Let Us Help You

What we Provide

Ashland Partners is a PCAOB registered, specialty CPA firm providing due diligence solutions to the financial services industry. Ashland Partners’ hallmarks are innovation and service dedicated to supporting clients as they provide transparency and assurance to their current and prospective clients.

  • SOC 1 / Internal Controls

    Internal Controls

Ashland Partners’ provides SOC 1 examinations and customized internal control services to investment management firms to meet the requirements of industry regulators, organization agreements, investors, or as a corporate governance control without the overhead of many of our competitors.

The SOC 1 Internal Controls Examination (formerly known as an SSAE 16 exam) is an in-depth examination of a service organization’s control objectives and control activities related to a user entity’s financial reporting and can only be performed by a CPA firm.


SOC 1/Internal Controls

With a focus on the investment industry, Ashland Partners specializes in providing these types of examinations to investment advisors, as well as fund administrators and transfer agents. Our professionals have developed a unique perspective on the operational challenges and best practices of firms ranging in size from just under $1 billion to over $350 billion in assets under management.

The need for this type of assurance reporting can be driven by the following reasons:

• The increasingly regulated corporate environment your clients operate in is forcing them to consider how you demonstrate control effectiveness over the operations they have outsourced to you;
• A need for clients to understand fully, and be confident with, the effectiveness of outsourced processes;
• Demand in the marketplace for a service organizations to provide a recognized controls assurance report to retain and win business; and
• Accountability for demonstrating management of outsourced risk now extends beyond pure financial risk to assess areas such as Data Security.

Firms that undergo a SOC 1 examination will receive a specific report on the controls at a service organization. A SOC 1 allows for a Type 1 or a Type 2 report.

• A Type 1 report opines as to the fair representation of a firm’s description of controls and whether or not they are suitably designed to achieve a firm’s control objectives as of a point in time.
• A Type 2 report goes a step further and opines on the effectiveness of the controls in place over a specific period of time.

For further information or to discuss how we can help you, please contact us.

  • Audit & Tax

    Financial Experts

Ashland Partners’ provides traditional audit and tax services to investments management firms and funds to meet the requirements of industry regulators, organization agreements, investors, or as a corporate governance control without the overhead of many of our competitors.

The Ashland Advantage is a client service model that provides value and perspective to help you better serve your clients and stakeholders throughout the audit process. Our process is specialized for the investment management industry and designed to maximize client resources while mitigating financial reporting risk.


Financial Statement Audit

We have domestic and international experience working with a full spectrum of traditional and alternative strategies and structures which include, but are not limited to:

• Private Funds
• RIAs
• Fund of Funds
• Feeders
• CITs
• Taxable/tax-exempt structures
• Multi-manager
• Multi-class / series
• ETFs
• Mutual funds
• Introducing and self-clearing broker dealers


Tax Services

With the increasing complexity of international, federal, and state tax laws, it is important to have knowledgeable professionals on your side that know your industry. Ashland Partners recognizes the investment management industry’s complexities and nuances. In the eyes of many investors, timely delivery of tax returns is just as important as investment returns. Our tax team will work directly with your financial statement audit team to ensure the most effective, efficient, accurate, and timely delivery of your tax returns.

Our tax assistance and custom research and planning services include, but are not limited to:

• Federal, State/Local, or ERISA tax return preparation
• Nexus apportionment
• Various strategy implementations and effectiveness reviews
• Reclamations

For further information or to discuss how we can help you, please contact us.

  • Surprise Custody Examination

    Custody Examination

Ashland Partners’ provides surprise custody examinations for firms who are deemed to have custody per Rule 206(4)-2 (the “Custody Rule”) of the Investment Advisers Act of 1940 (“Advisers Act”). If you are a trustee on client accounts, a general partner of an unaudited fund, have client log in credentials, provide bill-pay services, or have another qualifying event, Ashland Partners’ process is designed to make the custody examination as efficient as possible.



Surprise Custody Examination

Rule 206(4)-2 (the “Custody Rule”) of the Investment Advisers Act of 1940 (“Advisers Act”), is one of the most important rules designed to protect advisory clients from the misuse or misappropriation of their funds and securities. Registered Investment Advisers (“RIAs”) that have custody are required to obtain an annual surprise examination by an independent accounting firm.

