中国最庞大的下载资料库(整理. 版权归原作者所有)
如果您不是在 网站下载此资料的, 不要随意相信. 请访问 3722, 加
入 必要时可将此文件解密
Office of Strategic Trade
Importer Self-Assessment Handbook
November 2004
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
2
IMPORTER SELF-ASSESSMENT
QUICK REFERENCE GUIDE
What is Importer Self-Assessment?
Importer Self-Assessment (ISA) is a partnership between CBP and importers to
maintain a high level of trade compliance.
ISA is a voluntary approach to trade compliance that allows importers maximum
control of their own CBP compliance.
ISA recognizes importers who are willing to assume responsibilities for
self-assessment in exchange for less CBP oversight.
ISA is built on knowledge, trust, and a willingness to maintain an ongoing
CBP/importer relationship.
What does participation in ISA require?
In order to participate in the ISA program, an importer must:
Be a member of the Customs-Trade Partnership against Terrorism (C-TPAT);
Complete an ISA Memorandum of Understanding (MOU) and Questionnaire;
Agree to comply with all applicable CBP laws and regulations;
Maintain an internal control system that demonstrates the accuracy of CBP
transactions:
Establish, document, and implement internal controls;
Perform periodic testing of transactions based on risk;
Maintain results of testing for three years and make test information available to
CBP on request;
Make appropriate adjustments to internal controls; and
Maintain an audit trail from financial records to CBP declarations; or, an alternate
system that ensures accurate values are reported to CBP.
Submit appropriate disclosures to CBP upon completion of company reviews; and
Submit an annual written notification to CBP to confirm the identity of the company
ISA contact, and confirm that the importer continues to meet the requirements of the
ISA program as specifically listed herein and in the MOU.
Notify CBP of major organizational changes as soon as possible.
The importer may meet the requirements of the ISA program by using internal resources
or using an objective third party exercising due diligence and reasonable care.
What are the benefits of participation in ISA?
The program offers meaningful benefits that can be tailored to industry needs. An
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
3
importer in the ISA program will receive the following benefits:
CBP will provide consultation and/or guidance as requested (for compliance
assistance, risk assessments, internal controls, CBP audit trails, data analysis support,
etc.).
The importer will have the opportunity to apply for coverage of multiple business
units.
The importer will be removed from the Regulatory Audit Division’s (RAD) audit
pool established for Focused Assessments. (Importers will be removed from the
RAD’s audit pool for Drawback and Foreign Trade Zones if they request to have
these programs included in the ISA Program.) The audit exemption will apply to
each specific area when it is determined that adequate internal controls are in place,
to ensure compliance with CBP laws and regulations. (Importers may be subject to
on-site examinations for single-issue reviews.)
The importer will have access to key liaison officials.
The importer will be entitled to receive entry summary trade data, including analysis
support.
With regard to prior disclosures, if CBP becomes aware of errors in which there is
an indication of a violation of 19 . 1592 or 1593a, while providing assistance,
consultation or training, CBP will provide a written notice to the importer of such
errors and allow 30 days from the date of the notification for the importer to file a
prior disclosure pursuant to 19 CFR . This benefit does not apply if the matter
is already the subject of an ongoing CBP investigation or fraud is involved.
In the event that civil penalties or liquidated damages are
assessed against an importer, the importer’s participation in
ISA will be considered in the disposition of the case.
The importer will enjoy greater business certainty because a reliable system of
internal controls ensures compliant transactions.
Additional benefits are tailored to industry needs.
Who is eligible for ISA?
To be eligible for ISA, an importer must be a member of C-TPAT, must be a
resident importer in the United States, and must have two years of importing
experience prior to the date the importer applies to the program.
How does an importer apply?
An importer may apply by completing an ISA Memorandum of
Understanding (Appendix C) and Questionnaire (Appendix D). Both
documents are available on the CBP website at:
Complete application instructions and explanations of application processing are
available on the website.
Will CBP conduct an on-site review during the application process?
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
4
CBP will conduct a risk assessment of the importer to determine the review
necessary.
During the review of each ISA application, CBP will schedule an informal meeting
with the applicant to introduce the CBP ISA representatives, explain the
expectations for ISA, and answer any questions the applicant may have.
If CBP has adequate knowledge of the importer and its internal control processes, an
on-site review will not be necessary.
If CBP does not have adequate knowledge of the importer, a Regulatory Auditor and
Account Manager may meet with the importer for an on-site consultation to discuss
and review its internal controls.
The consultation will determine if the applicant is ready to assume responsibilities of
self-assessment and will provide assistance and training as appropriate.
The consultation will not involve substantive testing or an audit. It will be a
collaborative effort.
When will benefits begin?
Benefits will begin once CBP has completed an evaluation of the importer’s ISA
application package and notified the importer of our findings.
How will the partnership work on an ongoing basis?
This will be a self-assessment process by the importer, not a monitoring process by
CBP.
The importer must submit an annual written notification to CBP to confirm the
identity of the company ISA contact and to confirm that it continues to meet the
requirements of the ISA program as specifically listed herein and in the MOU.
Through the annual notification, the importer agrees to:
Comply with all applicable CBP laws and regulations;
Maintain a system of business (including records, procedures, and policies) that
demonstrates the accuracy of CBP transactions as described herein. Specific
requirements include:
Maintaining internal controls appropriate to provide reasonable assurance of
CBP compliance, including components of internal control as outlined in
Appendix G.
Performing periodic testing (designed by the importer) based on risk at least
annually;
Maintaining results of testing for three years and providing test results to CBP
on request;
Making appropriate adjustments to internal controls when needs for
improvements are identified; and
Maintaining an audit trail from financial records to CBP declarations; or, an
alternate system that ensures accurate values are reported to CBP.
Make appropriate disclosures to CBP.
In general, ISA participants will not be subject to any routine or periodic on-site
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
5
reviews or audits other than consultations with CBP Account Managers and
Auditors for training, support, and compliance improvement purposes.
ISA participants will not be subject to comprehensive audits, including Focused
Assessment, Drawback, or Foreign Trade Zones, provided that internal controls are
in place for each specific area.
ISA participants may be subject to an audit or on-site review of a specific issue
related to an identified trade compliance risk. In such instances, CBP and the
importer will work together to determine a mutually acceptable course of action
wherever possible.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
FOREWORD
The North American Free Trade Agreement Implementation Act (Public Law 103 182,
107 Stat. 2057) of 1993 includes provisions for modernization of CBP operations and
became known as the Customs Modernization Act. Since 1993, the primary goal of CBP
in the trade compliance process has been to maximize importer compliance with .
trade laws while at the same time facilitating the importation and entry of admissible
merchandise. To meet this goal, CBP has made a comprehensive effort to review,
improve, and redesign, on an ongoing basis, the trade compliance process, using
established business practices, reengineered tools, and new methodologies that improve
customer service without compromising the enforcement aspect of the CBP missions.
One of the new methodologies developed by CBP is the Importer Self-Assessment (ISA)
program, which allows interested importers to assess their own compliance with CBP
laws and regulations. The ISA Program was officially announced in the Federal Register
Notice 67 FR 41298. The ISA program is primarily based on the development and use
of established business practices and good internal controls designed specifically for an
importer’s CBP operations. The importer may structure internal controls and procedures
to meet its individual needs. This Handbook is designed to provide information about the
benefits and requirements of the ISA program. The Handbook provides information an
importer needs to apply for the ISA program.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Table of Contents
1. INTRODUCTION TO IMPORTER SELF-ASSESSMENT PROGRAM ................1
..............................................................................................................Purpose
1
........................................................................................................Background
1
.............................................................................................Program Overview
1
.............................................................................Summary of the ISA Process
1
2. PROGRAM DESCRIPTION AND REQUIREMENTS ............................................2
............................................................................................................Applicant
2
...........................................................................................................Eligibility
2
..............................................................................................................Benefits
2
.....................................................................................................Requirements
3
......................................................................................................CBP Website
4
3. APPLICATION, PROCESSING, AND ACCEPTANCE ..........................................4
........................................................................................................Application
4
........................................................................Memorandum of Understanding
4
.............................................................................................ISA Questionnaire
5
.................................................................Entry Summary Trade Data Request
5
.................................................................................Internal Control Guidance
5
...........................................................................................Application Review
6
Application Review Meeting.......................................................................7
CBP Acceptance ..........................................................................................7
Application Denial.......................................................................................8
4. PROCEDURES AND ACCEPTANCE ......................................................................8
...............................................................................Continuing Responsibilities
8
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
2
...........................................................................................Annual Notification
8
...............................................Reporting Changes to Company CBP Activities
8
5. REVOCATION ROCEDURES...................................................................................9
....................................................................................Participation Revocation
9
.................................................................................Procedures for Revocation
9
Appendixes
A. Program Benefits
B. Program Requirements
C. Memorandum of Understanding
D. ISA Questionnaire
E. Entry Summary Trade Data Request
F. Guidance for Developing Internal Controls
G. Internal Control Management and Evaluation Tool
H. Annual Notification Requirements
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
1
IMPORTER SELF-ASSESSMENT PROGRAM
1. Introduction
Purpose
CBP is committed to encouraging importers to share the responsibility for compliance
with trade laws and regulations. The Importer Self-Assessment (ISA) program is a
partnership between CBP and importers to maintain a high level of trade compliance. ISA
is a voluntary approach to trade compliance, which provides recognition and support to
participating companies.
