Do I have Adequate Internal Controls to Manage My Import-Export Trade Risks?

The first point is to know if your company has any direct or indirect (for which you can also be responsible and liable) import-export transactions. Many companies are simply unaware of the scope of their trade risks in this area, but ignorance is no excuse under the law and luck is not a strategy! In another blog post, we’ll discuss how to get complete and accurate import-export data[1] for your company so you make data-driven decisions, but for this month, we’ll assume that you have the data, are aware of your trade flows, and have instituted internal controls. Any organization must know that there are hundreds, perhaps thousands, of laws and regulations that define the legal requirements for imports, exports, deemed exports, technology transfer,  and re-exports. Given this complexity, how can an organization meet its objectives and manage its trade  risks? By implementing an internal control system for this business-critical area! So what is internal control? According to Wikipedia, “Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization’s objectives [emphasis added] in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls trade risks to an organization.” See Further, after financial turmoil in the 1980s, certain standards were developed to guide companies on essential elements in their internal control efforts. Notably, the Sponsoring organizations of the Treadway Committee (“COSO”) identified five key elements of adequate internal controls. See

If you deal solely in import-export operations and other trade matters, talk to your company’s finance and accounting Directors: they will be very familiar with the COSO standards. You can learn a lot form them, and then apply those principles to the import-export area. The five key internal control elements to better manage trade risks in import/export are:

  • Control Environment– sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
  • Risk Assessment– the identification and analysis of relevant trade risks to the achievement of objectives, forming a basis for how the trade risks should be managed.
  • Information and Communication– systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.
  • Control Activities– policies and procedures that help ensure management directives are carried out.
  • Monitoring– processes used to assess the quality of internal control performance over time.

How can this translate to your import-export control program?

COSO Element Trade Program Element Comment
Control Environment Policy/Code of Conduct Tone at the Top
Risk Assessment “Heat Map” – ID areas/priorities Risk Analysis
Information /Communication Meetings/Training/Email Adequate Resources
Control Activities Documented SOPs Interdependent/Core Areas
Monitoring Pre-, Post-Review/Correction Audit/Assessment
  • Does your company have the essential elements of a best- or even good-practice trade control program? Is there a Code of Conduct that includes import-export, deemed export, re-export, Foreign Corrupt Practices Act (“FCPA”), Anti-Boycott and Intellectual property (“IP”) matters as they relate to your import-export activities?
  • Have you performed periodic Risk Assessments based on your actual transactions and identified areas for improvement under a kaizen (continuous improvement) model to identify and reduce trade risks?
  • Has your company provided adequate resources, whether People (staff), Processes (SOPs, written instructions), and/or Technologies (IT/System Solutions) to assure adequate controls?
  • Do you have a robust training & awareness program for import-export matters that provides sufficient information across all affected functional areas? Do you know how import-export matters touch on virtually all aspects of an organization?
  • Is there a widely distributed internal or external Newsletter that keeps your company and its employees up-to-date on the ever-changing laws and regulations?
  • Do you have formal and informal meetings and communications across functional silos and QBRs (Quality Business Reviews) with appointed Import-Export Agents/Brokers/Forwarders/Couriers?
  • Do you have a pre-filing review process? A post-filing review process? A periodic thorough assessment and/or audit of your documented processes, procedures and transactions?
  • Do you rely on a judgmental or statistically valid sample when performing transaction testing? Or do you have a robust management-by-exception (“MBE”) automated testing methodology?
  • Lastly, and most importantly, if the Government contacted you today, could you prove that you have adequate internal controls? This is the legal requirement to “exercise reasonable care”. See 19 USC 1484(a).

If you haven’t got documented evidence of your control activities, from a government-review perspective, they don’t exist! And here are some of the major control areas that a good trade risks compliance program should have:

  • Classification
  • Quantity and Valuation
  • Origin Marking and Declarations
  • Anti-Dumping and Countervailing Duties (ADD/CVD)
  • Special Programs
  • Screening Requirements & Embargoes
  • Licensing
  • Record Keeping
  • Intellectual Property
  • Broker/Forwarder/Agent Management
  • Other Government Agency Requirements
  • Declaration Review and Corrective Measures
  • Official Customs Enforcement/Actions/Inquires/Correspondence
  • Penalties
  • Contact with Government Officials
  • Audit & Control Program
  • Training Program
  • Suspected Violations
  • Others as applicable

If you aren’t sure if your controls are adequate, let us know! We have scalable solutions to identify any gaps you may have and help you close them in the most efficient and effective way possible. _______________________________________________________________________________________


Main Line

Customer Response Center (24/7/365)