SAW S MART A LLOCATION W IZARD By: SHASHANK R. CHAUDHARI SHASHANK K. DHAUNDIYAL.
Agile – Enhancing AML Audit and Moving It...
Transcript of Agile – Enhancing AML Audit and Moving It...
Agile – Enhancing AML Audit and Moving It Forward
Agile – Enhancing AML Audit and
Moving It Forward
Shashank Mohta, CAMS
The views expressed in this white paper are those of the author. They do not
represent the views of any organization or institution.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 1
Table of Contents
Executive Summary ............................................................................................................... 2
Introduction ...................................................................................................................... 2
AML Audit Process ................................................................................................................ 3
Why is Auditing Essential? ................................................................................................. 3
How Is Auditing Performed? .............................................................................................. 3
Challenges Encountered .................................................................................................... 3
Agile – Definition and Offerings ............................................................................................. 4
Core Values ....................................................................................................................... 4
Advantages of Using Agile in Auditing ................................................................................ 4
Differences between Traditional and Agile Methodology ...................................................... 5
Setting Up the AML Auditing Platform with Agile .................................................................. 6
AML Auditing Manifesto .................................................................................................... 6
Defining AML Audit Framework ......................................................................................... 7
Conducting Transaction Monitoring Audit Using Agile – A sample for Finer Understanding .. 9
Top-Ups ........................................................................................................................... 10
What Is in It for You/Stakeholders? ..................................................................................... 11
Guidelines for a Smooth Transformation and Avoiding Pitfalls ............................................ 13
Managing Pitfalls of Moving to Agile Auditing .................................................................. 14
Conclusion .......................................................................................................................... 15
References .......................................................................................................................... 16
Appendix ............................................................................................................................. 18
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 2
Executive Summary After the financial crisis of 2008, one of the top priorities of financial institutions has been to be compliant with the latest regulatory requirements to fight money laundering and terrorist financing. This led to a huge demand of skilled workers in the field of financial crime and especially for the third line of defense, which is the audit department. In the last 10 years or so, the audit committees have been stringently following the traditional methods that were deployed in the pre-crisis era to conduct AML audits. But the future requires that financial institutions become more efficient, predictive, optimize resources, detect and fix issues at a faster rate and respond to changes like never before. With all of this to achieve from the auditing perspective, it is high time that we look into new methods and ways of working that will not only help the financial institution be future safe, but will also help auditing departments become the drivers of change in an organization.
Introduction As the third line of defense in an organization, auditing plays a crucial role in providing
assurance to the board of directors, senior management, and regulators that the efficacy of
assessing and managing risks of the organization is enough. In the world of BSA/AML
compliance, independent testing is considered an important pillar whose objective is to
evaluate ‘’the overall adequacy and effectiveness of the BSA/AML compliance program,
including policies, procedures, and processes.’’1
With ever-increasing regulatory pressure, dynamically evolving compliance programs, and
shifting priorities, AML audit must keep pace with the increasing demands and external
forces it faces in the changing landscape of business disruption. Auditors are continually
challenged to anticipate risks faster and communicate to stakeholders quickly, making sure
reports are available on time which in turn will lead to defining the mitigation strategy and
aligning the right teams to resolve findings swiftly. All of this is required without sabotaging
the core of auditing procedures and processes. With traditional auditing methodology,
meeting these expectations seems unattainable.
This white paper will define an alternative approach to conducting AML audit, which will be
helpful in resolving the problems at hand that are faced by the audit committee. This white
paper will also trigger rethinking the outlook of auditing procedures. The aim is to highlight
the key aspects of this alternative methodology, such as gain in responsiveness, incremental
delivery, quick feedback loop, faster turnaround time, and the most significant of all,
a ‘value-driven’ approach.
This methodology is not doing different things, but doing things differently.
Let us deep dive, recognize, and embrace the world of Agile!
1 Bank Secrecy Act/Anti-Money Laundering Examination Manual, FFIEC, 2014, p. 31.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 3
AML Audit Process The objective of conducting AML audit is to provide an assurance to the stakeholders that
the financial institution is adhering to the regulatory requirements. The focus of auditing is
to identify deficiencies and weaknesses that may exist in the policies, procedures, training,
monitoring, and reporting within the AML program.