Background
The passage of the Customs Modernization Act (Customs Mod Act) in 1993 ushered in
an era of new partnership concepts between the importing community and the United
States Customs Service (Customs and Border Protection - CBP). Under the Mod Act,
CBP and the importer share the responsibility for compliance with trade laws and
regulations. The importer is responsible for declaring the value, classification, and rate of
duty applicable to entered merchandise, and CBP is responsible for informing the
importer of its rights and responsibilities under the law.
Program Overview
The ISA program is a voluntary approach to trade compliance. It is built on knowledge,
trust, and a willingness to maintain an ongoing CBP/importer relationship. The ISA
program offers meaningful benefits that can be tailored to industry needs and requires
that importers demonstrate readiness to assume responsibilities for managing and
monitoring their own compliance through self-assessment.
The process starts with membership in Customs-Trade Partnership against Terrorism
(C-TPAT). Membership in C-TPAT is a prerequisite for the ISA program, but the two
programs are not otherwise linked. The ISA offers different benefits than C-TPAT.
Summary of the ISA Process
The following steps briefly summarize the ISA process. Details on the process are
provided in sections 3 and 4 below.
An importer may apply by completing an ISA Memorandum of Understanding (MOU)
and an ISA Questionnaire.
CBP will review the application package.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
2
CBP will schedule a formal meeting with the applicant.
CBP establishes the partnership by signing the MOU when the importer has
demonstrated readiness to assume the responsibilities for self-assessment.
Under the continuing program, the importer receives the benefits of ISA
participation and fulfills the continuing responsibilities of the program.
2. Program Description and
Requirements
Applicant
Importers that apply for the program are required to identify the business units that will
participate. The Importer of Record number should be written out to the twelfth (12)
digit.
Eligibility
To be eligible for ISA, the importer must be a known business to CBP and a resident
party of the United States. To be a known business means that the importer has imported
goods into the United States during the two years prior to the date the application is
submitted. This criterion ensures that there has been sufficient interaction between the
importer and CBP to allow CBP to evaluate the importer’s trade patterns and compliance
history in order to have a valid base to make a risk assessment.
To qualify, as an importer, the business entity should be permanently established, located,
and managed within the United States. It will carry on business and have the general
authority to do so without the approval of another person outside the United States. The
importer must maintain separate books and records for its . operations, prepare
separate financial statements, maintain accounts for the imported goods, and are
responsible for payment of import duties and taxes.
Benefits
The ISA program provides opportunities for importers who want to demonstrate
compliance and receive related benefits. The program offers meaningful benefits that can
be tailored to industry needs. A participant in the ISA program will receive the following
benefits:
CBP will provide consultation and/or guidance as requested (for compliance
assistance, risk assessments, internal controls, CBP audit trails, data analysis support,
etc.).
The importer will have the opportunity to apply for coverage of multiple business
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
3
units.
The importer will be removed from the Regulatory Audit Division’s (RAD) audit
pool established for Focused Assessments. (Importers will be removed from the
RAD’s audit pool for Drawback and Foreign Trade Zones if they request to have
these programs included in the ISA Program.) The audit exemption will apply to
each specific area when it is determined that adequate internal controls are in place.
(Importers may be subject to on-site examinations for single-issue reviews.)
The importer will have access to key liaison officials.
The importer will be entitled to receive entry summary trade data, including analysis
support.
With regard to prior disclosures, if CBP becomes aware of errors in which there is
an indication of a violation of 19 . 1592 or 1593a, while providing assistance,
consultation or training, CBP will provide a written notice to the importer of such
errors and allow 30 days from the date of the notification for the importer to file a
prior disclosure pursuant to 19 CFR . This benefit does not apply if the matter
is already the subject of an ongoing CBP investigation or fraud is involved.
In the event that civil penalties or liquidated damages are assessed against an
importer, the importer’s participation in ISA will be considered in the disposition of
the case.
The importer will enjoy greater business certainty because a reliable system of
internal controls ensures compliant transactions.
Additional benefits are tailored to industry needs.
Requirements
In order to participate in the ISA program, an importer must:
Be a member of C-TPAT;
Complete an ISA Memorandum of Understanding (MOU) and Questionnaire;
Agree to comply with all applicable CBP laws and regulations;
Maintain an internal control system that demonstrates the accuracy of CBP
transactions:
Establish, document, and implement internal controls;
Perform periodic testing of transactions based on risk;
Maintain results of testing for three years and make test information available to
CBP upon request;
Make appropriate adjustments to internal controls; and
Maintain an audit trail from financial records to CBP declarations; or, an alternate
system that ensures accurate values are reported to CBP.
Make appropriate disclosures.
Submit an annual written notification to CBP to confirm the identity of the company
ISA contact, and confirm that the importer continues to meet the requirements of the
ISA program as specifically listed herein and in the MOU.
Notify CBP of major organizational changes as soon as possible (see for
additional information).
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
4
The importer may meet the requirements of the ISA program by using internal resources
or using an objective third party exercising due diligence and reasonable care.
Additional information on program requirements is provided in Appendix B.
Customs and Border Protection Website
CBP maintains information about the ISA on the CBP website at:
3. Application, Processing, and
Acceptance
Application
Program applications will be filed by completing the ISA MOU (Appendix C) and ISA
Questionnaire (Appendix D) in Microsoft Word format. After being accepted into
C-TPAT an importer that wants to receive summary trade data (CBP import data) may
file a request (Appendix E) concurrent with the MOU and Questionnaire. The completed
MOU, Questionnaire, and trade data request (if desired) should be submitted to CBP
simultaneously. Applications may be filed electronically via email to
@ or submitted on a MB (3 ½ inch) computer diskette or a
compact disc to:
. Customs and Border Protection
Director, Importer Self-Assessment Program
1300 Pennsylvania Ave., NW
Room
Washington, DC 20229
Forms can also be obtained on the CBP website,
An authorized officer of the legal entity responsible for the ISA application must sign the
MOU. The Questionnaire must identify the name, title, phone number, and e-mail address
of the contact person for the ISA program.
Memorandum of Understanding (MOU)
The MOU (Appendix C) outlines importer and CBP responsibilities and identifies the
company entities that will be covered by the MOU.
Importers with multiple divisions may submit individual MOU’s for
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
5
each entity they consider eligible for the ISA Program.
ISA Questionnaire
The ISA Questionnaire is required to determine if the importer has documented and
implemented internal controls over its customs-related processes. (See Internal Control
Guidance in section below and the ISA Questionnaire in Appendix D.)
Entry Summary Trade Data Request
The entry summary trade data request will be used to authorize the release of the
importer’s CBP data to its authorized representative. The data can be provided on a
periodic basis to fit the participant’s self-assessment needs and may include additional
CBP analysis support.
Internal Control Guidance
Documents are available to assist importers in developing and evaluating its system of
internal controls of CBP operations.
“Guidance for Developing Internal Controls” (Appendix F) is a brief explanation of
components that should be part of an internal control program. This document may be
appropriate for use by small importers that do not have complex organization structures
or complex CBP operations.
“Internal Control Management and Evaluation Tool” (Appendix G) is a more detailed,
comprehensive guide. This document may be appropriate for use by large importers that
have complex organization structures or complex CBP operations.
Both documents are tools to help management and evaluators determine how well a
company’s internal control system is designed and functioning. The “Internal Control
Management and Evaluation Tool” may help determine what, where, and how
improvements may be implemented.
Internal controls put into place in one company may vary considerably from those used in
a different company. The difference may occur because of:
(1) Variations in missions, goals, and objectives of the companies;
(2) Differences in their environment and the manner in which they operate;
(3) Variations in degree of organizational complexity;
(4) Differences in company histories and culture; and
(5) Differences in the risks that the companies face and are trying to mitigate.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
6
Even if two companies did have the same missions, goals, objectives, and organizational
structures, they would probably employ different control activities. This is because
different people apply their own individual judgment in implementing internal controls.
All of these factors affect a company’s internal control activities, which should be
designed to contribute to the achievement of the company’s missions, goals, and
objectives.
