New U.S. Customs Audit Rules

July 10, 2014

In January of 2014, Customs and Border Protection (CBP) announced plans to update its rules on conducting Focused Assessments (FAs). Recently, CBP’s Office of International Trade, Regulatory Audit (RA) Division, has begun to discuss what those changes will look like for the importing community.


CBP collects more than $30 billion in duties, fees, and taxes annually on imports. The RA Division enforces compliance, conducts post-entry audits of importers and other parties involved in importing goods, and provides special technical audit assistance in CBP priority trade and security areas.  

The FA program was initiated in 2001, but its roots go back to the Compliance Assessment (CA) program and passage of the Customs Modernization Act in 1993. In addition to FAs, RA receives Quick Response Audit referrals from U.S. ports, Immigration and Customs Enforcement, and various CBP offices. RA’s core responsibility is to conduct in-depth reviews of importers to determine whether they account for and declare accurate and complete information for merchandise imported into the United States. Publically available information shows that the office completed 1,053 audits from fiscal years (FYs) 2008 to 2010. RA does not have the authority to collect underpayments, but it has the responsibility to advise the appropriate CBP collection officials of the amounts to collect. From FY 2008 to FY 2010, RA identified and recommended collection of approximately $154.2 million in additional revenue to CBP.

The FA program was last updated in October 2003 when the U.S. Customs Service was reorganized under the Department of Homeland Security and became U.S. Customs and Border Protection. Following a relatively negative Office of Inspector General Report in 2012, CBP began the process of updating the program to align with current Government Auditing Standards and the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) updated Internal Control – Integrated Framework. While these changes are generally invisible to the importer, CBP is also taking this opportunity to make “enhancements” to its FA program and allow its staff greater flexibility in designing audit approaches tailored to the unique circumstances of each importer’s environment and relevant risks. The updates and enhancements include:

  • Varying the focus of the audit approach depending on the auditor’s expectation of the operating effectiveness of internal controls over customs related issues for import transactions.
  • Replacing the Questionnaire and Worksheets for Evaluating Internal Control with general guidelines for assessing internal control and testing parameters to allow greater flexibility in tailoring audits to suit the circumstances of importers and their environments.

The FA program will continue to be a risk-based audit program comprising three phases:

  • Pre-Assessment Survey (PAS),
  • Assessment Compliance Testing, and
  • Post Assessment Follow-Up.

Discussion of FA Program Updates

CBP expects to implement the updates in early fiscal year 2015 (i.e., October) and has begun a series of public outreach programs to provide information on the changes to the importing public.

In June of 2014, Elizabeth Chiavetta, Director, Audit Policy, Regulatory Audit, and Mel Moreland, Acting Executive Director, Regulatory Audit, presented a webinar on the upcoming changes. They spoke of the follow general areas that they anticipate will impact the importer:

  • Increased emphasis on the consideration of significance/materiality in making audit decisions;
  • Expanded guidance on tailoring the audit approach to suit the specific circumstances of the importer;
  • Replacing sample size matrices with more general sample size ranges; and
  • Incorporated changes in report language.

Initially, the updates will only impact the PAS phase with updates to other phases implemented at a later date. 

The Pre-Assessment Survey

The FA begins with the PAS. The objective of the PAS is to determine whether a company’s import activities represent an acceptable risk to CBP through an assessment of the company’s internal controls over compliance with applicable CBP laws and regulations. The period of review typically includes the most recently completed fiscal year, and the subject matter of the review would typically include value, classification, Free Trade Agreements, special duty provisions (such as U.S. goods returned), and Antidumping/Countervailing duties (AD/CVD).

Before the PAS begins, CBP conducts a PAR, or Preliminary Assessment of Risk. The PAR serves as the basis for the initial scope of work (i.e., scoping the subject matter into “audit areas” and identifying relevant risks). The PAR is based on information that the auditor gathers on the company from internal and external sources, including the response to importer supplied questionnaires. From this information, the auditor will develop an initial risk analysis and audit plan to execute based on risk. In the past following the development of the PAR, the auditor would contact the importer for an Advanced Conference.

Elimination of the Advance Conference

CBP no longer believes a formal Advance Conference is necessary. However, auditors will still explain the FA process to the importer and provide reference materials on an informal basis rather than during an onsite meeting.

RA also intends to make initial contact with the importer earlier in the process by requesting certain readily available information (e.g., written policies and procedures; trial balance; chart of accounts; GL detail) so that the auditor may better tailor the risk assessment plan and company questionnaire.

Risk Assessment Conclusions

The PAR will no longer assess a level of risk (high, medium or low). Since the PAR is based on CBP entry information and other readily available data, CBP believes it premature to assess a level of risk at the conclusion of PAR phase. Rather, CBP will place increased emphasis on significance/materiality in determining audit areas. The assessment of inherent risk will be finalized at a later stage of the risk assessment procedures after RA obtains additional information.

As a result, it’s possible that RA may decide to exclude from the review certain audit areas that they may have previously felt obligated to include, or they may eliminate audit areas based on additional information gathered during the course of the PAS. According to CBP, the FA will generally always include value and classification as review areas since everyone has to value and classify their imports. But, under the updated program, these areas could potentially be eliminated from the scope depending on risk and significance.

