Regulatory, Statutory and ITAR/EAR Requirements What An Auditor Needs To Know

Registration Management Committee (RMC)
Regulatory, Statutory and ITAR/EAR

Requirements
What an Auditor Needs to Know
Atlanta, GA
July 22-23, 2010
Dr. Ingrid D. Knox
Adjunct Professor Embry Riddle
Aeronautical University and Aerospace
Engineer with FAA
Auditor Workshop
Atlanta, GA
Company Confidential July 22-23, 2010 1
Objective
• How to determine what will be applicable

when auditing/audit planning for an
organization
• What are Statutory Regulations
• Export Control/EAR/ITAR introduction
• FAA Regulations
• Rules of Thumb for auditors
Company Confidential
Regulations
• Definition of Statutory Regulations:

• Relating to a statute, which is a formal written enactment
of a legislative authority that governs a state, city, or country.
Typically, statutes command or prohibit something, or declare
policy. The word is often used to distinguish law made by
legislative bodies from case law and the regulations issued by
government agencies.
• Before a statute becomes law in some countries, it must be
agreed upon by the highest executive in the government, and
finally published as part of a code. In many countries, statutes
are organized in topical arrangements (or “codified”) within
publications called codes, such as the United States Code.
Regulations
• Statutory Regulations Example:

• The Sarbanes Oxley Act, commonly called SOX, sets forth records
management and retention policies for all public companies. SOX
was enacted in 2002 in response to corporate scandals involving
large, public corporations and their accounting firms.
• The vast majority of organizations use email to communicate
internally and as a vehicle for the exchange of documents and
correspondence between businesses and their outside
consultants, accounting and auditing firms. Since these
communications often contain information about business
transactions and decisions, these email communications must be
retained for an organization to comply with the provisions of SOX.
There are other sections of SOX that provide requirements as well.
Regulations
• Statutory Regulations Example:

– The Federal Water Pollution Control Act, popularly
known as the Clean Water Act (CWA), is a
comprehensive statute aimed at restoring and
maintaining the chemical, physical, and biological
integrity of the Waters of the United States
– Water quality standards
A system of minimum national effluent standards for each
industry
A permit program for the discharge of pollutants into
navigable waters, provides enforcement mechanisms
A revolving construction loan program (Clean Water State
Revolving Fund (CWSRF) , formerly a grant program) for
publicly-owned treatment works (POTWs) and funding to
states and tribes for their water quality programs
Provisions to address waterway and/or regions specific
water quality
Regulations
• Other Examples of Statutory Regulations and

Agencies:
– Department of Labor - Occupational Safety and
Health Administration (OSHA)
– Department of Transportation – Hazardous
Waste
– Resource Conservation and Recovery Act
– National Fire Protection Act
Regulations
• Exports are controlled by the United States

with the following primary regulations:
– The Office of Foreign Assets Control (OFAC)
– Export Administration Regulations (EAR)
– International Traffic In Arms Regulations
(ITAR)
Regulations
• Why are regulations (ITAR, EAR, OFAC)

needed in the U.S? Because companies and
countries have a right to:
– Protect Information
– Protect Product
– Best Interest
• How is this done? Export control regulations

and proprietary information.
Regulations
• What are the major focuses of the

regulations and what do these regulations
accomplish?
– Control over listed products, technical data,
and technology - U.S.
– Technical Knowledge – protects – U.S.
– Stops and prevents products, technical data
and technology from going in the wrong hands
of countries/individuals deemed to be harmful
to the U.S.
Registration Management Committee (RMC) Export
• Definition of Exports include:
– Disclosing (including oral or visual disclosure) or
transferring technical data to a foreign person
whether in the U.S. or abroad or
– Performing a defense service on behalf of, or the
benefit of, a foreign person, whether in the U.S., or
aboard.
– The transfer of anything to a Foreign Person by any
means anywhere, anytime, or the knowledge that
what you are transferring to a U.S. Person, will be
further transferred to a Foreign Person.
Export
• Export (Cont’d)
– Or transferring in the United States any
defense articles to an embassy, any agency or
subdivision of a foreign government (e.g.,
diplomatic missions); or disclosing (including
oral or visual disclosure) or transferring
technical data to a foreign person whether in
the U.S. or aboard; or performing a defense
service on behalf of, or for the benefit of
foreign person, whether in the U.S. or abroad
Technical Data
• Technical data is an Exportable Commodity