An RIA is deemed to have custody if they directly or indirectly hold client funds or securities, or have authority to obtain possession of them. Examples include:

• Accounts for which the RIA has the ability (including general power of attorney) to withdraw or have access to client funds or securities;
• Assets indirectly or directly held by a related party; or
• Acting as a general partner for a limited partnership (“LP”) or manager of a limited liability company (“LLC”).


Minimum surprise examination requirements include, but not limited to, the examination of the books and records as they relate to the RIA’s custody and confirmation with the qualified custodians and clients.

Confirmation with qualified custodians:

• Client funds and securities as of the date of the examination;
• Client’s funds and securities are held in either a separate account under the client’s name or in accounts under the name of the RIA as agent or trustee for clients; and
• Reconciliation of confirmations and other information received.

Confirmation with clients:

• Funds and securities held in the account as of the date of the examination;
• Contributions and withdrawals of funds and securities to and from the account since the date of the last examination; and
• Reconciliation of confirmations and other information received.

For further information or to discuss how we can help you, please contact us.

  • Cyber Security Solutions

    Financial Experts

Ashland Partners’ suite of cyber security services are designed to help CCOs meet regulatory and institutional client expectations. Ashland Partners’ Cyber Security Services include the following and can be tailored to any firm:


Cyber Security Risk Assessment – Uncovering and targeting the risks to your data. The first step to creating a safe data security environment is understanding the risks to your firm. Although a key component to Regulation S-P, understanding all the risks to your data is often neglected as an integral part of many cyber security programs. Not all cyber security risks are self-evident or IT-related. Whether the risk is logical, physical or force majeure, a Cyber Security Risk Assessment is used to identify the risks to your data in order to allow you to properly address them. Ashland Partners works with you to create a customized Cyber Security Risk Assessment tailored to your specific environment. This assessment identifies your potential concerns, evaluates your environment against known industry risks, and provides a clear roadmap to address shortfalls.

Cyber Security Policy Services – Evaluating and creating administrative controls. SEC Examination priorities emphasize that cyber security policies are one of the most important tools in your compliance arsenal. Policies serve as mitigating controls to your risks, while providing direction and accountability for your employees. Ashland Partners will take guesswork out of creating and implementing your cyber security policies and procedures. These services follow the NIST standard, and are customized to the needs of your firm.

Don’t have current policies in place? Ashland Partners can help you build your policies from the ground up, making your firm more secure and more compliant.

Cyber Security Vulnerability & Penetration Testing – Assessing the security implemented inside your network and testing the perimeter of your network for vulnerabilities. Regulation S-P recommends that a firm tests their cyber security controls, at least annually. Testing should be designed to assess and analyze internal and external threats so that controls can be updated to meet the needs of an ever evolving data security environment. Using a third-party eliminates bias in the design and maintenance of controls and infrastructure, yielding a truly independent assessment and ensuring current best practice procedures and tools.

Performing a vulnerability test is an excellent way to demonstrate compliance with Reg. S-P and to uncover internal vulnerabilities. Ashland Partners’ experts will scan your internal computers, routers, switches, and servers to identify risks and gather information into a useable report focused on your remediation efforts going forward.

Penetration testing services examine the exterior of your network to determine if there are exploitable vulnerabilities that a hacker could use to breach your network. Ashland Partners will scan the exterior of your network, gather a list of potential exploits, and distill the results into a usable report that will help you target the vulnerabilities that pose the greatest risk.

Cyber Security Training & Phish Testing Services – Ensuring your employees know their cyber security responsibilities. Employees are always the weakest link in any security program. In fact, 98% of all data breaches involve internal human error in some way. Cyber security training is a successful tool to ensure employees are properly trained for their roles within the firm. Phishing services can assist in reinforcing learned habits and maintaining awareness for employees.