Application Review
The application review will include a risk assessment of the applicant and review of the
application to determine the applicant’s readiness to assume responsibilities for
self-assessment. The risk assessment will include an examination of the applicant as
identified by the Importer of Record number(s) on the MOU(s) and is based on:
CBP information about the company’s history of trade compliance, including such
items as:
Compliance measurement data;
Previous penalty actions;
Previous enforcement actions;
Regulatory audits;
Account Manager history; and
Other information.
Information about the company’s risk exposure, such as:
Imports from specific suspect manufacturers or suppliers;
Imports from countries known as transshipment points;
Imports subject to quota, visa, antidumping, or other sensitive CBP issues;
Large volumes of imports under special duty provisions or special trade programs;
and
Large volumes of imports under complex tariff classifications.
Application Review Meeting (ARM)
The following steps briefly summarize the initial process prior to the ARM and what to expect at the ARM:
After the introduction of participants and opening comments regarding the ISA program, the following
items either occur or will be topics of discussion during the ARM visit.
Corporate overview, which should include the areas of the company’s commitment to compliance,
corporate structure and line of authority. Company’s customs department and staff, company’s
relationship with brokers, customs training, and the flow of customs related information and
communication.
Demonstrate documented internal control processes and procedures for the risk areas that the ISA team
has identified. The ISA team will provide the company with the risk areas along with 3 or 4 entry
numbers. The company will be asked to walk us through the entire entry process from purchase order
to payment for these entries. During this process the company should demonstrate each control that
is in place throughout the process.
If a tour of the facility would be beneficial then this would take place. The purpose would be to allow
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
7
the ISA team to observe the described controls and procedures as they occur.
A Self-Testing Plan is a requirement for the ISA program. This would include both risk assessment
and monitoring. Explain the annual plan layout, sampling and testing procedures, reporting format,
and corrective action development and implementation.
A breakout session for the ISA team will take place to provide the team an opportunity to discuss the
information that was presented by the company that day.
Discuss with the company participants any additional questions regarding the company’s internal
control procedures and ISA application.
CBP Acceptance
When the Applicant is determined to have adequate procedures for acceptance into the
ISA program, CBP will sign the MOU and send a letter with a copy of the signed MOU.
The letter will advise the applicant of its acceptance into the ISA program.
It is important to note that acceptance into the ISA program does not signify certification
of the participant’s business systems or exemption from sanctions under CBP laws.
However, maintenance of appropriate internal controls as required by the ISA program
may be considered an element of reasonable care.
Application Denial
If CBP determines that an application for ISA should not be approved and that
participation in the ISA program should not be granted, the Director of the ISA Program
will issue a written notice of denial to the Applicant. The notice of denial shall set forth
the reasons for the denial and shall advise the Applicant of its right to file a written
response.
If deficiencies that were the reason for denial are corrected within 90 days, the Applicant
may forward a request, in writing, for reinstatement of the application to:
. Customs and Border Protection
Director, Importer Self-Assessment Program
1300 Pennsylvania Ave., NW
Room
Washington, DC 20229
A final written decision on the reinstatement request will be issued within 30 days of
receipt of the Applicant’s written request.
Applicants may respond to denials, in writing, to the Assistant Commissioner, Office of
Strategic Trade, at the following address:
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
8
. Customs and Border Protection
Assistant Commissioner
Office of Strategic Trade
1300 Pennsylvania Ave., NW
Washington, DC 20229
4. Procedures and Acceptance
Continuing Responsibilities
ISA participants are responsible for continuing to comply with the requirements of the
program as detailed in Appendix B.
Annual Notification
Annually, the participant will provide written notification that it is continuing to meet the
requirements of the ISA program. The annual notification should be submitted to CBP
within 30 days of the anniversary date of acceptance into the ISA Program. Notification
should be in writing and addressed to the Director of the ISA Program and a copy to the
Account Manager (Appendix H).
Reporting Changes to Company CBP Activities
ISA participants are required to advise the Director, ISA, of major changes to the
company’s corporate structure through reorganization, merger, acquisition, etc., that
result in the need to modify existing bonds or Importer of Record numbers and suffixes.
When required, such notification will be made as soon, as is practicable, but not later than
60 days after the major change has occurred or been publicly announced.
5. Revocation Procedures
Participation Revocation
CBP may revoke ISA participation for the following reasons:
Participation in the program was obtained through fraud or misstatement of fact;
The participant is convicted of any felony or has committed acts that would
constitute a misdemeanor or felony involving theft, smuggling, or any
theft-connected crime;
The participant refuses to cooperate with CBP in response to an inquiry, audit or
investigation; or
The participant fails to fulfill the terms of the MOU.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
9
Procedures for Revocation
If CBP believes that there is a basis for proposing the removal of a participant, a written
notice of proposed removal will be sent to apprise the participant of the facts or conduct
warranting removal. The participant may respond to the proposed removal by writing to
the CBP Director, ISA, 1300 Pennsylvania Avenue, NW, Room , Washington, .
20229, within 15 days of the date of the notice of proposed removal. The response should
address the facts or conduct charges contained in the notice and should state how
compliance will be achieved. CBP will issue a final written decision on the proposed
removal after the 15-day response period has closed. However, in the case of willfulness
or where public health interests or safety are concerned, a removal from the ISA program
may be effective immediately as a final action and without opportunity for written
response.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix A
1
PROGRAM BENEFITS
1. Introduction
An importer in the ISA program will receive the following benefits:
CBP will provide consultation and/or guidance as requested (for compliance
assistance, risk assessments, internal controls, CBP audit trails, data analysis support,
etc.).
The importer will have the opportunity to apply for coverage of multiple business
units.
The importer will be removed from the Regulatory Audit Division’s (RAD) audit
pool established for Focused Assessments. (Importers will be removed from the
RAD’s audit pools for Drawback and Foreign Trade Zones if they request to have
these programs included in the ISA Program.) The audit exemption will apply to
each specific area when it is determined that adequate internal controls are in place,
to ensure compliance with CBP laws and regulations. (Importers may be subject to
on-site examinations for single-issue reviews.)
The importer will have access to key liaison officials.
The importer will be entitled to receive entry summary trade data, including analysis
support.
With regard to prior disclosures, if CBP becomes aware of errors in which there is
an indication of a violation of 19 . 1592 or 1593a, while providing assistance,
consultation or training, CBP will provide a written notice to the importer of such
errors and allow 30 days from the date of the notification for the importer to file a
prior disclosure pursuant to 19 CFR . This benefit does not apply if the matter
is already the subject of an ongoing CBP investigation or fraud is involved.
In the event that civil penalties or liquidated damages are assessed against an
importer, the importer’s participation in ISA will be considered in the disposition of
the case.
The importer will enjoy greater business certainty because a reliable system of
internal controls ensures compliant transactions.
Additional benefits are tailored to industry needs.
The following information is provided to help importers understand the benefits of
participation in ISA.
2. Consultations and/or Guidance as Requested
Upon request, CBP will provide consultation and/or guidance in various areas such as
compliance issues, data analysis, risk assessment, and internal controls. As appropriate
for the issue, an Account Manager, an Auditor, a Trade Analyst, or a team representing
several disciplines may provide assistance.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix A
2
3. Coverage of Multiple Business Units
CBP will provide program benefits for multiple business units as defined by Importer of
Record numbers shown on the MOU. The participant will be required to modify an
existing MOU or submit an additional MOU to add additional business units.
4. Removal from Comprehensive Audit Pools
The importer will be removed from the Regulatory Audit Division’s (RAD) audit pool
established for Focused Assessments. (Importers will be removed from the RAD’s audit
pools for Drawback and Foreign Trade Zones if they request to have these programs
included in the ISA Program.) The audit exemption will apply to each specific area when
it is determined that adequate internal controls are in place, to ensure compliance with
CBP laws and regulations. (Importers may be subject to on-site examinations for
single-issue reviews.)
5. Access to Key Liaison Officials
Participants will have access to key liaison officials to discuss any
concerns relative to the ISA program.
6. Access to the Participant’s Summary Trade Data
At the participant’s request, CBP will provide annual, semi-annual,
and/or quarterly summaries of the participant’s trade data free of
charge. The data can be used to review and analyze import activity, as
well as, identify areas of risk, etc.
7. Expanded Benefits of Prior Disclosure
With regard to prior disclosures, if CBP becomes aware of errors in which there is an
indication of a violation of 19 . 1592 or 1593a, while providing assistance,
consultation or training, CBP will provide a written notice to the importer of such errors
and allow 30 days from the date of the notification for the importer to file a prior
disclosure pursuant to 19 CFR . This benefit does not apply if the matter is already
the subject of an ongoing CBP investigation or fraud is involved.
