Contributed May 11, 2001 by Linda_Worley-Fonner@cp.vesuvius.com

EXPORT AUDIT PROGRAM

TABLE OF CONTENTS

SECTION										PAGE
MANAGEMENT POLICY								X
RESPONSIBLE OFFICIALS							X
RECORDKEEPING									X
TRAINING										X
NOTIFICATION									X
COMPLIANCE									X
	Order Processing System							X
	Denied Parties								X
	Product Classification/Licensing Determination				X
	Diversion-Risk								X
	Sensitive Nuclear								X
	Missiles									X
	Chemical and Biological Weapons					X
	South African Military and Police						X
BOYCOTT AND ANTIBOYCOTT							X
FOREIGN MILITARY SALES							X
EXHIBIT A:		Risk Assessment Guidelines and Summary		X
EXHIBIT B:		RAQ (Risk Assessment Questionnaire)			X

AUDIT TEST PROCEDURES:

I.	Management Policy:

Objective:

To convey a clear commitment of compliance with the export control regulations from senior management to all employees involved with U.S. export controls.  

Assertions:

Compliance with export regulations is essential to protecting Company's future.

The policy statement is communicated to employees on a regular basis.

Test of Controls:

1.	Has a written policy statement, which conveys a clear commitment to comply with the export control regulations, been prepared and distributed to all employees who work in export-related functions.

a.	Is the policy statement communicated to employees on a regular basis and is it:

	•	prepared on company letterhead
	•	dated
	•	signed (including the name and title of the signer)

2.	Does the policy statement of commitment to export controls include the following types of policies:

a.	Under no circumstances will sales be made contrary to U.S. export regulations.

b.	Any question concerning the legitimacy of a transaction or potential violations should be referred to (responsible official).

c.	A description of penalties (corporate, criminal, and administrative) applied in instances of compliance failure.

3.	How is the policy communicated?

	•	new employee orientation
	•	in-house publications
	•	training and/or procedures manual

4.	Are the recipients of the "policy statement on export controls" employees who deal with:

	•	International sales
	•	Customer service
	•	Marketing
	•	Contracts
	•	Finance and accounting
	•	Legal counsel
	•	Field services
	•	Export administration
	•	Order entry
	•	Shipping
	•	Traffic
	•	Engineering (those involved in item classification)

II.	Responsible Officials

Objective

To ensure that all compliance-related functions, duties and responsibilities in Company are clearly identified and assigned, that the positions and incumbents are known, and that the list is routinely updated.

Assertions:

Information is maintained in the form of lists and/or organizational charts.  Use of lists are superior for presenting specific export control duties, while organizational charts are preferable for illustrating reporting lines and structures.  A combination may be most practical.  Responsible individuals should be identified by name and/or title.

Policies, procedures and job descriptions are written to ensure smooth transitions during personnel turnover.  Of key importance during these events are the assigned backup personnel.  A backup should be identified for each position with export-related responsibilities.  This information should be promptly updated and disseminated when changes occur.

Test of Controls

1.	Determine if a list and/or organizational chart identifying the employee(s) responsible for each export and export control related function exist.

a.	Is the list and/or organizational chart current?

b.	Are the assigned export control responsibilities separated from the sales function to prevent a conflict of objectives.

2.	In order to determine ongoing compliance in cases of absence, determine if backup personnel are formally assigned for all key export control related functions.

3.	Is the list or chart of personnel with export and export control-related functions distributed throughout the organization?

4.	Determine that a designated export control coordinator (or similar title) is empowered by senior management to ensure an effective companywide compliance program is in place.

5.	Does the export control coordinator have an understanding of how products and data are classified among and within the various jurisdictions?  (DOC, DOS, DOE, NRC, etc.)


Does the export control coordinator maintain up-to-date references?  (i.e. Export Administration Regulations, International Traffic in Arms Regulations, DOE Part 810 Regulations, etc.)
	
III.	Recordkeeping

Objective

To ensure documents are maintained in an accurate and consistent manner and are available for inspection as required.

Assertions

The ability to monitor the effectiveness of an export control system depends on the maintenance of complete and accurate records. 

Current recordkeeping practices allows requests for quotes, customer purchase orders, invoices, shipper's export declarations (SEDs), delivery notes, and air waybills to be easily matched.

An adequate audit trail is maintained regardless of the recordkeeping format used.

Tests of Controls

1.	Is there a centralized recordkeeping system which records required are quickly identifiable?

2.	Are departments involved in export activities well informed of proper procedures for the maintenance of documents?

3.	Are employees aware that all records must be made available to Department of Commerce personnel as required in Sections 787.13 (f) (1) and (2) of the EAR?