The SEC requires you to regularly conduct cyber security training for your employees. Ashland Partners will provide a turnkey, web-based training solution that is efficient, memorable, and designed to meet your cyber security training obligations. The sessions can be accessed at any time, and on any device that has an Internet connection. Ashland Partners will configure and manage the system for you, and provide regular reports to show employees’ progress through the curriculum and absorption of the key aspects of cyber security.

According to Verizon Security, in 2018 Phishing-related attacks represent approximately 98% of all reported breaches and Email continues to be the most common method for hackers to try and gain access to a network. This prevalent attack vector continues to plague the financial services industry. Training your employees about spot red flags in Email messages is a proven step in mitigating Phishing-related breaches. Ashland Partners will configure and manage this system for you. We will create regular phish testing campaigns and report the results to you, which will facilitate the ability to target additional specific training, as needed.

Cyber Security Agreed Upon Procedures – Customized testing that targets specific controls

For further information or to discuss how we can help you, please contact us.

  • Consulting and Agreed Upon Procedures

    And Agreed Upon Procedures

Ashland Partners can conduct customized or narrow scoped consulting and Agreed-Upon Procedures engagements designed to meet specific needs of the client.



Ashland Partners has consulted with numerous investment firms on a wide range of subject matter. With industry-leading knowledge and exposure to a broad array of clients, Ashland Partners can build a scope of work to meet your needs.


Agreed-Upon Procedures

Customized to the client’s needs, Agreed-Upon Procedures can be structured to test, or review procedures related to any subject matter including, but not limited to:

• Compliance with Regulations
• Internal Controls
• Operational processes

For further information or how to discuss how we can help you, please contact us.

  • Vendor Due Diligence

    Due Diligence

Ashland Partners’ Vendor Due Diligence services are designed to help CCOs meet regulatory and institutional client expectations. Ashland Partners’ Vendor Due Diligence services can be tailored to any firm.


Vendor Due Diligence

The SEC, FINRA, and other regulatory bodies frequently communicate their growing concern regarding third-party risks. Documentation of risk assessments and relevant due diligence of your third-party vendors is just as important as your own internal control procedures. Increasing reliance on third-party expertise in the industry means both risk exposure and regulatory oversight will continue to grow.

A good due diligence program starts with a complete inventory of vendors, and an assessment of the risks they pose to your data. However, once the risk is determined, how do you effectively mitigate those risks? What questions need to be asked? What supporting documentation should be obtained? How do you force the vendor to comply with your regulatory needs? Ashland Partners helps firms address these questions in a best practice environment, and still at a lower overall cost than a firm’s internal due diligence efforts.

Efficient Service – Our automated platform expedites vendor response times and creates useful reports to minimize the CCO’s time commitment
Quality Due Diligence – We have customized industry-vetted questionnaires that the vendor will find relevant to the service they are providing and pertinent to your needs as the client
Documented Processes – Our reports document the due diligence performed as well as potential remedies to mitigate residual risk posed by the vendor

For further information or to discuss how we can help you, please contact us.

  • QPAM Exemption Audit

    Exemption Audit

Ashland Partners provides examinations of the Prohibited Transaction Exemption (“PTE”) 84-14 for plan assets transacted by independent Qualified Professional Asset Managers (“QPAM”).


QPAM Exemption Audit

The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law meant to protect retirement assets by establishing minimum standards for pension plans in private industry. The purpose of the rules are to ensure that plan fiduciaries do not misuse plan assets.

A QPAM Exemption Audit is different than the typical audit done for financial statement purposes. The purpose of the audit, as specified in PTE 84-14, is to determine whether the QPAM is in compliance (i) with the QPAM’s written policies and procedures and (ii) with the objective requirements of the exemption.

This will be accomplished by:

• A review of the written policies and procedures adopted by the QPAM;
• A test of a representative sample of the plan’s transactions during the audit period that is sufficient in size and nature to afford the auditor a reasonable basis to determine if the QPAM is in compliance with its policies and procedures and the objective requirements of the exemption; and
• A determination as to whether the QPAM has satisfied the definition of a QPAM.

The audit must be completed within six months following the end of the plan year. For calendar year plans, the audit is due by June 30.

For further information or to discuss how we can help you, please contact us.