– Within ITAR regulations technical data is
included as an export. Examples include:
• Design • Testing
• Development • Maintenance or Modification of
• Production defense articles
• Manufacture • Blue prints
• Assembly • Drawings
• Operation • Process Specification
• Repair • Photographs
• Plan, instructions, and
documentation
Data
• Data can be transmitted in – letters, documents,

numerous ways
– or snail mails,
– Website,
– presentations,
– Internet downloads,
– industry meetings,
– Memo,
– conferences,
– face-to-face,
– visitors, potential
– staff meetings, customers,
– Verbally to Non-U.S. – data on computers,
Employees,
– networks, and hard drives
– Teleconferences,
– FAX, phone conversations,
– Copies to Foreign Persons,
emails
ITAR
• ITAR Definitions
– Defense Article – any item on

the USML, including technical
data.
Registration Management Committee (RMC) ITAR
• ITAR Terms
– Technical Data – Information which is required
for the design, development, production,
manufacture, assembly, operation, repair,
testing, maintenance, or modification of
defense articles; classified information related
to defense article; information covered by an
invention secrecy order; software directly
related to defense articles.
Registration Management Committee (RMC) ITAR Definitions
• ITAR - U.S. Persons

• U.S. Person – a natural person who is a lawful
permanent resident as defined in 8 U.S.C. 1101 (a)
(20) or who is a protected individual as defined by 8
U.S.C 1324b(a) (3).
• It also means any corporation, business association,
partnership, society, trust, or any other entity,
organization or group that is incorporated to do
business in the U.S. It also includes any governmental
(federal, state or local), entity.
ITAR
• ITAR Terms
– Foreign Person – Opposite of U.S. Person
– Export –sending or taking a defense article out
of the U.S. in any manner, except by mere
travel outside of the U.S. by a person whose
personal knowledge includes technical data; or
transferring registration, control of ownership
to a foreign person of any aircraft, vessel, or
satellite covered by the USML, whether in the
U.S. or abroad; or disclosing (including oral or
visual disclosure)
Proscribed
• Proscribed Countries -22 CFR 126.1

– If a country appears on this list, it is (generally
U.S policy to deny licenses, or other approvals,
associated with exports and imports of defense
articles and defense services, destined for or
originating in that country.
– ITAR License Exemptions are trumped if a
foreign person from any of these counties is
involved; i.e., a license must be applied for.
ITAR
• ITAR Proscribe Countries • Cyprus, Haiti

List (22 CFR 126.1 • India, Iran
• Afghanistan, Angola • Iraq, Liberia
• Armenia, Azerbaijan • Libya, Sudan
• Belarus, Burma • Syria, Tajikistan
• China (PRC), Nigeria • Vietnam, Yeman
• North Korea, Pakistan • Federal Republic of
• Rwanda, Somalia, Zaire Yugoslavia, Serbia,
Montenego
Registration Management Committee (RMC) EAR
• Export Administration Regulations (EAR)

– Administration by the Department of
Commerce (Bureau of Export Administration)
– The Commerce Control List (CCL)
– Complete listing of items controlled by the EAR
EAR
• EAR Terms
– Export – an actual shipment or transmission of
items subject to the EAR out of the United
States; or release of technology or software
subject to the EAR to a foreign national in the
U.S.
EAR
• Controlled Technology – specific information

required for the development, production, or
use of a product which is itself controlled.
The information takes the form of technical
data or technical assistance.
EAR
• Technical Data: may take forms such as blue

prints, plans, diagrams, models, formulae,
tables, engineering designs and
specifications, manuals and instructions
written or recorded on other media or
devices such a disk, tape, or read-only
memories.
• Technical Assistance – may involve transfer
of technical data.
EAR
• Terms
– Re export – shipment from one foreign country
to another foreign country
– Publicly Available information –information
that is generally accessible to the interested
public in any form and; therefore, not subject
to the EAR.
EAR
• Terms
– Publicly Available Technology and Software –
that technology and software that are already
published or will be published; arise during, or
result from fundamental research; are
educational; or are included in certain patent
applications (see 15 CFR 734).
EAR
• EAR License Exceptions

