2024 Private Investment Operational DDQ Analysis

The following report presents an analysis of manager responses submitted via Cambridge Associates’ (CA) operational due diligence questionnaire (DDQ). The DDQs are comprehensive in nature and cover all aspects of a manager’s business, including organizational structure, service providers, operations, valuation, compliance, and cybersecurity, among other areas. CA typically performs 200 to 300 private investment fund manager operational due diligence (ODD) reviews annually. As a small percentage of the managers may elect to use their own internal DDQs, answers do not necessarily reflect the entire universe of funds reviewed by CA. Thus, results are for illustrative purposes only.

Notable Highlights

The proportion of managers engaging third-party fund administrators has risen significantly over the past six years, from 65% in 2018 to 83% in 2024. This trend is particularly notable among real assets (from 55% in 2020 to 74% in 2024) and venture capital managers (from 72% in 2020 to 90% in 2024).
59% of funds reviewed in 2024 engaged a “Big Four” auditor, while 79% either engaged a “Big Four” auditor or a well-regarded, mid-tier firm.
20% of funds reported maintaining relationships with two or more banks. While this reflects a modest increase from levels prior to the 2023 Silicon Valley Bank crisis, most funds still rely on a single banking partner, exposing them to a certain level of counterparty risk when calling capital or making distributions.
89% of Registered Investment Advisors (RIAs) and 62% of Exempt Reporting Advisors (ERAs) used external compliance consultants and increased from 73% and 43% in 2023, respectively.
There continues to be an increase in the percentage of managers reporting that they were subject to a regulatory exam, which aligns with the SEC’s sustained focus on private fund RIAs. In 2024, 62% of managers confirmed that they have been examined by a regulatory body, a significant increase from 49% reported in 2022 and 36% in 2019.
90% of firms reported conducting employee cybersecurity training, a significant increase from 30% in 2017, reflecting greater investment in mitigating employee-related cyber risks. This may have contributed to the lower incidence of cybersecurity breaches, with only 6% of firms reporting a breach in 2024.

Dataset

Funds by Asset Class and Region

Figure 1 provides an asset class and region breakdown of the funds reviewed by CA over the past several years. The asset class composition of funds reviewed in 2024 remains broadly consistent with 2023, with private equity and venture capital (PE/VC) continuing to represent the majority. Notably, there has been a relative increase in the evaluation of real assets strategies over recent years.

Organization

Percentage of Investment Employees Versus Non-Investment Employees^[1]For the purpose of this report, non-investment employees are defined as employees dedicated to finance/accounting/operations, compliance, legal, and IT.

Overall, the percentage of investment to non-investment employees has remained relatively stable across asset classes over the past four years. Excluding outliers, private equity (PE) managers have consistently maintained a high proportion of investment personnel. In contrast, other asset classes—such as real assets and private credit—tend to have a more balanced staffing profile. This is often due to the more complex operational, regulatory, and administrative requirements in these asset classes, which may necessitate larger teams focused on asset management, loan servicing, or compliance. Notably, the percentage of investment to non-investment employees among PE/VC managers has generally declined since 2021 (Figure 2). This is a positive trend because it suggests that firms are placing a greater emphasis on strengthening non-investment functions—including operations, finance, and compliance—as they scale and navigate increasing organizational complexity.

Percentage of Investment Employees Versus Compliance Employees

Overall, the ratio of investment employees to compliance employees either decreased or remained constant across all asset classes, except for venture capital (VC), which experienced a slight increase after a notable decline in 2023 (Figure 3). The relative increase in compliance employees compared to investment employees is positive and suggests that managers may be placing greater emphasis on regulatory compliance and keeping pace with evolving regulatory standards.

Of the VC managers, 20% were RIAs in 2024, down from 30% in the prior year. Meanwhile, the proportion of ERAs in this asset class increased from 70% in 2023 to 74% in 2024, while the remaining 6% were not registered with the SEC. ERAs are subject to less stringent regulatory requirements, including the absence of a mandate to employ a dedicated compliance professional or to appoint a Chief Compliance Officer. This likely contributed to the increase in the number of investment employees per compliance employee observed for this asset class. Nonetheless, CA expects all managers to adhere to best practices regardless of regulatory status. This includes maintaining appropriate, documented policies and procedures, as well as engaging institutional third-party compliance consultants and legal counsel to support their regulatory responsibilities.

Service Providers

Fund Administrator

The percentage of managers engaging third-party fund administrators continues to rise, increasing significantly from 65% in 2018 to 83% in 2024 (Figure 4). This increase is seen across most asset classes, most noticeably for real assets and VC managers, which have each seen at least a 15% increase over the past three to five years. This is a positive trend as engaging a third-party administrator adds more independence to key activities, such as capital calls and distributions, net asset value (NAV) calculations, waterfall calculations, limited partner (LP) reporting, and LP anti-money laundering/know-your-customer (AML/KYC).

Fund Accounting Systems and Applications

Fund Accounting

In 2024, 87% of managers used specialist fund accounting systems, a stable trend in recent years (Figure 5). Many access these systems via fund administrators. Such systems help reduce manual errors and manage operational complexity.

Waterfall Calculations

About 47% of managers still use Microsoft Excel or generic software for waterfall calculations, similar to the previous year. While institutional systems are preferred due to this task’s complexity, Excel remains common in the absence of a market leader. Strong controls and oversight are essential when manual tools are used to minimize operational risks and errors.

