Professional Documents
Culture Documents
Customs - Excise Audit-CCLEC - SG
Customs - Excise Audit-CCLEC - SG
Customs - Excise Audit-CCLEC - SG
Study Guide
Customs & Excise Audit
The Centre for Customs and Excise Studies (CCES), University of Canberra has
developed an academic program leading to an Executive Diploma in Customs
Management for member countries of the Caribbean Customs Law Enforcement
Council (CCLEC).
The program which is to be followed over a period of one year, entails the
following subjects;
Accounting for Managers
Customs Management I
Customs & Excise Audit
Revised Kyoto Convention I
Intelligence Management in the CCLEC Region
Managing Operational Activities
The study requirement for each subject is 30 hrs through a combination of face to
face and online learning.
Contents
Bibliography ..........................................................................................6
Topic 1 ...................................................................................................7
Introduction to Customs & Excise Audit ................................................................... 7
Topic 4 .................................................................................................17
Use of Sanctions..................................................................................................... 17
Background .........................................................................................18
Retention of Records..........................................................................18
Post-transaction Audit............................................................................................. 18
Topic 6 .................................................................................................25
Audit Standards ...................................................................................................... 25
Introduction .........................................................................................26
What are Audit Standards? ................................................................26
Key audit areas to be addressed........................................................................... 26
Topic 7 .................................................................................................31
Audit Techniques .................................................................................................... 31
Introduction .........................................................................................32
Audit risk .............................................................................................32
Inherent Risk........................................................................................................... 32
Control Risk ............................................................................................................ 32
Detection Risk......................................................................................................... 33
Flowcharting........................................................................................33
Introduction to computer assisted audit techniques .......................35
Expertise ................................................................................................................. 35
IT resources............................................................................................................ 35
Cost effectiveness .................................................................................................. 35
Topic 8 .................................................................................................37
Audit Methodology .................................................................................................. 37
Introduction .........................................................................................38
Planning the audit ...............................................................................38
(Refer Stage 1 of the Audit Methodology) .............................................................. 38
What is the auditee’s business? ........................................................................... 38
The Entrance Interview .......................................................................................... 39
Systems verification............................................................................................... 39
The control environment........................................................................................ 39
Analytical procedures ............................................................................................ 40
Materiality................................................................................................................ 40
Testing procedures ................................................................................................ 41
Other considerations ............................................................................................. 41
The Audit Plan document ...................................................................42
Understanding the Business Systems ..............................................42
Identifying and evaluating the company’s controls .........................43
(Refer Stage 2 of the Audit methodology) .............................................................. 43
Bibliography
Centre for Customs & Excise Studies (2005), Generic Systems based Audit Methodology,
Canberra.
Federal Financial Institutions Examination Council (2003), Risk Assessment & Risk
Based Auditing Booklet, Washington. Copy available on FFIEC website
<http://www.ffiec.gov/ffiecinfobase/booklets/audit/ >
Flow Charts < http://deming.eng.clemson.edu/pub/tutorials/qctools/flowm.htm >
ICA Australia & CPA Australia (2004) Auditing and Assurance Handbook, Pearson
Education, Australia.
ICA Australia & CPA Australia 2004, Auditing and Assurance Handbook,
Pearson Education, Australia.
Industry Panel on Customs Audit Reforms (1995) Looking to the future – Compliance
Improvement, Canberra.
Institute of Chartered Accountants in Australia & CPA Australia (2004), Auditing and
Assurance Handbook, Technical editors Kemp, S and Knapp, K, Pearson Education,
Australia.
International Federation of Accountants 2004, International Standards on Auditing (ISA).
A copy is available on the IFAC website <http://www.ifac.org/store>
Massachusetts Dept of Revenue, Audit Division Advice to tax payers. A copy is available
on website <http://www.dor.state.ma.us/audit >
World Customs Organization (1999), Revised Kyoto Convention on the Simplification
and Harmonisation of Customs Procedures, Brussels. A copy is available on the WCO
website
<http://www.wcoomd.org/ie/En/Topics_Issues/FacilitationCustomsProcedures/Kyoto_New/C
ontent/content.html >
World Customs Organization 1999, Revised Kyoto Convention on the simplification and
harmonisation of Customs procedures, WCO, Brussels
World Customs Organization 2004, A National Valuation Database as a risk assessment
tool, Brussels <
http://202.121.31.31/cwco/english/files/reference/Letstalk1GB.pdf >
World Customs Organization, Brussels web page: <http://www.wcoomd.org>
Topic 1
Introduction to Customs & Excise Audit
Customs & Excise Audit
Activity 1
Definitions
Turn to the ‘glossary’ or ‘definitions’ area of either the International Standards for
Audit, or your local Audit Standards. How do the definitions of audit and assurance
differ from those used in your own workplace?
