Internal Compliance Program - Series (26) - Audit

Today, in the hands-on practical advice series on Internal Compliance Programs for Export Control:

Part 26: Audit

A sound audit process is an important element of your export control compliance program. Audits determine if the right questions are being asked throughout the process to ensure exports are consistent with national security and foreign policy interests and, thus, consistent with the best interest of the company.

The audit program should be specific to each company and could consist of the following:

Internal checks.


Compliance monitoring shall integrate control mechanisms as part of daily operations, and regular / random audits as well.

During daily operations, products will be released based on the 4-eyes principle. Random inspections will take place any time this is necessary in order to ensure that operational procedures within all of the company's export-related divisions and locations reflect the Internal Compliance Program and Government export regulations.




Control Self-Assessment.


This is defined as a process by which a department examines and improves existing internal controls and/or implements new internal controls to mitigate risks associated with a process or function. The CSA process entails documentation of the process, identification of all risks related to that process, and identification and evaluation of all internal controls that should be in place to mitigate the risks to an acceptable level.

The concept considers two levels. Through the first level (team level), the Export Compliance team works together with team leaders and specific employees to carry out an analysis for the strengths, challenges and risks that may affect the company’s ability to achieve its objectives within the control framework and to take the appropriate procedures in this regard.

Through the second level (organization level), the results reached by the team in the first level are analysed to identify the strengths, weaknesses and risks and to link them in order to identify the main reasons for each one of them in the existing control system.

Control Self-Assessment relies on internal control assessment through the use of specific assessment techniques, in which the major role is carried out by the operational management rather than internal audit. This technique depends on team work rather than individual work, and it provides a reasonable rather than absolute assurance that the objectives will be achieved.