Why is Auditing Essential? As per the recommendations of FATF: “Financial institutions programmes against money
laundering and terrorist financing should include: an independent audit function to test the
system.”2 Having a robust audit process is necessary to check if the controls, and operations
implemented as a part of the AML program are meeting the regulatory guidelines.
How Is Auditing Performed?
Any quintessential audit has the following stages:3
• Planning and Scoping o Conduct planning sessions with the AML Compliance Officer and other key
stakeholders.
o Understand the business operations and applicable AML regulatory requirements
and expectations.
o Review risk assessments and results of prior internal audits, regulatory exams, and
other external program assessments.
o Determine Audit Objective and Scope.
• Fieldwork and Testing o Review applicable policies and procedures and their documentation. o Conduct interviews with key process owners and share initial gap analysis. o Identify inherent risks and evaluate existing controls to mitigate such risks.
• Recommendations and Reporting o Meet with the AML Compliance Officer and senior management to review results of
work performed, and discuss and validate any control weaknesses identified. o Produce a written report that outlines audit procedures performed, findings
resulting from testing, and recommendations for process and procedure
improvements.
Challenges Encountered
In this disruptive era, the financial institutions need to empower the audit teams so they can
be more flexible, choose risk-based methods, and deliver to stakeholders in much less time.
There are a few challenges prevalent in the current auditing methods as follows:
• Rigid audit planning
• Inefficient delivery cycles
• Hefty documentation
• Delayed feedback loop
• Timely adjustment to growing business needs
2 See http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html 3 Refer to ACAMS Advanced Certification – CAMS Audit program.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 4
Agile – Definition and Offerings Agile is the ability to create and respond to change. It is a way of dealing with, and
ultimately succeeding in, an uncertain and turbulent environment.4 The whole ideology
behind Agile is to be able to adapt quickly, react to business needs, and work on achieving
the priority goals of any organization. In early 2001, the term Agile software development
was coined and was only defined for development purposes, but in time, the concept
evolved and was accepted in different streams as the results of using this methodology
became quantifiable.
Core Values The Agile manifesto comprises four foundational values, shown below. Though there is
value in the items on the right (after the word “over”), in the Agile way of working, there is
more value in- the items on the left.
I. More focus lay on the team members, stakeholders, and the communication
channels established, which will have a huge impact on the quality of deliverables.
II. Incremental product is valued greater than lengthy documentation; by doing this,
the end goal is achieved within the stipulated time frame with insightful results. The
documentation is also briefer and timelier with fewer but meaningful words.
III. The team members in collaboration with stakeholders will prioritize issues and risks.
This is helpful in resource management and for being sharp on factors that
determine business growth and value.
IV. Acclimatizing to high-priority items, as defined by the stakeholders on run time, will
ensure that high value is delivered commensurate with the time invested.
Advantages of Using Agile in Auditing
• Shared realistic findings and advice in brief interval
• Focusing on the risks most crucial for the organization to deliver high value
• Engaging stakeholders early and regularly
• Speeding up delivery cycles
• Frequent interaction and close collaboration with the stakeholders.
4 See https://www.Agilealliance.org/Agile101/
Individuals & Interactions Over Processes & Tools
Working Products Over Comprehensive Documentation
Customer Collaboration Over Contract Negotiation
Responding to Change Over Following a Plan
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 5
Differences between Traditional and Agile Methodology As we move ahead in this white paper, we will have a close look at Agile auditing by defining
a manifesto using the principles of Agile, performing auditing by mapping the processes to
an Agile framework that will enhance AML auditing, keeping the impetus intact.
Before going further, it is very crucial to perceive how Agile methodology is different from
traditional methods and to identify the following advantages of switching to it:
• Adaptability – Being flexible to change is incorporated in the plan itself, so it
becomes much easier for the team to respond to the change if it is encountered
during the process.
• Value Driven – An edge of using Agile is that the scope is not fixed for the entire
duration. Every two to three weeks, the priorities are decided, and scope is altered
depending on the maximum value that can be delivered in the coming cycle.
• Incremental Reporting – With every iteration, a small report will be written based
on the activities picked up in that cycle. The idea is to not wait for the whole project
to be completed and not present a lengthy report. Instead, insightful results are
shared in a timely fashion with fewer words. If the quality of the incremental reports
is not optimum, the stakeholders can notify the audit team during the initial review
cycles. Early feedback for the audit team will help the team improve the report in the
future, resulting in minimal re-working.
