Project Monitoring Checklist

Document the in-scope account types, custodians, vendors, and the regulatory triggers driving the project — ADV cycle, Reg BI rollout, AML program enhancement, books-and-records remediation, or DOL PTE 2020-02 documentation. Out-of-scope items get logged here too; scope creep is the most common reason these projects miss the regulatory deadline.

Anchor the schedule to the binding date — ADV annual amendment (within 90 days of fiscal year end), Form CRS go-live, exam response window, or vendor contract renewal. Add buffer for CCO review, principal sign-off, and any required custodian lead time (Schwab, Fidelity, Pershing, Altruist conversion windows are typically 60-90 days).

Capture the project type and verify SOWs, license counts, and renewal dates for any tooling involved — Orion, Black Diamond, Tamarac, Wealthbox, Redtail, Smarsh, ComplySci, Holistiplan, Riskalyze. Confirm the budget owner and the internal cost code before any vendor work starts.

Name the project lead (typically COO or Operations Manager), CCO sponsor, CIO sponsor if investments are touched, and the executive sponsor. Steering committee meets weekly; working group meets at the cadence the project lead sets. RACI lives in the project folder, not in someone's inbox.

Walk the project against the firm's risk taxonomy: custody rule exposure, books-and-records gaps, off-channel communication, OFAC screening, ACATS reconciliation, fee-billing accuracy, Reg S-P data handling. A custodian conversion typically surfaces 15-25 distinct risks; a CRM swap surfaces 8-15. Don't pre-filter — score in the next step.

Score impact and likelihood on the firm's standard scale, then record residual risk after planned controls. Attach the populated register so the CCO has the file on record. Anything rated High after mitigation goes to executive escalation in the next step.

Bring any High residual risk to the CCO and executive sponsor before the project advances. Document the decision: accept, transfer, mitigate further, or pause the project. CCO sign-off goes in the project folder alongside the register — exam-ready trail.

Schedule the risk register on the steering committee agenda — weekly during execution, biweekly during stabilization. New risks discovered mid-project get scored against the same scale, not waved through because the deadline is close.

Write the acceptance criteria in measurable terms: cost-basis match within $0.01, position counts identical, fee calculations within stated tolerance, performance figures GIPS-consistent. Vague criteria like 'data looks right' are why conversions get signed off and then break in the first quarterly statement run.

Map every irreversible action to a maker-checker pair: trade allocations, fee calculations, ACATS releases, client data updates, system go-live toggles. Principal review (FINRA Rule 3110 for BD-side, advisor-firm equivalent for RIA) gets explicit sign-off captured in the project tool.

Execute the test plan against production-like data — for a custodian or PMS conversion, run at least one full quarterly performance and fee cycle in parallel against the legacy system. Variances over tolerance are fails, not 'close enough.' Document defects with reproduction steps for the vendor.

Hold the go-live until every fail is fixed and the affected scenarios re-run clean. Vendor commits to fix dates in writing; project lead reverifies, not the vendor self-reporting. A reconciliation that fails twice in UAT will fail the first quarter live.

Cover internal (advisors, CSAs, CCO, CIO, COO, IT), external (custodian relationship manager, vendor implementation lead, outside compliance counsel, auditor), and indirect (clients receiving notice, ADV brochure recipients if material change). Note who has approval authority versus who is informed.

Standing 30-minute slot, fixed agenda: status RAG, milestones for the week, risks added or escalated, decisions needed. Minutes filed to the project folder within 24 hours — these are part of the audit trail if a regulator later asks how the firm governed the change.

Single intake — a feedback log or ticket queue, not loose emails. Each item gets categorized (defect, change request, training gap, communication issue) and routed. Advisor concerns about client-facing changes (new statement layout, new portal URL) take priority over cosmetic backlog.

RAG status per workstream against the baselined dates from project planning — not the rolling forecast. Slipped milestones surface a replan, not a quiet date change. Smartsheet, Asana, or whatever the firm uses; the project tool of record is named and shared.

Monthly: vendor invoices, internal labor allocation, license overages, scope-change CRs. Variance over 10% to budget triggers an executive sponsor conversation. Don't let small overruns compound silently across a 90-day project.

Executive sponsor + project lead + CCO walk through schedule, budget, scope, risks, and quality metrics. Decisions on scope changes, replans, or descope go in writing here — not in the chat thread.

Closure requires acceptance criteria met, open defects either resolved or accepted with mitigation, lessons-learned filed, and operational handoff complete (run-state owner named, monitoring in place). Executive sponsor signature closes the project record.