Details from DHS' Report on Audit Finding of Weak CBP Financial Controls Affecting Drawback, Info Technology, Etc. (Part V - Bonded Warehouse/FTZ, Etc.)
The Department of Homeland Security's Office of Inspector General has issued a report containing an independent audit conducted by KPMG LLP that addresses the strengths and weaknesses of U.S. Customs and Border Protection's fiscal year 2007 internal controls over financial reporting.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
This is Part V, the final part of a multi-part series of summaries of this report and provides an overview of the report's findings regarding CBP's FY 2007 deficiencies1 in its internal financial controls for CBP's bonded warehouse and foreign trade zone (FTZ) processes and for information technology. The report indicates that the bonded warehouse/FTZ processes and information technology were also considered problems in FY 2006.
Internal Control Weaknesses in Bonded Warehouse/FTZ Processes
The auditors found several weaknesses in CBP's bonded warehouse/FTZ processes, including that the Automated Commercial System (ACS) does not maintain a complete listing of bonded warehouses and FTZs.
The auditors also found that port personnel were not aware of the requirements and were following outdated procedures for risk assessments and compliance reviews and opined that CBP Headquarters cannot effectively monitor or determine the overall compliance of the bonded warehouse/FTZ process if inconsistent procedures are being followed at the ports.
Processes do not exist for the ports to provide on a timely basis the results of the bonded warehouse/FTZ compliance review schedules and risk assessments to CBP Headquarters for review. As a result, CBP Headquarters cannot determine the effectiveness of the bonded warehouse/FTZ program without the ability to track the results on a consistent timely basis from the ports.
The auditors noted that it is possible that bonded warehouse/FTZ operators and users may be able to operate bonded warehouses/FTZs that contain merchandise about which CBP has no knowledge.
The auditors detailed CBP's internal control weaknesses related to bonded warehouse/FTZ processes as follows:
Inability to maintain one central list of bonded warehouses/FTZs - CBP lacked the ability to maintain one centrally managed list of all bonded warehouses/FTZs.
Inconsistent risk assessment/compliance review procedures - The ports followed inconsistent procedures for completing the risk assessments and compliance reviews or lacked procedures for completing the risk assessments and compliance reviews.
HQ can take six months to compile and analyze schedules - The ports complete annual compliance review schedules which are provided to Headquarters once a year. Headquarters' retrieval and review of the schedules can take up to six months to compile and analyze.
Auditor Recommendations to Improve Controls Over Bonded Warehouse/FTZ Processes
In response to the problems outlined above, the auditors recommended that CBP take the following actions:
continue the current plan to compile a population of all bonded warehouses/FTZs within the Automated Commercial Environment (ACE);
ensure adequate communication of the ports' requirements related to compliance reviews and risk assessments and provide effective timely training so that all responsible personnel are aware of and can consistently execute all of the requirements; and
implement a compliance review schedule template to be utilized by all ports for transmission to CBP Headquarters. Ensure timely response and review by HQ personnel.
Internal Control Weaknesses for Information Technology
The auditors noted that during FY 2007, although CBP took corrective actions to address prior year information technology control weaknesses, they continued to find information technology weaknesses at CBP. The most significant weaknesses from a financial statement audit perspective relate to information security.
According to the auditors, CBP's information technology control weaknesses collectively limit its ability to ensure that critical and financial and operational data is maintained in such a manner as to ensure confidentiality, integrity, and availability.
Auditors findings/recommendations are in a restricted report. Because of the sensitive nature of the issued identified, the auditors stated that they would issue a separate restricted distribution report to address those issues in detail.
The auditors' separate report will recommend that CBP management implement and enforce certain procedures to address the general and application control vulnerability of its financial systems.
1The audit characterizes information technology and the bonded warehouse/FTZ processes as significant deficiencies.
(See ITT's Online Archives or 12/20/07, 12/26/07, 01/17/08, and 01/23/08 news, 07122005, 07122615, 08011720, and 08012310, for Parts I-IV of BP's multi-part series of summaries on this report.)
DHS OIG report entitled "CBP's FY 2007 Internal Controls" (OIG-08-15, dated November 2007) available at http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_08-15_Nov07.pdf.