Agile – Enhancing AML Audit and Moving It...

Agile – Enhancing AML Audit and Moving It Forward

Agile – Enhancing AML Audit and

Moving It Forward

Shashank Mohta, CAMS

The views expressed in this white paper are those of the author. They do not

represent the views of any organization or institution.


P a g e | 1

Table of Contents

Executive Summary ............................................................................................................... 2

Introduction ...................................................................................................................... 2

AML Audit Process ................................................................................................................ 3

Why is Auditing Essential? ................................................................................................. 3

How Is Auditing Performed? .............................................................................................. 3

Challenges Encountered .................................................................................................... 3

Agile – Definition and Offerings ............................................................................................. 4

Core Values ....................................................................................................................... 4

Advantages of Using Agile in Auditing ................................................................................ 4

Differences between Traditional and Agile Methodology ...................................................... 5

Setting Up the AML Auditing Platform with Agile .................................................................. 6

AML Auditing Manifesto .................................................................................................... 6

Defining AML Audit Framework ......................................................................................... 7

Conducting Transaction Monitoring Audit Using Agile – A sample for Finer Understanding .. 9

Top-Ups ........................................................................................................................... 10

What Is in It for You/Stakeholders? ..................................................................................... 11

Guidelines for a Smooth Transformation and Avoiding Pitfalls ............................................ 13

Managing Pitfalls of Moving to Agile Auditing .................................................................. 14

Conclusion .......................................................................................................................... 15

References .......................................................................................................................... 16

Appendix ............................................................................................................................. 18


P a g e | 2

Executive Summary After the financial crisis of 2008, one of the top priorities of financial institutions has been to be compliant with the latest regulatory requirements to fight money laundering and terrorist financing. This led to a huge demand of skilled workers in the field of financial crime and especially for the third line of defense, which is the audit department. In the last 10 years or so, the audit committees have been stringently following the traditional methods that were deployed in the pre-crisis era to conduct AML audits. But the future requires that financial institutions become more efficient, predictive, optimize resources, detect and fix issues at a faster rate and respond to changes like never before. With all of this to achieve from the auditing perspective, it is high time that we look into new methods and ways of working that will not only help the financial institution be future safe, but will also help auditing departments become the drivers of change in an organization.

Introduction As the third line of defense in an organization, auditing plays a crucial role in providing

assurance to the board of directors, senior management, and regulators that the efficacy of

assessing and managing risks of the organization is enough. In the world of BSA/AML

compliance, independent testing is considered an important pillar whose objective is to

evaluate ‘’the overall adequacy and effectiveness of the BSA/AML compliance program,

including policies, procedures, and processes.’’1

With ever-increasing regulatory pressure, dynamically evolving compliance programs, and

shifting priorities, AML audit must keep pace with the increasing demands and external

forces it faces in the changing landscape of business disruption. Auditors are continually

challenged to anticipate risks faster and communicate to stakeholders quickly, making sure

reports are available on time which in turn will lead to defining the mitigation strategy and

aligning the right teams to resolve findings swiftly. All of this is required without sabotaging

the core of auditing procedures and processes. With traditional auditing methodology,

meeting these expectations seems unattainable.

This white paper will define an alternative approach to conducting AML audit, which will be

helpful in resolving the problems at hand that are faced by the audit committee. This white

paper will also trigger rethinking the outlook of auditing procedures. The aim is to highlight

the key aspects of this alternative methodology, such as gain in responsiveness, incremental

delivery, quick feedback loop, faster turnaround time, and the most significant of all,

a ‘value-driven’ approach.

This methodology is not doing different things, but doing things differently.

Let us deep dive, recognize, and embrace the world of Agile!

1 Bank Secrecy Act/Anti-Money Laundering Examination Manual, FFIEC, 2014, p. 31.


P a g e | 3

AML Audit Process The objective of conducting AML audit is to provide an assurance to the stakeholders that

the financial institution is adhering to the regulatory requirements. The focus of auditing is

to identify deficiencies and weaknesses that may exist in the policies, procedures, training,

monitoring, and reporting within the AML program.

