U.S. Customs and Border Protection (“CBP” or “Customs”) is the U.S. agency tasked with addressing import compliance risks and evaluating internal compliance controls implemented by importing companies. Pursuant to 19 U.S.C. § 1509, CBP may conduct an audit or other type of assessment to ascertain the correctness of import entries, determine an importer’s liability for duties, taxes, fees, or any fines or penalties, and generally ensure that an importer is complying with the Customs regulations. Customs audits are also a highly effective revenue collection mechanism that assists CBP in promoting fair trade practices for American industry. 

Depending on the type of audit or assessment conducted, CBP may inspect records or data required to be kept by an importer under the Customs regulations, analyze financial documents and import entries, and review a corporation’s internal compliance controls. The scope of an audit or assessment may vary depending on CBP objectives and specific circumstances surrounding an importer’s compliance issues or risks. As such, this article provides an overview of the types of audits or assessments that CBP may conduct. 

Focused Assessment

The most extensive type of audit is the Focused Assessment (“FA”). According to the CBP website, the FA program utilizes a “risk-based approach to determine if the importer represents an acceptable risk to CBP.”¹ Therefore, one of the main objectives of an FA is typically the evaluation of a corporation’s internal compliance controls. FAs are conducted in accordance with Government Auditing Standards and consist of three possible stages: the Pre-Assessment Survey (“PAS”), Assessment Compliance Testing (“ACT”), and a Follow-Up Audit.²  

During the PAS, the auditor tests the sufficiency of the company’s internal controls by reviewing select import entries, general ledger accounts, and foreign vendor payments. The importer will be responsible for completing a PAS questionnaire that allows CBP to gather information on the importer’s business, the types of transactions the importer is involved in, and potential compliance risks.³ After reviewing the importer’s financial transactions, and assessing the sufficiency of related internal controls, the audit team will create a draft of the results. Importantly, the draft will contain the audit team’s conclusions regarding the adequacy of the company’s internal compliance controls and whether the importer’s activities represent an acceptable or unacceptable risk to CBP. 

CBP will only move to further stages of the FA program if the audited company represents an unacceptable compliance risk and further compliance testing is required. In the ACT phase, the audit team will focus on the areas in the company’s internal controls that CBP believes have risk of non-compliance. The audit team will conduct compliance testing on new sample transactions to evaluate these at-risk areas of the company’s internal controls. In addition, CBP may calculate a loss of revenue during the ACT phase if it has not done so during the PAS. A Follow-Up Audit will be conducted as necessary to verify the results of compliance testing already completed or gather more information on compliance risks. In some cases, a company will be permitted to conduct self-testing under CBP supervision in lieu of compliance testing under an ACT. A Follow-Up Audit may then be performed to verify the accuracy and acceptability of the importer’s self-testing results.

Quick Response Audits

As previously mentioned, CBP maintains broad general authority under 19 U.S.C. § 1509 to conduct audits of various types. The FA program is a more comprehensive form of audit, but CBP may also elect to conduct more expedient audits commonly referred to as Quick Response Audits (“QRAs”).  QRAs are single-issue audits conducted in accordance with Government Auditing Standards that focus on a particular area of compliance risk such as classification or valuation. Due to their narrow scope, QRAs generally are less cumbersome and take less time to complete compared to an FA. CBP will seek to understand a company’s importing process during a QRA and evaluate specific transactions similar to how sample transactions are evaluated during the PAS phase of a FA. CBP may also focus on quantifying the amount in duties or fees an importing company owes. However, the specific objectives of a QRA may vary depending on the underlying circumstances and compliance concerns CBP may have in relation to a specific importing company.

Companies involved in certain types of high-risk transactions are typically the targets of QRAs, and these audits usually originate from referrals by CBP and Homeland Security offices utilizing risk management principles to identify company targets. At the end of a QRA, CBP will outline its findings in a written report that includes a determination of whether the actions of an importing company constitute an acceptable or unacceptable risk to CBP. 

