Skip to main content
2016 OAS Guidelines

3.III.7.2. Execution of audit activities

Auditing is a systematic process for obtaining and evaluating objective supporting data. It also includes communicating results in order to ensure continuous improvement of relevant processes and, thus, reduce or mitigate the risk associated with the various activities carried out by the operator until reaching an acceptable level. A fundamental element of the audit is the evaluation of the effectiveness of the economic operator's internal controls and risk assessment. The contractor must have made a commitment to assess, reduce, and mitigate the risks identified as associated with its activity, as well as to document these tasks.

It's also important to remember that, in the case of SMEs, the level of internal control and documentation required must be commensurate with the level of risk, based on the scope and size of their business activities. In any case, even if economic operators have carried out a risk assessment, it may not correspond to the threats and risks identified by customs authorities.

The audit should always be risk-based and focus on areas where risk is high, in order to achieve the inspection objectives for the economic operator in question. Risk assessment-based auditing (RABA) is an approach to risk assessment that analyzes risks, establishes acceptable thresholds based on that analysis, and develops audit programs that allocate a greater proportion of their resources to high-risk areas. This consideration is important, as the auditor may not be able to perform detailed audit procedures in all areas planned for inspection, especially in the case of large multinationals (i.e., where there are a large number of facilities). The audit should prioritize the identification and assessment of the most significant risks and internal controls, as well as the response and mitigation measures taken by the applicant, and provide a framework for mitigating the effects of the identified risks to an acceptable level before granting AEO status. The ABER is fundamentally characterized as a systems audit.