Why is Auditing Essential? As per the recommendations of FATF: “Financial institutions programmes against money

laundering and terrorist financing should include: an independent audit function to test the

system.”2 Having a robust audit process is necessary to check if the controls, and operations

implemented as a part of the AML program are meeting the regulatory guidelines.

How Is Auditing Performed?

Any quintessential audit has the following stages:3

• Planning and Scoping o Conduct planning sessions with the AML Compliance Officer and other key

stakeholders.

o Understand the business operations and applicable AML regulatory requirements

and expectations.

o Review risk assessments and results of prior internal audits, regulatory exams, and

other external program assessments.

o Determine Audit Objective and Scope.

• Fieldwork and Testing o Review applicable policies and procedures and their documentation. o Conduct interviews with key process owners and share initial gap analysis. o Identify inherent risks and evaluate existing controls to mitigate such risks.

• Recommendations and Reporting o Meet with the AML Compliance Officer and senior management to review results of

work performed, and discuss and validate any control weaknesses identified. o Produce a written report that outlines audit procedures performed, findings

resulting from testing, and recommendations for process and procedure

improvements.

Challenges Encountered

In this disruptive era, the financial institutions need to empower the audit teams so they can

be more flexible, choose risk-based methods, and deliver to stakeholders in much less time.

There are a few challenges prevalent in the current auditing methods as follows:

• Rigid audit planning

• Inefficient delivery cycles

• Hefty documentation

• Delayed feedback loop

• Timely adjustment to growing business needs

2 See http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html 3 Refer to ACAMS Advanced Certification – CAMS Audit program.

http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html


P a g e | 4

Agile – Definition and Offerings Agile is the ability to create and respond to change. It is a way of dealing with, and

ultimately succeeding in, an uncertain and turbulent environment.4 The whole ideology

behind Agile is to be able to adapt quickly, react to business needs, and work on achieving

the priority goals of any organization. In early 2001, the term Agile software development

was coined and was only defined for development purposes, but in time, the concept

evolved and was accepted in different streams as the results of using this methodology

became quantifiable.

Core Values The Agile manifesto comprises four foundational values, shown below. Though there is

value in the items on the right (after the word “over”), in the Agile way of working, there is

more value in- the items on the left.

I. More focus lay on the team members, stakeholders, and the communication

channels established, which will have a huge impact on the quality of deliverables.

II. Incremental product is valued greater than lengthy documentation; by doing this,

the end goal is achieved within the stipulated time frame with insightful results. The

documentation is also briefer and timelier with fewer but meaningful words.

III. The team members in collaboration with stakeholders will prioritize issues and risks.

This is helpful in resource management and for being sharp on factors that

determine business growth and value.

IV. Acclimatizing to high-priority items, as defined by the stakeholders on run time, will

ensure that high value is delivered commensurate with the time invested.

Advantages of Using Agile in Auditing

• Shared realistic findings and advice in brief interval

• Focusing on the risks most crucial for the organization to deliver high value

• Engaging stakeholders early and regularly

• Speeding up delivery cycles

• Frequent interaction and close collaboration with the stakeholders.

4 See https://www.Agilealliance.org/Agile101/

Individuals & Interactions Over Processes & Tools

Working Products Over Comprehensive Documentation

Customer Collaboration Over Contract Negotiation

Responding to Change Over Following a Plan

https://www.agilealliance.org/Agile101/


P a g e | 5

Differences between Traditional and Agile Methodology As we move ahead in this white paper, we will have a close look at Agile auditing by defining

a manifesto using the principles of Agile, performing auditing by mapping the processes to

an Agile framework that will enhance AML auditing, keeping the impetus intact.

