PracticeStudy GuidesBlogFlashcardsEspañol
All Practice Exams

100+ Free CAMS-Audit Practice Questions

Pass your ACAMS Advanced CAMS - Audit (CAMS-Audit) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not published Pass Rate
100+ Questions
100% Free
1 / 10
Question 1
Score: 0/0

Which framework is most commonly referenced as the authoritative standard for internal audit practice globally, including AML audits?

A
B
C
D
to track
2026 Statistics

Key Facts: CAMS-Audit Exam

90

Exam Questions

ACAMS

75%

Passing Score

ACAMS

3 hours

Exam Duration

ACAMS

$1,695-$2,595

Program Cost

ACAMS (package-dependent)

3 years

Validity

ACAMS (45 CE credits to recertify)

CAMS required

Prerequisite

Active ACAMS membership + base CAMS

CAMS-Audit is an advanced specialty from ACAMS for AFC auditors. The exam has 90 questions (including multiple-select and case-based items) over 3 hours with a 75% passing score and a $1,695-$2,595 fee depending on package. Candidates must hold active CAMS certification. The credential is valid for 3 years and requires 45 ACAMS continuing education credits (minimum 15 from ACAMS) to recertify. Exam is delivered via Pearson VUE (test center or online proctored).

Sample CAMS-Audit Practice Questions

Try these sample questions to test your CAMS-Audit exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which framework is most commonly referenced as the authoritative standard for internal audit practice globally, including AML audits?
A.COSO Internal Control-Integrated Framework
B.IIA International Professional Practices Framework (IPPF)
C.FFIEC BSA/AML Examination Manual
D.FATF 40 Recommendations
Explanation: The IIA International Professional Practices Framework (IPPF) is the authoritative conceptual framework that organizes the mandatory and recommended guidance promulgated by the Institute of Internal Auditors. It governs how internal audits, including AML audits, are planned and executed. COSO is a control framework, FFIEC is examination guidance, and FATF sets AML policy standards, not audit practice standards.
2What is the primary purpose of a risk-based AML audit approach?
A.To audit every transaction individually
B.To focus audit resources on areas of highest money laundering risk
C.To replace the need for a compliance program
D.To eliminate the need for regulatory examinations
Explanation: A risk-based AML audit approach allocates audit resources proportionate to the level of money laundering, terrorist financing, and sanctions risk identified. Higher-risk areas (e.g., correspondent banking, PEPs, cash-intensive businesses) receive more extensive testing than lower-risk areas, which maximizes audit effectiveness and efficiency.
3Which U.S. regulatory manual is the primary reference for AML examination procedures for banks and is frequently cited by AML auditors?
A.SEC Enforcement Manual
B.FFIEC BSA/AML Examination Manual
C.OCC Comptroller's Handbook on Derivatives
D.FINRA Rule 3310 Manual
Explanation: The FFIEC (Federal Financial Institutions Examination Council) BSA/AML Examination Manual provides uniform examination procedures used by federal banking regulators (Fed, OCC, FDIC, NCUA) and is widely adopted by AML auditors to benchmark program adequacy. It is updated regularly, with recent updates in 2024-2026 reflecting evolving risks such as crypto and third-party risk management.
4What does the acronym 'COSO ERM' stand for, and why is it relevant to AML audits?
A.Committee of Sponsoring Organizations Enterprise Risk Management — provides a framework for integrating risk management across the enterprise, including financial crime risk
B.Compliance Operations and Supervisory Oversight Enterprise Risk Management — a sanctions-screening framework
C.Corporate Oversight and Standards Organization Enterprise Risk Manual — an ACAMS-issued document
D.Consolidated Overseas Supervisory Organization Enterprise Risk Matrix — a FATF tool
Explanation: COSO ERM (Committee of Sponsoring Organizations of the Treadway Commission — Enterprise Risk Management) provides a globally recognized framework for integrating risk management across an enterprise. AML auditors use it to evaluate how well ML/TF risk is integrated with overall enterprise risk, strategy, and performance.
5Under the BSA, which of the following is NOT one of the required pillars of an AML program?
A.Designation of a BSA/AML Compliance Officer
B.Independent testing
C.Written policies, procedures, and internal controls
D.Mandatory external criminal background checks on all customers
