Process

CEFEX conducts assessments according to the principles of the international standard ISO/IEC 17021: Conformity Assessment – Requirements for bodies providing audit and certification of management systems. Observance of these principles is intended to ensure that CEFEX operates its management system certification in a competent, consistent and impartial manner, thereby facilitating the recognition of CEFEX and the acceptance of its certifications on a national and international basis. The ISO 17021 standard serves as a foundation for facilitating the recognition of CEFEX certification in the interests of national and international trade.

Certification of a management system provides independent demonstration that the management system of the organization:

1. conforms to specified requirements,
2. is capable of consistently achieving its stated policy and objectives, and
3. is effectively implemented.

The assessment thereby provides value to the organization, its customers and interested parties. The overall aim of certification is to give confidence to all parties that a management system fulfils specified requirements. The value of certification is the degree of public confidence and trust that is established through an impartial and competent assessment by a third-party. Parties that have an interest in certification include, but are not limited to:

1. the clients of the certification bodies,
2. the customers of the organizations whose management systems are certified,
3. governmental authorities,
4. non-governmental organizations, and
5. consumers and other members of the public.

Principles for inspiring confidence include impartiality, competence, responsibility, openness, confidentiality, and responsiveness to complaints.

CEFEX has an external committee, the CEFEX Advisory Council, to safeguard the impartiality of the activities of the certification body with the following roles:

1. to assist in developing the policies relating to impartiality of its certification activities,
2. to counteract any tendency on the part of a certification body to allow commercial or other considerations to prevent the consistent, objective provision of certification activities,
3. to advise on matters affecting confidence in certification, including openness, public perception and governmental oversight.

Confidentiality
CEFEX has legally enforceable agreements with Analysts to safeguard the confidentiality of the information obtained or created during the performance of certification. All information, except for information that is made publicly accessible by the client, is considered confidential. Information about a particular client or individual is not disclosed to a third party without the written consent of the client or individual concerned. Where CEFEX is required by law to release confidential information to a third party, the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided.
Information about the client from sources other than the client (e.g. complainant, regulators) shall be treated as confidential.
Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on behalf of CEFEX, keep confidential all information obtained or created during the performance of activities for CEFEX.

The Assessment
The assessment program includes an initial audit, and annual renewal assessments. The determination of the extent of assessment considers the size of the client organization, the scope and complexity of its management system, products and processes, as well as demonstrated level of management system effectiveness and the results of any previous audits.

The CEFEX assessment is based on the international standard, ISO 19011: Guideline for quality and/or environmental system auditing, and is adjusted so as to align with the needs of the investment industry.
The assessment contains the following elements:

Initial preparation
In determining the time required for an assessment, CEFEX considers, among other things, the following:

1. the requirements of the relevant management system standard;
2. size and complexity;
3. technological and regulatory context;
4. outsourcing of any activities included in the scope of the management system;
5. the results of any prior assessments; and
6. the number of sites to be assessed.

Where a candidate’s management system covers the same activity in various locations, CEFEX allows for the sampling of locations to ensure a representative assessment of the system. In this situation, only a sample of the candidate’s locations would require an on-site visit, at each assessment.

Readiness Assessment (optional)
The optional on-site Readiness Assessment conducted prior to the Certification Assessment, allows for the identification of any major issues with practice implementation and feedback regarding the candidates readiness for the Certification Assessment. It is typically conducted in one day. In addition, it provides additional insight to both the Analyst and the candidate for planning the Certification Assessment. The Analyst will provide an informal written report listing potential areas of non-conformity and/or opportunities for improvement. To ensure the impartiality of the Certification Assessment, the Analyst cannot provide consultative advice on how to correct the non-conformities.

Off-site document review
The Analyst will typically request documentation from the candidate which can be transmitted electronically or by mail/courier delivery.

Assessment Plan
This is an agreement with the candidate regarding the conduct and scheduling of assessment activities.

On-Site Assessment
The objective of the assessment is

1. to examine and verify the structure, policies, processes, procedures, records and related documents of the candidate’s management system,
2. to determine that these meet all the requirements relevant to the intended scope of certification,
3. to determine that the processes and procedures are established, implemented and maintained effectively, to provide a basis for confidence in the candidate's management system, and
4. to communicate to the candidate, for its action, any inconsistencies between the client's policy, objectives and targets (consistent with the expectations in the relevant standard) and the results.

Post-assessment Activity
CEFEX provides a written report for the assessment. The Analyst may identify opportunities for improvement (OFI) but should not recommend specific solutions.

The Analyst may also identify nonconformities. Communicated in a Nonconformity Report (NCR), these stop the registration process, and the candidate is given 90 days to institute corrective action for the elimination of the NCR.

Registration
The final decision for registration is made at the independent CEFEX Registration Committee (CRC) meeting, where the Analyst presents the assessment package. Prior to making a decision for registration, the CRC confirms that:

1. the information provided by the Analyst is sufficient with respect to the certification requirements and the scope for certification; and
2. it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all nonconformities.

The objective of the CRC is to ensure a consistently rigorous evaluation of candidate’s adherence to the relevant Standard.

Annual Renewal Assessments
Annual renewal assessments are performed to ensure continued adherence to the Standard, and typically require less time to perform, since initial information has already been collected, and the candidate is familiar with the process. The Analyst will review whether the certified firm has implemented actions to address the previously issued OFI’s.

CEFEX assessments are performed by industry professionals who hold the Accredited Investment Fiduciary Analyst (AIFA®) designation and have appropriate industry training and experience. Assessments performed for the ASPPA Recordkeeper certification must be conducted by professionals also hold the ASPPA Qualified 401(k) Administrator (QKA) designation.

Certification

A CEFEX certification is an independent recognition of a firm’s conformity to a Practices and criteria within a Standard. It implies that a firm can demonstrate adherence to the industry's best practices, and is positioned to earn the public's trust.

A successful certification process, as decided by the CEFEX Registration Committee, results in:

1. a CEFEX certificate and Letter of Registration being issued
2. registration on CEFEX’s public database, under Registered Firms
3. permitted use of the CEFEX mark in both print and web form.
4. a News Release issued to the CEFEX distribution list which includes registered firms. The Release can be coordinated with the registered firm’s marketing activities.

Scope of Registration
The scope of registration on a CEFEX certificate is implemented using similar principles to those used by the International Organization for Standardization (ISO). The scope is an important and necessary element of a registration program because it describes the services addressed in the CEFEX assessment. Clients and prospects of CEFEX-registered firms should carefully review the scope when performing due diligence on a firm.