Changes to the Questionnaire and Larger Sample Sizes

The entrance conference is the first opportunity for the auditor and importer to meet and review the responses to the questionnaires and “walk-through” entry examples, as well as any other documents requested. The entrance conference typically commences onsite field work. At the entrance conference, auditors will discuss:

  • An overview of the audit plan and reporting process,
  • Agreed upon timetables for planned activities & estimated completion date,
  • Types of books, records, and data that may be requested, and
  • Additional topics relevant to the conduct of the audit.

A key component of the PAS is the importer questionnaire. CBP is revising its questionnaire and renaming it the “Pre-Assessment Survey Questionnaire (PASQ). The questionnaire will be expanded to obtain additional information regarding business practices and import activities to aid CBP in better refining its risk assessment. The questionnaire is being revised to be less “yes” or “no” oriented and to elicit more narrative related responses. An example of the new questionnaire is available on our website at

Depending on the complexity of the importer’s activity and associated risks, CBP auditors select a limited number of walk-through entries (1-4) to review. CBP has indicated that it will be selecting additional entries for the walk-throughs to help identify or understand variations in types of transactions and procedures.

Following the Entrance Conference and review of the company’s internal controls, questionnaire, walk-through examples, and accounting books and records, CBP will determine risk areas to exam more closely by selecting sample transactions, including Customs entries, general ledger accounts and accounts payable documents to verify procedures and identify deficiencies.

CBP is making major changes here. Previously, CBP would request samples (1 to 20 samples) in each of key areas to be reviewed. These samples are selected on a judgmental basis (meaning they were selected by the auditor based on his or her judgment). The number of samples selected will now be replaced with more general guidelines. If there is a population of 250 items or more in the universe of data, the auditor may selection between 25 and 40 samples. If the population is 250 or less, the tested quantity will be about 10%. (These ranges are meant only as general guidelines and exceptions can and will occur.)

CBP believes that larger sample sizes means greater certainty with regard to a determination of risk for the area. Companies that have no internal controls or weak internal controls over their import transactions will have higher risk, and therefore, possibly larger sample sizes. CBP notes that the increase in sample size will enable it to better assess the risk of material noncompliance and determine the most appropriate reaction. The increased assurance enables CBP to conclude acceptable risk where it might have otherwise concluded unacceptable for potentially immaterial or non-systemic issues (i.e., better understanding of whether the issues are indeed immaterial or non-systemic) or lack of documented internal controls.

PAS Risk Assessments

Following the completion of the on-site review and analysis of the samples, the auditors prepare a PAS Audit Report that identifies areas of risk deficiencies and materiality of errors. If there are areas of risk or deficiencies, CBP will expect the importer to implement a Compliance Improvement Programs (CIP) and allow them to assess the loss of revenue (to be subsequently verified by the auditor). Companies that choose not to implement a CIP or to assess the LOR may be subject to a full compliance assessment by the CBP Audit Team (based on statistical sampling). 

Where instances of non-compliances are infrequent/immaterial or the internal control deficiencies are not significant and don’t warrant the commitment of additional RA resources, CBP may now conclude that there is an “acceptable risk,” and report the issue not as a finding but include it in an “Other Matters to be Reported” section of its report with suggestions to improve the system. 

Where internal controls are not formally documented and the implementation of internal control cannot be verified, but no errors have been found, auditors may now conclude that there is acceptable risk and report a scope limitation to its conclusion. Unresolved matters such as differences in opinion or interpretation that are awaiting an internal advice or ruling may not result in an unacceptable risk conclusion if the importer demonstrated it used reasonable care. However, auditors will consider all the circumstances in totality in drawing their risk conclusions and there may be other factors that impact their conclusions.

CBP will now be adding specific limitations to its PAS reports on its finding. Findings will be expressly limited to the period of the audit and a caveat that, should conditions change after the audit, the risk conclusion may no longer be relevant.

FA to ISA Transition Program

Importers with an acceptable risk conclusion are given the opportunity to transition to the Importer Self-Assessment (“ISA”) program. CBP’s has decided to provide importers with an opportunity to transition into the ISA program if the importers have successfully completed the FA (see notice (77 FR 61012) issued 10/5/2012).

This will be available to importers that receive an acceptable risk conclusion in all audit areas. If the importer is not a C-TPAT member, they can apply and will be reviewed in an expedited fashion (within 30–45 days of receipt, rather than the typical 90-day schedule).

The importer will not need to undergo the Application Review Meeting that is routinely scheduled for ISA applicants if the application is made within 12 months of the date of the FA report. Once accepted into the program, the importer will still have to meet all the requirements of the ISA program to maintain membership in the program (e.g., annual written notification letters; perform periodic self-testing, etc.).

If you have any questions about this or other customs matters, please contact George R. Tuttle, III, at or at (415) 986-8780.

The information in this article is general in nature, and is not intended to constitute legal advice or to create an attorney-client relationship with respect to any event or occurrence, and may not be considered as such.

Copyright © 2014 by Tuttle Law Offices.

All rights reserved.  Information has been obtained from sources believed to be reliable.  However, because of the possibility of human or mechanical error by our offices or by others, we do not guarantee the accuracy, adequacy, or completeness of any information and are not responsible for any errors, omissions, or for the results obtained from the use of such information.



Subscribe Feedback Previous Newsletters