Before going further, it is very crucial to perceive how Agile methodology is different from

traditional methods and to identify the following advantages of switching to it:

• Adaptability – Being flexible to change is incorporated in the plan itself, so it

becomes much easier for the team to respond to the change if it is encountered

during the process.

• Value Driven – An edge of using Agile is that the scope is not fixed for the entire

duration. Every two to three weeks, the priorities are decided, and scope is altered

depending on the maximum value that can be delivered in the coming cycle.

• Incremental Reporting – With every iteration, a small report will be written based

on the activities picked up in that cycle. The idea is to not wait for the whole project

to be completed and not present a lengthy report. Instead, insightful results are

shared in a timely fashion with fewer words. If the quality of the incremental reports

is not optimum, the stakeholders can notify the audit team during the initial review

cycles. Early feedback for the audit team will help the team improve the report in the

future, resulting in minimal re-working.

• Stakeholder Collaboration – As a part of the review process in Agile auditing, the

audit team interacts with the stakeholders frequently, and a continuous

collaboration model is established which leads to increased trust and transparency.

• Business Value and Risk Exposure – These two parameters move in the opposite

direction as time passes in the process. In Agile, the business value reaches a higher

level quickly as compared to the traditional methods in which, for a long time, the

value as an outcome is minimal, and at the end of the audit it rises a lot. On the

contrary, the risks exposed decrease sharply in the first few weeks of the audit when

using Agile, as compared to the traditional method where the risks remain high for a

longer duration, and then fall steeply in the last stages of the audit.

• Visibility – In the traditional method, the visibility curve takes a ‘U’ shape - high

initially, dropping low for some time, and then rising again at the end of the process.

Whereas, the visibility factor is constantly high when doing auditing in the Agile way,

due to the frequent reviews with stakeholders, depending on the sprint length, so

that the deliverables are always transparent, and progress can be tracked easily.

These sessions are not intensive, so the updates can be shared quickly, and any

representative from the stakeholder can join the session.


P a g e | 6

Setting Up the AML Auditing Platform with Agile As per the Gartner article of May 2019, “Audit departments must tailor Agile methods to

meet their particular needs and objectives.”5 The offerings of Agile are vast, so it is

important for the organization to select the best possible principles and framework that suit

the structure of the organization and benefit the auditing department.

AML Auditing Manifesto There are 12 principles behind the Agile manifesto that are guiding practices which supports

the teams to implement the Agile way of working. From an auditing perspective, a sample

custom manifesto is designed that can act as the foundation of the AML auditing model

using Agile.

It is imperative to define the manifesto before adopting the methodology. The manifesto

should be commensurate with the financial institution’s goal to move toward Agile auditing

for AML.

The AML audit manifesto using Agile principles described above is not set in stone. It can be

modified as the organization acquires experience with Agile methods, and as the comfort

level of the auditing teams and stakeholders is elevated. For instance, a financial institution

has been working in an Agile manner in other auditing departments for some time, and the

FI wants the same to happen for the AML auditing group, which may also be in a better

position to adopt the changes, and hence the manifesto can be revised accordingly.

5 See https://www.gartner.com/smarterwithgartner/what-Agile-means-for-internal-audit/

https://www.gartner.com/smarterwithgartner/what-Agile-means-for-internal-audit/


P a g e | 7

Defining AML Audit Framework Now that we have the AML auditing manifesto, the next step is to choose a framework

offered by Agile and map it to AML auditing. Among the many methodologies offered by

Agile, we will develop our AML auditing processes and procedures using the SCRUM

framework. For auditing purposes, we chose Scrum over other methodologies because the

foundation of the Scrum way of working is empiricism, which means that knowledge comes

from experience and making decisions based on what is known. Scrum supports it

beautifully as it is an iterative, incremental approach that optimizes predictability and

controls risk better.

