A practical guide to preparing for a CICC compliance audit — covering file management, trust accounting, client records, and the most common audit findings.
CICC audits (also called inspections or compliance reviews) can be triggered by several circumstances. Understanding what triggers an audit helps you maintain continuous readiness rather than scrambling when notice arrives.
CICC conducts routine inspections of member files on a rotating basis. All RCICs can expect a routine inspection at some point in their career.
A complaint filed with CICC by a client, former client, or third party can trigger a targeted inspection of your files related to that complaint or broader practices.
CICC may conduct compliance reviews as part of the licence renewal process, particularly for members with prior compliance concerns.
Referrals from CBSA, IRCC, or other regulatory bodies can prompt CICC to open a compliance file and conduct an inspection.
CICC Regulation §23 establishes the core file management obligations for all RCICs. The most critical requirement is the six-year retention rule: all client files must be retained for at least six years from the date of the last professional service.
Key Requirement: 6-Year Retention
Clients files must be retained for a minimum of six (6) years from the date of the last professional service provided. This applies to both active and closed files, digital and physical records.
All original signed documents must be retained in their original form or as certified true copies
Electronic files must be stored in a format that remains accessible and readable throughout the retention period
Files must be organized to allow CICC inspectors to locate any specific document within a reasonable time
Client files must be secured against unauthorized access with appropriate privacy controls
A file index or inventory system should document what records exist for each client
File closure procedures must include a retention date marker and access restriction protocol
RCICs who receive advance payments from clients before services are fully rendered must maintain a separate trust account. Trust accounting is one of the most scrutinized areas in CICC audits.
All client funds received in advance must be held in a dedicated trust account that is separate from your operating account. Commingling trust and operating funds is a serious violation.
Maintain an individual ledger entry for each client whose funds you hold in trust. Each entry must show receipts, disbursements, and current balance.
Reconcile your trust account monthly. The bank balance must match the sum of all individual client ledger balances. Keep reconciliation records for the full six-year period.
Only disburse trust funds when services have been rendered and documented. Each disbursement must be supported by an invoice or fee justification.
Each client file should contain the following 12 items to meet CICC compliance requirements. Use this checklist before your audit.
Signed Initial Consultation Agreement (ICA) with date and terms
Written retainer agreement or service agreement
Copy of all IRCC forms submitted on the client's behalf
Supporting documents submitted with each application
Post-consultation summary (CICC §24) for each consultation
Records of all fees charged and disbursements made
Trust account entries for each client file
Correspondence log (emails, letters, notes)
Notes of advice given and immigration strategy discussed
Record of all IRCC communications received
Outcome records for each application filed
File closure documentation and retention notice
CICC requires all RCICs to complete Continuing Professional Development (CPD) hours annually. Your CPD records are routinely requested during audits.
Maintain a log of all CPD activities including course name, provider, date, duration, and any credit hours awarded.
Retain certificates of completion for every CPD course. Certificates must show your name, the course title, provider, date, and hours.
Ensure you have completed the CICC-designated core CPD requirements for your licence class in each compliance year.
Retain CPD records for at least the past three compliance years. Auditors may review CPD history going back several years.
These are the most frequently cited compliance gaps in CICC inspections. Addressing them proactively is the most effective audit preparation you can do.
Failing to obtain a signed Initial Consultation Agreement before providing immigration advice is one of the most common CICC audit findings. ICAs must be signed before — not after — the consultation begins.
How to prevent it
Use automated ICA delivery and e-signature capture for every new client. VisaNauta gates all consultations behind a signed ICA.
Trust account records must document every receipt and disbursement, reconcile monthly, and be available for inspection. Missing entries or un-reconciled balances are serious compliance violations.
How to prevent it
Maintain a dedicated trust ledger per client, reconcile monthly, and keep records for the full 6-year retention period.
CICC Regulation §23 requires client files to be retained for at least 6 years from the date of the last professional service. Many RCICs underestimate how long old digital and paper files must be kept.
How to prevent it
Implement automatic file retention scheduling with deletion notices only after the 6-year window has passed.
Post-consultation summaries documenting advice given, strategies discussed, and client instructions are required under CICC §24. Auditors look for these for every paid consultation.
How to prevent it
Create a structured post-consultation summary template and complete it within 24 hours of every consultation.
RCICs must complete CICC's required Continuing Professional Development hours and maintain certificates and completion records. CPD records are routinely requested in audits.
How to prevent it
Maintain a dedicated CPD log with course names, dates, providers, and completion certificates.
Service agreements must clearly describe scope, fees, and the RCIC's obligations. Using outdated templates or missing scope-of-service documentation is a common audit gap.
How to prevent it
Use current service agreement templates reviewed against CICC requirements annually. VisaNauta includes template service agreements that can be updated practice-wide.
VisaNauta automates the hardest parts of CICC compliance — ICA capture, post-consultation summaries, trust account tracking, and one-click audit export. Every audit finding in this guide maps to a feature in VisaNauta.