Improving auditor effectiveness in assessing KYC/AML practices: Case study in a Luxembourgish context

Purpose - The purpose of this paper is to report on the suitability of an ISO standard to create an internal control assessment model, which effectively acts as a control system template and mental model to evaluate compliance with the Know Your Customer (KYC) and anti-money laundering (AML) requirements in the Luxembourg retail and private banking sector. Design/methodology/approach - This paper used a qualitative approach with various focus groups and case studies, to elaborate and validate the developed model through methodological triangulation. Findings - The proposed assessment model has a matrix structure that facilitates the incorporation of checklists and narratives to ensure effective testing of controls and its structure allows targeting specific areas of risk in the identified KYC/AML processes. Research limitations/implications - The development of the model tended to be time consuming and could explain why matrix formats are used less often and the traditional limitations of a qualitative research apply. Practical implications - The model can be used to combine various reporting formats on internal control, hence the audit effectiveness can be increased and information asymmetries can be reduced. Originality/value - The proposed assessment model offers an innovative approach because it combines a process view of the business with an internal control view. Research in internal control assessment models has been very limited in the past years.

[1]  Andreas G. Koutoupis,et al.  Risk based internal auditing within Greek banks: a case study approach , 2009 .

[2]  Jane F. Dye,et al.  Constant Comparison Method: A Kaleidoscope of Data , 2000 .

[3]  James E. Hunton,et al.  Do Client‐Prepared Internal Control Documentation and Business Process Flowcharts Help or Hinder an Auditor's Ability to Identify Missing Controls? , 2009 .

[4]  Miklos A. Vasarhelyi,et al.  An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment , 2009, Int. J. Account. Inf. Syst..

[5]  Ronald R. King,et al.  An Experimental Investigation of Approaches to Audit Decision Making: An Evaluation Using Systems‐Mediated Mental Models* , 2001 .

[6]  Andrew Pettigrew,et al.  On studying managerial elites , 1992 .

[7]  Arnold M. Wright,et al.  Does the Adoption of a Business Risk Audit Approach Change Internal Control Documentation and Testing Practices , 2004 .

[8]  E. Fama,et al.  Separation of Ownership and Control , 1983, The Journal of Law and Economics.

[9]  P. Alldridge Money Laundering and Globalization , 2008 .

[10]  B. Berg Qualitative Research Methods for the Social Sciences , 1989 .

[11]  P. Johnson-Laird Mental models , 1989 .

[12]  T. D. Wilson,et al.  Review of: Berg, Bruce L. Qualitative research methods for the social sciences, 6th ed. Boston, MA: Allyn and Bacon, 2007 , 2008, Inf. Res..

[13]  A. Wright,et al.  Form vs. Substance: The Implications for Auditing Practice and Research of Alternative Perspectives on Corporate Governance , 2010 .

[14]  S.E.C. Purvis,et al.  THE EFFECT OF AUDIT DOCUMENTATION FORMAT ON DATA COLLECTION. , 1989 .

[15]  David McNamee,et al.  Risk Management: Changing the Internal Auditor's Paradigm , 1998 .

[16]  M. Groenhuijsen,et al.  Balancing financial threats and legal interests in money-laundering policy , 2005 .

[17]  Liliya Y. Gelemerova On the frontline against money-laundering: the regulatory minefield , 2009 .

[18]  G. Sarens,et al.  Internal audit: A comfort provider to the audit committee , 2009 .

[19]  Jean C. Bedard,et al.  KRiskSM: A Computerized Decision Aid for Client Acceptance and Continuance Risk Assessments , 2002 .

[20]  J. Harvey,et al.  Crime-money, reputation and reporting , 2009 .

[21]  K. Raghunandan,et al.  Audit Committee Composition, “Gray Directors,” and Interaction with Internal Auditing , 2001 .

[22]  R. Moeller Managing internal auditing in a post-SOA world , 2004 .

[23]  Robert E. Hoskisson,et al.  The Composition of Boards of Directors and Strategic Control: Effects on Corporate Strategy , 1990 .

[24]  R. Yin Case Study Research: Design and Methods , 1984 .

[25]  Randy Stoecker,et al.  Evaluating and Rethinking the Case Study , 1991 .

[26]  Hans Geiger,et al.  The fight against money laundering , 2007 .

[27]  K. Eisenhardt Agency Theory: An Assessment and Review , 1989 .

[28]  David L. Morgan,et al.  Focus groups: A new tool for qualitative research , 1984 .

[29]  Deborah S. Archambeault,et al.  Audit Committee Effectiveness: A Synthesis of the Empirical Audit Committee Literature , 2002 .

[30]  N. Passas Structural sources of international crime: Policy lessons from the BCCI Affair , 1993 .

[31]  Marcia L. Weidenmier,et al.  Research Opportunities in Information Technology and Internal Auditing , 2006, J. Inf. Syst..

[32]  Bruce Zagaris The Merging of the Counter-Terrorism and Anti-Money Laundering Regimes , 2002 .

[33]  R. Rao,et al.  The determinants of board composition: An agency theory perspective , 1995 .

[34]  Frances J. Milliken,et al.  Cognition and corporate governance: Understanding boards of directors as strategic decision making groups , 1999 .

[35]  I. Dey Qualitative Data Analysis: A User Friendly Guide for Social Scientists , 1993 .

[36]  William F. Messier,et al.  An Experimental Assessment of Recent Professional Developments in Nonstatistical Audit Sampling Guidance , 2001 .

[37]  G. Nicholson,et al.  Can Directors Impact Performance? A Case-Based Test of Three Theories of Corporate Governance , 2007 .

[38]  Joseph V. Carcello,et al.  Fraudulent Financial Reporting: Consideration of Industry Traits and Corporate Governance Mechanisms , 2000 .

[39]  M. Patton,et al.  Qualitative evaluation and research methods , 1992 .

[40]  N. Denzin The research act: A theoretical introduction to sociological methods , 1977 .

[41]  S. Ross The Economic Theory of Agency: The Principal's Problem , 1973 .

[42]  Martin Gill,et al.  Preventing Money Laundering or Obstructing Business?: Financial Companies' Perspectives on 'Know Your Customer' Procedures , 2004 .

[43]  Brian W. Mayhew,et al.  Why do audits fail? Evidence from Lincoln Savings and Loan , 2000 .

[44]  Albert A. Cannella,et al.  Corporate Governance: Decades of Dialogue and Data , 2003 .

[45]  M. C. Jensen,et al.  THEORY OF THE FIRM: MANAGERIAL BEHAVIOR, AGENCY COSTS AND OWNERSHIP STRUCTURE , 1976 .