Please post your findings in the Moodle Activity 1 Forum Page..
Types of Audit
There are a number of different audit approaches available to the auditor. The nature of the
risk identified when selecting an importer, exporter or excise manufacturer for audit should
set the type of approach required. There is no ‘set’ rule on the type of audit approach to be
used and in this Section we will look at the differing approach options, including the simple
‘desk audit’, the ‘transaction based audit’ and the ‘system - based audit’.
We will spend the remainder of this course focussed on the conduct of a Systems - based
audit.
Activity 2
Short Research Project
Thinking of your own jurisdiction – what legislation exists to support Customs or
Excise Audit activity? What restrictions are there upon Customs or Excise Auditors?
Please list the important legislative references and provide a brief outline of each.
Please post your findings in the Moodle Activity 2 Forum Page.
Topic 2
Audit & Risk Management
Customs & Excise Audit
Readings 1 & 2
WCO 1999, Revised Kyoto Convention General Annex Guidelines Chapter 1, General
principles, paragraph 4 Co-operation with the Trade, Brussels.
WCO 1999, Revised Kyoto Convention Chapter 6, Customs Control Guidelines,
paragraph 9 Customs/Trade Co-operation, Brussels.
Audit is a response by Customs and Excise agencies to the risk of importers and excise
manufacturers failing to comply with various reporting, clearing, licensing and duty
payment obligations. It is a risk treatment, where risk has been assessed as requiring an
intervention by the Customs or Excise authority.
The use of audit can extend beyond the importer, in the case of imported goods, brokers,
agents, and freight forwarding operations, likewise to the suppliers of raw materials to
excise manufacturers.
Audit can also be used to support key trade facilitation initiatives such as ‘self
assessment’ and ‘post transaction compliance’, both of which ensure that imported cargo
and excisable goods are moving efficiently in to, out of, and around the country.
Customs and Excise audit, especially when aimed at systems and controls, is also a means
of recommending to an importer or excise manufacturer ways in which compliance can
be achieved or improved in the most efficient manner. Audit can and should add value to
an auditee’s business.
The Customs and Excise audit report, along with an importer’s, exporter’s, or excise
manufacturer’s own internal and external auditing results, provides an excellent resource
for company managers in understanding the performance of their business.
Activity 3
Customs & Excise Audit
In your opinion how does a Customs or Excise Audit fit into a risk management plan?
Please post your comments in the Moodle Activity 3 Forum Page.
Reading 3
WCO 2004, A National Valuation Database as a risk assessment tool, Brussels.
Topic 3
Alternatives to conducting an Audit
Customs & Excise Audit
Audit may not always be the best or the most appropriate response to risk. Audit activity,
particularly systems based approaches or transaction based approaches with large sample
sizes, can be timely and costly exercises. This is not just the case for the Customs or
Excise agency; audit activity is also very intrusive and resource intensive for the client.
Often the risk being treated does not warrant a full audit response, whilst in other cases
the risk may have been created by changes to Customs and/or Excise law or
administration, or by a Ruling that has created confusion or uncertainty within an
industry.
Education Approach
Sometimes errors can occur because the importer or excise manufacturer only partially
comprehends their legislative or administrative obligations. Whilst ignorance of the law is
not an acceptable excuse for error, it is understandable in an environment where the law
has recently changed or is unusually complex or, alternatively, vague or subject to
multiple interpretations.
The education - based approach sees Customs and Excise agencies becoming more pro-
active in disseminating detailed information to relevant parties as to their responsibilities
and obligations in certain areas. Production of booklets, web pages, resource links, etc -
making available appropriate information and materials, can reduce risk of errors by the
uninformed or confused.
Support Approach
One question agencies can ask in relation to compliance is ‘how easy is it for the entities
you audit to gain access to information and assistance about their responsibilities and
obligations?’ Customs and Excise agencies cannot give direct advice to an importer or
excise manufacturer about a consignment they have imported, or a product they have just
produced as this may jeopardise future compliance or litigation activity but they can give
general advice and guidance.
As with the education - based approaches, agencies can produce information booklets,
web pages, and resource links, to assist industry understand compliance obligations. The
support approach will also include creation of telephone and e-mail help-lines, where
importers and excise manufacturers can take specific compliance queries. The purpose is
that, rather than ‘guess’ if left on their own to comply, the importer or manufacturer will
turn to the support offered.