Explanation: The BSA's five pillars are: (1) internal controls (policies, procedures, controls), (2) designated BSA/AML officer, (3) ongoing training, (4) independent testing, and (5) risk-based CDD (including beneficial ownership). Mandatory external criminal background checks on all customers is not a pillar — CIP/CDD verifies identity, but not criminal history for all.
6An auditor reviews the institution's enterprise-wide AML risk assessment. Which of the following is the MOST significant red flag?
A.The risk assessment is refreshed annually
B.It covers all products, services, customers, and geographies
C.It was last updated 4 years ago and does not reflect new virtual-asset products the bank launched
D.It uses a 5-point risk-rating scale
Explanation: A risk assessment that is 4 years old and does not reflect newly launched products (especially high-risk ones like virtual assets) is a critical deficiency. FFIEC and regulators expect the risk assessment to be dynamic — updated when material changes occur (new products, services, geographies, customer types, or when threats evolve).
7What are the four minimum pieces of identifying information a U.S. bank must collect from a customer under the Customer Identification Program (CIP) rule?
A.Name, date of birth, address, and identification number (e.g., SSN or ITIN)
B.Name, employer, annual income, and account purpose
C.Name, phone number, email, and photo ID
D.Name, occupation, net worth, and source of wealth
Explanation: Under the BSA CIP rule (31 CFR 1020.220), a covered financial institution must collect at minimum: (1) name, (2) date of birth (for individuals), (3) address, and (4) identification number (SSN for U.S. persons or passport/other for non-U.S. persons). Other items (income, occupation) are part of CDD/EDD but are not CIP minimums.
8Under FinCEN's CDD Rule, a legal entity customer opening an account must identify beneficial owners owning at least what percentage of equity?
A.10%
B.15%
C.25%
D.50%
Explanation: The FinCEN CDD Rule (effective 2018) requires legal entity customers to identify each individual owning 25% or more of equity and one individual with significant control (the 'control prong'). The 25% threshold is the standard BO identification threshold for account opening.
9When testing the transaction monitoring system, an auditor notices the bank has not tuned alert scenarios in 5 years despite significant business growth. Which audit finding category is MOST appropriate?
A.Low-severity administrative finding
B.Model risk management (SR 11-7) deficiency
C.Training deficiency
D.Customer identification gap
Explanation: Unchanged alert thresholds and scenarios despite growth and changing risk profile is a classic model risk management (MRM) deficiency under Federal Reserve SR 11-7. TM systems are considered models, and they must be periodically tuned, back-tested, and validated as the environment changes. This is typically a significant (high-severity) finding.
10What is the primary regulatory purpose of an independent AML testing review?
A.To replace the BSA Officer role
B.To provide an unbiased assessment of AML program adequacy and compliance with regulatory requirements
C.To train staff on new AML rules
D.To approve new products for launch
Explanation: Independent testing is one of the five pillars of an AML program under the BSA. Its purpose is to provide management and the board with an unbiased evaluation of whether the program is adequately designed, effectively implemented, and compliant with regulatory requirements. It is typically conducted by internal audit or a qualified third party.

About the CAMS-Audit Exam

The Advanced CAMS-Audit certification is ACAMS' specialist-level credential for AFC auditors. It validates advanced competency in independently assessing and testing AML/CFT/sanctions controls, using risk-based audit methodology aligned with the IIA IPPF, COSO ERM, and FFIEC BSA/AML Examination Manual. Topics span AML program audit (governance, risk assessment, CIP/CDD/EDD, transaction monitoring, SARs, CTRs, beneficial ownership, OFAC, training, independent testing), sampling methodologies, audit evidence, findings and reporting, regulatory enforcement interpretation, and audit of AML technology (model risk management under SR 11-7, alert tuning, data governance).

Questions

90 scored questions

Time Limit

3 hours

Passing Score

75%

Exam Fee

$1,695-$2,595 (ACAMS / Pearson VUE)

CAMS-Audit Exam Content Outline

ACAMS does not publish exact weights

AML Audit Frameworks

IIA International Professional Practices Framework (IPPF), COSO ERM, FFIEC BSA/AML Examination Manual, three lines of defense, audit universe, independence, professional skepticism, Wolfsberg AFC audit principles.