• Stakeholder Collaboration – As a part of the review process in Agile auditing, the
audit team interacts with the stakeholders frequently, and a continuous
collaboration model is established which leads to increased trust and transparency.
• Business Value and Risk Exposure – These two parameters move in the opposite
direction as time passes in the process. In Agile, the business value reaches a higher
level quickly as compared to the traditional methods in which, for a long time, the
value as an outcome is minimal, and at the end of the audit it rises a lot. On the
contrary, the risks exposed decrease sharply in the first few weeks of the audit when
using Agile, as compared to the traditional method where the risks remain high for a
longer duration, and then fall steeply in the last stages of the audit.
• Visibility – In the traditional method, the visibility curve takes a ‘U’ shape - high
initially, dropping low for some time, and then rising again at the end of the process.
Whereas, the visibility factor is constantly high when doing auditing in the Agile way,
due to the frequent reviews with stakeholders, depending on the sprint length, so
that the deliverables are always transparent, and progress can be tracked easily.
These sessions are not intensive, so the updates can be shared quickly, and any
representative from the stakeholder can join the session.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 6
Setting Up the AML Auditing Platform with Agile As per the Gartner article of May 2019, “Audit departments must tailor Agile methods to
meet their particular needs and objectives.”5 The offerings of Agile are vast, so it is
important for the organization to select the best possible principles and framework that suit
the structure of the organization and benefit the auditing department.
AML Auditing Manifesto There are 12 principles behind the Agile manifesto that are guiding practices which supports
the teams to implement the Agile way of working. From an auditing perspective, a sample
custom manifesto is designed that can act as the foundation of the AML auditing model
using Agile.
It is imperative to define the manifesto before adopting the methodology. The manifesto
should be commensurate with the financial institution’s goal to move toward Agile auditing
for AML.
The AML audit manifesto using Agile principles described above is not set in stone. It can be
modified as the organization acquires experience with Agile methods, and as the comfort
level of the auditing teams and stakeholders is elevated. For instance, a financial institution
has been working in an Agile manner in other auditing departments for some time, and the
FI wants the same to happen for the AML auditing group, which may also be in a better
position to adopt the changes, and hence the manifesto can be revised accordingly.
5 See https://www.gartner.com/smarterwithgartner/what-Agile-means-for-internal-audit/
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 7
Defining AML Audit Framework Now that we have the AML auditing manifesto, the next step is to choose a framework
offered by Agile and map it to AML auditing. Among the many methodologies offered by
Agile, we will develop our AML auditing processes and procedures using the SCRUM
framework. For auditing purposes, we chose Scrum over other methodologies because the
foundation of the Scrum way of working is empiricism, which means that knowledge comes
from experience and making decisions based on what is known. Scrum supports it
beautifully as it is an iterative, incremental approach that optimizes predictability and
controls risk better.
“Scrum is a framework within which people can address complex adaptive problems, while
productively and creatively delivering products of the highest possible value.”6
Scrum is an umbrella under which several roles, events, and values exist. The base of
different events of Scrum is a “sprint.” The representation of the Scrum framework is
described as follows by scrum.org:
Picture 1
A sprint is a time-box between one to four weeks in which a high-quality incremental item is
potentially released. Every sprint is attached to a goal which determines the target for that
sprint - a flexible plan that will guide to achieving it. The following are the artifacts that will
be used in AML auditing:
• Comprehensive Audit Stack - Once the planning of the AML audit is finalized with
the stakeholders, an AML audit stack will be created with all the items that need to
be accomplished.
6 See https://www.scrum.org/resources/what-is-scrum
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 8
• Audit Sprint Stack – The items from the comprehensive stack will be picked up in a
sprint based on priority, value addition, and independent nature of the item. Any
sprint item is considered complete only when it meets the team’s definition of
“Done”.
The following are different events that will be a part of AML audit execution in sprints:
• Audit Sprint Planning – The entire team will come together to align, discuss and
finalize the list of items that will be picked up in the coming sprint cycle.
• Daily Catch-Up – Every day the team gathers in the morning to discuss the status of
the sprint items along with the challenges, if any.