Customs and Excise agencies would be seeking a high level of compliance from an
industry so that they can focus resources away from that industry into higher level risk
industries. The benefits to industry from such a compliance partnership are that the
industry receives minimal intervention from Customs and Excise agencies and increased
certainty over business operations, with resultant gains to productivity and efficiencies.
Customs and excise agencies could develop advisor partnerships with professional
advisor groups such as: industry consultants, industry associations or industry peak
bodies, tax payer associations, freight forwarders, customs brokers, and lawyers, all of
whom have detailed knowledge of Customs and Excise laws. In this type of partnership,
Customs and Excise agencies can seek input into decision making, of specialist
knowledge of laws, of industry, and of industry issues. At the same time professional
advisors are attracted to these relationships because they also have access to information
to increase their own knowledge, they can influence policy development, and they are
able to market to the industry their role and relationship with Customs and Excise policy.
Partnerships can also be made with individual importers and excise manufacturers to
cover performance expectations. Whilst Customs and Excise agencies should be able to
expect a high level of compliance from a company in partnership, such a company could
expect from the agency a ‘hands-off’ compliance program, such as monitoring, allowing
it to get on with business with certainty and security. The incentive to remain at the
expected high level of compliance is the benefit of having Customs and Excise managing
compliance in such a ‘hands-off’ manner.
Questionnaire approach
This approach involves the sending of a pre-designed questionnaire relating to a
particular risk issue. This approach also reminds recipients that Customs and Excise
authorities have an interest in the company’s operations even though they might not have
had a visit for some time.
A questionnaire, to be completed and returned, will ask recipients several questions about
their activities, such as:
What is the volume of trade?
What is the description of goods being imported or manufactured?
How have certain goods been classified?
What costs have been included or excluded from the value for duty?
What is the nature and amount of production losses?
Activity 4
Alternative to an audit
As part of your National Audit Plan, your auditors have targeted the IT sector which
includes over 100 importers. After auditing 4 high volume import companies in this
sector your auditors found systematic mis-classification of computer parts. The
auditors believe the errors are not deliberate and occurred as a result of the complexity
of the HS structure at the sub-heading level. Further desk audits of 15 other importers
in the sector tend to indicate similar HS classification errors are occurring there.
Your manager does not want to audit every importer in the IT sector. Propose an
alternative solution that will recover the revenue short paid.
Please post your solution in the Moodle Activity 4 Forum Page.
Topic 4
Use of Sanctions
Customs & Excise Audit
Background
Customs laws can be quite complex, as we have seen in relation to a variety of topics
over the last few months. They can often lead to disputes about the correct amount of
duty to pay or even about the right to import or export particular goods. A specific
characteristic of the international trading environment and the role of Customs is that
relevant information to do with the import or export of goods is usually in the sole
possession of the importer/exporter and/or their broker. For that reason, many Customs
laws establish and apply strict penalty provisions (that is, penalties that don’t require a
fault element in the offence).
In order to accurately determine duties payable and to prevent avoidance and evasion,
there needs to be a balance of rights and obligations between traders and Customs
administrations. From a policy perspective, Customs officers need to have powers that
enable them to determine compliance (for example, access to relevant information).
Similarly, penalties need to be available in appropriate circumstances, or there would be
little incentive for traders to take care in making timely and accurate declarations. On the
other hand, if such powers are too broad and unconstrained, they add significant costs to
the international trading process.
Retention of Records
Any self-assessment system that relies on post-transaction audit must include a
requirement that necessary documents are kept by traders and their agents for access by
Customs officers. Such documents might include contracts, faxes, invoices, bills of
lading, packing lists, and the like.
The requirement to retain such records will usually indicate that it is necessary ‘to enable
Customs to ascertain the correctness of the particulars shown in the entry’ and of course
the retention requirement doesn’t necessarily mean that the documents have to be kept in
‘hard-copy’ format. Electronic retention will be satisfactory provided that there is ease of
access, and the transaction can be reproduced from the electronic record.
Post-transaction Audit
Customs uses post-transaction audits to examine relevant records and reconcile them with
the information contained in customs declarations and in relation to the goods
themselves. It allows Customs to check compliance subsequent to release of the goods
and facilitates trade flow.
Since the post-audit process covers an extended period of time and not just the specific
importation, it is a more efficient and thorough method of verifying compliance with
Customs-related laws than the review and clearance of individual importations.
As mentioned, they are conducted to determine whether commercial records can be
reconciled with Customs records. If an audit reveals a suspected violation of law, the
matter will be turned over to investigators for action.
