How to Conduct a Mock Compliance Audit for Your RIA

Registered investment advisors (RIAs) are subject to examination by the Securities and Exchange Commission (SEC) and/or state regulatory agencies. These exams, which are intended to ensure that RIAs consistently meet compliance requirements, take place approximately every seven years according to internal SEC data.¹ The SEC prioritizes newer firms that have never been examined in determining which ones to scrutinize each year.² Conducting an RIA mock audit can help you feel more prepared when it’s time for the real thing.

SmartAsset’s Advisor Marketing Platform (AMP) offers financial advisors services like client lead generation, automated marketing and more. Learn about SmartAsset AMP today.

RIA Mock Audit Planning Tips

Mock audits help you pinpoint weak spots or gaps in your compliance program, affording you time to address and correct them before your actual SEC or state regulatory examination takes place. The most effective mock exam mirrors the process used by regulatory agencies to assess your firm’s compliance.

Professional audit and compliance firms can assist with a mock exam, and experts may recommend utilizing a third party so you have an objective, non-biased point of view. You can, however, choose to conduct a self-assessment instead if your schedule or budget doesn’t allow for that.

Here’s how to implement an RIA mock audit for your firm.

1. Review Current Exam Priorities

Each year, the SEC releases a list of exam priorities that form the basis for onsite and off-site examinations. Reviewing the current year’s list can give you an idea of what you might expect regulators to ask you about, should you receive a visit from examiners.

For 2026, key exam priorities include:

• Adherence to fiduciary standards, particularly in dealings with retail investors
• Disclosure processes, including how conflicts of interest are disclosed
• Investment recommendations, including alternative investments and higher-cost investments
• Advisor compliance programs and their effectiveness
• Data security, as it relates to the use of third-party vendors that have access to client data

These topics may already be on your radar if you follow compliance and risk trends regularly. Keep in mind that if you’re dual-registered as both an RIA and a broker-dealer, additional exam priorities may apply to your situation.

2. Conduct an Off-Site Review

An off-site review is the first phase of the compliance exam process. The SEC or state regulator sends your firm a request for documentation detailing information about your firm’s operations and business practices, which you’re expected to return promptly.

Here’s how to navigate this phase of your RIA mock audit.

• Draft a mock request letter to send to your chief compliance officer (CCO) with a list of required documents.
• Have the CCO collect the requested records and submit them to you or to the member of your team who is acting as the mock examiner.
• Review (or have your assigned mock examiner review) each document to ensure compliance with SEC Rule 204-2, which pertains to recordkeeping, and Rule 206(4)-7, which requires RIAs to have a written compliance policy.

The SEC may allow one to two weeks for you to gather your documents, which is the same time frame you should afford to your CCO. Now, what documents should they be prepared to share? The list can include:

• Financial statements
• A copy of your firm’s compliance policy and cybersecurity policy
• Organizational charts
• Client records
• Records of disciplinary actions taken against employees
• Documents detailing any changes to existing policies and procedures
• Copies of your most recent Form ADV

These documents should be readily accessible and easy to locate. Some potential compliance red flags to watch for include missing or incomplete documentation, or a failure to maintain records for the period required by SEC rules.

3. Move to the On-site Exam

Once regulators review your documentation, an on-site exam follows. On-site visits may be announced or unannounced, and they typically take place within six months of the off-site review.

If you haven’t had an on-site visit yet, consider adding these steps to your mock audit.

• Schedule an initial meeting with your CCO, acting as the examiner, to discuss the scope and purpose of the exam and what you can expect.
• Review documents on-site, including copies of the firm’s Form ADV, code of ethics and cybersecurity policy.
• Conduct interviews with your CCO and other key staff members to test their compliance knowledge.

Practice interviews can help the actual audit process go more smoothly and take pressure off your CCO or other key employees who meet with examiners. The interviews are designed to give regulators a better understanding of your firm’s compliance practices and where deficiencies may exist.

Generally, you can expect examiners to be on-site with you and your team for three to five days. Any employees you anticipate being interviewed should be prepped beforehand about what to expect. For instance, you may advise them to ask for clarification of any questions they don’t understand.

4. Prepare a Written Report

The final phase of the SEC exam process is the written report. Examiners draft a report that summarizes everything they observed, both off-site and on-site, and includes any recommendations for issues that require attention or correction.

Once you have drafted this report, review it with your compliance team to discuss how to address areas that require improvement. Use this compliance meeting as an opportunity to brainstorm solutions and move forward, without pointing fingers or laying blame.

You may also consider bringing in a compliance consultant so you have an extra set of eyes. An outside consultant may be able to spot gaps in your compliance plan that you and your team have otherwise overlooked.

RIA Mock Audit FAQs

Bottom Line

An RIA mock audit is intended to be a dry run. As you move through each stage of the audit process, be observant and objective. Acknowledge mistakes or shortcomings, then turn your attention to correcting them so you are better prepared for the actual examination.

Tips for Growing Your Business

• Are you spending a lot of time (and money) on marketing, but getting little in return for your efforts? Marketing is often one of the biggest challenges advisors face, but you can overcome it with the right strategy. For example, partnering with an advisor marketing platform could potentially help you gain more traction with your ideal clients. SmartAsset AMP (Advisor Marketing Platform) is a holistic marketing service that financial advisors can use for client lead generation and automated marketing. Sign up for a free demo to explore how SmartAsset AMP can help you expand your practice’s marketing operation. Get started today.
• Marketing and cybersecurity are increasingly the focus of compliance regulations. If you aren’t up to date on the latest marketing rules regarding recordkeeping and client testimonials, or you don’t have a cybersecurity policy in place, those are two areas you may want to focus on first as you prepare for a mock audit.