4.	Are personnel aware of what records need to be maintained and the appropriate retention period?

5.	Are employees aware of General License requirements? (I.e. G-TEMP, and GLV)

6.	Are Shipper's Export Declarations (SEDs) completed and are copies maintained on file?

7.	Are there any DOC applications submitted electronically?

a.	Is a submission log maintained?
b.	Does the capability exist to generate hardcopies of electronically submitted DOC applications?

Tests of Details

1.	Select a sample of documents that are identified in section 787.13 (c) of the EAR and ensure the following:

a.	Documents are maintained in the file.
b.	Documents are maintained for the required period of retention.

2.	Review General Licenses for the following:

G-TEMP

a.	Is a log maintained to track shipments ensuring all destinations are authorized by the EAR and all items are either returned within one year or transferred according to the provisions of the EAR?

GLV

a.	Is a log maintained ensuring the GLV is not used for more than 12 orders per year for any one consignee?

3.	Verify that appropriate records are retained;

a)	for boycott-related requests, at least three years from the date of export.

b)	two to five years from date of export or known reexport of commodities, technical data and software controlled by Dept. of Commerce (DOC).

c)	six years for exports controlled by International Traffic and Arms Regulations (ITAR).

IV.	Training

Objective

To ensure training and education are provided, on a regular basis, to all employees involved in export-related activities.

Assertions

An individual is designated as responsible for the conduct of training on export control issues.

A qualified trainer is one who is well-educated and an expert in the field of export-related functions.

The trainer keeps abreast of all the changes to export control regulations that affect Company and communicates it to all applicable employees.

Tests of Controls

1.	Has an identified individual been designated as responsible for the conduct of training on export control issues?

2.	Does the training program include a format, an agenda for training sessions, and an adequate schedule for training?

3.	Determine if orientation training of new employees involved in export-related activities includes the following topics:

	•	the organizational structure of export-related departments and functions,
	•	the role of the export administrator,
	•	U.S. export regulatory requirements, and
	•	Export company procedures.
4.	Is there periodic training to reinforce knowledge and to communicate changes in the EAR, company procedures and application of the regulations to new commodities, technical data, software or services destined for export?

5.	Has training been scheduled and provided for all employees in export-related departments (i.e, sales, contracts, customer service, credit, order entry, shipping, etc.)?

6.	Does the training include the following topics?  

	•	General Licenses
	•	Proliferation Screening
	•	Denied Parties and Diversion Risk Screening
	•	Technical Data
	•	Authorized Reexports
	•	Cases when Individual Validated Licenses are required
	•	Recordkeeping Requirements
	•	Export Document Preparation
	•	Shipper's Export Declarations
	•	Air Waybills
	•	Commercial Invoices
	•	Boycott-related request 

V.	Notification

Objective

To ensure that all exports and reexports are conducted in accordance with the export control regulations.

Assertions

There is a clear line of communication procedures to expedite the resolution of export issues and concerns.

Tests of Controls

1.	Are procedures established for employee guidance concerning export related questions?  Are the following considered in this procedure:

	•	Company Law Department
	•	Company Finance Department
	•	Company' Contracted Forwarding Agent
	•	Bureau of Export Administration (BXA)
2.	Are there proper procedures to ensure all boycott-related requests are identified, properly responded to, and reported?

3.	Are there proper procedures to ensure that when questionable, unauthorized, or illegal activities may have taken place, employees refer such activities to the Law Department for determination of what action is required?

VI.	Export Compliance

A.	Order Processing System

Objective

To set forth in written procedures the order processing system used to screen and document the checks required by the Company's export control system.

Assertions

The order processing system documents approval of transactions in accordance with the requirements of the Company's export control system.

The administrator has determined the nature and frequency of export transaction reviews and approvals. 

Test of Controls

1.	Determine if the order processing system (whether manual or automated) has "hold" functions that ensure adherence to sign-off procedures prior to processing the following:

	•	Request for Quote
	•	Negotiations
	•	Contract and/or Purchase Order
	•	Modifications to Contracts and/or Purchase Orders
	•	Commercial/Billing Invoices
	•	Shipping Documents
	•	Air Waybills and/or Bills of Lading

Test of Details

1.	Review a sample of the above listed items for proper review, approval, and accurate representation of information.

2.	Verify appropriate Destination Control Statements appear on all bills of lading, air waybills and invoices.

B.	Denied Parties

Objective

To ensure that transactions involving U.S.-origin commodities or technical data covered by the Government export regulations do not involve persons or entities whose export privileges have been denied by the U.S. Government.

Assertions

The export administrator has procedures for complying with restrictions on transacting international commercial activities with parties that have been issued a denial order.  

NOTE:  Denial orders are designed to cut off the access of denied parties to U.S.-origin items not only by denying such parties the right to export, but also by prohibiting third parties from dealing with a denied party in a transaction involving U.S.-origin commodities or technical data. Denial orders generally apply to general license items as well as to items subject to validated licensing.