Use of sanctions
The use of sanctions, or threatened use of sanctions, can be used for the purposes of
encouraging compliance, or discouraging non-compliance. Sanctions can be in the form
of a series of appropriate administrative penalties for careless and other non-intentional
errors, and include:
financial penalties relating to size of error
cancellation of licences and permits, or tight conditional use of licences and permits
impoundment of goods
naming and shaming to industry and consumers
removal from self assessment: where appropriate, prepayment of duties; release of
goods only on application, prior to delivery; or withholding of goods until risk is
mitigated via examination of commercial documents, prior to the transaction.
The use of these types of administrative penalties is primarily for errors which are non-
intentional by nature. Where the compliance officer believes there has been recklessness,
or a deliberate mis-statement to Customs or Excise, then these issues are dealt with via
formal investigation and, where applicable, litigation through the Courts.
Activity 5
Commentary – Self-assessment and strict liability
Source: The trend in revenue control worldwide is to move away from direct consideration
Pryles, of each and every taxpayer’s document and instead, move to self-assessment
Waincymer regimes…and is also now the basis for import control. The essence of self-
& Davies assessment regimes is to put the onus on the importer/taxpayer to accurately assess
2004, p. 961
duty, provide audit powers to customs to meaningfully verify a representative
sample of entries, and impose strict liability and criminal penalties for inaccuracies
in importers’ returns……
The justification for this approach is that the key data is within the control of the
importer. Customs officers sitting in their offices cannot easily see which entries
are accurate and which are not. To properly audit an entry, it is necessary for
officers to at times visit the premises of importers and examine shipping and
banking documentation. Strict liability penalty provisions ensure that all importers
and their advisors spend time and effort ensuring that their conclusions are as
accurate as possible.
On the other hand, such developments are often criticised by taxpayers on the basis
that it shifts the transaction costs of revenue collection to them. Furthermore, strict
liability penalties are considered particularly offensive where some errors are
unavoidable where there are complex documents and a large turnover of
transactions in any year. Once again, there needs to be some happy medium
between these valid competing concerns. One means of effecting some compromise
is to allow for remission of penalties in certain circumstances and advance rulings
in areas where importers are unsure of the true position. These are features of the
new customs regime.
Consider the two positions in the above extract and post your answer in the
Moodle Activity 5 Forum Page.
Topic 5
Selection for an Audit
Customs & Excise Audit
Audit Scope
Audit scope simply relates to the period of time the Customs and Excise audit will cover.
The audit scope could include financial year, calendar year, half year, quarter, or month.
Together with the audit objectives, all parties can be aware of the time frame for the
audit. For example, ‘acceptability of manufacturing losses for financial year 08/09’
indicates that at the completion of the audit, the Customs and Excise auditor will be
forming an opinion as to whether the auditee’s losses for production runs between 1 July
2008 and 30 June 2009 were within relevant legislative or administrative rules.
Like audit objectives, audit scope may often be set by the initial reasons for audit
selection. The same monitoring and analysis of industry data can often highlight those
points in time at which an importer or excise manufacturer began to show signs that
‘things weren’t right’. The start of an unusual or unexpected pattern, or a period of time
in which data were not normal, should be fully incorporated within the audit scope.
Again it is important to identify and document the audit scope at the commencement of
audit planning. Audit scope will also assist in estimating audit populations (or total
transactions to come under the audit) and sample sizes, again important in determining
issues such as audit testing.
Audit objectives and the audit scope are to be set out clearly for the importer or excise
manufacturer subject to audit, and this is done in both initial correspondence in which the
company is advised of the intention to conduct the audit, and in the Entrance Interview.
Case Study
Audit Objectives and Scope
Source: The Australian National Audit Office conducted a performance audit in the Australian
ANAO Customs Service in 2005 titled Customs Compliance Assurance Strategy for
webpage International Cargo. The report stated clearly the objectives and scope of the audit:
<http://www.
anao.gov.au/u The objective of the audit was to assess the administrative effectiveness of the Customs
ploads/docum Compliance Assurance Strategy. The audit focused on the following key areas:
ents/2005-
06_Audit_Re targeting non-compliance
port_18.pdf>
real time compliance activity
post transaction compliance activity; and
planning and performance evaluation.
[The scope was then limited by the following statement.]As the imports phase of the
Integrated Cargo System (ICS) was only introduced in October 2005, this system was
not reviewed as part of the audit. Our audit programme for 2005–06 includes ICS as a
potential audit topic.
Topic 6
Audit Standards
Customs & Excise Audit
Introduction
This topic will introduce students to the International Standards on Auditing and how
these relate to auditing standards within their own jurisdiction. This topic will outline
those auditing standards most relevant to the conduct of a Customs or Excise audit, and
identify aspects of those standards to which Customs and Excise auditors should adhere
so that their audits are considered both professional and creditable.
