Skip to main content

CAMS-Audit study lessons

CAMS Audit Specialty25 free, citation-backed lessons covering every exam domain. Read on any device, no login.

Start with Lesson 01 →
  1. 01Welcome: Auditing the AML Program (and This Exam)Start here. Understand what the Advanced CAMS-Audit credential tests, why audit is the independent third line of defense, and how to use the learn-test-review loop to prepare with serious, structured study.5 min read
  2. 02The Three Lines of Defense and Where Audit SitsMaster the three lines of defense and learn to sort any AML activity into the line that owns it. A core exam skill: knowing why audit must test work it never performed.4 min read
  3. 03Independence, Objectivity, and Conflicts of InterestSeparate organizational independence from individual objectivity, name the four threats the exam loves (self-review, familiarity, self-interest, pressure), and learn the safeguards that protect the third line.4 min read
  4. 04Governance, the Board, and the Audit CommitteeSee how the board and audit committee approve the plan, receive findings directly, and hold management accountable. Learn why direct reporting keeps audit findings from being filtered or softened.4 min read
  5. 05Internal vs. External Audit; Co-Sourcing and QualificationsCompare internal audit, external auditors, and consultants as independent-testing providers, learn when to co-source specialist work, and remember the rule the exam tests: outsourcing never transfers accountability.4 min read
  6. 06The Audit Lifecycle and Continuous MonitoringGet the full engagement map, plan, fieldwork, report, follow-up, plus continuous monitoring and CAATs. The lifecycle that mirrors the four exam modules and frames every lecture ahead.4 min read
  7. 07Risk-Based Audit Planning and the Audit UniverseBuild an audit universe and prioritize it by risk so coverage and frequency follow exposure, not habit. Learn to document the rationale that defends your plan to a regulator.4 min read
  8. 08Using the Enterprise-Wide AML Risk Assessment to ScopeLearn how the institution's AML risk assessment drives audit scope, and why the auditor both uses it and tests it. Keep inherent, control, and residual risk straight, and spot unsupported ratings.4 min read
  9. 09Scoping the Engagement: Objectives, Resources, Risk AppetiteTurn a risk picture into a concrete engagement with clear scope, objectives, criteria, and resources. Connect risk appetite and key risk indicators to your scope, and handle scope limitations the right way.4 min read
  10. 10Incorporating Regulatory Findings, Prior Issues, and CoveragePlan from history: fold prior findings, MRAs, and open issues into scope, run look-backs after a control failure, and close coverage gaps. Learn why recurring findings point to a systemic root cause.4 min read
  11. 11Sampling Methodology: Statistical vs. JudgmentalOne of the most testable skills on the exam. Distinguish statistical from judgmental sampling, choose by the conclusion you need, size by risk, and avoid over-projecting a small judgmental sample.4 min read
  12. 12Evidence, Documentation, and the Testing StrategyRank evidence by reliability (re-performance beats inquiry), pick the right testing technique, and document workpapers so a reviewer can re-trace your work, because an undocumented conclusion is unsupported.4 min read
  13. 13Design Effectiveness vs. Operating EffectivenessThe heart of fieldwork. Learn to tell whether a control is built right from whether it actually runs as built, and why getting the diagnosis right sends management to the correct fix.5 min read
  14. 14Auditing the Enterprise-Wide Risk AssessmentAudit the risk map itself: test methodology, inputs, and conclusions, reconcile it to the real business to find gaps, and flag residual ratings that don't match the control strength you observe.4 min read
  15. 15Auditing the AML Pillars and the Fifth Pillar (CDD/BO)Test all five AML program pillars, including the fifth pillar, beneficial ownership under 31 CFR 1010.230. Learn why an empowered BSA officer and a truly independent test are auditable, not just box-ticked.4 min read
  16. 16Auditing CDD, EDD, and KYC File ReviewsRun risk-based file reviews that surface missing, stale, and contradictory data, test whether EDD is performed and not just promised, and re-rate customers to expose flawed models and unjustified overrides.4 min read
  17. 17Auditing Transaction-Monitoring Systems: Coverage and TuningAudit TM coverage, thresholds, and the crucial above- and below-the-line testing that reveals whether tuning misses real risk, plus the alert-handling patterns that signal investigators are mass-closing.4 min read
  18. 18Model Risk Management and Validation (SR 11-7)Treat AML systems as models under SR 11-7. Learn the three pillars, why validation must be independent of the builders, and the recurring findings: stale tuning, missing inventory, and vendor black boxes.4 min read
  19. 19Auditing Sanctions / OFAC ScreeningAudit strict-liability sanctions screening: list currency, coverage, fuzzy-matching logic, and alert clearing. Learn why tight matching risks dangerous false negatives and undocumented clearing breeds violations.4 min read
  20. 20Auditing SAR/CTR Quality, Timeliness, and RecordkeepingTest SAR and CTR decisioning in both directions (including the no-file population), judge narrative quality and binary timeliness, and confirm records are retained, protected, and retrievable.4 min read
  21. 21Data Integrity, Completeness Testing, and Root-Cause AnalysisBad data silently breaks good controls. Learn completeness testing that reconciles source to platform, accuracy and lineage checks, and root-cause analysis that drives durable, not cosmetic, remediation.5 min read
  22. 22Writing Findings and Rating Issues (Severity × Likelihood)Structure a finding (condition, criteria, cause, effect, recommendation), rate it low/medium/high by severity and likelihood, and judge materiality individually and in aggregate so systemic patterns surface.5 min read
  23. 23Reporting to Management and the Board/Audit CommitteeWrite objective, audience-aware reports, handle the management response without erasing supported findings, and deliver significant findings to the board directly so independence holds all the way up.4 min read
  24. 24Remediation Tracking, Validation, and Follow-up StrategyClose the loop the right way: track issues to confirmed closure, validate fixes by re-testing instead of accepting attestation, and treat recurring findings as proof the root cause was never addressed.5 min read
  25. 25Exam Day: Strategy, Pitfalls, and Final ReviewPull it all together. Study in proportion to the module weightings, read scenarios for the audit issue, dodge the classic distractors, and walk into exam day with a calm, disciplined plan.5 min read

Get every CAMS-Audit lesson + the full question bank

Drop your email and we'll send new lessons and unlock the complete CAMS-Audit practice bank.

I'll email you when CAMS-Audit lessons drops. No spam, unsubscribe anytime.

By signing up, you agree to our Privacy Policy and Terms.

Or jump straight to CAMS-Audit practice questions →