Test of Controls

1.	Determine that the Company is utilizing the most current Department of Commerce (DOC) Table of Denial Orders, Treasury's Specially Designated Nationals Listing, and State Department's Debarred Listing.

2.	Is the Export Administrator aware that:

a.	intra-country transfers abroad of U.S.-origin goods and technology to a denied party and 

b.	the servicing of a denied party's U.S. origin items are prohibited unless the facts are made known to and permission is received from the Office of Export Licensing for these types of transactions?

3.	Do procedures exist for putting an export transaction on hold if a denied party is identified?

4.	Are copies of denied parties information and updates distributed to cognizant personnel?

5.	Is the Company aware of other trade-related sanctions, embargoes or debarment imposed by the U.S. Departments of the Treasury and State?
  
6.	Actions taken by these agencies are published in the Federal Register.  Does the Company review the Federal Register for announcements from these agencies?

Test of Details

1.	Perform a denied party review on a sample of export transactions.  This can be done in essentially two ways.

a.	Review export transactions against a negative list of the most current denied parties.  OR

b.	Review export transactions against a positive list of approved customers that have been screened against the most current denied parties information.

2.	Determine from the sample selected above that denied parties checks are documented and include the following:

	•	the name or initials of the individual performing the check
			•	the date the check was performed
	•	the date of the most current denied parties information used to perform the check.

3.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

C.	Product Jurisdiction/Classification/License Determination

Objective

To ensure that the export license to be used authorizes the transfer of the items to the intended country.

Assertions

The Company has a system for classifying products by Export Control Classification Number (ECCN) to determine what export authorization may potentially be used for the intended destination.

The system identifies items that are usually eligible for various general licenses and highlight items that require Individual Validated Licenses (IVLs).

Test of Controls

1.	 Are procedures in place to:

a.	determine government agency jurisdiction.
b.	determine appropriate classifications,
c.	determine whether a validated license is required based on the product/country classification, and
d.	determine whether a general  license may be available, subject to end-use and end-user restrictions

2.	Ensure that product classification/license determination is one of the first export control checks performed on an export transaction.  (This check establishes whether the Company needs to apply for an Individual Validated Licenses (IVL) or if the item may normally be exported under a general license).

3.	Is the export license accurate and current?

Test of Details

1.	Select a sample of export transactions and determine if products and technical data have been classified under the correct licensing jurisdiction and how the jurisdiction was determined, i.e., are commodity jurisdiction/classification letters on file from a government agency?

2.	Determine if the sample selected above is involving embargoed countries, i.e., Cuba, Libya, North Korea, Iraq, Haiti and Yugoslavia.  (Consult with the Export Compliance Officer for a current listing.)

a.	If such transactions do exist, determine if the appropriate Government license has been obtained.

3.	Review license applications for accurate representations of information.

4.	Review the sample of export transactions to verify that;

a.	proper license was obtained or that appropriate general license was used.

b.	no exports or reexports have occurred without appropriate license authority.

c.	no export has occurred under DOC general license GCT until the Company has received the appropriate importer statement.

d.	in the case of DOC exports or reexports under validated license, any required International Import Certificate of form BXA629P was on file prior to submission of the license application.

e.	licenses adequately cover what is being exported, i.e., quantity, description, software, spares, service and or training.

f.	all license riders and conditions are complied with.

g.	for validated licensed shipments, quantities shipped were recorded and summarized to avoid exceeding the license authority.

h.	In the case of DOE exports, have required reports been submitted to DOE in the time frame required.

5.	Determine if appropriate Letters of Assurance have been obtained from the foreign importer for exports under DOC general license GTDR--Country Groups "T" & "V".

6.	Ensure the results of the license determination check is documented in the order files and contains the following:

	•	the type of license available or required,
	•	the date the check was performed, and
	•	the signature/initials of the individual who performed it.

7.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

D.	Diversion Risk

Objective

To establish procedures to adequately screen orders for "red flag" indicators using the diversion risk profile (DRP).

Assertions

The Company has a system for assessing proposed transactions against a diversion risk profile that takes into account the following "red flag" indicators:

	•	The customer is unknown (financial information on the customer is unavailable from normal commercial sources and its corporate principals are unknown by trade sources).

	•	The customer does not wish to take advantage of commonly available installation and maintenance services.

	•	The customer is reluctant to provide specific end-use or end-user information.

	•	The customer requests atypical payment terms, such as a cash payment when such purchases are usually financed.

	•	The order amounts, packaging or delivery routing do not correspond with normal industry practices.

	•	The performance or design characteristics of the items ordered are incompatible with the customer's line of business or stated end-use.

	•	The customer uses only a post office box address or has facilities that appear to be inappropriate for the items ordered.

	•	The customer's order is for parts known to be inappropriate, or for which the customer appears to have no legitimate need (e.g., there is no indication of prior authorized shipment of the system for which the parts are sought).

