The Internal Audit and Program Evaluation Directorate of the Canadian Government published the results of their Audit of Advance Commercial Information in the Air Mode in October 2018.
The ACI Audit
Advance Commercial Information (ACI) must be transmitted electronically by carriers and freight forwarders to the Canada Border Services Agency (CBSA). This information must be timely, accurate and complete. CBSA uses this data to assess whether the goods are high risk before they arrive at the border. CBSA has reaffirmed their reliance on this data with implementing their CBSA Renewal Vision of leveraging technology and intelligence to expedite the flow of legitimate goods by identifying high-risk cargo.
The objective of the ACI Audit was to provide “assurance that an adequate management control framework and systems were in place to ensure the receipt of ACI data in the air mode was compliant with policies and of sufficient quality to allow the CBSA to conduct an effective pre-arrival risk assessment of commercial goods”.
The scope of the ACI Audit covered the management control framework in place for data quality and integrity for the commercial risk assessment process in the air mode. The audit also looked at the adequacy of the systems in place to support the receipt of electronic ACI data submitted to the CBSA. The Audit looked at the timeframe of April 2016 to November 2017.
The Audit did not look at the targeting process, the operational processes related to the release of goods, referrals for examinations, secondary examinations, conveyance examinations, and the collection of duties and taxes on imported goods.
Results Of The Audit
- CBSA needs to improve its processes to identify non-compliance and to manage non-compliant carriers more effectively. These carriers are not providing complete and timely ACI data.
- CBSA continues to use legacy IT applications and improvements are needed to manage user access controls and to ensure that an audit trail exists for emergency changes to the systems. CBSA needs to have a clear plan for the future of the IT Systems in support of ACI. This is necessary to fully implement CBSA’s vision for an efficient and risk based compliance model.
- CBSA needs to provide its strategic direction for ACI including the identification and clear definition of priorities and risks. CBSA has failed to track ACI results and the extent of ACI non-compliance.
Audit Team Recommendations
- Update the Commercial Compliance Strategy and develop and implement clear and comprehensive guidelines for the management of carrier non-compliance
- Review the access controls related to ACROSS
- Ensure that approval for IT emergency changes to applications is documented.
- Establish a clear plan to stabilize the commercial applications and initiatives required to efficiently process and assess ACI data
- Develop and implement a strategic plan to articulate the Agency’s vision and to address the current gaps in program integrity associated with the legacy systems
- Implement a regular monitoring and reporting process to ensure the management can benefit from performance results required for sound decision-making.
The Audit opined CBSA has established some aspects of a management control framework but improvement is needed in the management of non-compliance, planning, monitoring and reporting of ACI. In addition, the management of the information technology applications, which support the commercial risk assessment process, needs updating.
The CBSA management response to the Audit was a commitment to ensure effective processes and systems are in place in accordance with Audit recommendations.
The Audit can be found here.
If you have questions about your compliance with ACI data submitted to CBSA please contact one of our Trade Advisors.