ACAMS does not publish exact weights

AML Program Components

BSA five pillars, risk assessment, CIP, CDD, EDD, beneficial ownership, transaction monitoring, SAR/CTR reporting, OFAC sanctions screening, PEPs, correspondent banking, training.

ACAMS does not publish exact weights

Sampling and Evidence

Random, judgmental, stratified, attribute, and variable sampling; sufficient and appropriate evidence; working papers; evidence reliability and mix.

ACAMS does not publish exact weights

Findings and Reporting

Root cause analysis, severity rating, audit report structure, management letters, repeat findings, remediation ownership, follow-up, materiality.

ACAMS does not publish exact weights

Regulatory Examinations and Enforcement

Fed/OCC/FDIC/NCUA/FinCEN/FINRA/SEC/CFTC supervision, MRAs, MRIAs, Consent Orders, C&D Orders, CMPs, look-back reviews, BSA, USA PATRIOT Act, AML Act 2020, Corporate Transparency Act, FATF, EU AML Directives.

ACAMS does not publish exact weights

Technology, Models, and Data

SR 11-7 model risk management, alert tuning (BTL/KO), data lineage and quality, sanctions screening audit, case management audit trails, exception handling.

How to Pass the CAMS-Audit Exam

What You Need to Know

  • Passing score: 75%
  • Exam length: 90 questions
  • Time limit: 3 hours
  • Exam fee: $1,695-$2,595

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

CAMS-Audit Study Tips from Top Performers

1Master the IIA IPPF, COSO ERM, and FFIEC BSA/AML Examination Manual as the three foundational frameworks cited across Advanced CAMS-Audit questions
2Know the five pillars of an AML program under BSA (internal controls, BSA Officer, training, independent testing, risk-based CDD) and how an auditor tests each
3Understand SR 11-7 model risk management and how it applies to transaction monitoring and sanctions screening models (conceptual soundness, ongoing monitoring, outcomes analysis)
4Learn sampling methodologies (random, judgmental, stratified, attribute, variable) and when to apply each in AML testing
5Study high-profile enforcement actions (TD Bank 2024, Danske Estonia, USAA 2022) and the control failures cited — these are benchmark case studies
6Memorize filing deadlines and thresholds: SAR 30 days (60 if suspect unknown), CTR >$10,000 cash, OFAC 50% rule, CDD 25% BO threshold
7Practice case-study questions with multiple linked items — CAMS-Audit emphasizes scenario application over rote recall

Frequently Asked Questions

What is the CAMS-Audit exam?

CAMS-Audit is ACAMS' advanced specialty certification for AFC auditors. It tests the candidate's ability to plan and execute risk-based AML audits aligned with IIA IPPF, COSO ERM, and FFIEC guidance, and to audit all AML program components including monitoring technology, SARs, and sanctions.

How many questions are on the CAMS-Audit exam?

The CAMS-Audit exam contains 90 questions, including multiple-choice (select one) and multiple-select (select all) formats, plus case studies with linked questions. Candidates have 3 hours to complete the exam.

What is the passing score for CAMS-Audit?

The passing score is 75%. ACAMS does not publicly disclose scaled scoring details or first-time pass rates for the Advanced CAMS-Audit.

Are there prerequisites for CAMS-Audit?

Yes. Candidates must hold an active CAMS base certification and maintain active ACAMS membership. The program assumes 5+ years of AML auditing experience, so foundational CDD, TM, and SAR knowledge is expected.

How much does the CAMS-Audit cost?

ACAMS offers standard packages: approximately $2,195 (private sector) or $2,595 (public sector). Virtual classroom bundles are approximately $1,695 (private sector) or $2,195 (public sector). Prices are subject to change; verify on acams.org.

Does CAMS-Audit expire?

The credential is valid for 3 years. Recertification requires 45 ACAMS continuing education credits (minimum 15 from ACAMS programs) and continuous active ACAMS membership.