	•	The customer is known to have, or is suspected of having, unauthorized dealings with specially designated regions and countries for which non-proliferation controls apply.

The Company does not proceed with the export in question when any 'red flags' have been identified and follow-up inquiries have not resolved doubts before contacting the Company Law Department and/or Export Compliance Officer.

Tests of Controls

1.	Is the diversion risk profile being performed at

	•	all phases of the order processing system or immediately upon receipt of a request for quote,

	•	when the customer requests a change to an existing order or when new information about the order is available?

2.	Does the diversion risk profile relate to the appropriateness of the items being requested as well as the customer's shipping instructions?

3.	Are all employees involved in international sales and order processing activities trained to recognize the "red flag" indicators?

4.	Does the Company have an approved customer list?

5.	Determine if a well-documented customer files exist.  If so, do the files include the following:
	•	each customer's usual activities 
	•	updates as new information on a customer becomes available
	•	information indicating any risk of diversions
	•	all correspondence with the Bureau of Export Administration

6.	When considering a new customer does the Company consider sources including government industry, media or from the customer itself?

7.	Does the Company have a diversion risk policy documented? 

8.	Is the Company aware that Company may not export an item under a general license if they "know or have reason to believe" that the customer will reexport or transfer that item without the appropriate authorization from the U.S. Government?  (This will avoid a violation of the EAR)

9.	Does the Company document that the customer has been screened against the "red flag" indicators?  If so, does it include the name and address of the customer being checked, the name or initials of the person performing the check and the date the check is performed?

10.	In instances where company personnel suspect that unauthorized or illegal activities may have taken place, or that the customer is asking them to participate in such activities, is there a proper reporting format at the Company?

Test of Detail

1.	Review the diversion risk policy and ensure it includes noting the presence or absence of "red flag" indicators, the name or initials of the person performing the screen, and the date.

2.	Select a sample of customers and review for proper diversion risk policy documentation.

3.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

4.	Interview employees to determine their awareness of "red flags" and what they are to do if the "red flags" can not be resolved.

E.	Sensitive Nuclear

Objective

To ensure that transactions do not involve sensitive nuclear end-uses/end-users without authorization form the U.S. Government.

Assertions

The Company has a system for assuring compliance with the restrictions on sensitive nuclear end-uses/end-users.

Test of Controls

1.	Does the Company perform the following levels of screening:

Level 1
a.	Have you been informed by the Bureau of Export Administration (BXA) that an IVL is required?

	-If yes, an IVL application must be submitted to BXA and a general license may not be used.
	-If no, proceed to level 2.

Level 2
b.	Is the end-user located outside Canada or a country listed in Supplement 2 to Part 773 of the EAR?  (See appendix I)

	-If yes, proceed to level 3
	-If no, document in writing.  Date, initial, and maintain according to your recordkeeping practice.  A general license may be used provided no other aspect of the transaction requires an IVL.

Level 3
c.	Is the end-user involved in a potentially nuclear-related industry or activity?

	-If yes, proceed to level 4
	-If no, document in writing.  Date, initial, and maintain according to your recordkeeping practice.  A general license may be used provided no other aspect of the transaction requires an IVL.

Level 4
d.	Is the end-user directly or indirectly involved in any sensitive nuclear activities, whether or not the item is specifically designed or modified for such activities?

	-if yes, a general license may not be used to effect the export; apply for an IVL.
	-if no, document and file.  A general license may be used provided no other aspect of the transaction requires an IVL.

5.	Is the Company aware of extra cautions used in exporting items to institutes of science and technology, conventional weapons and armaments research and development establishments, and other military entities.

6.	Does the Company document sensitive nuclear checks performed?

7.	Does the Company or any Company Employee know or have reason to know that an export will be used directly or indirectly in any of nuclear end-uses listed in section 778.3 of the EAR.

8.	Is the Company aware that an IVL is required for exports to all destinations of any technical data not exportable under the provisions of general license GTDA (except "operation technical data", and sales technical data for export to and use in Canada or the countries listed in Supplement No. 2 to Part 773 of the EAR), where the Company or any Company employee knows or has reason to know that the data will be used directly or indirectly in the activities listed in section 778.3 of the EAR?

9.	Is the Company aware that an IVL is required for exports to all destinations, except Canada and the countries listed in Supplement No. 2 to Part 773 of the EAR, of any commodity, or any software where the Company or any Company employee knows or has reason to know that the commodity or software will be used directly or indirectly in the activities listed in section 778.3 of the EAR?


Test of Details

1.	Verify that the Company retains documentation in support of sensitive nuclear reviews.

2.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

3.	Is there any evidence that the Company or any Company employee knew, or had reason to know, that a customer may have been involved in a sensitive nuclear activity?

F.	Missile

Objective

To ensure that transactions do not involve missile end-uses/end-users without authorization from the U.S. Government.