Reference Material
International Standards on Auditing (ISA) or local Audit Standards complying with ISA.
Available on IFAC website
<http://www.ifac.org/Members/DownLoads/2008_IAASB_Handbook_Part_I-
Compilation.pdf >.
Activity 6
IFAC
Does your country have a professional organisation which has membership of IFAC? If
so, what is it called?
Consider the two positions in the above extract and post your answer in the
Moodle Activity 6 Forum Page.
auditors to ensure their work and their findings can be considered both professional in
standard and creditable under any scrutiny.
The Audit Plan is the output from audit planning and is a document bringing together
audit scope and objectives, matters for consideration, and a program of the procedures to
implement the Plan. Audit planning involves several key stages, each covered by
individual audit standards.
The auditor must always remember that an expert is not an auditor, and so there is a
further need to ensure that:
the audit objectives, scope and expectations are clear to the expert
confidentiality is maintained
the expert is obtaining supporting evidence which the audit can also use
the expert’s work is also being reviewed – by a peer if possible, but at least by the
auditor and audit manager.
Finally, experts have a reputation of sometimes being ‘inconclusive’ and such output
needs to be managed so that their work usefully contributes to the audit.
Topic 7
Audit Techniques
Customs & Excise Audit
Introduction
This topic will introduce students to some of the skills that can be applied in systems -
based audits. Possession of these particular types of audit skills will greatly enhance the
effectiveness of any systems - based audit approach.
Audit risk
Managing audit risk is central to the conduct of a professional standard audit. Audit risk
is the risk of the audit failing to meet its objectives and is reviewed primarily during the
audit-planning phase of the audit, in particular where the auditee’s business and business
systems and controls are being assessed. Audit risk comprises three separate components:
inherent risk
control risk
detection risk.
Inherent Risk
Inherent risk is the reason internal controls are designed and implemented. Inherent risk is
sometimes referred to as the ‘business risk’. To understand an inherent risk, a good
question for auditors to ask ‘what could go wrong, or what could happen if there were no
internal controls?’
The sort of factors the auditor needs to consider in determining the level of inherent risk
are:
integrity of management and staff
knowledge and experience of staff
undue expectations of management and staff
nature of procedures – manual, automated, many transactions, complex
transactions, etc
nature of the industry – competition, regulations, level of duty rates, and import
tariffs.
The auditor is looking to make, and indeed is required to make, an early assessment to
whether the inherent risk of the auditee is high, medium or low.
Control Risk
Internal controls are those procedures (and policies) additional to creating a control
environment designed to prevent errors, omissions, mis-statement, and fraud.
Internal controls can be described as either:
preventative – to stop errors occurring
detection – to find errors if they have occurred.
Control risk relates to how effective the internal controls are working, the internal
controls being those procedures designed by the business to mitigate the inherent risk.
Again the auditor needs to be asking – ‘are the internal controls working properly, and are
they effective in preventing or detecting the relevant errors?’
Assessment of control risk can be made from:
Detection Risk
The aim in determining initial views of inherent and control risk is to find an acceptable
level of detection risk.
Detection risk – is the risk that material errors, omissions, mis-statement, or fraud will not
be detected by the auditor’s substantive testing (Aus 402).
An acceptable level of detection risk needs to be established, so that testing can be
devised accordingly. Detection risk levels are determined by reference to inherent risk
and control risk. For example, where control risk and inherent risk are both high, only a
low level of detection risk is acceptable – the audit will have a heavy focus on substantive
testing. Similarity; where control risk and inherent risk are low, a higher level of
detection risk is acceptable – the audit can be completed with less testing required.
Reading 4
Federal Financial Institutions Examination Council 2003, Risk Assessment & Risk Based
Auditing Booklet, Washington. Available on FFIEC website,
<http://www.ffiec.gov/ffiecinfobase/booklets/audit/audit_03_risk%20ass_rb_audit.html
>.
Flowcharting
Flowcharting can be the most efficient means of describing larger more complex business
systems, including the internal controls. Flowcharting allows the auditor to break down a
business process into individual events, allowing for easier analysis of issues such as risk.
It is most likely that an auditor will need to create several flowcharts during the audit –
one for each business system relevant to the audit. Once drafted, however, the flowchart
will be in place for all future audit activity and, importantly, future auditors. Although
potentially quite time-consuming in the first instance, subsequent audit activity will be
greatly enhanced in terms of efficiency, with future auditors needing only to confirm
there have been no changes to the system flowcharted since the previous audit.