“Scrum is a framework within which people can address complex adaptive problems, while

productively and creatively delivering products of the highest possible value.”6

Scrum is an umbrella under which several roles, events, and values exist. The base of

different events of Scrum is a “sprint.” The representation of the Scrum framework is

described as follows by scrum.org:

Picture 1

A sprint is a time-box between one to four weeks in which a high-quality incremental item is

potentially released. Every sprint is attached to a goal which determines the target for that

sprint - a flexible plan that will guide to achieving it. The following are the artifacts that will

be used in AML auditing:

• Comprehensive Audit Stack - Once the planning of the AML audit is finalized with

the stakeholders, an AML audit stack will be created with all the items that need to

be accomplished.

6 See https://www.scrum.org/resources/what-is-scrum

https://www.scrum.org/resources/what-is-scrum



P a g e | 8

• Audit Sprint Stack – The items from the comprehensive stack will be picked up in a

sprint based on priority, value addition, and independent nature of the item. Any

sprint item is considered complete only when it meets the team’s definition of

“Done”.

The following are different events that will be a part of AML audit execution in sprints:

• Audit Sprint Planning – The entire team will come together to align, discuss and

finalize the list of items that will be picked up in the coming sprint cycle.

• Daily Catch-Up – Every day the team gathers in the morning to discuss the status of

the sprint items along with the challenges, if any.

• Audit Review with Stakeholders – At the end of the sprint, a review will be done

with the stakeholders in order to show-case the progress on the auditing plan,

findings, and incremental reporting, and get quick feedback which may steer the

upcoming cycles.

• Audit Retrospective – If the sprint goal is not achieved, the audit team will

brainstorm on the difficulties encountered and prepare action items to improve the

deliverables in future rounds.

The more mature the auditing teams become, the more value they can deliver in short

durations, keeping intact the higher goals to achieve. The pillars of the Scrum ask the teams

to be transparent about the items they work on with the stakeholders, inspect the activities

closely to understand the shortcomings, and adapt to the best practices based on the

learning in order to accelerate growth and success as a team.


P a g e | 9

Conducting Transaction Monitoring Audit Using Agile – A sample for Finer

Understanding In the previous section, we have explained the Agile framework, which will be best suited to

the AML auditing teams, and here we will connect the framework with the AML audit

activities.

For the purpose of understanding of how the sprints will look like for an AML audit plan, we

are using transaction monitoring as the audit area. Before we go into the details, let us

quickly define transaction monitoring.

The high-level steps that will be involved in auditing the financial institutions transaction

monitoring system are:

• Planning

• Policies, procedures, and processes

• Understanding and analyzing the risk assessment

• Monitoring and detecting

• Investigation and SAR filing

• Resourcing, training, and awareness

The complete audit plan of the transaction monitoring system has been plotted in the

Scrum framework (refer to Picture 2):

I. All the major steps in the audit plan have been mapped to a sprint goal, which

means that the audit team will be focused to complete only that step in a sprint.

II. Looking at the activities involved, the plan set out for now is of twelve weeks.

III. For this exercise we have a two week sprint, so there will be six sprints in total.

IV. Some audit stories have also been added for reference purposes; however, all the

stories will be defined by the teams when preparing the audit stack and later.

V. Each sprint will be composed of:

a. audit sprint planning – to prepare stories, prioritize, and set the sprint goal;

b. daily catch-up (15 minutes) – to discuss status of stories and impediments, if

any;

c. audit review with stakeholders – interaction, feedback, discussing insights of

the findings with stakeholders and showing incremental reporting; and

d. audit retrospective – to discuss with the team the findings and improvements

for the next cycle based on the challenges faced by the team in that sprint.

VI. The activities to be performed in any sprint will be included in the form of audit

stories.

‘The process of monitoring transactions of the customer to determine if there is

any suspicious behavior shown by the customer, which is not relevant to the

customer profile and should be reported to FIU’.