Assertions

The Company has a system for assuring compliance with the restrictions on missile end-uses/end-users.

	
Test of Controls

1.	Since orders may be revised while in process, does the Company employees involved in international sales and order processing activities obtain training to recognize missile activities?

2.	Are customer files updated to reflect changes in licensing requirements due to any missile-related information?

3.	Is the Company aware that missile checks should be documented?  If yes, are they documented and do they include a notation of the presence or absence of missile-related activities, the name or initials of the person performing the screen and the date?

4.	Does the Company perform the following levels of screening:

Level 1
a.	Have you been informed by the Bureau of Export Administration (BXA) that an IVL is required?

	-If yes, an IVL application must be submitted to BXA and a general license may not be used.
	-If no, proceed to level 2.

Level 2
b.	Is the end-user located in a destination listed in Supplement 6 to Part 778 of the EAR?  (See appendix II)

	-If yes, proceed to level 3
	-If no, a general license may be used provided no other aspect of the transaction requires an IVL.

Level 3
c.	Do you know that the items are to be used in a project noted in Supplement 6 or in the design, development, production or use of missiles as defined by Section 778.7(a)(2) of the EAR?

	-If yes, an IVL is required
	-If no, a general license may be used provided no other aspect of the transaction requires an IVL.

5.	Is the Company aware that an Individual Validated License (IVL) is required for all exports when the Company or a Company employee knows that the export will be used in the design, development, production or use of missiles in or by a country listed in supplement No. 6 to Part 778 or are destined for a project listed in supplement No. 6 to Part 778?

6. 	Is the Company aware that "knowing" participation and support by U.S. persons, including foreign branches of U.S. companies, in missile related activities in certain countries is restricted? (EAR Section 778.9)

7.	In addition, is the Company aware that the restriction applies to the export, reexport or transfer of any item, including foreign origin items?

8.	Does the Company advise employees that the Government prohibits any U.S. person from performing any contract, service or employment knowing it will assist in missile activities in certain countries?  (EAR Supplement 6 to Part 778)

9.	Does the Company or any Company employee know or have reason to know that an export will be used in the design, development, production or use of missiles in or by a country  listed in Supplement No. 6 to Part 778?

Test of Details

1.	Verify that the Company retains documentation in support of missile reviews.

2.	Determine that customer files are updated to reflect changes in licensing requirements due to any missile-related information?

3.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

4.	Is there any evidence that the Company or Company employee knew or had reason to know that a customer in a country listed in supplemented 6 to part 778 of the EAR may have been involved in the design, development, production, or use of missiles?

G.	Chemical & Biological Weapons

Objective

To ensure that transactions do not involve chemical and biological weapons end-uses/end-users without authorization from the U.S. Government.

Assertions

The Company has a system for assuring compliance with restrictions on chemical and biological weapons end-uses/end-users.

Test of Controls

1.	Since orders may be revised while in process, does the Company employees involved in international sales and order processing activities obtain training to recognize chemical and biological activities?

2.	Do the customer files reflect changes in licensing requirements due to any chemical and biological-related information?

3.	Is the Company aware that chemical and biological checks should be documented?  If yes, are they documented and do they include a notation of the presence or absence of chemical and biological-related activities, the name or initials of the person performing the screen and the date?

4.	Does the Company perform the following levels of screening:

Level 1
a.	Have you been informed by the Bureau of Export Administration (BXA) that an IVL is required?

	-If yes, an IVL application must be submitted to BXA and a general license may not be used.
	-If no, proceed to level 2.

Level 2
b.	Does the transaction involve a country listed in Supplement 5 to Part 778 of the EAR?  (See appendix III)

	-If yes, proceed to level 3
	-If no, a general license may be used provided no other aspect of the transaction requires an IVL.

Level 3
c.	Do you know if the end-user is involved in a potential chemical or biological activity or industry?

	-If yes, proceed to Level 4
	-If no, a general license may be used provided no other aspect of the transaction requires an IVL.

Level 4
d.	Do you know that the items are to be used in the design, development, production, stockpiling, or use of chemical or biological weapons?

	-If yes, an IVL is required
	-If no, a general license may be used provided no other aspect of the transaction requires an IVL.

5.	Is the Company aware that an Individual Validated License (IVL) is required to export any commodity software or technical data, where the Company or any Company employee knows that the export to the design, development, production, stockpiling, or use of chemical or biological weapons in or by a country listed in Supplement No. 5 to Part 778?

6.	Does the Company or any Company employee know or have reason to know that an export will be used in the design, development, production, stockpiling, or use of chemical or biological weapons?

7. 	Is the Company aware that "knowing" participation and support by U.S. persons, including foreign branches of U.S. companies, in biological and chemical related activities in certain countries is restricted? (EAR Section 778.8)

8.	In addition, is the Company aware that the restriction applies to the export, reexport or transfer of any item, including foreign origin items?