– TMP (use for certain temporary exports up to
one year)
– GOV (U.S. government official use and use by
government agencies of cooperating countries
in their national territory)
– BAG (your right to take your personal
belonging out of the country on a trip).
– CAUTION – Use exceptions with care and read
all conditions/provisions.
• Military application is a key concept:
• Defense services and articles are regulated
by ITAR
• What is a defense article:
– An item is/was specifically design, modified, or
developed for a military application and is listed on
the United States Munitions List (USML).
– If the above statement is the case, then item is
controlled by the International Traffic in Arms
Regulations (ITAR).
EAR
– If it was not specifically developed, designed,

or modified for a military application and/or is
not listed on the United States Munitions List
(USML),
– then it is a commercial (or dual use) item and
it is controlled by the Export Administration
Regulations (EAR).
ITAR
• ITAR – Agency
– Directorate of Defense Trade Controls (DDTC),
U.S. Department of State.
– International Traffic in Arms Regulations
» Code of Federal Regulations Parts 120-130
– EAR
» Export Administration Regulations
» Full text of the Federal Law available at
(http://pmdtc.org/reference.htm)
Auditor
• How does ITAR and EAR impact auditors?

– Job Audits and the auditor’s ability to review
blueprints, specifications, or other
documentation may be impacted by this law.
– The auditors must be aware of the
requirements of these laws should the auditor
audit any ITAR/EAR hardware.
Auditors
• Rule of Thumb 1:
• Certification bodies developed a plan as to how they are
going to ensure that restricted items in their possession are
only available person that have a need to know such as:
– U.S. Persons;
– Licensed Organization or Individuals; and
– People, companies, and countries that have a legal
access.
– Plan should be shared with auditors if it has an effect on
auditing.
Auditors
– Companies should be aware of their export
control status of both their categories/items
and the status of the individuals and
companies in terms of whom they are sharing
the data.
– This information can be shared with the
auditors.
Auditors
– Certification body first determines whether
they are going to collect and keep any
restricted data – that comes to body by the
auditor or company as part of the audit.
– Auditor should be informed of how to process
the data by the certification body if a set plan
is in place.
Auditors
• Rule of Thumb 4: Why should be auditor care?

– (1) Certification body action could threaten U.S.
National Security.
– (2) Violation could stop the certification body from
working with restricted data.
– (3) Penalties or fines can hurt the business and
business brand name could be damaged in public
eye sight. Penalties are public record.
– (4) Auditors, companies, and customers might lose
confidence in the certification body.
– (5) Incarceration, penalties, fines, and debarment
can hurt business.
Auditors
– Prior to and at the beginning the audit, the
lead auditor may speak to the Supplier to
ensure that the Supplier shall identify
specifications, processes, and drawings
(referred to as “auditable material” which are
restricted under the ITAR and EAR).
– The Supplier shall contact the owner of any
information for clarification when unsure about
whether information is export controlled under
ITAR or EAR.
Auditors
• The auditor role is not to remind the Supplier
of ITAR and EAR obligation. The company
should be aware of obligations it is not the
auditor role to make the company aware.
• The Auditor shall not be held liable for any
unauthorized transfer of restricted data,
unless such auditor knew or should have
known of the restricted nature of the data.
Auditors
• The Auditor receives direction from
certification body on how to deal with ITAR
and EAR. Some bodies will restrict access to
the auditor and of course how the
information is recorded is restricted.
• Additional information can be discussed
during the opening meeting in-brief if
needed.
Auditors
• Auditors check with the certification body on
restriction on posting ITAR/EAR. Typically
material should not removed from the
supplier facility by the auditor.
• Contact the certification body or staff for
direction if objective evidence is necessary to
support the audit.
Registration Management Committee (RMC) Auditors
– Some Certification bodies may be vigilant to
comply with this U.S. law and avoid review of
any ITAR/EAR material.
– As an auditor you should check with your
certification body on the requirements.
Auditors