P a g e | 10

Picture 2

Top-Ups

• Combining the incremental reports will be in the team’s definition of “Done”, so

from the second sprint onwards, the consolidated documentation will be available;

at the end of the last sprint, the whole report will be ready.

• An audit stack will be prepared in the beginning, based on the initial plan, which will

be extended in real time, and the items will be included in upcoming sprints based

on priority.

• Parallel audits of different components of compliance like CDD; screening can also be

conducted using Agile if proper resourcing is available.

Week 1

Sprint 1

Sprint Goal: Planning

Story 1 – Understand the business units based on customers, products, geographies, services offered by the financial institution. Story 2 – Gather all the necessary resources, artifacts required to conduct the audit.

Sprint Activities:

Day 1:

Audit sprint planning

Day 2 to 10:

Daily catch-up

Day 10: Audit review with

stakeholders

Day 10: Audit

retrospective

Week 2

Week 3

Sprint 2

Sprint Goal: Policies, procedures, and processes

Story 1 – Assess the documentation available for adequacy, accuracy Story 2 – After analysis, arrive at the scope of testing.

Week 4

Week 5

Sprint 3

Sprint Goal: Understanding and analyzing the risk assessment

Story 1 – Understand the red flags, modus operandi identified. Story 2 – Analyze if the risk assessment matches the risk appetite of the financial institution along with the coverage of the risks.

Week 6

Week 7

Sprint 4

Sprint Goal: Monitoring and detecting

Story 1 – Verify the controls that are set up to monitor the transactions for sufficiency, risk based, relevance to the market. Story 2 – Assess the alerts that are generated from these controls along with the data quality.

Week 8

Week 9

Sprint 5

Sprint Goal: Investigation and SAR filing

Story 1 – Check the alert handling process, timeliness, workflow to have a complete view of the operations. Story 2 – Validate if the correct SAR’s have been filed, quality of SAR and follow up.

Week 10

Week 11

Sprint 6

Sprint Goal: Resourcing, training, and awareness

Story 1 – Confirm if there are enough resources to support the alert generation/investigation process based on the size of the financial institution. Story 2 – Identify the knowledge gaps which can impact the overall process.

Week 12


P a g e | 11

What Is in It for You/Stakeholders? So far, we have tried to establish the benefits of performing AML auditing using Agile and

how it will be able to deliver high value, even in this disruptive business environment.

However, not everyone who is responsible or an essential entity connected to the auditing

process may be fully aware of what we are aiming toward. Let us try to put ourselves in

their shoes and answer some unanswered questions.

Apart from the core audit team who is executing most of the activities, there are four major

stakeholders that are directly/indirectly connected to the initiation/results of the audit. It is

of utmost importance that all these stakeholders are in this journey together.

• Regulators

The key expectation of any regulatory body from a financial institution is that there

is transparency with regard to the AML risk coverage from the audit perspective

which is very high when it is performed with the Agile auditing framework defined

earlier. The flexibility in the audit planning to accommodate high-risk items will help

the regulators feel confident in executing the auditing in Agile manner. In a short

span of time, regulators can receive the incremental reporting of the audit items

picked up so far and the insights on the findings related to them, which will also help

them to give quick feedback. Let us elaborate on this approach further to understand

it better from a regulator perspective:

I. It is imperative to highlight that this method does not change what we do but

is more oriented on how we do it, which is better in multiple aspects such as

transparency, anticipating risks, flexibility, and more responsive risk

management.

II. Once the AML audit area is identified and discussed with the stakeholders a

comprehensive audit stack will be prepared that will have the list of all the

items to be covered in the audit highlighting the risk coverage. Based on the

priority and the risk involved, these items will be moved to the audit sprint

stack to be picked up for auditing. Throughout this process there will be

utmost transparency, as at any given point of time any stakeholder as well as

the regulator can be shown the coverage defined, and supporting

documentation in the form of reporting -will be presented in shorter

durations for impactful insights.

