EzeCastle has a list of 51 questions institutional asset allocators are likely to ask hedge funds during a due diligence process, and not one of them has to do with investment strategy or trading risk management.

After a recent Hedge Fund Marketing and Due Diligence webinar the IT consultants considered the hedge fund investor due diligence process and how it is evolving, particularly in technology processes and security safeguards – a growing concern.

Hedge fund due diligence: Investors understanding lead to better investment decisions

They discovered that once investors have a greater understanding of technology, deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.  Based on this, the group developed a list of questions where disaster recovery and backup questions were the most asked, followed by systems and information security questions.

Some questions were obvious. This includes the generic “Describe the Company’s physical security, disaster recovery and backup plans and procedures” and “Please describe the communication chain related to the firm’s business continuity/disaster recovery plan.”  Some of the more probing, granular questions in the disaster recovery and backup category include “Has a secondary working location been established to which employees should report in the event of a disruption or outage?”  and “Has the firm determined its crucial recovery point objectives (RPOs) and recovery time objectives (RTOs)? Does the DR solution meet these guidelines?”

Questions in the Systems and Information Security category were more pointed, asking for descriptions of software systems, electronic security measures used and ongoing vulnerability assessments.

Hedge fund due diligence: Questions centered around the organizational structure

The lowest number of questions centered around the organizational structure. asking for specific contact information of both client facing accounts and compliance personnel.  Other categories with a lighter focus included physical security policies and general technology questions.

When heading into a due diligence process, a hedge fund might also expect a significant questions in the areas of Access Control and Network Security Policies. A typical question in the access Access Control category was “Does the firm’s IT staff (or technology partner) ensure appropriate access control to applications and sensitive company data? Are there robust procedures in place to grant or deny access to applications?”  A typical question in the Network Security Policies was “Does the firm employ an intrusion detection system (IDS) to prevent unauthorized access?”

While hedge funds tend to focus on markets and investment strategy. the key to gathering assets is a multi-pronged approach.

To read the full report, click here .