– Auditors should be aware of restricted technical
data and how it is to be handled while auditing.
– Typically technical data is password protected from
foreign persons such as hardcopy data, copies, are
secured to prevent access by Foreign Persons.
– Company should identify any restricted technical
data.
– Means of knowing the US person status of all
employees, consultants, or anyone who can obtain
access to restricted technical data in the system
should be readily viable.
Auditors

– Certification bodies should have a system to purge
restricted technical data once discovered in the
system.
– Restricted data much be identify/described clearly.
– Some certification bodies communicate to the
customer that no restricted data can be collected as
part of the audit.
– Certification bodies sometimes train auditors not to
document restricted technical data as part of the
audit.
Auditors

– Two basic techniques:
» The Certification body will prohibit restricted
data from entering into the system.
» The Certification body will control access within
the system.
Auditors

– What should you as an auditor tell customers?
» OFFER NO ADVICE
– Auditors should follow the rules, policies, and
procedures at the company in place they are
auditing such as (camera, safety, union, labor,
emergency, etc.).
Auditors

• Auditor may need proof of citizenship if the
parent certification body can’t vouch or didn’t
provide proof of citizenship just in case to
safe guard stopping an audit.
Registration Management Committee (RMC) Auditors
• Auditors can address the subject of export control in
opening meeting in-brief.
• Their status (as a US Person or as a Foreign Person)
and what that means to the audit.
• Expectation that customer will control access to
restricted data accordingly.
• Certification body procedures if there is a problem.
• Certification body policy on data retention or purging
if applicable.
Auditors
• Foreign Persons employed by the certification

body may be restricted from access of
technical data.
• This approach is used whenever the
certification body accepts responsibility and
retains restricted technical data in their
system during audit reporting or record
keeping.
Auditable Material
• If auditable material is under the ITAR and

EAR, the supplier may either:
– Limit the audit to auditable material not
restricted under ITAR and EAR.
– Work with certification body staff to provide
and discuss appropriate auditable material, so
that the staff can provide appropriate direction
to restricted auditors or; and
– request an unrestricted auditor.
Material
• ITAR/EAR Material - How to Recognize?

– Identification could be on
» Purchase Order
» Specification – Typically first sheet and may be
embedded in the text
» Face of drawing
» May be identified as ITAR/EAR Control or Export
Control
Purchase
Registration Management Committee (RMC) Order Example
Material
• Point of Clarification
– Suppliers located outside of the U.S. may be
licensed under the legislation and may be
processing ITAR/EAR material.
Penalties
• Penalties: Companies or • EAR

individuals – Civil penalties
– Imprisonment
» Greater of $250,000 or
– Fines five times the value of
– Criminal and civil the transactions.
– Debarment
• ITAR – Criminal fines or

– Civil penalties violations
» Up to $500,00 per violation » Up to $1,000,00 and/or
– Criminal fines • 20 years imprisonment
» Up to $1,000,00 and/or
• 10 years imprisonment
Auditors
• What do you expect to see for a company

with ITAR and EAR restriction?
– Company may check your status – much see
proof of employment
» Acceptable documentation:
• U.S. Passport
• U.S. Certificate of birth
• U.S. Naturalization papers
• Resident Alien Papers Permanent (Green Card)
• Secure Documentation by company with
certification body before arrival – Condition of
contract
Auditors
• Company will determine if the auditor has

access to any restricted data.
• Auditor should be alerted in advance to prove
U.S. citizenship or personhood.
• Written verification from the certification
body might be acceptable.
• Restricted data should be properly marked.
• Restricted data should be secured.
Auditors
• Company will find out the status of anyone who will

have access to the data.
• Company should inform the auditor of the policy.
• The company may have a sign-in sheet which
identifies whether the auditor is a U.S. citizen.
• The company may require an escort.
• Camera policy prohibiting cameras or cameras
telephone except under approved conditions may be
mandated not to be carried into the company.
• Evaluation of the reason for the visit by security and
security presentation may be presented to the auditor.
Auditors
Auditors’ Keys to Performance

