Using Internal Controls to Prepare for a Focused Assessment Program
Date of publication: January 18, 2021
When preparing for an audit to assess risks and liability, understanding and having written internal controls is an important part of the process.
During an audit, different factors are considered to determine if an importer poses a risk for complying with Customs and Border Protection (CBP) laws or regulations. This is called a Focused Assessment (FA) Program and comprises of a pre-assessment phase, assessment compliance testing, and a follow-up audit. During a FA, internal controls are heavily considered to determine if an importer operates with efficiency and effectiveness, has reliable financial reporting, and is in compliance with all laws, regulations, and policies. If there are risks or issues with compliancy to CBP’s policies, internal controls help to locate and assess them.
There are five key internal controls that are important to managing risk and preparing for a FA:
- Control Environment – This refers to an organization’s attitude toward internal controls and control consciousness. It covers philosophy, competence, ethics and integrity, and the morale of people within the organization.
- Information and Communication – This internal control analyzes how an organization communicates and shares relevant information. It looks at communications, support, and coordination within an organization, plus assesses external communications with parties such as customers, suppliers, or regulators.
- Risk Assessment – Risk assessment is a major part of an audit. Risk assessment not only seeks to identify potential or existing risks or liabilities, but analyzes how risks are prevented. In cases where an organization chooses to accept a risk, a risk assessment also takes into account how the risk is accepted, handled, and reduced.
- Control Activities – Similarly to a risk assessment, control activities are used to determine how an organization uses manual and automated tools to prevent or reduce future risks. A FA determines if an organization has tools in place to effectively and effectively address risks.
- Monitoring – Finally, a FA uses a review of an organization’s activities and transactions to assess their performance quality and to determine if controls are effective.
To prepare for an FA, importers and other organizations should conduct their own assessment of the above internal controls to determine risks and to ensure they are in compliance with CBP’s laws, regulations, and policies. If there are known risks, they should develop a plan to control, manage, and reduce those risks.
When assessing their own risks, keeping internal controls in mind—and keeping a written record of responses to the issues and questions posed by each individual internal control—helps organizations prepare for the audit and ensures that they will be well-equipped for addressing risks, liabilities, and other areas that may come up during their FA.
This content is intended for informational purposes. Due to the generality of this content, the provided information may not be applicable in all situations. We encourage the reader to review the most up-date-regulations directly with the U.S. government’s sources on internal controls, which can be found here.