The process of flowcharting involves the use of universal symbols designed to represent
each type of usual business event. ‘Flow lines’, indicating the order in which each event
occurs, subsequently join individual events.
New business events and transactions are continually being designed to reflect the
changes to technology and business processes, and symbols are similarly being created to
reflect these changes. For example, flowcharting now recognises ‘connect to internet’ and
‘download from internet site’.
Flowcharting software is available from many different suppliers. Flowcharting symbols are
also available on basic or common presentation programs such as Microsoft PowerPoint.
Decision
Connection
Activity 7
Create a flowchart
Create a flowchart to describe filling your car with petrol.
Your start point should be the ‘low fuel’ warning light. Your finishing point is driving
off from the petrol station.
Record tour findings in your personal notebook.
Expertise
Does the audit team have IT expertise to:
design or run the CAAT program
find and extract the data from the auditee’s IT systems
analyse the results.
IT resources
Are there sufficient IT related resources for the audit team to run the CAAT program? As
a minimum the audit team will require a Laptop / Notebook or PC with sufficient
memory to run a CAAT program, and to manipulate large amounts of data.
Cost effectiveness
There are benefits to operating a CAAT program and these benefits can include:
access to more transactions in large audit population
Topic 8
Audit Methodology
Customs & Excise Audit
Introduction
This topic will outline a generic systems-based approach to conducting audit.
Accompanying this module is a generic systems-based audit methodology for students to
work through. Each section of this module relates to, and serves to guide students
through, the relevant component of the methodology. This module also introduces
students to output of the audit, including working papers and audit reporting.
Reading 4
CCES 2005, Customs & Excise Compliance Audit Methodology, Canberra.
Each component of this Module has been cross referenced with the relevant stage of
the audit within the methodology.
Activity 8
Information on Importers and Excise Payers
What other information is readily available about an importer or excise payer who you
may need to audit?
Your answers should be included on the relevant audit working papers as per the audit
methodology.
Post your answer in the Moodle Activity 8 Forum Page.
Systems verification
Once the nature of the business is understood, it is time to gather information about the
business systems. Has the company been audited previously? If so, there may be an
existing description of the relevant business systems on Departmental files, or held by the
business itself.
If existing systems descriptions are in existence, the auditor simply needs to ask whether
there have been any changes to those systems since they were documented – and if so,
have these changes been included in the system description? Importantly, have there been
any other factors that require systems to be updated, for example changes to legislation or
administrative arrangements?
If no systems documentation exists, or if unreliable systems documentation exists, then
the business systems may have to be documented by the auditor. Systems documentation
is discussed in detail in the following section; however, there are a number of options for
documenting a system; these include:
flowcharting (see Topic 7)
systems narratives
a combination of narrative and flowcharting.
opinion as to the levels of control risk and inherent risk, and considering factors
such as:
audit scope, objectives and expectations
nature and size of the business
nature and sizes of potential errors
records of past errors in the business or industry.
Analytical procedures
The use of analytical procedures will assist in confirming or otherwise an auditor’s
opinion as to the integrity of systems and controls. Analytical procedures can be applied
at any or all stages of the audit but will greatly assist with any risk assessment and audit
planning activities.
Such procedures can include high-level analysis of comparable data sets, with a view to
identifying fluctuations or deviations from any expected patterns. For example, the
auditor could review the company’s duty payments with those of the industry as a whole
in which they operate. Or, the auditor could review the duty payments of the company
against business inputs. In both cases it would be reasonable for the auditor to see a
certain correlation between the two sets of data.
Activity 9
Industry Audit Activity
Select an industry subject in which you expect that you will soon be conducting audit
activity.
What data is available internally within your organisation, and what data is available
externally? Which sets of data identified as being available either internally or
externally could be analysed? What would expect to see from such analysis?
Post your answer in the Moodle Activity 9 Forum Page.
Materiality
Materiality is the ‘…information which if omitted, misstated, or not disclosed has the
potential to adversely affect decisions …(Aus 306). Some errors may be tolerated, and if
detected by the auditor would not, or should not influence the overall opinion as to the
level of compliance. In the Customs and Excise context, errors that may be tolerated
could include the miscalculation of very small amounts of duty, especially if they relate
to over-payments. Of course, there may be very small errors in relation to some Customs
import procedures, for example, which can not be tolerated.
Some issues the auditor will need to address in the Audit Plan:
Has there been a history of material errors?
What is the likelihood of there being material errors?
Should materiality be measured ‘quantitatively’ e.g. in monetary or percentage
amounts or ‘qualitatively’ e.g. for inadequate or weak policies, or lack of integrity.