• Key 1
– The Auditors needs to know how to write up
process findings without revealing technical
data restricted by ITAR/EAR data in the write-
up.
Keys
• Key 2
– Auditors need to understand not to give any
kind of advice on defense service or technical
advice.
• Key 3
– Auditors need to understand how to review
accept or reject corrective actions on findings.
Keys
• Key 4
– Auditors need to understand what is expected
of them by the certification body.
• Key 5
– Auditors need to understand the fundamentals
of export control and the company’s policies
and certification body requirements.
Auditors
• Regulations - How to Audit?

• Short Snap Shot of Other Government
Regulations
Regulations
• Auditors should be aware that there are regulations that the

auditee are held to such as:
• FAA FAR 21 The holder of a Parts manufacturer Approval
shall notify the FAA in writing within 10 days Subpart K from
the date the manufacturing facility at which the parts are
manufactured is relocated or expanded to include additional
facilities at other locations.
• Questions auditors could ask: What delegation do you have
such as PMA? When were the last time you were audited by
government such as FAA or DOD what were the findings, do
you still have the delegation of such TSO or PMA or you
suspended, do you have any letter of enforcement issued
and have you corrected the all the findings? Did the
government audit effect the certification body audit? I
noticed you relocated your facility have you given FAA notice
if so I would like to see the notice?
Regulations
• FAA FAR 145.107 Satellite repair stations: 1) may not hold a

rating not held by the certificated repair station with
managerial control; 2) must meet the requirements for each
rating it holds; 3) must submit a repair station manual
acceptable to the FAA; 4) must submit a quality control
manual acceptable to the FAA.; Inspection must be
designated for each satellite repair station any
determination of airworthiness or return to service is made.

• Auditors’ question “Show me how you have met FAR

145.107?” Go down the list and auditee should be able to
provide proof on the regulatory requirements. |
Regulations
• Regulations Examples:
• 145.163: Training requirements: Employee training program (initial
and recurrent) approved by the FAA.

• 145.211: A certificated repair station must notify its certificate

holding district office of revisions to its quality manual.
• 145.214: The FAA approves the maintenance function to be
contracted to the outside source...
• 145.221: Reports of failures, malfunctions, or defects: A certificated
repair station must report to the FAA within 98 hours after it
discovers any serious malfunction or defect of an article....
|
• Auditor question: show me how you meet the regulatory

requirement? Auditee should be able to show how the regulatory
requirements were met.
Exercise
• XYZ Company Planning on a Restricted Part)

– Read the Write-Up (2 minutes)
– Rewrite the Example individually without the
restricted information (3 minutes)
– Compare Write-up as a Group and rewrite (one
write together) (12 minutes, 1 recorder, 1 group
leader)
– Record your write up on sheet of paper and post (as
a Group; 3 minutes)
– Rate each others writings and pick the best write-up
(5 minutes) Rate 1-5 Highest rating 5 each group.
– Winner Selected
Restricted Write-Up
• XYZ Manufacture
• XYZ technical engineering manufacturing
plan operation 450 on 9-15 spool (IZ876P5J)
was incorrect. The engineering planning
sheet called that heat treat operation sheet
called for Department of Navy hardness
result of HRC 50-55; the specification MIL345
018-08z called for HRC 60-70.
• Does this write up reveal technical data if so
rewrite the write-up.
End of presentation;
remainder of slides
are provided for your
information only
ITAR
• Important ITAR Definition: Public Domain

– Public Domain – Information which is
published and which is generally accessible or
available to the public:
» through sales at news stands and bookstores;
» through subscriptions which are available
without restriction to any individual who desires
to obtain or purchase the published information;
» through second class mailing privileges granted
by the U.S. government;
ITAR
• ITAR Definitions (Cont’d).