III. As the complete plan will be divided in sprints, the regulators can already

predict the completion timelines of the audit plan, along with the information

of what every sprint comprises. At any moment, the progress can be

presented to the regulators with sprint completion items and incremental

reporting.

IV. As the audit teams move on in the sprints, more risks will be covered. If there

is a new high-risk item identified within the AML domain that needs to be

looked into, due to the flexibility of the auditing in the Agile way, this risk can

be refined, added in the audit stack, and picked up in the next cycle.


P a g e | 12

• Board of Directors/Senior Management

The objective of senior members of the financial institution is to make sure that the

institution is compliant with the right regulations, and, if not, then early signals

highlighting the gaps become vital. As senior management hates surprises, by using

the Agile auditing framework, the shortcomings (if any) will be reported at the end of

every cycle; using this, the necessary actions can be picked up to close the gap as

soon as possible to be more compliant. The idea is that if a representative from the

management attends the review sessions, the message can go up the chain to the

level of board members. Also, with every such cycle, the business value will increase,

and the compliance risk exposure of the financial institution will go down, which in

my eyes is indispensable if you are serving in the capacity of a board member.

• Compliance Department

As a second line of defense, the compliance officer, MLROs (money laundering

reporting officer) of any financial institution are held responsible if there are any

AML risks that are not resolved/closed on time. In the Agile auditing framework, the

audit team will work in close collaboration with the compliance people in order to

gain response time, share findings, and also understand if there are any new controls

that need to be audited along the way. The compliance teams can quickly get in

touch with the delivery teams who can do the required changes in the controls to fix

the findings. In an ideal scenario, the delivery teams are also working Agile; then a

continuous loop of Find->Report->Fix is set up, which makes this whole process so

much more fruitful.


P a g e | 13

Guidelines for a Smooth Transformation and Avoiding Pitfalls It is an endeavor to transform an organization from a traditional mindset of working to an

immensely flexible way of working. To reap the complete benefits of the Agile auditing, a

very important attribute that needs to be adhered to is being adaptable. A very famous

quote by Mahatma Gandhi on adaptability is: “Adaptability is not imitation. It means

power of resistance and assimilation.” Any financial institution that wishes to embrace the

AML Agile auditing methodology has to be prepared to adapt to the new way of working,

mold it as per the organization business prospects, and make everyone in the chain fully

aware of the inherent practices before implementation. It could be a big cultural change for

the auditors to start thinking Agile, which can be supported by deploying Agile coaches who

can help in assisting with the shift in mindset.

There are some strategies proposed here that can be utilized to make this transformation

smoother for the entire group:

• Mock-Up

An attempt can be made to do a small audit assignment following the defined

framework, principles, and practices to realize the challenges that the team could

face when executing a crucial AML audit like transaction monitoring. This audit

assignment can be considered as a ‘dress rehearsal’ of the auditing plan, which the

team is supposed to do next. This could help immensely in boosting the confidence

of the team(s) and make them ready for the future.

• Following the Model of Peers

If there are any similar financial institution(s) that have transformed their

organizations to AML Agile auditing, it is always good to know the best practices they

adopted to make the journey successful. It is indeed judicious to learn from the

mistakes of others as it will be helpful to be more effective and efficient in your own

journey of transformation. If possible, some sessions can be arranged to get to know

the details of the planning that was employed by the early adopters.

• Support from the Top

In any business transformation process, if the management of an organization is

supportive, reliable, and communicative, the results tend to be positive. The same

ideology applies when the shift being done is to compliance audits using Agile.

Management needs to arrange adequate resourcing, set realistic timelines, get-

educated in order to communicate with the teams who are playing the main role in

this movement.

• Certifications

Getting to know the theoretical aspects is the steppingstone to most of what we do.

There are multiple certifications available that can provide knowledge on values,

principles, and pillars that could very well be a good starting point for the auditing

teams to theoretically grasp the concepts before applying professionally.