8. Mitigated Penalties and Liquidated Damages
By fulfilling responsibilities under the ISA program, the Participant will
be taking actions, which may be considered as mitigating factors for
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix A
3
possible penalties or liquidated damages.
9. Greater Business Certainty
Participation in the ISA program provides greater business certainty because a reliable
system of internal controls ensures compliant transactions. Based on CBP experience,
importers who implement effective internal controls are able to provide more accurate
and reliable entry data and a better utilization of resources.
10. Additional Benefits
CBP will work with industry groups to provide additional benefits that are advantageous
to both CBP and the industry.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix B
1
PROGRAM REQUIREMENTS
1. Introduction
In order to participate in the ISA program, an importer must:
Be a member of C-TPAT;
Complete an ISA Memorandum of Understanding (MOU) and Questionnaire;
Agree to comply with all applicable CBP laws and regulations;
Maintain an internal control system that demonstrates the accuracy of CBP
transactions:
Establish, document, and implement internal controls;
Perform periodic testing of transactions based on risk;
Maintain results of testing for three years and make test information available to
CBP on request;
Make appropriate adjustments to internal controls; and
Maintain an audit trail from financial records to CBP declarations; or, an alternate
system that ensures accurate values are reported to CBP.
Make appropriate disclosures.
Submit an annual written notification to CBP to confirm the identity of the company
ISA contact, and confirm that the Participant continues to meet the requirements of
the ISA program as specifically listed herein and in the MOU.
Notify CBP of major organizational changes as soon as possible (see for
additional information).
The following information is provided to help companies understand the requirements for
participation in ISA.
2. Member of Customs-Trade Partnership Against Terrorism (C-TPAT)
C-TPAT is a joint government-business initiative to build cooperative relationships that strengthen overall
supply chain and border security. C-TPAT recognizes that CBP can provide the highest level of security
only through close cooperation with the ultimate owners of the supply chain, that is, importers, carriers,
customs brokers, warehouse operators, and manufacturers. ISA is designed to be complementary to the
C-TPAT program. ISA is intended to offer supplemental benefits to importers in the trade compliance area
while promoting compliance by importers.
3. ISA Memorandum of Understanding and Questionnaire
An importer may apply to the ISA program by completing an MOU and ISA Questionnaire.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix B
2
The MOU is an agreement between the importer and CBP that establishes their respective
roles and responsibilities. The importer of record number(s) will denote the
divisions/units applying for ISA. The importer of record numbers should be written out
to the twelfth (12th) digit.
The ISA Questionnaire is a brief series of questions designed to ensure that the importer
has implemented key internal controls that are important for CBP compliance. The
Questionnaire and instructions for completing it are in Appendix D.
4. Comply with All Applicable CBP Laws and Regulations
In order to join the ISA program, an importer must agree to comply with all applicable
CBP laws and regulations. This requirement is designed to obtain the importer’s
commitment to CBP compliance.
5. Maintain an Internal Control System that Demonstrates the Accuracy of
CBP Transactions
A participant must maintain an internal control system that demonstrates the accuracy of
CBP transactions. The importer needs to develop two processes in support of the system.
First, the importer needs a framework of internal controls based on definition and
description recognized by the American Institute of Certified Public Accountants in
its December 1995 Statement on Auditing Standards 78. More information on
internal controls for CBP in business terminology is provided in sections through
and in Appendixes F and G of this handbook.
Second, the importer needs an audit trail from accounting records and payments to
CBP entry records or an alternate system that ensures accurate values are reported to
CBP. The objective of this process is for importers to be able to match payments and
expenses to entries starting from financial records.
a. Establish, document, and implement internal controls
Internal controls must be developed and in place to provide reasonable assurance that the
importer is compliant with CBP laws and regulations.
Internal controls must incorporate the following five interrelated components.
Control Environment sets the tone of an organization. It is the foundation for other
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix B
3
internal control components. Control environment should establish and maintain an
environment throughout the organization that sets a positive and supportive attitude
toward CBP compliance. This can be achieved by actions such as the following:
Defining a company policy supportive to CBP compliance;
Dealing with CBP in a cooperative, open and timely manner;
Committing to the competence of employees responsible for CBP activities by
providing adequate training, counseling, and information;
Assigning CBP responsibilities to personnel with appropriate authority and
information to ensure CBP compliance; and
Placing a high degree of importance on work with CBP.
Risk Assessment is an analysis of a company’s CBP operations to identify risks
(what could go wrong) that may prevent CBP compliance. A risk assessment should
occur at least annually. Once risks have been identified, they should be analyzed for
possible effect. Management then must formulate an approach for risk management
and decide on internal controls to mitigate those risks. This process may result in
changes to internal controls. Risk assessments are particularly important during
times of change.
Control Activities are the day-to-day procedures used to achieve CBP compliance.
Control activities are the policies, procedures, techniques, and mechanisms that
ensure management’s directives are carried out. Control activities mitigate risks
identified during risk assessments and are integral to the company’s planning,
implementing, and reviewing processes.
Information and Communication refers to the accumulation and distribution of
information to people who need it to ensure CBP compliance. This component
includes movement of information between functional activities and upward and
downward within the organization. Pertinent information related to CBP activities is
identified, captured, and distributed to the right people in sufficient detail, in the
right form, and at the appropriate time to enable them to carry out their duties and
responsibilities efficiently and effectively to foster CBP compliance.
Monitoring refers to oversight of quality of CBP performance. It includes both
ongoing monitoring that occurs during normal operations and regular management
and supervisory activities and actions that people take in performing their duties. In
addition, monitoring includes separate evaluations, frequently referred to as periodic
testing. Separate evaluations may be by the company’s internal auditor, an external
auditor, or third parties with required skills. Separate evaluations may include a
review of the control design and direct testing of control activities.
Additional information on internal controls is in Appendixes F and G.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix B
4
b. Perform periodic testing of transactions based on risk
As explained above, periodic testing is a normal part of monitoring operations. Periodic
testing is necessary to determine if objectives related to CBP compliance are being met.
Testing also is important to evaluate employee performance and identify training needs.
An ISA participant must do periodic testing at least annually, but it is not necessary for a
participant to test all areas of customs activity annually. The participant should develop a
testing program to address the areas of highest risk based on the company’s risk
assessment. The participant may design its own testing program. Under the ISA program,
CBP will allow flexibility and will not dictate specific testing requirements, because
periodic testing is only part of an overall system of internal control and it is important
that companies have the flexibility to design the program that they need. Testing may be
by the company’s internal auditor, an external auditor, or a third party with the required
skills. Each company must perform its own risk assessment, develop its own control
procedures, and design its own testing program to control customs risk. Since risk
assessments will identify different risks at different times, a company may need to adjust
its periodic testing in response to changing risk. Upon request, CBP will assist
participants in assessing risk or developing a periodic testing program.
c. Maintain results of testing for three years and make test information
available to CBP upon request
The participant will conduct periodic testing of its internal control system. The test results must be
maintained for three years from the date of the test and provided to CBP upon request.
d. Make appropriate adjustments to internal controls
If needs for internal control improvements are identified through any mechanism-- risk
assessment, information exchange, monitoring and testing, notification from CBP, etc.--
appropriate changes must be made to ensure CBP compliance.
6. Make Appropriate Disclosures
The participant agrees to submit appropriate disclosures to CBP. The participant may make these
declarations through a prior disclosure, reconciliation, post-entry adjustment, supplemental information
letter, or other approved CBP method.
7. Submit an Annual Written Notification
The Participant agrees to provide annual written notification (Appendix H) that it is continuing to meet
requirements of the ISA program and to confirm the identify of the company contact for the ISA program
with name, title, e-mail address, and mail address.
Through the annual notification, the Participant agrees to:
Comply with all applicable CBP laws and regulations;
Maintain an internal control system that demonstrates the accuracy of CBP
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix B
5
transactions:
Maintain internal controls appropriate to provide reasonable assurance of CBP
compliance, to include the five components of internal control;
Perform periodic testing (designed by the importer) based on risk;
Maintain results of testing for three years and providing test results to CBP on
request;
Make appropriate adjustments to internal controls when needed;
Maintain an audit trail from financial records to CBP declarations; or, an alternate
system that ensures that accurate values are reported to CBP.
Make appropriate disclosures to CBP;
Submit annual written notifications to CBP to confirm the identity of the company
ISA contact, and confirm that it continues to meet the requirements of the ISA
program; and
Notify CBP of major organizational changes as soon as possible.
8. Program Feedback for Modification and Improvement
In addition, participants are encouraged to submit feedback to CBP about the ISA program. Exchange of
information between CBP and the participant is an important aspect of the ISA program and will be
necessary for the continued evolution and improvement of the program for the benefit of CBP and the
participant.