– Public Domain
» at Libraries open to the public or from which the
public can obtain documents;
» through patents available at any patent office;
» through unlimited distribution at a conference
meeting, seminar, trade show or exhibition,
generally accessible to the public, in the United
States;
ITAR
• ITAR Definitions (Cont’d)

– through public release (i.e., unlimited
distribution) in any form (e.g., not necessarily
in published form) after approval by the
cognizant U.S. government department or
agency.
– Through fundamental research in science and
engineering at accredited institutions of higher
learning in the U.S. where the resulting
information is ordinarily published and shared
broadly in the scientific community.
ITAR
• ITAR Definitions (Cont’d)

– Technical data does not include information
concerning general scientific, mathematical or
engineering principles commonly taught in
schools, colleges and universities or
information in the public domain.
– It also does not include basic marketing
information on function or purpose or general
system descriptions of defense articles.
ITAR
• ITAR
– Public Domain (Cont’d)
» University research will not be considered
fundamental research if:
• the University or its researchers accept other
restrictions on publication of scientific and technical
information resulting from the project or activity, or
• the research is funded by the U.S. government and
specific access and dissemination control protecting
information resulting form the research are
applicable.
Regulations
• U.S. Export control reasons:

– Non Proliferation
– National Security
– Foreign Policy
– Short Supply
– Anti-Terrorism
– Crime Control
– High Performance Computer
– Regional Stability
– UN Sanctions
Export
Registration Management Committee (RMC) Control Stakeholders
• State • Arms Control & Disarmament

• Commerce Agency
– Bureau of Export Affairs • Treasury

– Customs
• Defense
– Office of Foreign Assets
– Defense Threat Reduction
Control
– Joint Chiefs of Staff (JCS)
• White House
• IC – Office of Science &
• Transportation Technology Policy
– FAA – National Security Council
– U.S. Trade Representative
• Energy
• Justice
– Federal Bureau of
Investigation
Registration Management Committee (RMC) DEFENSE SERVICE
• What is a defense service:

– Defense service is furnishing assistance to
Foreign Persons which includes training in the:
» Development, design, engineering, manufacture,
» Production, assembly, test, repair,
» Maintenance, modification, operation,
» Demilitarization, destruction, processing, or
» Use of defense articles.
Defense Services
• ITAR Section 120.9

• ITAR Section 120.9 states in part that
defense services are performing a defense
service on behalf of, or for the benefit of, a
Foreign Person in the U.S. or abroad.
• Part 121 of the ITAR: • Category I

The United States – Firearms
Munitions List
• Category II
• 22 CFR 120-130
– Artillery Projectors
• 21 categories of
“Defense • Category III
Articles/Services – Ammunition
• If an item is listed, it is
subject to the ITAR
USML
• Category XII • Category XVI

– Fire Control, Range Finder, – Nuclear Weapons Design and
Optical and Guidance and Related Equipment
Control Equipment
• Category XVII
• Category XIII
– Classified Articles, Technical
– Auxiliary Military Equipment Data and Defense Services Not
Otherwise Enumerated
• Category XIV
• Category XVII and XIX
– Toxicological Agents and
Equipment and Radiological – Reserved
Equipment
• Category XX
• Category XV
– Submersible Vessels,
– Spacecraft Systems and Oceanographic and Associated
Associated Equipment Equipment
• Category XXI
– Miscellaneous Articles
USML
• Category IV • Category VIII