9.	Does the Company advise employees that the Government prohibits any U.S. person from performing any contract, service or employment knowing it will assist in chemical and biological warfare activities in certain countries?  (EAR Supplement 5 to Part 778)

Test of Details

1.	Verify that the Company retains documentation in support of biological and chemical reviews.

2.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

3.	Is there any evidence that the Company or a Company employee knew or had reason to know that a customer in a country listed in supplement 5 to part 778 of the EAR may have been involved in the design, development, production, stockpiling, or use of chemical or biological weapons?

H.	South African Military and Police

Objective

To ensure compliance with U.S. foreign policy controls which prohibit exports or reexports to the South African military and police.

NOTE:	During June 1994 the Government terminated the Arms Embargo in South Africa.

Assertions

The Company has a system for assuring compliance with the embargo on the South African military and police.

Test of Controls

1.	Is the Company aware that items may not be exported or reexported to the Republic of South Africa when the exporter "knows or has reason to now" that the items will be sold to, or used by, or for the South African military or police?  (EAR Section 785.4(a))

Test of Details

1.	Verify that the Company retains documentation in support of South African Military and Police reviews.

2.	Is there evidence that this screen was performed before accepting an order and, again, immediately prior to shipping?

I.	Boycott and Antiboycott

Objective

To ensure compliance with laws and regulations pertaining to international boycotts which have been enacted by the U. S. Government under the Export Administration Act of 1979.

Assertions

The Company complies with both the Commerce Law and the Tax Law enacted by the U.S. Government.

Test of Controls

1.	Does the Company understand the Tax Law and it's difference from the Commerce Law with respect to coverage, prohibited conduct and penalties?

Note:  The Commerce Law was enacted as a measure designed to further the stated foreign policy of the United States to oppose restrictive trade practices or boycotts which are imposed by foreign countries against a country friendly to the United States or against United States persons; i.e., foreign boycotts not approved by the U.S. Government.

2.	Does the Company prohibit certain activities or conduct which further or support an unsanctioned foreign economic boycott?

3.	Is the Company reporting, on a calendar quarter basis, receipt of reportable boycott-related requests to the United States Department of Commerce even though no action is taken in response to the request?

4.	Is the Company aware that all reports should be completed and forwarded to the Company Export Compliance Officer for submission to the U.S. Department of Commerce?

5.	Is the Company reporting separately, on an annual basis, an International Boycott Report filed under the Tax Law with the U.S. Internal Revenue Service?

6.	Does the Company include transactions involving any United States goods or services, whether sold from a foreign subsidiary's inventory or otherwise?

7.	Does the Company consider diligence by all employees involved in business transactions related directly or indirectly to a boycotting country?  These include employees engaging in sales solicitation, order acceptance, financing (including letters of credit), contract review, purchasing, shipping, employment hiring and placement.

8.	Is the Company aware that all letters, documents or other communications received from or relating to the Middle East should be carefully reviewed on receipt to determine if they contain any reportable boycott requests and no action should be taken in response unless permitted by the Commerce Law and also the Tax Law?

9.	In addition, is the Company alerted to possible pass-through of boycott provisions in subcontract situations involving the supply of goods or services to the Middle East?

10.	Is the Company taking appropriate steps to prevent the following Commerce Law prohibitions?

a.	Refusal or Agreement to Refuse to Do Business.

b.	Furnishing Business Relationship Information.

c.	Discriminatory Actions

d.	Furnishing Information on Race, Religion, Sex or National Origin.

e.	Furnishing Information on Charitable or Fraternal Associations.

f.	Implementing Letters of Credit.

g.	Evasion.

11.	Does the Company apply antiboycott prohibitions and reporting requirements to controlled foreign subsidiaries and affiliates if United States Commerce is associated with the activity in question?

12.	Is the Company aware that with regards to requests received in bid invitations or tender documents a submission of the bid without striking the language or taking appropriate exceptions to the offending boycott requirements could be a violation?

13.	Does the Company retain records in connection with boycott-related requests for a period of at least 3 years?

Tests of Details

1.	Select a sample of documentation received from each known boycotting country (primarily the Arab League boycott of Israel - Bahrain, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, Qatar, Saudi Arabia, Syria, United Arab Emirates, and the Republic of Yemen), and from subsidiaries, banks and other establishments of traditional boycotting countries and ensure the following:

a.	Certain activities or conduct which further or support an unsanctioned foreign economic boycott are prohibited.

b.	When required the report is filed with the U.S. Commerce Department through the Corporate Law Department within 1 month following the end of any calendar quarter in which the boycott request is received.

c.	United States goods or services, whether sold from a foreign subsidiary's inventory or otherwise are included.

d.	Prohibited boycott-supportive conduct is not evidenced.

e.	Are the reports complete?
f.	Are the Tax Department questionnaires complete?

