant Standard.
Annual Renewal Assessments
Annual renewal assessments are performed to ensure continued adherence to the Standard,
and typically require less time to perform, since initial information has already
been collected, and the candidate is familiar with the process. The Analyst will
review whether the certified firm has implemented actions to address the previously
CEFEX assessments are performed by industry professionals who hold the Accredited
Investment Fiduciary Analyst (AIFA) designation and have appropriate industry training
and experience. Assessments performed for the ASPPA Recordkeeper certification must
be conducted by professionals also hold the ASPPA Qualified 401(k) Administrator
A CEFEX certification is an independent recognition of a firms conformity to a Practices and criteria within a Standard. It implies that a firm can demonstrate adherence to the industry's best practices, and is positioned to earn the public's trust.
A successful certification process, as decided by the CEFEX Registration Committee, results in:
Scope of Registration
- a CEFEX certificate and Letter of Registration being issued
- registration on CEFEX’s public database, under Registered Firms
- permitted use of the CEFEX mark in both print and web form.
- a News Release issued to the CEFEX distribution list which includes registered firms. The Release can be coordinated with the registered firm’s marketing activities.
The scope of registration on a CEFEX certificate is implemented using similar principles to those used by the International Organization for Standardization (ISO). The scope is an important and necessary element of a registration program because it describes the services addressed in the CEFEX assessment. Clients and prospects of CEFEX-registered firms should carefully review the scope when performing due diligence on a firm.
Please click here to download the CEFEX Complaint Procedure.