CBP is interested in aspects of the program that could be improved to make the program more efficient and
realistic to meet participant’s expectations and needs. CBP will also use the feedback to acknowledge
participants that deserve special recognition for accomplishments, development of special processes and
best practices.
CBP is interested in feedback on such items as:
The relative value of different aspects of the program;
The effectiveness of risk assessment as a control for CBP operations;
Communication processes that work well between departments or with external agents;
Monitoring practices that have been most effective;
Examples of improved operations or cost-saving opportunities resulting from education or other
internal control activities;
Any aspects for which the participant would like to receive recognition; and
Any aspects of the ISA Program which the participant recommends modifications or changes.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix C
1
. CUSTOMS AND BORDER PROTECTION
IMPORTER SELF-ASSESSMENT
MEMORANDUM OF UNDERSTANDING
(Company name) requests to participate in the Importer Self-Assessment (ISA) program.
We acknowledge that the primary objective of the ISA program is to maintain a high
level of trade compliance through a cooperative CBP/Trade partnership. This agreement
is made between ___________, hereinafter referred to as the Account and . Customs
and Border Protection, hereinafter referred to as CBP.
The Account and CBP recognize the need to jointly address trade issues in order to
maintain an efficient and compliant import process. This memorandum of understanding
is designed to strengthen the Account’s ability to maintain a high level of compliance
with CBP requirements through effective internal controls of CBP activities and a
cooperative interchange of ideas and information with CBP.
The ISA program represents an opportunity to establish a joint informed compliance
effort, in a process built on knowledge, trust, and the desire to maintain an ongoing
CBP/Account relationship. The ISA program provides CBP with the means to recognize
and support the Account’s efforts to achieve compliance and offers the Account the
opportunity to demonstrate compliance and receive related benefits.
This memorandum of understanding does not exempt the Account from statutory
penalties or sanctions in the event of noncompliance. However, the extent to which the
Account has shown compliance with the terms of this memorandum of understanding
will reflect favorably and may be a mitigating factor toward any CBP decision or
recommendation on final case disposition.
The following are the Account and CBP’s responsibilities under this memorandum of
understanding. More specific information detailing the roles and responsibilities of the
Account and CBP are provided in the ISA Handbook.
ACCOUNT ROLES AND RESPONSIBILITIES
Be a member of C-TPAT;
Complete an ISA Memorandum of Understanding (MOU) and Questionnaire;
Agree to comply with all applicable CBP laws and regulations;
Maintain an internal control system that demonstrates the accuracy of CBP
transactions:
Establish, document, and implement internal controls;
Perform periodic testing of transactions based on risk;
Maintain results of testing for three years and make test information available to
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix C
2
CBP on request;
Make appropriate adjustments to internal controls; and
Maintain an audit trail from financial records to CBP declarations; or, an alternate
system that ensures that complete and accurate values are reported to CBP.
Make appropriate disclosures;
Submit an annual written notification to CBP to confirm the identity of the Account
ISA contact, and confirm that the Account continues to meet the requirements of the
ISA program as specifically listed herein and in the MOU.
Notify CBP of major organizational changes as soon as possible (See of the ISA
Handbook for additional information.)
CBP ROLES AND RESPONSIBILITIES
CBP will provide consultation and/or guidance as requested (for compliance
assistance, risk assessments, internal controls, CBP audit trails, data analysis support,
etc.).
The Account will have the opportunity to apply for coverage of multiple business
units.
The Account will be removed from the Regulatory Audit Division’s (RAD) audit
pool established for Focused Assessments. (Accounts will be removed from the
RAD’s audit pools for Drawback and Foreign Trade Zones if they request to have
these programs included in the ISA Program.) The audit exemption will apply to
each specific area when it is determined that adequate internal controls are in place,
to ensure compliance with CBP laws and regulations. (Accounts may be subject to
on-site examinations for single-issue reviews.)
The Account will have access to key liaison officials.
The Account will be entitled to receive entry summary trade data, including analysis
support.
With regard to prior disclosures, if CBP becomes aware of errors in which there is
an indication of a violation of 19 . 1592 or 1593a, while providing assistance,
consultation or training, CBP will provide a written notice to the Account of such
errors and allow 30 days from the date of the notification for the Account to file a
prior disclosure pursuant to 19 CFR . This benefit does not apply if the matter
is already the subject of an ongoing CBP investigation or fraud is involved.
In the event that civil penalties or liquidated damages are assessed against the
Account, the Account’s participation in ISA will be considered in the disposition of
the case.
The Account will enjoy greater business certainty because a reliable system of
internal controls ensures compliant transactions.
Additional benefits are tailored to industry needs.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix C
3
This memorandum of understanding governs the Account’s activities under the following
Importer of Record (IR) numbers.
COMPANY NAME ADDRESS IR NUMBER (S)
The Account may use third parties to fulfill roles and responsibilities of this agreement.
This agreement shall enter into force upon each party’s signature and shall remain in
effect until notification of termination or failure to perform as agreed.
IN WITNESS WHEREOF, the undersigned, being duly authorized, have signed this
agreement.
FOR . CUSTOMS AND BORDER FOR THE ACCOUNT
PROTECTION
______________________ ______________________
Print Name Print Name
______________________ ______________________
Signature Signature
______________________ ______________________
Title Title
______________________ ______________________
Date Date
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix D
1
. Customs and Border Protection
Office of Strategic Trade
Importer Self-Assessment Questionnaire
Introduction
Importer Self Assessment (ISA) is a program for companies that have documented internal controls and are
certified partners in Customs-Trade Partnership Against Terrorism (C-TPAT).
The ISA questionnaire is designed to help us determine whether the applicant is indeed ISA ready. The
questions and attachments will also provide the Customs ISA review team the information necessary to
prepare them for the Application Review Meeting (ARM). This will ensure that they use the minimum
amount of the applicant’s time in conducting the meeting and approving the application so the applicant
can begin receiving benefits as soon as possible.
The ISA questionnaire will also allow the ISA applicant to determine whether they are actually ready to
apply for the ISA Program. Applicants who are able to answer “Yes” to all of the questions on the ISA
questionnaire; are able to support the “Yes” responses; and, can provide the information required in the
attachment to the ISA Questionnaire, would be deemed ready to apply to the ISA program.
An ISA applicant must have established internal controls over Customs activities that are both implemented
and documented.
The ISA team will use the ISA Questionnaire along with the attachment information to gain an
understanding of the company’s import operations and internal control structure.
Review Scope
The following steps briefly summarize the initial process prior to the ARM and what to expect at the ARM:
When the applicant responds to the ISA questionnaire completely, the ISA team can plan its approach
for the ARM. Once the ISA team receives the completed application package, the ISA team
(consisting of a Team Leader, one or multiple Consultants, Account Manager (National or Port), and
the Trade Specialist reviews the entire information available and then meet to discuss the risks that
may exist with the applicant.
Next the ISA team contacts the applicant to discuss a date for the ARM. The agenda for the ARM
will be sent 2-3 weeks prior to the ARM to the applicant along with multiple entry numbers so the
applicant can walk the ISA team through the entire flow from import to payment during the on-site
visit.
During the ARM, the ISA applicant will need to be prepared to demonstrate and support each question
on the ISA questionnaire. The “Yes” responses answered initially by the applicant on the ISA
questionnaire will now need to be demonstrated in detail to the team. The team will verify that the
company does in fact, maintain a system of business records that demonstrates the accuracy of
customs transactions.
Answering the ISA questionnaire allows the applicant the opportunity to evaluate its own internal controls
and operations pertaining to customs activities.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix D
2
Applicants for the ISA Program will complete the ISA Questionnaire. The following instructions are
provided to help importers complete the ISA Questionnaire.
Company Name:
Enter the name of the legal entity that is applying to the Importer Self-Assessment (ISA)
program.
Importer of Record Number:
Enter the Importer of Record number of the legal entity that is applying to the ISA
program. This identifies the entity that will receive the benefits of the ISA program.
Multiple numbers may be entered to the 12th digit.
Business Year:
Enter the twelve-month reporting period that designates the financial year for the legal
entity that is applying to the ISA program.
Signature of Company Contact:
The company contact that will be the Account representative for ISA must sign the ISA
Questionnaire.
Title of Company Contact:
The title is the corporate position of the company contact that signs the questionnaire.
Date:
This is the date the questionnaire is signed.
Phone Number:
This is the phone number of the contact person.
E-mail Address:
This is the e-mail address of the contact person, if available.
Business Address:
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix D
3
This is the mail address of the contact person.