P a g e | 14

Managing Pitfalls of Moving to Agile Auditing As there is not a lot of independent research currently available to confirm that the Agile

auditing will always yield good results, the initial informal evidence is providing very positive

signs. There are some hurdles that organizations must overcome to ensure their Agile audits

have the best chance of success:

• Shift in Frame of Mind

The transition to Agile auditing can be challenging for the team members as it

involves a big cultural change. Agile auditing overtakes existing processes, which may

create anxiety among teams resistant to change. A quote from Bruce Lee emphasizes

how the shift in frame of mind can be undertaken: “If you want to learn to swim,

jump into the water. On dry land, no frame of mind is ever going to help you.”

We can address this change of mentality by dedicating ourselves to a few steps:

I. Agile Coaching – The professionals who have been helping organizations in

this journey can help immensely in providing the right guidance required to

understand the nitty-gritty of Agile as a concept and to embed Agile methods

into auditing functions effectively.

II. Focusing on what matters – In spite of the huge cultural change that Agile

auditing brings, the end goal is to make sure that the financial institution is

compliant. The auditing team should always keep in mind that the new

process will allow them to be more efficient by refining the risk based

approach to auditing, and to avoid repetition of tasks, which will save time

leading to improving the quantity and quality of audit work done in areas

that matter the most to the organization.

III. Peer Attestation – Besides the official Agile certifications recommended, a

peer assessment can be introduced: Teams that are more mature in this

process assess the maturity of other teams and certify them if they meet the

standards. The results could be stunning: As colleagues can be stricter toward

each other, much higher quality of standards can result amongst teams and

benefit the whole group.

• Team Composition Formation of the teams in Agile auditing can be a challenge as there is heavy reliance on the team members’ skills and knowledge required to achieve the sprint goals. Multiple skills like interpersonal, business knowledge, and reporting are necessary. The aim is to have a team with correct skills and expertise to accomplish the team’s task, ensuring efficiency and transparency.

• Adopting It All

Trying to adopt all aspects of Agile is counterproductive and goes against the core principles of Agile methodologies.7 Every organization is different, so it is suggested to apply the best practices of Agile that suit the organization set-up, and to execute them in a phased manner as it requires a cultural and mindset shift.

7See https://blog.protiviti.com/2020/01/27/Agile-internal-audit-how-to-audit-at-the-speed-of-risk/

https://blog.protiviti.com/2020/01/27/agile-internal-audit-how-to-audit-at-the-speed-of-risk/


P a g e | 15

Conclusion Performing auditing using Agile methodology enables the audit departments to highlight the

risks that become prominent for the business with a priority of making sure that a close

alliance with the stakeholders throughout the audit process is maintained. As the goals of

the audit cycles are crisp and clear, the findings are reported to management in shorter

intervals with appropriate evidence. As the information is conveyed to management quickly,

management can address the risks exposed faster and help the financial institution become

more efficient.

According to a research done by PricewaterhouseCoopers (PWC), only 44% of organizations

said their internal audit department provided significant value in 2017. This had dropped

from 54% in 2016, indicating stakeholder expectations are rising.8 By 2018, Barclays had

committed to becoming a 100% Agile internal audit function,9 having seen greater

engagement among audit teams and a 10–20% reduction in time spent per audit.10 Early

signs of companies adopting the Agile way of working within their auditing departments

suggests that this will probably transform the way auditors are perceived in the financial

institution.

The 2019 report of Protiviti11 shows that most of the organizations are already moving

toward Agile auditing or planning to in the next two years, considering multiple factors that

will benefit the audit departments and the organization on multiple levels.

The next generation of auditors will count on the amount of value they are adding to the

organization keeping the focus on risks and delivering high-quality results in small intervals

to be the front runners of leading the change within an organization, meaning being Agile.