• Audit Review with Stakeholders – At the end of the sprint, a review will be done
with the stakeholders in order to show-case the progress on the auditing plan,
findings, and incremental reporting, and get quick feedback which may steer the
upcoming cycles.
• Audit Retrospective – If the sprint goal is not achieved, the audit team will
brainstorm on the difficulties encountered and prepare action items to improve the
deliverables in future rounds.
The more mature the auditing teams become, the more value they can deliver in short
durations, keeping intact the higher goals to achieve. The pillars of the Scrum ask the teams
to be transparent about the items they work on with the stakeholders, inspect the activities
closely to understand the shortcomings, and adapt to the best practices based on the
learning in order to accelerate growth and success as a team.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 9
Conducting Transaction Monitoring Audit Using Agile – A sample for Finer
Understanding In the previous section, we have explained the Agile framework, which will be best suited to
the AML auditing teams, and here we will connect the framework with the AML audit
activities.
For the purpose of understanding of how the sprints will look like for an AML audit plan, we
are using transaction monitoring as the audit area. Before we go into the details, let us
quickly define transaction monitoring.
The high-level steps that will be involved in auditing the financial institutions transaction
monitoring system are:
• Planning
• Policies, procedures, and processes
• Understanding and analyzing the risk assessment
• Monitoring and detecting
• Investigation and SAR filing
• Resourcing, training, and awareness
The complete audit plan of the transaction monitoring system has been plotted in the
Scrum framework (refer to Picture 2):
I. All the major steps in the audit plan have been mapped to a sprint goal, which
means that the audit team will be focused to complete only that step in a sprint.
II. Looking at the activities involved, the plan set out for now is of twelve weeks.
III. For this exercise we have a two week sprint, so there will be six sprints in total.
IV. Some audit stories have also been added for reference purposes; however, all the
stories will be defined by the teams when preparing the audit stack and later.
V. Each sprint will be composed of:
a. audit sprint planning – to prepare stories, prioritize, and set the sprint goal;
b. daily catch-up (15 minutes) – to discuss status of stories and impediments, if
any;
c. audit review with stakeholders – interaction, feedback, discussing insights of
the findings with stakeholders and showing incremental reporting; and
d. audit retrospective – to discuss with the team the findings and improvements
for the next cycle based on the challenges faced by the team in that sprint.
VI. The activities to be performed in any sprint will be included in the form of audit
stories.
‘The process of monitoring transactions of the customer to determine if there is
any suspicious behavior shown by the customer, which is not relevant to the
customer profile and should be reported to FIU’.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 10
Picture 2
Top-Ups
• Combining the incremental reports will be in the team’s definition of “Done”, so
from the second sprint onwards, the consolidated documentation will be available;
at the end of the last sprint, the whole report will be ready.
• An audit stack will be prepared in the beginning, based on the initial plan, which will
be extended in real time, and the items will be included in upcoming sprints based
on priority.
• Parallel audits of different components of compliance like CDD; screening can also be
conducted using Agile if proper resourcing is available.
Week 1
Sprint 1
Sprint Goal: Planning
Story 1 – Understand the business units based on customers, products, geographies, services offered by the financial institution. Story 2 – Gather all the necessary resources, artifacts required to conduct the audit.
Sprint Activities:
Day 1:
Audit sprint planning
Day 2 to 10:
Daily catch-up
Day 10: Audit review with
stakeholders
Day 10: Audit
retrospective
Week 2
Week 3
Sprint 2
Sprint Goal: Policies, procedures, and processes
Story 1 – Assess the documentation available for adequacy, accuracy Story 2 – After analysis, arrive at the scope of testing.
Week 4
Week 5
Sprint 3
Sprint Goal: Understanding and analyzing the risk assessment
Story 1 – Understand the red flags, modus operandi identified. Story 2 – Analyze if the risk assessment matches the risk appetite of the financial institution along with the coverage of the risks.
Week 6
Week 7
Sprint 4
Sprint Goal: Monitoring and detecting
Story 1 – Verify the controls that are set up to monitor the transactions for sufficiency, risk based, relevance to the market. Story 2 – Assess the alerts that are generated from these controls along with the data quality.
Week 8
Week 9
Sprint 5
Sprint Goal: Investigation and SAR filing
Story 1 – Check the alert handling process, timeliness, workflow to have a complete view of the operations. Story 2 – Validate if the correct SAR’s have been filed, quality of SAR and follow up.