Guide:
The questions under this column are designed as a guide to allow CBP to determine if the
applicant is ready to assume the responsibilities of self-assessment. The questions are
designed to determine if the importer has made a commitment to institute specific actions
(internal controls) that will enhance compliance.
Response (Yes or No):
Respond “Yes” or “No” in this column to indicate whether you have implemented
procedures and controls in response to the question. If you have adequate procedures and
controls so that you believe that you are ready to assume the responsibilities of
self-assessment, answer, ”Yes” to the question. If you do not have adequate procedures,
whether they are generally adequate or need significant improvement, answer, “No”
under this column.
Guidance for Questions:
Guidance on the program requirements and questions in the questionnaire, including
guidance on internal controls, is in Appendix B. Additional guidance on internal controls
is in Appendixes F and G. If you have additional questions, submit them to the CBP
website:
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix D
4
ISA QUESTIONNAIRE
Company Name: __________________________________________________
Importer of Record No(s): ___________________________________________
Business Year End: ________________________________________________
Printed Name of Company Contact: ___________________________________
Signature of Company Contact: ___ __________________________________
Title of Company Contact: __________________________________________
Date Prepared: ___________________________________________________
Phone No.: ______________________________________________________
E-mail Address: ___________________________________________________
Business Address: ________________________________________________
______________________________________ _______________________
Company Website Address: _________________________________________
Include Drawback in review: Y or N_______________________________
If ‘Y’, List the offices you with: _____________________________
Include FTZ in review: Y or N_______________________________
Guide
Response
(Yes or No)
1. Does your company have documented internal controls?
Do the documented internal controls include individual
desktop procedures?
2. Does your company maintain an internal CBP department dedicated to
maintaining and updating regulations, laws, and procedures that will affect your
CBP operations?
3. If not in house, do you have a contract with a CBP brokerage house or consulting
service to provide this advisory assistance?
4. (For companies with multiple divisions/subsidiaries applying for ISA) Does your
company operate under a centralized CBP compliance policy?
5. Do you have a system in place to ensure that all elements of costs associated with
imported products are declared to Customs? Also, do you have an audit trail to
verify this?
6. Are your CBP internal control processes consistent with the five
interrelated components of internal control as defined by the
American Institute of Certified Public Accountants? See Statement
on Auditing Standards 78, dated December 1995, effective January 1,
1997 (Consideration of Internal Control in a Financial Audit: An
Amendment to SAS No. 55 – AICPA Statement on Auditing
Standards).
Control environment
Risk assessment
Control activities
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix D
5
Guide
Response
(Yes or No)
Information and communication
Monitoring
7. Are the CBP internal control procedures implemented in the divisions
that participate in or effect importation of merchandise?
8. Do you have compliance requirements in place for suppliers and
Customs brokers?
9. Have you identified CBP risks related to your company’s import
operations?
10. Does your company have procedures to monitor and correct
compliance deficiencies?
11. Has your organization set up a plan to perform periodic testing (at
least an annual review of significant risk areas) in the company’s
divisions that have an effect on imported merchandise?
12. Do you have meetings to discuss and coordinate changes to your CBP
internal control system when tests or other information show a need
for compliance improvement?
13. Do you have an assigned officer who will initiate appropriate
disclosures to CBP when indicated through system testing?
14. Do you have a recordkeeping program in place and are you able to
submit documents in a timely manner to CBP upon request?
15. Is your internal control documentation, including tests and test
results, maintained for three years and available for CBP review?
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix D
6
ATTACHMENT TO ISA QUESTIONNAIRE
1. How many employees are there in the internal compliance department and how long
has the office been in place?
2. What brokerage house and/or consulting service do you have contracts with?
3. Provide a copy of the company’s organizational chart and related department
descriptions.
Include the detail to show the location of the import department identified and
any structure descriptions that are relevant.
Identify the key individuals in each office responsible for CBP compliance.
4. Provide the names and addresses of any related foreign and/or domestic companies,
such as the company’s parent, sister, subsidiaries, or joint ventures.
5. Provide (electronically) a copy of the company’s internal control manual and all
desktop procedures for Custom related individuals.
Include approval of the internal control manual.
Include how long your documented policies and procedures have been in
place.
6. Provide compliance requirements for suppliers and Customs brokers (., contracts,
agreements, etc.).
7. Describe the training program in place with regards to the internal compliance office
and other departments that are involved with Customs related activities.
Include evidence of the training program, such as a training log.
8. Provide (electronically) a copy of your company’s self-testing plan.
9. Explain briefly the system your company has in place to ensure all elements of costs
associated with the imported products have been declared to Customs.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix E
1
ENTRY SUMMARY TRADE DATA REQUEST
Confidential
(Date)
Director, Analytical Development Division
. Customs and Border Protection – Office of Strategic Trade
9th Floor, North
National Place
1300 Pennsylvania Avenue, NW
Washington, DC 20229
Re: Entry Summary Trade Data Request for ISA Account
Dear Sir or Madam:
This request is submitted on behalf of ________. We respectfully request a listing of all
import transactions entered by _________ under the company importer of record
number(s) over the last business year, in electronic format.
Description
We request that this electronic entry summary data, maintained by the Office of Strategic
Trade, be provided on an entry line level for all entries filed between (month, day, year)
and (month, day, year) for the following Importer Identification Number:
Name Number
_____________________ _____________________
_____________________ _____________________
Please provide the data in electronic format on computer disk, CD-ROM, or electronic
mail; whichever is most convenient for you.
Mailing Address of Request
The electronic files should be mailed to the following address:
Electronic mail: _________________
Waiver of Right to Review Documents
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix E
2
We do not wish to inspect the requested documents before they are mailed to the
referenced address.
Payment
We understand that we will receive the data without fees as long as we are an ISA Account.
Recurring Receipt of Data
We would like to continue to receive the data (annually, bi-annually or quarterly) without fee and without
submitting additional requests. We request that data for (month, day) through (month, day) of each year be
submitted as soon as it becomes available each year.
Conclusion
Thank you in advance for your attention to this matter. If you have any questions
concerning this request, please call me at ____________________.
Sincerely,
(Print Name)
(Name)
(Title)
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix F
1
GUIDANCE FOR DEVELOPING INTERNAL CONTROLS
The following guidance is provided to assist a company in developing adequate internal
controls. Please note that the list is not all-inclusive and that Importer Self-Assessment
(ISA) Accounts may design their program to fit the circumstances, conditions, and risks
relevant to the situation of the company. A more extensive guide, which could be useful
to large or complex companies, is available in Appendix G. CBP Auditors will assist ISA
Accounts if requested in development of controls that will meet both company and
government needs. Systems of internal controls should contain the following
components:
Control Environment: The Company establishes and maintains an environment
that supports CBP compliance, including fostering a system that supports
compliance, maintaining competent personnel, and maintaining an organizational
structure that supports compliance.
Management conveys the message that integrity and ethical values
must not be compromised. Management and employees have a
positive and supportive attitude toward CBP internal controls and
conscientious management of CBP-related operations.
Management has a philosophy and operating style that is
appropriate to the development and maintenance of effective
internal controls for CBP, as evidenced by the following:
A commitment to the competence of personnel responsible for CBP-related
activities. The company educates and trains employees about CBP programs that are
affected by the employees’ jobs. The employees should be educated on the
importance of CBP activities related to or affected by their job and the possible
impact of errors. The employees should be trained adequately to successfully
perform the job.
The company’s organizational structure and the way in which it assigns authority
and responsibility for CBP operations contribute to effective internal controls.
The company’s management cooperates with auditors, does not attempt to hide
known problems from them, and values their comments and recommendations.
Risk Assessment: The Company identifies risks to the goal
of CBP compliance, analyzes them for possible effects, and
designs control activities to manage those risks. The
company has established clear and consistent company-wide
objectives and supporting activity-level objectives related to
CBP activities. The following evidences risk assessment
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix F
2
activities:
Management has made a thorough identification of risks pertaining to CBP activities,
from both internal and external sources, which may affect the ability of the company
to meet those objectives.
An analysis of those risks has been performed, and the company has developed an
appropriate approach for risk management.
Mechanisms are in place to identify changes that may affect the company’s ability to
achieve its missions, goals, and objectives related to CBP activities.
Control Activities: The company documents and implements policies and
procedures and other control activities to ensure complete and accurate reporting
to CBP as well as compliance with other CBP requirements. Procedures should
include the correct reporting of information for value, classification, special trade
programs, special duty provisions, and other CBP issues such as quota,
antidumping duties, and countervailing duties.
Appropriate policies, procedures, techniques, and control
mechanisms must be developed and in place to ensure
adherence to established CBP requirements. The following
evidences control activities:
Proper control activities have been developed and documented for each of the
company’s CBP activities.
