By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
CAIA Level II | High-Density Study Guide
CAIA tests ODD to measure: - Risk judgment: Can you distinguish operational risks (e.g., weak controls) from investment risks (e.g., market exposure)? - Compliance logic: Do you know which regulatory standards (e.g., GIPS, AIFMD) apply to ODD and how to document compliance? - Practical capability: Can you spot red flags (e.g., lack of segregation of duties) and recommend fixes in a due diligence report? - Audit readiness: Are you prepared to defend your ODD process to investors, regulators, or internal audit teams?
ODD sits at the intersection of risk management and manager selection in CAIA Level II. It’s not about performance—it’s about whether the manager’s operations can reliably execute the strategy without blowing up. Investors and allocators use ODD to avoid Madoff-style frauds, valuation blowups, or compliance violations. In the exam, expect scenario-based questions testing your ability to identify risks, classify them, and recommend mitigations.
Intermediate
People & Processes: Key person risk, turnover, outsourcing risks.
Red Flag Checklist (Top 5 Operational Risks):
Side letters with preferential terms (creates conflicts of interest).
Regulatory Hooks:
Fix: Ask: "Can this manager execute the strategy without blowing up?"
Ignoring "soft" red flags:
Fix: Every red flag is a potential failure point—document and escalate.
Over-relying on the manager’s self-assessment:
Fix: Verify, don’t trust—e.g., test trade reconciliations, check backup systems.
Failing to document findings:
Fix: If it’s not documented, it didn’t happen—regulators and investors demand records.
Treating ODD as a "check-the-box" exercise:
Assuming that "no news is good news." - Trap: If the manager doesn’t mention a risk, you assume it’s not a problem. - Reality: Silence = red flag. Example: - If the manager doesn’t discuss cybersecurity, it likely means they have no plan. - If they can’t explain their valuation process, they’re probably marking their own book. - How to avoid: Ask direct questions and demand evidence (e.g., "Show me your last disaster recovery test results").
What it tests: Basic ODD knowledge (e.g., definitions, red flags). Example Question: Which of the following is the MOST serious operational red flag in a hedge fund? A) High employee turnover in the marketing team B) Lack of independent valuation C) Slow monthly reporting D) Use of a single prime broker
Correct Answer: B) Lack of independent valuation Key Tip: Independent valuation is a dealbreaker—without it, the manager can manipulate returns.
What it tests: Risk identification and classification. Example Question: A private equity fund’s CFO also approves all wire transfers. What operational risk does this create, and how should an investor mitigate it?
Model Answer: - Risk: Lack of segregation of duties (SoD) → Fraud risk (CFO could misappropriate funds). - Mitigation: - Demand four-eyes principle (two signatures for wires). - Require independent reconciliation of cash movements. - Monitor wire activity via surprise audits.
Key Tip: Always link the risk to a specific failure (e.g., fraud, errors) and propose a fix.
What it tests: Comprehensive ODD application. Example Question: You are conducting ODD on a quant hedge fund. The fund: - Uses a proprietary model for portfolio construction. - Has no independent model validation. - Experienced a 20% drawdown last year due to a "model error." - The CIO is the only person who understands the model.
Identify the key operational risks and recommend mitigations.
Model Answer: 1. Key Risks: - Model Risk: No independent validation → undiscovered errors (e.g., 20% drawdown). - Key Person Risk: Only the CIO understands the model → bus factor = 1. - Lack of Transparency: Investors can’t verify the model’s logic. 2. Mitigations: - Independent Model Validation: Hire a third-party quant firm to review the model. - Documentation: Require full model documentation (code, assumptions, backtests). - Succession Plan: Train a backup team or hire a co-CIO. - Stress Testing: Demand regular scenario analysis (e.g., "What if correlation breaks?").
Key Tip: Structure your answer (Risks → Mitigations) and be specific (e.g., "hire a third-party quant firm," not just "improve controls").
What it tests: Real-world ODD judgment. Example Question: An investor is considering a real estate fund. The fund: - Has no independent property valuations (the manager values assets). - Uses a single property manager for all assets. - Has a side letter giving one investor preferential redemption terms.
What are the top 3 operational risks, and should the investor proceed?
Model Answer: 1. Top 3 Risks: - Valuation Risk: Manager marks own book → overstated NAV. - Concentration Risk: Single property manager → operational failure risk. - Conflict of Interest: Side letter → unfair treatment of other investors. 2. Recommendation: - Do not invest unless the manager: - Hires an independent valuer. - Diversifies property managers. - Eliminates the side letter or discloses it to all investors.
Key Tip: Always state your recommendation (invest/don’t invest/conditional) and justify it with risks.
The "3-Question ODD Screen" (Quick Red Flag Check) Ask the manager: 1. "Who marks the portfolio, and how do you ensure independence?" - Bad answer: "We do it internally." → Dealbreaker. - Good answer: "A third-party administrator values 100% of positions daily." 2. "Who approves wire transfers, and what’s the process?" - Bad answer: "The CFO does it alone." → Fraud risk. - Good answer: "Two signatures, with a 24-hour hold for large wires." 3. "What’s your disaster recovery plan, and when was it last tested?" - Bad answer: "We have backups." → Untested = useless. - Good answer: "Tested quarterly, with a 2-hour RTO (Recovery Time Objective)."
If any answer is weak → Walk away or demand fixes.
You’re reviewing a small hedge fund. The CFO also handles trade reconciliations. What’s happening? - Red flag: No segregation of duties → Fraud risk (CFO could manipulate trades). What to notice first? - Single point of failure in controls.
A private equity fund outsources its back office to a single administrator. The administrator has no disaster recovery plan. What’s happening? - Concentration risk: If the administrator fails, the fund can’t operate. - Operational risk: No backup
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.