Trade Compliance Audits and Assessments

Trade compliance audits and assessments are structured evaluations that examine whether an organization's import, export, and supply chain activities conform to applicable laws, regulations, and internal policy frameworks. Conducted by internal teams, third-party specialists, or government agencies, these processes sit at the center of any functioning trade compliance program. The stakes are concrete: U.S. Customs and Border Protection (CBP) penalty authorities under 19 U.S.C. § 1592 allow civil fines reaching four times the unpaid duties for fraudulent violations, and Bureau of Industry and Security (BIS) administrative penalties for Export Administration Regulations (EAR) violations can reach $364,992 per violation (BIS, 15 CFR Part 764).

Definition and scope

A trade compliance audit is a systematic, evidence-based review of transactions, records, processes, and controls that govern how goods, technology, or services cross international borders. The scope extends across the full trade lifecycle: tariff classification, valuation, country of origin determinations, licensing, restricted-party screening, recordkeeping, and documentation integrity.

"Assessment" carries a broader meaning than "audit" in operational practice. An assessment typically evaluates the design adequacy of a compliance program — examining written policies, training coverage, and organizational accountability — whereas an audit tests whether those controls are operating as designed by sampling actual transactions. CBP's Regulatory Audit and Agency Advisory Services (RAAAS) division conducts both types under the Focused Assessment program, which follows a structured Pre-Assessment Survey (PAS) methodology before any transaction-level testing begins.

The scope boundary is set by the regulatory universe applicable to the organization. An importer's audit scope will center on customs compliance standards, harmonized tariff schedule compliance, and valuation accuracy under 19 CFR Part 152. An exporter's audit scope will encompass EAR controls (15 CFR Parts 730–774), International Traffic in Arms Regulations (ITAR) under 22 CFR Parts 120–130, and denied-party screening against the Consolidated Screening List maintained by the Office of Foreign Assets Control (OFAC), BIS, and the Directorate of Defense Trade Controls (DDTC).

Core mechanics or structure

CBP's Focused Assessment program provides the most formally documented audit structure in U.S. trade compliance. The program proceeds in three phases:

Phase 1 — Pre-Assessment Survey (PAS): Auditors map the importer's internal control environment, identifying high-risk transaction types and quantifying the universe of entries subject to review. The PAS produces a written risk ranking that determines whether a full compliance assessment proceeds.

Phase 2 — Compliance Assessment: Auditors test a statistical sample of entries against relevant regulatory requirements, including classification accuracy, first-sale valuation eligibility, antidumping and countervailing duty (ADD/CVD) applicability, and free trade agreement (FTA) preference claims. Sample sizes follow audit-standard protocols rather than fixed percentages.

Phase 3 — Report and Follow-Up: Findings are classified by severity, duty impact, and root cause. Repeat errors may trigger penalty referrals or a Compliance Improvement Plan (CIP) requiring corrective action within defined timescales.

Internal and third-party audits follow analogous structures but are not bound by CBP's specific methodology. Professional standards from the Institute of Internal Auditors (IIA) — specifically IIA Standard 2010 on planning and 2320 on analysis — provide a recognized framework for internal audit scoping and evidence evaluation in the trade context.

Causal relationships or drivers

Audit triggers fall into two categories: proactive and reactive. Proactive audits are scheduled based on risk scoring, customs bond exposure, duty volume, and supply chain complexity. A company with 10,000 or more annual import entries and significant FTA preference claims carries statistically higher misclassification exposure than one filing fewer than 500 entries per year, making frequency-based review structurally warranted.

Reactive triggers include CBP CF-28 (Request for Information) and CF-29 (Notice of Action) correspondence, which signal that CBP has already identified a potential discrepancy on specific entries. Receipt of a CF-28 without a prepared audit trail significantly disadvantages the importer in any subsequent penalty proceeding. Similarly, BIS or OFAC inquiry letters, or denial of a license application, commonly precede formal investigation of an exporter's screening and classification practices.

Legislative changes also drive audit cycles. The Uyghur Forced Labor Prevention Act (UFLPA), enacted in December 2021 (Public Law 117-78), created a rebuttable presumption that goods produced in whole or in part in Xinjiang, China, are subject to forced labor and are therefore prohibited under 19 U.S.C. § 1307. Companies with Xinjiang-origin supply chains immediately required supply chain compliance audits to map and document supplier tiers against UFLPA entity list criteria.

Classification boundaries

Trade compliance audits subdivide along four principal axes:

By initiating party:
- Government audits (CBP Focused Assessments, BIS End-Use Checks, OFAC Compliance Reviews, Census Bureau Foreign Trade audits)
- Internal audits conducted by an in-house trade compliance or internal audit function
- Third-party audits commissioned by the company and conducted by external specialists
- Customer or contractual audits required by commercial agreements, particularly in defense procurement under DFARS clauses

By regulatory domain:
- Import-side (customs valuation, classification, origin, ADD/CVD, FTA)
- Export-side (EAR, ITAR, OFAC sanctions, deemed exports)
- Trade remedy (Section 301 tariff compliance per USTR, Section 232)
- Specialized compliance domains (forced labor, intellectual property, product safety)

By audit depth:
- Desktop reviews — document and policy examination without transaction sampling
- Transaction audits — entry-level or shipment-level sample testing against source documents
- Systems audits — evaluation of ERP configurations, automated classification tools, and screening software logic

By outcome orientation:
- Compliance assessments — identify gaps and quantify duty or penalty exposure
- Voluntary Self-Disclosure (VSD) preparation audits — designed to quantify and document violations before disclosure to CBP, BIS, or OFAC under their respective VSD programs (see voluntary self-disclosure trade)

Tradeoffs and tensions

The fundamental tension in trade compliance auditing is between thoroughness and operational disruption. A statistically valid sample of 200 entries drawn from 15,000 annual imports requires pulling shipping documentation, commercial invoices, customs entries, and classification worksheets for each sampled transaction — a process that can consume 400–600 person-hours in a mid-size importing operation, diverting resources from active clearance functions.