The control activities identified as necessary are actually being applied properly.
All documentation of transactions and records are properly managed, maintained,
and reviewed as necessary.
Control procedures are reviewed and revised as necessary.
Information and Communication: The Company establishes and maintains
processes to ensure that relevant, reliable information pertaining to CBP is
recorded and communicated through the organization to those who need it and
that information provided to CBP is complete and accurate.
Information systems are in place to identify and record
pertinent operational and financial information relevant to
CBP activities. Management ensures that effective internal
communications take place. The company employs various
forms of communications appropriate to its needs and
manages, develops, and revises its information systems in a
continual effort to improve communications. The following
evidences effective information and communication for CBP:
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix F
3
Appropriate information is identified, recorded, and communicated to management
responsible for CBP activities and others within the company who need it, in a form
that enables them to carry out their duties and responsibilities efficiently and
effectively.
Effective external communications occur with groups that can affect the
achievement of the company’s missions, goals, and objectives related to CBP
activities.
Individual roles and responsibilities for CBP activities are communicated through
policy and procedure manuals.
Monitoring: The Company monitors its CBP activities to assess the quality of
performance over time and ensure that issues and deficiencies are promptly
resolved and that procedures are corrected to prevent recurrence. Monitoring will
include some testing of CBP compliance on a periodic basis. Results of testing
will be maintained for three years and
will be provided to CBP on request. Company internal control monitoring
assesses the quality of performance related to CBP activities over time. The
following evidences monitoring:
Procedures to monitor internal controls occur on an ongoing basis as a part of the
process of carrying out regular activities.
Separate evaluations of internal controls are periodically performed, and deficiencies
found are investigated.
Procedures are in place to ensure that the findings of all audits and other reviews are
promptly evaluated, decisions are made about the appropriate response, and actions
are taken to correct or otherwise resolve the issues promptly.
If you would like to know more about risk assessment and internal controls of CBP
activities, extensive additional guidance and information is contained in the Focused
Assessment Technical Guides available on the CBP website at
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
1
INTERNAL CONTROL MANAGEMENT AND EVALUATION TOOL
Introduction
This document is an Internal Control Management and Evaluation Tool. Although use of
this tool is not required, it is intended to help management and evaluators determine how
well a company’s internal control is designed and functioning and to help determine
what, where, and how improvements, when needed, may be implemented. This is a good
tool for auditors to use when developing questions and conducting interviews with
company personnel, particularly in large, complex companies.
The tool is presented in five sections corresponding to the five components of internal
control: (1) control environment, (2) risk assessment, (3) control activities, (4)
information and communications, and (5) monitoring.
Space is provided beside each issue for the user to note comments or describe the
circumstances affecting the issue. Comments and descriptions usually will not be of the
“yes/no” type, but will generally include information on how the company does or does
not address the issue. This tool is intended to help users reach a conclusion about the
company’s internal control as it pertains to the particular component.
This tool could be useful in assessing internal control in compliance with laws and
regulations. It could also be useful in assessing internal control as it relates to various
CBP activities within a company.
This tool is not authoritative but is intended as a supplemental guide that managers and
evaluators may use in assessing the effectiveness of internal control and identifying
important aspects of control in need of improvement. Users should keep in mind that this
tool is a starting point and that it can and should be modified to fit the circumstances,
conditions, and risks relevant to the situation of the company. Not all of the issues need
to be considered for every company or activity.
1. Control Environment
According to the first internal control component, which relates to control environment,
management and employees should establish and maintain an environment throughout
the organization that sets a positive and supportive attitude toward internal control and
conscientious management. Several key factors affect the accomplishment of this goal.
Management and evaluators should consider each of these control environment factors
when determining whether a positive control environment has been achieved.
The factors that should be focused on are listed below. Management and evaluators
should concentrate on the substance of controls rather than their form, because controls
may be established but not acted upon.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
2
Internal Control Point
Comments/
Descriptions
Integrity and Ethical Values
1. Management has promoted a climate that
emphasizes integrity and ethical behavior by its
Import Department employees. The company
employs a code of conduct that emphasizes proper
behavior and sets penalties for unethical conduct.
2. Dealings with CBP are conducted on a high ethical
plane.
Reports to CBP are proper and accurate (not intentionally
misleading).
Management cooperates with auditors and other evaluators, does
not attempt to hide known problems from them, and values their
comments and recommendations.
3. The company has a well defined and understood process for dealing with CBP
requests and concerns in a timely and appropriate manner.
Commitment to Competence
1. Management has performed analyses of the knowledge, skills, and
abilities needed to perform CBP-related jobs in an appropriate
manner.
2. The company provides training and counseling in
order to help employees maintain and improve their
competence for jobs relating to CBP.
There is an appropriate training program to meet the needs of
employees.
The company emphasizes the need for continuing training and
has a control mechanism to help ensure that all employees
actually received appropriate training.
Management’s Philosophy and Operating Style
1. The company has a written policy on CBP compliance.
2. Management employs a philosophy that emphasizes the correct
reporting of information to CBP.
3. Management places a high degree of importance on retaining
competent personnel in key functions over its CBP transactions.
4. The company Import Department has adequate authority to interact
with other offices as needed, and strong synchronization and
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
3
Internal Control Point
Comments/
Descriptions
coordination exist between the Import Department and other
departments with responsibilities or information related to CBP
activities.
5. Management places a high degree of importance on the work of CBP
officers, external audits, and other evaluations and studies with CBP
information and is responsive to information from such officers.
6. There is appropriate interaction between management of the company
Import Department and senior management.
Organizational Structure
1. The company’s Import Department is appropriately located within the
organization.
2. Key areas of authority and responsibility relative to
CBP activities are defined and communicated
throughout the organization. Consider the
following:
Executives in charge of major activities or functions are fully
aware of their duties and responsibilities.
Executives and key managers understand their internal control
responsibilities and ensure that their staff also understands their
own responsibilities.
Assignment of Authority and Responsibility
1. The company appropriately assigns authority and
delegates responsibility for CBP activities to the
proper personnel to deal with organizational goals
and objectives.
Authority and responsibility are clearly assigned throughout the
organization and clearly communicated to employees.
Responsibility for decision-making is clearly linked to the
assignment of authority and responsibility.
2. Each employee knows how his or her actions related to CBP
activities relate to others’ actions and is aware of his or her related
duties concerning CBP internal control.
3. Delegation of authority is appropriate in relation to the assignment of
responsibility for CBP activities.
Employees at the appropriate level are empowered to correct
problems or implement improvements.
There is an appropriate balance between the delegation of
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
4
Internal Control Point
Comments/
Descriptions
authority at lower levels to “get the job done” and the
involvement of senior-level personnel.
Human Resource Policies and Practices
1. Employees’ responsibilities for CBP activities are properly supervised.
Oversight Groups
1. Within the company, mechanisms are in place to monitor and review
operations and programs.
The company has a committee or senior management council
that reviews internal audit work of CBP activities.
The internal audit function reviews the company’s CBP
activities and systems and provides information, analyses,
appraisals, recommendations, and counsel to management.
2. Risk Assessment
The second internal control component addresses risk assessment. A precondition to risk
assessment is the establishment of clear, consistent company goals and objectives at both
the entity level and the activity level. Once the objectives have been established, the
company needs to identify the risks that could impede the efficient and effective
achievement of those objectives. Internal control should provide for an assessment of the
risks the company faces from both internal and external sources. Once risks have been
identified, they should be analyzed for their possible effect. Management then must
formulate an approach for risk management and decide upon the internal control
activities required to mitigate those risks and achieve the internal control objectives of
efficient and effective operations, reliable CBP reporting, and compliance with laws and
regulations. A manager or evaluator will focus on management’s processes for setting
objectives, risk identification, risk analysis, and management of risk during times of
change. Listed below are factors a user might consider.
Internal Control Point
Comments/
Descriptions
Establishment of Activity-Level Objectives
1. Company CBP office objectives are linked with company objectives.
Risk Identification
1. Management identifies CBP risk.
Qualitative and quantitative methods are used to identify risk and
determine relative risk rankings on a scheduled and periodic
basis.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
5
Internal Control Point
Comments/
Descriptions
How risk is to be identified, ranked, analyzed, and mitigated is
communicated to appropriate staff.
Risk identification and discussion occur in senior-level
management meetings.
Risk identification takes place as part of short- and long-term
forecasting and strategic planning.
Risk identification occurs as a result of consideration of findings
from audits, evaluations, and other assessments.
2. 2Adequate mechanisms exist to identify risks to CBP
activities arising from external factors. Consider the
risks:
Arising from changing needs or expectations by Congress, CBP
officials, or the public.
