CEFEX conducts assessments according to the principles of the international standard ISO/IEC 17021: Conformity Assessment – Requirements for bodies providing audit and certification of management systems. Observance of these principles is intended to ensure that CEFEX operates its management system certification in a competent, consistent and impartial manner, thereby facilitating the recognition of CEFEX and the acceptance of its certifications on a national and international basis. The ISO 17021 standard serves as a foundation for facilitating the recognition of CEFEX certification in the interests of national and international trade.
Certification of a management system provides independent demonstration that the management system of the organization:
The assessment thereby provides value to the organization, its customers and interested parties. The overall aim of certification is to give confidence to all parties that a management system fulfils specified requirements. The value of certification is the degree of public confidence and trust that is established through an impartial and competent assessment by a third-party. Parties that have an interest in certification include, but are not limited to:
Principles for inspiring confidence include impartiality, competence, responsibility, openness, confidentiality, and responsiveness to complaints.
CEFEX has an external committee, the CEFEX Advisory Council, to safeguard the impartiality of the activities of the certification body with the following roles:
CEFEX has legally enforceable agreements with Analysts to safeguard the confidentiality of the information obtained or created during the performance of certification. All information, except for information that is made publicly accessible by the client, is considered confidential. Information about a particular client or individual is not disclosed to a third party without the written consent of the client or individual concerned. Where CEFEX is required by law to release confidential information to a third party, the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided.
Information about the client from sources other than the client (e.g. complainant, regulators) shall be treated as confidential.
Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on behalf of CEFEX, keep confidential all information obtained or created during the performance of activities for CEFEX.
The assessment program includes an initial audit, and annual renewal assessments. The determination of the extent of assessment considers the size of the client organization, the scope and complexity of its management system, products and processes, as well as demonstrated level of management system effectiveness and the results of any previous audits.
The CEFEX assessment is based on the international standard, ISO 19011: Guideline for quality and/or environmental system auditing, and is adjusted so as to align with the needs of the investment industry.
The assessment contains the following elements:
In determining the time required for an assessment, CEFEX considers, among other things, the following:
Where a candidate’s management system covers the same activity in various locations, CEFEX allows for the sampling of locations to ensure a representative assessment of the system. In this situation, only a sample of the candidate’s locations would require an on-site visit, at each assessment.
Readiness Assessment (optional)
The optional on-site Readiness Assessment conducted prior to the Certification Assessment, allows for the identification of any major issues with practice implementation and feedback regarding the candidates readiness for the Certification Assessment. It is typically conducted in one day. In addition, it provides additional insight to both the Analyst and the candidate for planning the Certification Assessment. The Analyst will provide an informal written report listing potential areas of non-conformity and/or opportunities for improvement. To ensure the impartiality of the Certification Assessment, the Analyst cannot provide consultative advice on how to correct the non-conformities.
Off-site document review
The Analyst will typically request documentation from the candidate which can be transmitted electronically or by mail/courier delivery.
This is an agreement with the candidate regarding the conduct and scheduling of assessment activities.
The objective of the assessment is
CEFEX provides a written report for the assessment. The Analyst may identify opportunities for improvement (OFI) but should not recommend specific solutions.
The Analyst may also identify nonconformities. Communicated in a Nonconformity Report (NCR), these stop the registration process, and the candidate is given 90 days to institute corrective action for the elimination of the NCR.
The final decision for registration is made at the independent CEFEX Registration Committee (CRC) meeting, where the Analyst presents the assessment package. Prior to making a decision for registration, the CRC confirms that:
The objective of the CRC is to ensure a consistently rigorous evaluation of candidate’s adherence to the relevant Standard.
Annual Renewal Assessments
Annual renewal assessments are performed to ensure continued adherence to the Standard, and typically require less time to perform, since initial information has already been collected, and the candidate is familiar with the process. The Analyst will review whether the certified firm has implemented actions to address the previously issued OFI’s.
CEFEX assessments are performed by industry professionals who hold the Accredited Investment Fiduciary Analyst (AIFA®) designation and have appropriate industry training and experience. Assessments performed for the ASPPA Recordkeeper certification must be conducted by professionals also hold the ASPPA Qualified 401(k) Administrator (QKA) designation.
A CEFEX certification is an independent recognition of a firm’s conformity to a Practices and criteria within a Standard. It implies that a firm can demonstrate adherence to the industry's best practices, and is positioned to earn the public's trust.
A successful certification process, as decided by the CEFEX Registration Committee, results in:
Scope of Registration
The scope of registration on a CEFEX certificate is implemented using similar principles to those used by the International Organization for Standardization (ISO). The scope is an important and necessary element of a registration program because it describes the services addressed in the CEFEX assessment. Clients and prospects of CEFEX-registered firms should carefully review the scope when performing due diligence on a firm.