– Launch Vehicles, etc. – Aircraft and Associated
Equipment
• Category V
• Category IX
– Explosives, Propellants,
Incendiary Agents, and – Military Training
their constituents Equipment
• Category VI • Category X
– Vessels of War and – Protective Personnel
Special Naval Equipment Equipment
• Category VII • Category XI
– Tanks and military – Military Electronics
Vehicles
Disclaimer
This brief contained information here in that is intended to be a general service to auditors and
cannot be substitute for a thorough and careful review and evaluation of readings of the
governmental laws, regulations and rulings.
No responsibility is assumed by the presenter for the accuracy or timeliness of any of the material
or information provided herein applicable to any particular case or circumstance.
These materials do not representative the Federal Aviation Administration (FAA) views or any
government agency. These materials are intended to provide concise, convenient, and helpful
concepts and information about regulations. The presenter does not representative FAA or is
speaking on behave of FAA or paid for this public service.
The material does not, and are not intended to, constitute legal or other advice or an official
reading of the reference regulations by the government.
This brief cannot be used as a substitute for the government rules, process, or procedures or
thorough reading of the actual statues, regulations, and other documents that apply to the complex
area of ITAR and regulatory requirements. These include, but are not limed to International Traffic
in Arms Regulations (ITAR) and other laws and regulations. Government source are controlling in
the event of any inconsistency with the material or information provided herein. Information does
not represent the view of ERA University or FAA. Some parts of this overview was originally
presented at the NASA Export Control Program website at
http://www.hq.nasa.gov/office/codei/nasaecp/ and has been modified for purposes of relations
to this brief. All items on the U.S. Munitions List are covered by this law. The presenter is not
providing this information as an expert for any government agency but is only providing
information she researched on the subject material. Most of the information provided was provided
from a public domain. This material is intended only as an overview tools and does not provide all
substantive information that may be needed to make a responsible decision. Auditors should
contact their certification body for assistance.
Company Confidential 77

Regulatory, Statutory and ITAR/EAR Requirements What An Auditor Needs To Know

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Regulatory, Statutory and ITAR/EAR Requirements What An Auditor Needs To Know

Uploaded by

Copyright:

Available Formats

Registration Management Committee (RMC)

Regulatory, Statutory and ITAR/EAR

• How to determine what will be applicable

• Definition of Statutory Regulations:

• Statutory Regulations Example:

• Statutory Regulations Example:

• Other Examples of Statutory Regulations and

• Exports are controlled by the United States

• Why are regulations (ITAR, EAR, OFAC)

• How is this done? Export control regulations

• What are the major focuses of the

• Technical data is an Exportable Commodity

• Data can be transmitted in – letters, documents,

– Defense Article – any item on

• ITAR - U.S. Persons

• Proscribed Countries -22 CFR 126.1

• ITAR Proscribe Countries • Cyprus, Haiti

• Export Administration Regulations (EAR)

• Controlled Technology – specific information

• Technical Data: may take forms such as blue

• EAR License Exceptions

– If it was not specifically developed, designed,

• How does ITAR and EAR impact auditors?

• Rule of Thumb 4: Why should be auditor care?

• Rule of Thumb 10:

• Rule of Thumb 11:

• Rule of Thumb 12:

• Rule of Thumb 13:

• Rule of Thumb 14:

• Foreign Persons employed by the certification

• If auditable material is under the ITAR and

• ITAR/EAR Material - How to Recognize?

• Penalties: Companies or • EAR

• ITAR – Criminal fines or

• What do you expect to see for a company

• Company will determine if the auditor has

• Company will find out the status of anyone who will

Auditors’ Keys to Performance

• Regulations - How to Audit?

• Auditors should be aware that there are regulations that the

• FAA FAR 145.107 Satellite repair stations: 1) may not hold a

• Auditors’ question “Show me how you have met FAR

• 145.211: A certificated repair station must notify its certificate

• Auditor question: show me how you meet the regulatory

• XYZ Company Planning on a Restricted Part)

• Important ITAR Definition: Public Domain

• ITAR Definitions (Cont’d).

• ITAR Definitions (Cont’d)

• ITAR Definitions (Cont’d)

• U.S. Export control reasons:

• State • Arms Control & Disarmament

– Bureau of Export Affairs • Treasury

• What is a defense service:

• ITAR Section 120.9

• Part 121 of the ITAR: • Category I

• Category XII • Category XVI

• Category IV • Category VIII

You might also like