Materiality will affect the Audit Plan in terms of the nature and extent of the testing
which needs to occur.
Testing procedures
Using the auditor’s view on the levels of inherent risk, control risk and materiality,
consideration now needs to be given to the conduct of the actual testing which is to occur.
The main questions here for the auditor includes:
What offices, sites or location will need to be visited?
Which managers and staff will need to be interviewed?
What records should be made available for review?
Approximately when will these visits and interviews need to occur?
Other considerations
The final pieces of information to be gathered in the preparation of the Audit Plan will
include the following types of issues:
Are there any audit issues from previous audit activity that need to be followed up,
as per the Audit Reports from those earlier audits?
Is there specific information or intelligence about the business which needs to be
examined, perhaps a complaint from the industry, or another business, or a
customer?
Who will be in the audit team and what are their respective roles?
Does the necessary expertise exist in the audit team, e.g. IT, supervisory
experience?
Does the audit require engagement of an external expert, e.g. chemist, lawyer,
valuation expert, industry expert?
Will there be use of computer - assisted audit tools, and, again, is there the
equipment and expertise available for this?
Activity 10
Inherent Risks
Think of a large importer or excise payer in your country. Looking at the industry in
which they do business, what are the inherent risks for that entity and what type of
internal controls would you expect to see in operation to mitigate those risks?
Post your answer in the Moodle Activity 10 Forum Page.
Extent of testing
The next step in control test design is determining the extent of testing the controls, or
how many times the control will be tested to see if it is working. The extent of testing is
based upon the initial judgements made during audit planning.
The greater the level of confidence in the controls, the lighter (or fewer) the tests will be.
Auditors are seeking only to confirm their high level of confidence in their testing.
Alternatively, if the confidence levels are lower, there will be heavier (or more) tests.
The auditor may change their level of confidence during testing and adjust the testing
level accordingly. Testing may even result in the auditor recommending that no reliance
can be placed on a particular internal control.
Working papers
Audit working papers are to be maintained during testing, and as a minimum should
include, for each control tested:
the objective of the control
details of the test performed
the extent of testing
the results.
From time to time, the auditor will see internal controls failing in their objectives, or not
meeting expectations. Typical reasons for internal control failing include:
cost (especially where exceeds perceived benefit)
application to routine transactions only
human error
fraud
redundancy.
In determining the results of control testing, the auditor should be considering the
following questions:
Did you find controls working as expected?
Have you changed your level of:
• reliance on the controls
• confidence in the controls
Any drop in confidence will mean that a greater focus will need to be placed on
substantive testing.
Activity 11
Inherent Controls
Based on the same common examples of internal controls described in the last activity
– design relevant control tests.
Post your answer in the Moodle Activity 11 Forum Page.
Extent of testing
As with control testing, there is also a need to determine the extent of substantive testing,
or how many transactions are to be examined. The first question is ‘what was the level of
confidence in the systems and controls formed during planning?, and what is the level of
confidence after control testing?’
Where confidence levels were high and remained high after control tests, then testing can
be light, perhaps limited to several transactions. Alternatively, if confidence levels were
low and remained low, then heavier levels of testing will be required, perhaps several
hundred transactions.
Where audit risk has become unacceptable, then the audit will move towards a transaction
based approach, and reliance solely on full substantive testing.
Once the number of transactions to be tested has been determined, the next step is to then
determine which transactions from the total population of transactions are to be tested.
Selecting the transactions for testing is known as sampling. There are several
methodologies available for selecting the audit sample.
Sampling
Once sample size has been determined, the sample must be drawn from the audit
population. There are several methods for selecting a sample; in this Module we will look
at four. There are no right or wrong methods, but, for the most appropriate selection
method, it is best to look at the context of risk, auditee’s systems and auditee’s controls:
1. Random selection.
The audit sample selected entirely at random from the audit population. The auditor may
wish to use a computer program, or random number tables to make the selection.
2. Systematic selection.
This involves dividing the audit population by the sample size, using this number to
select the sample. Example: Where the audit population is 10,000 invoices, and sample
size is 200, the sample is every fiftieth invoice within the audit population
(10,000 / 200 = 50).
3. Haphazard selection.
This method involves selecting the audit sample from the total audit population without
any structured technique.
4. Block selection.
This involves selecting a start and finish point within the audit population, and sampling
every transaction between these points.
Working papers
Audit working papers are to be completed for substantive testing, and should include for
each substantive test the following details:
objective of the test
details of the test performed
extent of testing
total population of transactions
sampling method and reasons
results.