Audit Notice and Process

When conducting an audit (an FA or QRA) CBP must proceed in accordance with the procedures set forth in 19 C.F.R. § 163.11. Regardless of the type of audit, CBP is required under the above-mentioned regulations to provide the importer with advance notification of CBP’s intention to conduct an audit and a “reasonable estimate” of the time it will take to complete the audit. The subject of the audit has the right to an entrance conference, which is usually scheduled by CBP early in the process and likely to be the importer’s first in-person meeting with CBP during the audit process. During the entrance conference, CBP will discuss the audit’s purpose, scope, and duration. Prior to this meeting, CBP will likely send the importer a questionnaire eliciting information about the importer’s internal procedures.

Customs conducts audits through statistical sampling and standard auditing techniques. The auditors review statistically selected import transactions from the company for the prior fiscal year and will compare the reported information to the company’s internal records (i.e., commercial invoices, purchase orders, payment records, etc.). The auditors also select financial transactions to determine if certain transactions or costs were properly declared. For example, Customs reviews general ledger and chart of accounts to determine which accounts are used to record purchases or payments of imported merchandise, assists, supplemental payments, payments to agents, tooling, royalties related to production of merchandise, etc. Based on the results of this review, CBP will determine the compliance level (e.g., acceptable vs. unacceptable).⁴

Upon completion of the audit, CBP will schedule a closing conference, at which time it will explain its findings. CBP will provide a report to the importer stating whether the company was determined to be compliant with the Customs regulations. If non-compliant, CBP will ask the importer to create a plan outlining the corrective measures the importer will take to increase compliance. CBP will also develop plans for further testing to discuss with the importer, as necessary.

Serious violations may result in CBP referring the company for a formal investigation under 19 U.S.C § 1592, or other enforcement actions. Therefore, if violations are discovered at the outset of an audit, the importer should consider filing a Prior Disclosure (“PD”). By filing a PD before the commencement of an investigation, or without knowledge of the commencement of an investigation by CBP, a company can mitigate the risk and severity of an enforcement action and/or potential penalties.

Risk Analysis & Survey Assessments

Another way that CBP may obtain information related to an importer’s compliance with relevant Customs regulations is through a Risk Analysis and Survey Assessment (“RASA,” also known as an “Audit Survey”). A RASA is technically not an audit, but CBP retains the authority to conduct these assessments as a type of “inquiry” under 19 U.S.C. § 1509. A RASA is a quick assessment of a company’s operations with respect to a specific area of concern (e.g., anti-dumping and countervailing duties, foreign trade agreements, valuation, etc.) CBP utilizes RASAs to obtain onsite information about relevant import activities without having to commit the substantial amount of time and resources that would be required when conducting a full audit. 

Although RASAs are not audits conducted in accordance with Government Auditing Standards or the procedures listed in 19 C.F.R. § 163.11, CBP does utilize similar audit risk assessment procedures (e.g., CBP will conduct interviews and walkthroughs of selected entries to understand the importing process). Instead of issuing a formal report on its findings, CBP will issue a letter to the importer describing the survey of the transactions reviewed as part of the RASA and its judgement with respect to compliance. Importantly, compliance issues discovered during a RASA may lead to further action or investigation by CBP including an FA or enforcement action. 

Customs law requires importers to exercise reasonable care to ensure that declarations made to Customs are true and correct. During a Customs audit, CBP will evaluate an importer’s internal controls and its import operations to determine the importer’s overall compliance risk. As such, companies that maintain strong internal controls and compliance procedures (including proper recordkeeping practices) will be best prepared for a Customs audit. To that end, it is good practice for importers to prepare for potential CBP audits (or assessments) by periodically conducting internal audits and risk assessments to identify areas that pose compliance risks. If you have questions on how to conduct internal audits or CBP audit and assessment processes, please feel free to contact the attorneys at Torres Trade Law for assistance.