Investment or quantitative risk management at a private fund manager is almost always handled by the CIO and COO. These firms are not large enough or institutional in size to include a dedicated risk manager or risk management team like one would see at a large money manager. Having said this, one generally cannot rely on risk management being an independent function with clear or any segregation of duties, putting more and more reliance on CIO and COO judgment and accountability, and overall corporate culture. Operational due diligence should cover risk limits, risk systems, and risk policies. Operational due diligence does cover segregation of duties, skillset and experience of human capital, and corporate culture. Operational due diligence can cover verification of adherence to certain risk parameters at any one point in time (e.g. audit date or other specialized alternative procedures), but this is not always, and not often possible. Operational due diligence does not include quantitative analysis such as recalculating position level or fund level risk metrics. Quantitative analytics should be performed by investment due diligence personnel, and this is generally done by persons with a specialized quantitative skillset. Lastly, it is key to have operational due diligence personnel with financial risk management experience, to see clearly certain flags that are shown in the numbers and in the infrastructure.