Week 10
Week 11
Sprint 6
Sprint Goal: Resourcing, training, and awareness
Story 1 – Confirm if there are enough resources to support the alert generation/investigation process based on the size of the financial institution. Story 2 – Identify the knowledge gaps which can impact the overall process.
Week 12
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 11
What Is in It for You/Stakeholders? So far, we have tried to establish the benefits of performing AML auditing using Agile and
how it will be able to deliver high value, even in this disruptive business environment.
However, not everyone who is responsible or an essential entity connected to the auditing
process may be fully aware of what we are aiming toward. Let us try to put ourselves in
their shoes and answer some unanswered questions.
Apart from the core audit team who is executing most of the activities, there are four major
stakeholders that are directly/indirectly connected to the initiation/results of the audit. It is
of utmost importance that all these stakeholders are in this journey together.
• Regulators
The key expectation of any regulatory body from a financial institution is that there
is transparency with regard to the AML risk coverage from the audit perspective
which is very high when it is performed with the Agile auditing framework defined
earlier. The flexibility in the audit planning to accommodate high-risk items will help
the regulators feel confident in executing the auditing in Agile manner. In a short
span of time, regulators can receive the incremental reporting of the audit items
picked up so far and the insights on the findings related to them, which will also help
them to give quick feedback. Let us elaborate on this approach further to understand
it better from a regulator perspective:
I. It is imperative to highlight that this method does not change what we do but
is more oriented on how we do it, which is better in multiple aspects such as
transparency, anticipating risks, flexibility, and more responsive risk
management.
II. Once the AML audit area is identified and discussed with the stakeholders a
comprehensive audit stack will be prepared that will have the list of all the
items to be covered in the audit highlighting the risk coverage. Based on the
priority and the risk involved, these items will be moved to the audit sprint
stack to be picked up for auditing. Throughout this process there will be
utmost transparency, as at any given point of time any stakeholder as well as
the regulator can be shown the coverage defined, and supporting
documentation in the form of reporting -will be presented in shorter
durations for impactful insights.
III. As the complete plan will be divided in sprints, the regulators can already
predict the completion timelines of the audit plan, along with the information
of what every sprint comprises. At any moment, the progress can be
presented to the regulators with sprint completion items and incremental
reporting.
IV. As the audit teams move on in the sprints, more risks will be covered. If there
is a new high-risk item identified within the AML domain that needs to be
looked into, due to the flexibility of the auditing in the Agile way, this risk can
be refined, added in the audit stack, and picked up in the next cycle.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 12
• Board of Directors/Senior Management
The objective of senior members of the financial institution is to make sure that the
institution is compliant with the right regulations, and, if not, then early signals
highlighting the gaps become vital. As senior management hates surprises, by using
the Agile auditing framework, the shortcomings (if any) will be reported at the end of
every cycle; using this, the necessary actions can be picked up to close the gap as
soon as possible to be more compliant. The idea is that if a representative from the
management attends the review sessions, the message can go up the chain to the
level of board members. Also, with every such cycle, the business value will increase,
and the compliance risk exposure of the financial institution will go down, which in
my eyes is indispensable if you are serving in the capacity of a board member.
• Compliance Department
As a second line of defense, the compliance officer, MLROs (money laundering
reporting officer) of any financial institution are held responsible if there are any
AML risks that are not resolved/closed on time. In the Agile auditing framework, the
audit team will work in close collaboration with the compliance people in order to
gain response time, share findings, and also understand if there are any new controls
that need to be audited along the way. The compliance teams can quickly get in
touch with the delivery teams who can do the required changes in the controls to fix
the findings. In an ideal scenario, the delivery teams are also working Agile; then a
continuous loop of Find->Report->Fix is set up, which makes this whole process so
much more fruitful.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 13
Guidelines for a Smooth Transformation and Avoiding Pitfalls It is an endeavor to transform an organization from a traditional mindset of working to an
immensely flexible way of working. To reap the complete benefits of the Agile auditing, a
very important attribute that needs to be adhered to is being adaptable. A very famous
quote by Mahatma Gandhi on adaptability is: “Adaptability is not imitation. It means
power of resistance and assimilation.” Any financial institution that wishes to embrace the
AML Agile auditing methodology has to be prepared to adapt to the new way of working,
mold it as per the organization business prospects, and make everyone in the chain fully
aware of the inherent practices before implementation. It could be a big cultural change for
the auditors to start thinking Agile, which can be supported by deploying Agile coaches who
can help in assisting with the shift in mindset.