8 See https://www.pwc.com/us/en/risk-assurance/sotp/2017-state-of-the-internal-audit-profession-report.pdf 9 See https://www.iia.org.uk/media/1689626/6-chris-spedding-Agile-auditing.pdf 10 See https://www.barclaysimpson.com/blogs/how-can-Agile-methods-add-value-to-internal-audit-82774132037 11 See https://www.protiviti.com/sites/default/files/united_states/insights/2019-ia-capabilities-and-needs-survey-protiviti.pdf

https://www.pwc.com/us/en/risk-assurance/sotp/2017-state-of-the-internal-audit-profession-report.pdf

https://www.barclaysimpson.com/blogs/how-can-Agile-methods-add-value-to-internal-audit-82774132037

https://www.protiviti.com/sites/default/files/united_states/insights/2019-ia-capabilities-and-needs-survey-protiviti.pdf

https://www.protiviti.com/sites/default/files/united_states/insights/2019-ia-capabilities-and-needs-survey-protiviti.pdf


P a g e | 16

References

Agile Alliance. (n.d.). Advancing the practice of Agile [home page]. Retrieved from:

https://www.agilealliance.org

Berger, L. (2020, January 27). Agile internal audit: How to audit at the speed of risk. Protiviti.

Retrieved from: https://blog.protiviti.com/2020/01/27/agile-internal-audit-how-to-

audit-at-the-speed-of-risk

Boulderstone, I. (2018, April 10). How can Agile methods add value to internal audit?

Barclay

Simpson. Retrieved from: https://www.barclaysimpson.com/blogs/how-can-Agile-

methods-add-value-to-internal-audit-82774132037

Deloitte. (2017). Part 1: Understanding agile internal audit and Part 2: Putting agile internal

audit into action. Retrieved from:

https://www2.deloitte.com/us/en/pages/advisory/articles/agile-internal-audit-

planning-performance-value.html

Federal Financial Institutes Examination Council (FFIEC). (2014). Bank secrecy act/anti-

money laundering manual. Retrieved from:

https://bsaaml.ffiec.gov/docs/manual/BSA_AML_Man_2014_v2_CDDBO.pdf

Financial Action Task Force (FATF). (2019, June). The FATF recommendations. Retrieved

from: http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-

recommendations.html

Price Waterhouse Cooper. (2017, March). State of the internal audit profession study:

Staying the course toward true north: Navigating disruption. Retrieved from:

https://www.pwc.com/us/en/risk-assurance/sotp/2017-state-of-the-internal-audit-

profession-report.pdf

Price Waterhouse Cooper. (2018). Agile auditing: Mindset over matter. Retrieved from:

https://www.pwc.co.uk/audit-assurance/assets/pdf/agile-auditing.pdf

Protiviti. (2019). Embracing the next generation of internal auditing. Retrieved from:

https://www.protiviti.com/sites/default/files/united_states/insights/2019-ia-

capabilities-and-needs-survey-protiviti.pdf


P a g e | 17

Scrum.org. (n.d.). Welcome to the home of Scrum [home page]. Retrieved from:

https://www.scrum.org

Spedding, C. (2018, February). Barclay’s internal audit: “Better, quicker, faster”—Our agile

journey.

Barclays. Retrieved from: https://www.iia.org.uk/media/1689626/6-chris-spedding-

Agile-auditing.pdf


P a g e | 18

Appendix

“12 Principles behind the Agile Manifesto.” See

https://www.Agilealliance.org/Agile101/12-principles-behind-the-Agile-manifesto/

“Agile Methodologies”. See

https://www.blueprintsys.com/Agile-development-101/Agile-methodologies

“What is Scrum?” The Scrum Guide. See


https://www.agilealliance.org/agile101/12-principles-behind-the-agile-manifesto/

https://www.blueprintsys.com/agile-development-101/agile-methodologies


Agile – Enhancing AML Audit and Moving It...

Documents

Transcript of Agile – Enhancing AML Audit and Moving It...