In terms of any errors found during substantive testing, the auditor will need to consider
the following issues:
materiality levels as set in the audit planning stage
the frequency at which errors were found
whether the errors are common in nature
an opinion as to whether the errors appear to be as a result of an accident, a control
failure, or fraud.
An important question for the Customs and Excise auditor on finding errors at this point
is ‘could the errors that have been found be common to other businesses in the same
industry?’
Activity 12
Substantive Tests
Continuing with the same internal controls identified and tested in the previous two
activities, design appropriate substantive tests for the transactions that are processed
through these controls.
Post your answer in the Moodle Activity 12 Forum Page.
Activity 13
Audit Issues
Continuing with the same internal controls identified and tested, and the transactions
verified in the substantive tests above, describe a possible audit issue that may have
arisen, and document it. Perhaps it could be a common error that your agency finds in
audit activity.
Post your answer in the Moodle Activity 13 Forum Page.
Continuing with the same internal controls identified and tested, and the transactions
verified in the substantive tests above, describe a possible audit that may have arisen, and
document it. Perhaps it could be a common error that your agency finds in audit activity.
Your answers should be included on the relevant audit working papers as per the audit
methodology.
Audit reports
(Refer Stage 6 of the Audit Methodology)
There is no ‘standard’ form of Audit Report, and generally the format, style and content
of such a report will be based on the needs of the individual Customs or Excise collection
agency. However, there are some guiding principles available through Auditing Standards
(Aus 306). As a guide, the Audit Report should:
be relevant to those who will use the report
be reliable, being based on audit evidence
have material issues identified and properly discussed
be issued in a timely fashion
be comprehensible to the reader
be consistent to allow comparisons.
In terms of actual format, the Audit Report should address the following basic headings:
title of report
auditee and address
details of scope and objectives
signature of responsible person for the audit
date.
From these basic headings, the other areas to be addressed will be unique to each audit,
and unique to the requirements of each agency conducting the audit. However, it is
expected that the following areas would need to be addressed in any audit activity:
main audit findings
audit issues for resolution and follow-up
opinion as to compliance
qualifications or caveats to those opinions if applicable.
It is important that the auditee is not ‘ambushed’ by adverse findings in the final Audit
Report. There should be on-going discussions with management of the auditee in relation
to findings that suggest a break-down of controls has occurred. This communication can
be simple verbal advice as testing is occurring and/or more formally where required,
through documenting issues, creating issues logs, and providing these to management of
the business prior to moving to preparation of the Audit Report.
The Audit Report should be issued as ‘Draft Report’ in the first instance. From here, the
auditee should have the opportunity to respond to the findings – either support and
commitment to correct any issues, or alternatively to dispute the findings. It is important
to review the auditee’s responses to any issues logs or the draft Audit Report, as indeed
the auditor may have actually misunderstood some aspect of the business or a transaction.
It is more complicated, withdrawing and re-issuing a final Audit Report where the auditor
has erred.
The final Audit Report is provided to the auditee in an ‘Exit Interview’ format. The
interview will generally comprise executives from the audit area and management of the
business subject to the audit, and will most likely be the same persons as involved in the
initial ‘Entrance Interview’.
The objectives of the Exit Interview would include:
full acceptance of the Audit Report including its findings
commitment to undertake remedial activity as recommended to address areas of
non-compliance, or potential non-compliance concern
commitment to a timetable to implement the recommended remedial activity
a procedure for Custom and Excise compliance staff to review such progress of
remediation, for example quarterly update meetings.
Despite Customs and Excise audits being focussed on compliance with relevant
legislation and duty liabilities, the actual audit and final Audit Report should also be seen
as adding value to the import’s or excise payer’s business. Recommendations to systems
and controls should have considered the most efficient manner to deliver compliance, and
will be drafted in consultation with the relevant personnel within the business.
Activity 14
Audit Report
Using the audit evidence gathered during this Topic, including example Working
Papers, compile a draft Audit Report.
The draft Report should outline your findings as to the opinion you have formed over
the compliance of the auditee.
The draft Report should cross-reference relevant Working Papers to support your
findings.
The draft Report should meet auditing standards.
Post your answer in the Moodle Activity 14 Forum Page.
Conclusion
Audit is a proven technique that enables Customs administrations to assess compliance
levels, establish a context for further investigation, identify needs for compliance
improvements and work areas that need attention in order to improve compliance.
As we have discussed there are different types of audits and audit techniques. The most
important point is that all approaches are systematic approach and take a holistic view
rather than a micro or minute view. Further, audit plays a critical role in the risk
assessment process.