What must be completed for auditable entities during the AML audit risk assessment?

For an effective anti-money laundering (AML) audit risk assessment, it is essential that the internal audit function has completed its assessment of the auditable entities. This is crucial because the internal audit provides an independent evaluation of the entity’s processes, controls, and overall compliance with AML regulations.

The internal audit's role encompasses analyzing previous audit findings, evaluating the effectiveness of existing controls, and identifying potential areas of weakness. This comprehensive understanding helps inform the risk assessment process by highlighting which areas require closer scrutiny and which may have already been addressed satisfactorily.

The assessment conducted by the internal audit can also provide valuable insights into the operational aspects and risks specific to the organization, ensuring that the AML audit is grounded in the most current and relevant information about the entity's transaction patterns, customer base, and regulatory environment. Thus, referencing internal audits helps auditors to prioritize their focus on areas that are most at risk, streamline the audit process, and enhance the overall quality of the audit.