2.	For any document, e.g., request for quote, contract, letter of credit, shipping instructions, etc...containing boycott related language which required amending or deleting the language, ensure the amended document was received prior to effecting the transaction.

J.	Foreign Military Sales 

Objective

To ensure the Company is in compliance with (W) policies and procedures and Government Laws and Regulations involving Foreign Military Sales (FMS).

Assertions

The Company's policies and procedures offer adequate guidance for FMS contracts.

Accounting for FMS contracts is compliant with Government regulations (i.e. FAR, DFARS, etc.).

Tests of Controls

1.	Is there a review process for proposed FMS contracts?

2.	Does the Company maintain controls to insure sales commissions and contingent fees paid under FMS contracts are consistent with U. S. Government regulations and with the governing law in the relevant foreign country? (DFARS 225.7303-4)

3.	Is the Company aware of special FMS cost principles regarding selling expenses, product support and post delivery expenses, offset administrative costs and costs subject to advance agreements. (DFARS 225.7303-2)

Tests of Details

1.	Select a sample of FMS contracts and review for:

a.	There is evidence of proper review of proposed FMS contracts.

b.	The contract has been signed at the proper authority level.

c.	The FMS agreement is documented utilizing DD Form 1513, DOD Offer and Acceptance.  (DFARS 225.7301.)

d.	There are no sales commissions and contingent fees in excess of $50,000 charged to the contract. (DFARS 225.7303-4)

e.	All sales commissions and contingent fees are made known to the purchasing government.

f.	All sales commissions and contingent fees are justified and supported by documentation.

g.	When sales commissions and contingent fees are applied, a Statement of Contingent or Other Fees (Standard Form 119) is prepared and submitted to the Government.

2.	Review a sample of FMS contract costs to determine compliance with special FMS cost principles regarding:

a.	Selling expenses

b.	Product support and post delivery expenses

c.	Offset administrative costs

d.	Costs subject to advance agreements

RISK ASSESSMENT SUMMARY (EXHIBIT A)

The attached risk assessment summary should be completed by determining the risk rating for each assertion and then assigning an overall rating for the audit area.

The risk rating should be designated as "high" (the internal control structure lacks policies and procedures to the extent that errors and irregularities would clearly result) unless one or both of the following is performed:

a.	Identify specific policies and procedures which are likely to prevent or detect material misstatements.

b.	Perform tests of controls to evaluate the effectiveness of such policies and procedures.

As a result of the above, a rating of low or medium could be assigned based on the following definitions:

Low Risk

•	The internal control structure contains policies and procedures that clearly prevent or detect errors or irregularities on a timely basis.

Medium Risk

•	The internal control structure lacks some policies and procedures but not to the extent that material misstatements would be occur.


MANAGEMENT POLICY

Assertions:

•	Compliance with export regulations is essential to protecting Company's future.

•	The policy statement is communicated to employees on a regular basis.

OVERALL RATING

RESPONSIBLE OFFICIALS

Assertions:

•	Information is maintained in the form of lists and/or organizational charts.  Use of lists are superior for presenting specific export control duties, while organizational charts are preferable for illustrating reporting lines and structures.  A combination may be most practical.  Responsible individuals should be identified by name and/or title.

•	Policies, procedures and job descriptions are written to ensure smooth transitions during personnel turnover.  Of key importance during these events are the assigned backup personnel.  A backup should be identified for each position with export control related responsibilities.  This information should be promptly updated and disseminated when changes occur.

OVERALL RATING

RECORDKEEPING

Assertions

•	The ability to monitor the effectiveness of an export control system depends on the maintenance of complete and accurate records. 

•	Current recordkeeping practices allows invoices, shipper's export declarations (SEDs), delivery notes, and air waybills to be easily matched.

•	An adequate audit trail is maintained regardless of the recordkeeping format used.

•	Records are maintained for the required period of time.

OVERALL RATING

TRAINING

Assertions

•	An individual is designated as responsible for the conduct of training on export control issues.

•	A qualified trainer is one who is well-educated and an expert in the field of export-related functions.

•	The trainer keeps abreast of all the changes to export control regulations that affect Company and communicates it to all applicable employees.

OVERALL RATING

NOTIFICATION

Assertions

•	There is a clear line of communication procedures to expedite the resolution of export issues and concerns.

OVERALL RATING

ORDER PROCESSING SYSTEM

Assertions

•	The order processing system documents approval of transactions in accordance with the requirements of the Company's export control system.

•	The administrator has determined the nature and frequency of export transaction reviews and approvals. 

OVERALL RATING

DENIED PARTIES

Assertions

•	The export administrator has procedures for complying with restrictions on transacting international commercial activities with parties that have been issued a denial order.  

