Understand the guidelines for business-location supervision, including scope, planning, audit-program design, training, risk identification, and audit follow-up.
Business location supervision guidelines and audit follow-up appears in the official CIRO Supervisor Exam syllabus as part of Specific supervision responsibilities in relation to risks associated with Investment Dealer activity and registered locations. Questions here usually test whether the branch-review program is genuinely designed around risk and whether findings are actually followed through to correction.
CIRO’s branch-supervision guidance and older IIROC best-practice guidance are useful here because they make the same basic point: branch supervision is not only about visiting the location. It is about choosing the right scope, testing the right risks, documenting what was found, and making sure corrective action actually happened.
The stronger exam answer usually notices when the dealer has:
| Review element | What the supervisor should be able to show |
|---|---|
| scope | the review covered the actual lines of business and local risk areas |
| planning | head-office information was used before the visit or review started |
| training | reviewers understood the products, controls, and branch functions they were testing |
| risk identification | local risk factors changed the depth of testing |
| follow-up | deficiencies were tracked, escalated, and re-tested where needed |
The guidance is clear that good branch review work begins before the visit. Strong planning may include review of:
That is why the exam often rewards the answer that broadens the review scope when the pre-review facts already show the location is not ordinary.
flowchart TD
A["Review branch risk profile and prior findings"] --> B["Set scope and testing plan"]
B --> C["Perform location review and document deficiencies"]
C --> D["Issue report with required response and deadlines"]
D --> E{"Serious or repeat deficiency?"}
E -- No --> F["Track remediation and retain evidence"]
E -- Yes --> G["Escalate to CCO, management, or Board reporting path as needed"]
G --> H["Perform follow-up testing and reassess branch risk"]
The stronger answer usually does not treat recurring audit findings as a paperwork problem. Recurrence often means:
IIROC’s branch-supervision best-practice note is still very helpful because it highlights a recurring industry weakness: firms conducting reviews but not maintaining enough evidence of what was reviewed, what questions were asked, and what action followed. That makes the stronger answer emphasize:
The stronger answer usually explains what should have changed after the branch facts became known. Weak answers describe a branch review as if it were a routine recurring event unaffected by the branch’s actual risk history.
A branch has been reviewed twice in two years for similar deficiencies. Each time, the branch responds in writing and promises correction, but the same problems recur. What is the strongest supervisory conclusion?
The better answer is that the issue is no longer just deficient branch behaviour. The dealer’s follow-up process and branch risk assessment are likely inadequate, because repeat findings should have triggered stronger escalation, re-testing, or an increased risk rating.