A second tension exists between audit independence and operational knowledge. Internal auditors embedded in the trade function have superior context but face independence constraints under IIA standards. Fully external auditors carry independence but may lack the industry-specific classification expertise required to evaluate complex Harmonized Tariff Schedule (HTS) determinations in chemical, semiconductor, or dual-use technology categories.

Disclosure strategy creates a third structural tension. A self-initiated audit that uncovers violations triggers a decision point: disclose under VSD programs (which typically reduce penalties) or remediate without disclosure (which preserves confidentiality but leaves the company exposed if CBP or BIS discovers the same violations independently). The OFAC Framework for Compliance Commitments (published May 2, 2019, OFAC.treasury.gov) explicitly weights prior self-disclosure and remediation as mitigating factors in civil penalty determinations.

Common misconceptions

"Passing" a CBP audit means the company is compliant. CBP's Focused Assessment covers a bounded sample period and defined transaction universe. A finding of "no material discrepancies" applies only to the tested population. HTS classifications or valuation methodologies not covered in the sample remain unvetted.

Third-party auditors are inherently more reliable than internal teams. Audit quality correlates with auditor expertise in the specific regulatory domain, not with employment status. An external firm without trade-specific credentials may produce a less rigorous classification review than a trained internal trade analyst using binding ruling research from CBP's CROSS database.

Audits and assessments are interchangeable terms. As noted in the definition section, assessments evaluate program design; audits test operational execution. Conflating the two leads to program gaps where a company's written procedures appear sound but actual entry data reflects systematic classification errors.

A clean customs broker record eliminates audit exposure. Customs broker compliance is a broker obligation under 19 CFR Part 111. The importer of record retains independent legal liability under 19 U.S.C. § 1484 regardless of broker performance. Broker errors do not transfer liability.

Checklist or steps

The following sequence reflects the standard phases of an internally initiated import compliance audit. This is a structural description, not professional guidance.

  1. Define audit scope — Specify the regulatory domains, entry date range, business units, and commodity categories subject to review.
  2. Inventory the transaction universe — Extract all qualifying entries from the customs management system or broker portal for the defined period.
  3. Apply risk stratification — Sort entries by duty value, HTS chapter, country of origin, and ADD/CVD case number to weight the sample toward highest-exposure transactions.
  4. Select statistical sample — Determine sample size using a recognized methodology (IIA guidance or AICPA audit sampling standards) appropriate to the universe size and desired confidence level.
  5. Collect source documentation — Retrieve commercial invoices, packing lists, entry summaries (CBP Form 7501), bills of lading, and any ruling letters or binding classifications for sampled entries.
  6. Test each sampled entry — Evaluate HTS classification against GRI rules and CBP CROSS rulings; verify declared customs value against 19 CFR § 152.103; confirm origin declarations against applicable FTA rules of origin or country of origin rules.
  7. Calculate duty impact of discrepancies — Quantify underpayments or overpayments; project to the full entry universe using appropriate extrapolation methodology.
  8. Document root cause — Identify whether discrepancies stem from classification methodology errors, data entry failures, broker instruction gaps, or policy ambiguity.
  9. Prepare findings report — Record findings by entry, error type, duty impact, and root cause with evidentiary citations.
  10. Determine disclosure and remediation path — Map findings against applicable VSD programs, penalty risk thresholds, and corrective action requirements under compliance penalties and enforcement actions.

Reference table or matrix

Audit Type Initiating Party Primary Regulatory Authority Governing Document Typical Scope
Focused Assessment CBP 19 U.S.C. § 1509 CBP Focused Assessment Audit Guidelines (RAAAS) Classification, valuation, origin, ADD/CVD, FTA
End-Use Check BIS 15 CFR Part 758 EAR Part 758.10 Export destination, end-user, end-use verification
OFAC Compliance Review OFAC 31 CFR Parts 500–598 OFAC Framework for Compliance Commitments (2019) Sanctions screening, transaction review, SDN exposure
ITAR Compliance Review DDTC (State Dept.) 22 CFR Parts 120–130 ITAR § 127.12 (VD provisions) License coverage, technical data controls, re-export
Internal Trade Audit In-house function Variable IIA Standards 2010, 2320 Any or all trade compliance domains
Third-Party Assessment External specialist Variable IIA / AICPA sampling standards Program design, transaction testing, or both
Census Bureau Audit U.S. Census Bureau 13 U.S.C. § 301 FTR 15 CFR Part 30 EEI filing accuracy, AES compliance

References

📜 8 regulatory citations referenced  ·  ✅ Citations verified Feb 26, 2026  ·  View update log

📜 8 regulatory citations referenced  ·  ✅ Citations verified Feb 26, 2026  ·  View update log

Read Next

Elements of an Effective Trade Compliance Program This page identifies the discrete components that regulatory agencies and auditors evaluate when assessing program adequacy,... Customs Compliance Standards This page covers the regulatory framework administered by U.S. Harmonized Tariff Schedule Compliance Misclassification is one of the leading causes of customs penalties, post-entry corrections, and audit findings by U.S.