There are some strategies proposed here that can be utilized to make this transformation
smoother for the entire group:
• Mock-Up
An attempt can be made to do a small audit assignment following the defined
framework, principles, and practices to realize the challenges that the team could
face when executing a crucial AML audit like transaction monitoring. This audit
assignment can be considered as a ‘dress rehearsal’ of the auditing plan, which the
team is supposed to do next. This could help immensely in boosting the confidence
of the team(s) and make them ready for the future.
• Following the Model of Peers
If there are any similar financial institution(s) that have transformed their
organizations to AML Agile auditing, it is always good to know the best practices they
adopted to make the journey successful. It is indeed judicious to learn from the
mistakes of others as it will be helpful to be more effective and efficient in your own
journey of transformation. If possible, some sessions can be arranged to get to know
the details of the planning that was employed by the early adopters.
• Support from the Top
In any business transformation process, if the management of an organization is
supportive, reliable, and communicative, the results tend to be positive. The same
ideology applies when the shift being done is to compliance audits using Agile.
Management needs to arrange adequate resourcing, set realistic timelines, get-
educated in order to communicate with the teams who are playing the main role in
this movement.
• Certifications
Getting to know the theoretical aspects is the steppingstone to most of what we do.
There are multiple certifications available that can provide knowledge on values,
principles, and pillars that could very well be a good starting point for the auditing
teams to theoretically grasp the concepts before applying professionally.
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 14
Managing Pitfalls of Moving to Agile Auditing As there is not a lot of independent research currently available to confirm that the Agile
auditing will always yield good results, the initial informal evidence is providing very positive
signs. There are some hurdles that organizations must overcome to ensure their Agile audits
have the best chance of success:
• Shift in Frame of Mind
The transition to Agile auditing can be challenging for the team members as it
involves a big cultural change. Agile auditing overtakes existing processes, which may
create anxiety among teams resistant to change. A quote from Bruce Lee emphasizes
how the shift in frame of mind can be undertaken: “If you want to learn to swim,
jump into the water. On dry land, no frame of mind is ever going to help you.”
We can address this change of mentality by dedicating ourselves to a few steps:
I. Agile Coaching – The professionals who have been helping organizations in
this journey can help immensely in providing the right guidance required to
understand the nitty-gritty of Agile as a concept and to embed Agile methods
into auditing functions effectively.
II. Focusing on what matters – In spite of the huge cultural change that Agile
auditing brings, the end goal is to make sure that the financial institution is
compliant. The auditing team should always keep in mind that the new
process will allow them to be more efficient by refining the risk based
approach to auditing, and to avoid repetition of tasks, which will save time
leading to improving the quantity and quality of audit work done in areas
that matter the most to the organization.
III. Peer Attestation – Besides the official Agile certifications recommended, a
peer assessment can be introduced: Teams that are more mature in this
process assess the maturity of other teams and certify them if they meet the
standards. The results could be stunning: As colleagues can be stricter toward
each other, much higher quality of standards can result amongst teams and
benefit the whole group.
• Team Composition Formation of the teams in Agile auditing can be a challenge as there is heavy reliance on the team members’ skills and knowledge required to achieve the sprint goals. Multiple skills like interpersonal, business knowledge, and reporting are necessary. The aim is to have a team with correct skills and expertise to accomplish the team’s task, ensuring efficiency and transparency.
• Adopting It All
Trying to adopt all aspects of Agile is counterproductive and goes against the core principles of Agile methodologies.7 Every organization is different, so it is suggested to apply the best practices of Agile that suit the organization set-up, and to execute them in a phased manner as it requires a cultural and mindset shift.
7See https://blog.protiviti.com/2020/01/27/Agile-internal-audit-how-to-audit-at-the-speed-of-risk/
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 15
Conclusion Performing auditing using Agile methodology enables the audit departments to highlight the
risks that become prominent for the business with a priority of making sure that a close
alliance with the stakeholders throughout the audit process is maintained. As the goals of
the audit cycles are crisp and clear, the findings are reported to management in shorter
intervals with appropriate evidence. As the information is conveyed to management quickly,
management can address the risks exposed faster and help the financial institution become
more efficient.