NOTE:  Denial orders are designed to cut off the access of denied parties to U.S.-origin items not only by denying such parties the right to export, but also by prohibiting third parties from dealing with a denied party in a transaction involving U.S.-origin commodities or technical data. Denial orders generally apply to general license items as well as to items subject to validated licensing.

OVERALL RATING

PRODUCT JURISDICTION/CLASSIFICATION/LICENSE DETERMINATION

Assertions

•	The Company has a system for classifying products software and technology against the DOC, DOE, NRC, and ITAR regulations to determine what export authorization may potentially be used for the intended destination.

•	The system identifies items that are usually eligible for various general licenses and highlight items that require Individual Validated Licenses (IVLs).

OVERALL RATING

DIVERSION RISK

Assertions

The Company has a system for assessing proposed transactions against a diversion risk profile that takes into account the following "red flag" indicators:

•	The customer is unknown (financial information on the customer is unavailable from normal commercial sources and its corporate principals are unknown by trade sources).

•	The customer does not wish to take advantage of commonly available installation and maintenance services.

•	The customer is reluctant to provide specific end-use or end-user information.

•	The customer requests atypical payment terms, such as a cash payment when such purchases are usually financed.

•	The order amounts, packaging or delivery routing do not correspond with normal industry practices.

•	The performance or design characteristics of the items ordered are incompatible with the customer's line of business or stated end-use.

•	The customer uses only a post office box address or has facilities that appear to be inappropriate for the items ordered.

•	The customer's order is for parts known to be inappropriate, or for which the customer appears to have no legitimate need (e.g., there is no indication of prior authorized shipment of the system for which the parts are sought).

•	The customer is known to have, or is suspected of having, unauthorized dealings with specially designated regions and countries for which non-proliferation controls apply.

The Company does not proceed with the export in question if any "red flags" are not resolved before contacting the Company Law Department for further review and guidance.

OVERALL RATING

SENSITIVE NUCLEAR

Assertions

•	The Company has a system for assuring compliance with the restrictions on sensitive nuclear end-uses/end-users.

OVERALL RATING

MISSILES

Assertions

•	The Company has a system for assuring compliance with the restrictions on missile end-uses/end-users.

OVERALL RATING

CHEMICAL AND BIOLOGICAL WEAPONS

Assertions

•	The Company has a system for assuring compliance with the restrictions on chemical and biological weapons end-uses/end-users.

OVERALL RATING

BOYCOTT AND ANTIBOYCOTT

Assertions

•	The Company complies with both the Commerce Law and the Tax Law enacted by the U.S. Government.

OVERALL RATING

FOREIGN MILITARY SALES

Assertions

•	The Company's policies and procedures offer adequate guidance for FMS contracts.

•	Accounting for FMS contracts is compliant with Government regulations (i.e. FAR, DFARS, etc.).

OVERALL RATING


RISK ASSESSMENT QUESTIONNAIRE (EXHIBIT B)

1.	Interview various individuals involved in exports within the Company and determine their awareness of export control policies and procedures.

2.	Review the Company's internal audit procedures and any prior audit results.  Determine if all potential or actual violations have been reported to the Law Department.  Assess methods of correcting deficiencies and identify areas needing improvements.

3.	Review to determine adequacy of screens to detect sales, exports or services to diversion risks, nuclear, chemical or biological weapons facilities or missile facilities.

4.	Does the Company have procedures to detect potentially suspicious orders?  

5.	Is the Company familiar with the "red flag" indicators?

6.	Review procedures for classifying and controlling technical data exports, including oral, visual and electronic release to foreign nationals.

7.	Determine if procedures to control and license plant visits by foreign nationals are adequate for the business.

8.	Determine if procedures to control and license employment of foreign nationals are adequate for the business.

9.	Has the Company received boycott-related requests?

10.	Determine if a list and/or organizational chart identifying the employee(s) responsible for each export and export control related function exists.

a.	Is the list and/or organizational chart current?

b.	Are the assigned export responsibilities separated from the sales function to prevent a conflict of objectives.

11.	Are the export transactions been screened against up-to-date denial order list before accepting an order and, again, immediately prior to shipping?

12.	Does the Company maintain well-documented customer files noting each customer's usual activities and orders?

13.	Is a log of partial shipments and expiration of licenses maintained?

14.	Are freight forwarders utilized?  If they are, is there a clause of indemnification or letter of understanding which requires the freight forwarder to indemnify Company for any fines or penalties incurred as a result of the acts of omissions of the freight forwarder in handling Company export shipments?

15.	Does the business or subsidiary have established and distributed up-to-date export control policies and procedures?

16.	Does the business or subsidiary have availability to regulations and reference materials?

17.	Is training being provided to employees involved in export-related activities?

18.	Are documents related to export transactions being retained for the required period of time?


Does the Company have procedures for reporting compliance errors?