Posed by new legislation, regulations, rulings, and court
decisions.
Resulting from business, political, or economic changes.
Associated with major suppliers, brokers, contractors, and agents.
Resulting from interactions with other companies and outside
parties.
3. Adequate mechanisms exist to identify risks to
CBP activities arising from internal factors.
Consider the risks:
Resulting from downsizing operations and personnel.
Associated with major changes of operating processes, foreign
sourcing, or importing operations.
Resulting from new lines, products, or other business activities.
Associated with restructuring and reorganizations.
Posed by disruption of information systems.
Posed by highly decentralized CBP operations.
Posed by personnel turnover or personnel who are not adequately
qualified and trained.
Resulting from heavy reliance on agents or other parties to
perform critical company operations.
Resulting from rapid growth or expansion of import operations.
4. Management assesses other factors, such as a history of compliance
problems.
Risk Analysis
1. 1 After CBP risks have been identified, management
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
6
Internal Control Point
Comments/
Descriptions
should undertake an analysis of their possible effect.
Consider the following:
Management has established a formal or informal process to
analyze risks.
Criteria have been established for determining low, medium, and
high risks.
Appropriate levels of management and employees are involved in
the risk analysis.
Risks identified and analyzed are relevant to the corresponding
activity objective.
Risk analysis includes estimating the risk’s significance and
sensitivity.
Risk analysis includes estimating the likelihood and frequency of
occurrence of each risk (susceptibility) and determining whether
it falls into the low-, medium-, or high-risk category.
A determination is made on how best to manage or mitigate the
risk and what specific actions should be taken.
2. Management has developed an approach for risk
management related to CBP compliance and control
based on how much risk can be prudently accepted.
Consider the following:
The approach will vary from company to company based on the
company’s CBP activities.
The approach is designed to keep risks within levels judged to be
appropriate, and management takes responsibility for setting the
tolerable risk levels.
Specific control activities are decided upon to manage or mitigate
specific risks, and their implementation is monitored.
Managing Risks During Change
1. The company has mechanisms in place to anticipate, identify, and
react to risks presented by changes in government, economic,
industry, regulatory, operating, or other conditions that can affect CBP
compliance.
2. The company gives special attention to risks presented by changes that
can have a more dramatic and pervasive effect on CBP compliance.
The company is attentive to risks related to:
Changes in CBP information systems.
Rapid growth and expansion or rapid downsizing.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
7
Internal Control Point
Comments/
Descriptions
Imports under CBP programs and activities that are new to the
company.
Imports from a new geographical area.
3. Control Activities
The third internal control component addresses control activities. Internal control
activities are the policies, procedures, techniques, and mechanisms that help ensure that
management’s directives to mitigate risks identified during the risk assessment process
are carried out. Control activities are an integral part of the company’s planning,
implementing, and reviewing processes.
Control activities occur at all levels and functions of the company. They include a wide
range of diverse activities, such as approvals, authorizations, verifications,
reconciliations, performance reviews, security activities, and the production of records
and documentation. A manager or evaluator should focus on control activities in the
context of the company’s management directives to address risks associated with
established objectives for each significant activity. Therefore, a manager or evaluator
will consider whether control activities relate to the risk assessment process and whether
they are appropriate to ensure that management’s directives are carried out. In assessing
the adequacy of internal control activities, a reviewer should consider whether the proper
control activities have been established, whether they are sufficient in number, and the
degree to which they are operating effectively. This analysis and evaluation should also
include controls over computerized information systems. A manager or evaluator should
consider not only whether established control activities are relevant to the risk
assessment process, but also whether they are being applied properly.
Given the wide variety of control activities that companies may employ, it would be
impossible for this tool to address them all. However, there are some general, overall
points to be considered by managers and evaluators, as well as several major categories
or types of control activity factors that are applicable at various levels throughout
practically all companies. In addition, some control activity factors are specifically
designed for information systems. These factors and related issues are listed below to
illustrate the range and variety of typical control activities.
Internal Control Point
Comments/
Descriptions
General Application
1. 1
.
Appropriate policies, procedures, techniques, and mechanisms exist
with respect to CBP activities.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
8
Internal Control Point
Comments/
Descriptions
All relevant objectives and associated risks have been identified
in relation to the risk assessment and analysis function of
internal control.
Management has identified the actions and control activities
needed to address the risks and directed their implementation.
2. Control activities identified as necessary are in place and being
applied. Consider the following:
Control activities described in policy and procedures manuals
are actually applied and applied properly.
Supervisors and employees understand the purpose of internal
control activities.
Supervisory personnel review the functioning of control
activities.
Timely action is taken on exceptions, implementation problems,
or information that requires follow-up.
Common Categories of Control Activities
1. Management tracks CBP compliance in relation to goals.
Managers at all activity levels review performance reports,
analyze trends, and measure results against targets.
Appropriate control activities are employed, such as
reconciliations of summary information to supporting detail.
2. The company effectively manages its workforce to achieve CBP
compliance.
Procedures are in place to ensure that personnel with appropriate
competencies are recruited and retained.
Employees are given orientation, training, and tools to perform
their duties and responsibilities, improve their performance, and
meet the demands of changing organizational needs.
Qualified and continuous supervision is provided to ensure that
internal control objectives are being met.
3. The company employs a variety of controls of CBP activities to
ensure accuracy and completeness of information processing.
4. The company has established and monitors performance measures
and indicators for CBP activities.
Actual performance data are continually compared and analyzed
against expected or planned goals.
Unexpected results or unusual trends are investigated to identify
circumstances where achievement of goals for CBP compliance
is threatened. Corrective action is taken.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
9
Internal Control Point
Comments/
Descriptions
5. CBP transactions and other significant events are properly classified
and promptly recorded so that they maintain their relevance, value,
and usefulness to management in controlling operations and making
decisions.
6. Only authorized individuals can make adjustments to CBP
information.
7. Internal control and all transactions and other significant events
related to CBP activities are clearly documented.
Written documentation exists for the company’s internal control
structure and all significant transactions and events.
Documentation is readily available for examination.
Documentation for internal control includes identification of the
company’s activity-level functions and related objectives and
control activities and appears in management directives,
administrative policies, accounting manuals, and other such
manuals.
Documentation of transactions and other significant events is
complete and accurate and facilitates tracing the transaction or
event and related information from before it occurs, through its
processing, to after it is completed.
Documentation, whether in paper or electronic form, is useful to
managers in controlling their operations and to auditors and
others involved in analyzing operations.
All documentation and records are properly managed,
maintained, and periodically updated.
8. This analysis and evaluation should also include controls over
computerized information systems.
4. Information and Communication
According to the fourth internal control component, for a company to run and control its
operations, it must have relevant, reliable information relating to external as well as
internal events. That information should be recorded and communicated to management
and others within the company who need it in a form and within a time frame that
enables them to carry out their internal control and operational responsibilities.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
10
Managers and evaluators should consider the appropriateness of information and
communication systems to the organization’s needs and the degree to which they
accomplish the objectives of internal control. Listed below are factors to consider. The
list is a starting point. It is not all-inclusive, nor will every item apply to every company
or activity within the company. Even though some of the functions and points may be
subjective in nature and require the use of judgment, they are important in collecting
appropriate data and information and in establishing and maintaining good
communication.
Internal Control Point
Comments/
Descriptions
Information
1. Information related to CBP activities from internal and external
sources is obtained and provided to management as a part of the
company’s reporting on operational performance relative to
established objectives.
2. Pertinent information related to CBP activities is identified, captured,
and distributed to the right people in sufficient detail, in the right
form, and at the appropriate time to enable them to carry out their
duties and responsibilities efficiently and effectively.
3. Management ensures that effective internal communications occur
related to CBP activities.
Employees understand the aspects of internal control, how their
role fits into it, and how their work relates to the work of others.
Employees are informed that when the unexpected occurs, they
must pay attention not only to the event but also to the
underlying cause, so that potential internal control weaknesses
can be identified and corrected before they can do further harm.
Mechanisms exist to allow the easy flow of information down,
across, and up the organization and between functional
activities.
Informal or separate lines of communications exist to serve as a
“fail-safe” control for normal communications avenues.
Mechanisms are in place for employees to recommend
improvements in operations.
4. Management ensures that effective external communications occur
with groups that can have a serious impact on CBP compliance.
Open and effective communications have been established with
customers, suppliers, consultants, brokers, and others who can
provide significant input relative to CBP compliance.
Communication with external parties such as CBP and other
federal agencies is encouraged, since it can be a source of
information on how well internal control is functioning.
Customs and Border Protection Importer Self-Assessment Handbook
Importer Self-Assessment Program November 2004
Appendix G
11
Internal Control Point
Comments/
Descri