According to a research done by PricewaterhouseCoopers (PWC), only 44% of organizations
said their internal audit department provided significant value in 2017. This had dropped
from 54% in 2016, indicating stakeholder expectations are rising.8 By 2018, Barclays had
committed to becoming a 100% Agile internal audit function,9 having seen greater
engagement among audit teams and a 10–20% reduction in time spent per audit.10 Early
signs of companies adopting the Agile way of working within their auditing departments
suggests that this will probably transform the way auditors are perceived in the financial
institution.
The 2019 report of Protiviti11 shows that most of the organizations are already moving
toward Agile auditing or planning to in the next two years, considering multiple factors that
will benefit the audit departments and the organization on multiple levels.
The next generation of auditors will count on the amount of value they are adding to the
organization keeping the focus on risks and delivering high-quality results in small intervals
to be the front runners of leading the change within an organization, meaning being Agile.
8 See https://www.pwc.com/us/en/risk-assurance/sotp/2017-state-of-the-internal-audit-profession-report.pdf 9 See https://www.iia.org.uk/media/1689626/6-chris-spedding-Agile-auditing.pdf 10 See https://www.barclaysimpson.com/blogs/how-can-Agile-methods-add-value-to-internal-audit-82774132037 11 See https://www.protiviti.com/sites/default/files/united_states/insights/2019-ia-capabilities-and-needs-survey-protiviti.pdf
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 16
References
Agile Alliance. (n.d.). Advancing the practice of Agile [home page]. Retrieved from:
https://www.agilealliance.org
Berger, L. (2020, January 27). Agile internal audit: How to audit at the speed of risk. Protiviti.
Retrieved from: https://blog.protiviti.com/2020/01/27/agile-internal-audit-how-to-
audit-at-the-speed-of-risk
Boulderstone, I. (2018, April 10). How can Agile methods add value to internal audit?
Barclay
Simpson. Retrieved from: https://www.barclaysimpson.com/blogs/how-can-Agile-
methods-add-value-to-internal-audit-82774132037
Deloitte. (2017). Part 1: Understanding agile internal audit and Part 2: Putting agile internal
audit into action. Retrieved from:
https://www2.deloitte.com/us/en/pages/advisory/articles/agile-internal-audit-
planning-performance-value.html
Federal Financial Institutes Examination Council (FFIEC). (2014). Bank secrecy act/anti-
money laundering manual. Retrieved from:
https://bsaaml.ffiec.gov/docs/manual/BSA_AML_Man_2014_v2_CDDBO.pdf
Financial Action Task Force (FATF). (2019, June). The FATF recommendations. Retrieved
from: http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-
recommendations.html
Price Waterhouse Cooper. (2017, March). State of the internal audit profession study:
Staying the course toward true north: Navigating disruption. Retrieved from:
https://www.pwc.com/us/en/risk-assurance/sotp/2017-state-of-the-internal-audit-
profession-report.pdf
Price Waterhouse Cooper. (2018). Agile auditing: Mindset over matter. Retrieved from:
https://www.pwc.co.uk/audit-assurance/assets/pdf/agile-auditing.pdf
Protiviti. (2019). Embracing the next generation of internal auditing. Retrieved from:
https://www.protiviti.com/sites/default/files/united_states/insights/2019-ia-
capabilities-and-needs-survey-protiviti.pdf
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 17
Scrum.org. (n.d.). Welcome to the home of Scrum [home page]. Retrieved from:
https://www.scrum.org
Spedding, C. (2018, February). Barclay’s internal audit: “Better, quicker, faster”—Our agile
journey.
Barclays. Retrieved from: https://www.iia.org.uk/media/1689626/6-chris-spedding-
Agile-auditing.pdf
Agile – Enhancing AML Audit and Moving It Forward
P a g e | 18
Appendix
“12 Principles behind the Agile Manifesto.” See
https://www.Agilealliance.org/Agile101/12-principles-behind-the-Agile-manifesto/
“Agile Methodologies”. See
https://www.blueprintsys.com/Agile-development-101/Agile-methodologies
“What is Scrum?” The Scrum Guide. See
https://www.scrum.org/resources/what-is-scrum