Auditors

Overall, 79% of the funds CA reviewed in 2024 engaged either a “Big Four” accounting or a well-regarded, mid-tier firm,^[2]Refers to an accounting firm that ranks below the largest international firms (often referred to as the “Big Four”) in terms of size, revenue, and market share, but still maintains a significant … Continue reading a slight decline from 84% in the prior year (Figure 6). The appropriateness of an auditor depends on a range of factors, including the fund’s size, structural complexity, regulatory and jurisdictional requirements, asset class specialization, reporting needs, and cost considerations. Well-established, mid-tier firms can deliver high-quality audit services and may be particularly well suited for funds with less complex structures or smaller asset bases. These firms often offer deep expertise in specific asset classes, competitive fee structures, and a more personalized service model. For funds that do not require the global reach or extensive resources of a “Big Four” firm, a reputable mid-tier auditor can offer a compelling combination of technical proficiency, responsiveness, and value.

Valuation Agents

Valuation is a key risk area in ODD. Fair market valuation follows fund accounting standards, mainly IFRS (the predominant standard used globally) and US GAAP (used primarily by US-domiciled funds or those with many US investors). IFRS is more principles-based and allows greater interpretation, while US GAAP is generally more rules-based and prescriptive.

A fund’s investment composition and accounting treatment reveal how much discretion or manual input is required for valuation. Most private fund assets are Level 3 Assets as defined by Accounting Standards Codification (ASC) 820. These assets rely on significant judgment and estimation rather than market data, which gives managers more discretion as valuations often lack independent data points.

Managers should have a valuation policy suited to the asset class and a structured valuation committee for oversight. Independent valuation agents can provide asset marks, value ranges, or assurance on valuation practices, offering independent validation and increasing transparency for investors (Figure 7).

VC managers were observed to be the least likely to engage external valuation agents. Many venture funds, particularly those focused on early-stage investments, typically manage less AUM and therefore operate with leaner budgets, making the cost of third-party valuation agents significant relative to fund size. Furthermore, early-stage companies often lack direct public market comparables, which limits the incremental value that external agents can add over the manager’s own assessment.

Banking Institutions

The proportion of funds maintaining more than one banking relationship has remained largely unchanged from the prior year, with approximately 20% of funds disclosing that they maintain two or more banking relationships (Figure 8). The PE, secondaries/fund of funds, and VC asset classes, which likely experienced a more pronounced impact during the 2023 banking crisis, were observed to have a higher proportion of funds maintaining multiple banking relationships. During the ODD review process, Business Risk Management regularly provides feedback to managers on the importance of diversifying banking relationships to mitigate risks associated with overreliance on a single counterparty—a critical lesson highlighted by the 2023 banking crisis.

Compliance Consultants

In 2024, 89% of RIAs and 62% of ERAs used external compliance consultants, up from 73% and 43% in 2023, respectively (Figure 9). This trend among ERAs continues from previous years, with external consultants providing independent oversight, regulatory guidance, gap analysis, and functional redundancy. While ERAs face fewer regulatory requirements and often lack internal compliance resources, CA expects their programs to align with industry best practices. The increased use of external consultants among ERAs is a positive development.

Compliance and Legal

The proportion of firms subject to a regulatory exam remains largely unchanged from the previous year but has generally increased from a low of 15% in 2021.^[3]The low proportion of managers subject to regulatory exams in 2021 was likely due to the impact of the global COVID-19 pandemic that saw regulators completing more thematic reviews to assess the … Continue reading This trend aligns with the SEC’s continued focus on private fund RIAs. Consistent with prior years, the SEC highlighted in its 2024 Examination Priorities Report that RIAs to private funds will remain a focus area, as they represent a significant portion of the RIA population. As in 2023, PE firms continued to represent the majority of managers subject to regulatory exams among those reviewed by CA in 2024 (Figure 10).

Data and Cybersecurity

Cybersecurity Training

The proportion of firms conducting some form of cybersecurity training for employees has remained at or above 90% in recent years, a significant increase from just 30% in 2017 (Figure 11). It is encouraging that the vast majority of managers CA reviewed in 2024 conduct some level of cybersecurity training for employees. Most of these firms have annual training or ongoing training throughout the year to address emerging cybersecurity threats. This is positive as employees are regularly cited as a primary vulnerability in any firm’s cyber defenses.

Vulnerability and Penetration Risk Assessments

Of the firms reviewed in 2024, 70% conduct vulnerability and/or penetration risk assessments of the firm’s IT infrastructure, network, and systems, while 30% either did not respond or do not conduct such assessments (Figure 12). It is recommended that managers engage an independent provider to conduct annual internal and external penetration testing, as well as vulnerability assessments, and to rotate providers for objective oversight.

Cybersecurity Breaches

Of the managers CA reviewed in 2024, 6% reported experiencing a cybersecurity breach within the past 24 months, a slight decrease from 7% in 2023 (Figure 13). Cybersecurity remains at the forefront of operational reviews, as cyber threat attempts continue to rise in both frequency and sophistication. Though the reported number of breaches is low, it is important to note that there is no universal definition of a breach, and some firms may not have reported incidents that they deemed as immaterial.

Footnotes[+]

↑1	For the purpose of this report, non-investment employees are defined as employees dedicated to finance/accounting/operations, compliance, legal, and IT.
↑2	Refers to an accounting firm that ranks below the largest international firms (often referred to as the “Big Four”) in terms of size, revenue, and market share, but still maintains a significant presence in the global market.
↑3	The low proportion of managers subject to regulatory exams in 2021 was likely due to the impact of the global COVID-19 pandemic that saw regulators completing more thematic reviews to assess the impact of the pandemic on organizations.