Audit of Software and Compliance Management Systems in the area of customs and foreign trade and in the area of value added tax

New service from AWB and HLB Schumacher GmbH

In cooperation with the auditing and tax consultancy firm HLB Schumacher GmbH, AWB offers its clients a new service: auditing in the area of customs and foreign trade law as well as in the area of VAT.

The new service from AWB and HLB Schumacher relates to the IT sector and various compliance management systems (CMS). CMS include internal company control systems such as the Internal Compliance Programme (ICP) in the area of export control or the Tax Compliance Management System (Tax CMS), particularly in the areas of customs or VAT. AWB and HLB Schumacher are therefore targeting both companies and IT software manufacturers with the new service.

The following examples are intended to illustrate when an audit makes sense and which IDW auditing standard (Institute of Public Auditors in Germany) is applied:

IDW PS 860 - IT audit outside of the final audit

Is customs-related IT software correctly implemented in the company and are the IT-based controls effective in delivering correct results?

  • Audit standard:  IDW PS 860 - IT audit outside of the final audit
  • Subject of the audit: IT software installed in the company, including connections to upstream and downstream IT applications and IT-supported controls
  • Target group: Companies that use IT software in their operations and want to ensure that the IT software functions properly and securely
  • Added value:
    • Certification for managing directors that the IT software has been properly installed, interfaces are working and authorisations are set up correctly
    • Reduction of organisational culpability for companies and managing directors

IDW PS 850 - Project-related audit for the use of IT

Customs-relevant IT software has been replaced in the company and the associated databases have been migrated. Was the data migration carried out correctly? Is the new IT software properly integrated into the company's existing IT landscape and is the data complete?

  • Audit standard:  IDW PS 850 - Project-related audit for the use of IT
  • Subject of the audit: Project to replace the company's IT software
  • Target group: Companies that are replacing IT software in their operations and want to ensure that the new IT software has been migrated properly and securely
  • Added value:
    • Certification for managing directors that the IT software has been properly replaced, interfaces are working and authorisations are set up correctly
    • Reduction of organisational culpability for companies and managing directors

IDW PS 980 - Audit of compliance management systems

Are the company's customs-related CMS controls effectively in place to mitigate tax risks?

  • Audit standard:  IDW PS 980 - Audit of compliance management systems
  • Subject of the audit: Internal controls of the CMS
  • Target group: Companies that have established controls in the CMS
  • Added value:
    • Certification for managing directors that the internal controls of the CMS are appropriate and effective
    • Reduction of organisational culpability for companies and managing directors

IDW PS 880 - The testing of software products

Does a manufactured customs-relevant IT software (software product) fulfil the compliance and security requirements in order to deliver correct results?

  • Audit standard:  IDW PS 880 - The testing of software products
  • Subject of the audit: Software product (e.g. preference software)
  • Target group: Software manufacturer of software products
  • Added value:
    • Creating confidence for (new) customers of the software that the programme development process and programme functions have been properly developed
    • The standardised test certificate in accordance with IDW PS 880 represents a seal of quality for a software version and avoids "audit tourism" at the software manufacturer

Practice example

Your company introduces an internal control system in the area of customs and you decide in favour of our attestation service.

AWB carries out a technical audit of the ICS. The focus is on the following question: Does the internal control system fulfil the legal requirements and does the system do what it was introduced to do?

HLB Schumacher GmbH also assesses the ICS from the auditor's perspective with regard to its appropriateness and/or effectiveness. HLB Schumacher issues the company with a certificate of adequacy and/or effectiveness. The certificate can be used vis-à-vis third parties as proof of the functionality of the internal control system.

Benefits of an audit

For companies (concerns IDW PS 860, IDW PS 850, IDW PS 980):

  • The management receives an independent judgement of the (IT) system used
  • Improvement of the IT software or system used > Reduction of the risk of errors
  • Strong protection for staff and management in the event of breaches of customs, VAT and foreign trade law > The accusation of wilful or negligent action is hardly tenable with this certificate, as it can be proven that everything has been done to fulfil the legal requirements on the part of the company.
  • Internal quality assurance
  • A successful certificate can be used for marketing purposes

For IT manufacturers (concerns IDW PS 880):

  • The certificate documents to the customer that the software has been quality-assured and properly developed
  • Internal quality assurance
  • A successful certificate can be used for marketing purposes

 

Prof. Dr. Hans-Michael Wolffgang

Partner at AWB on the benefits of an audit:


"In many other areas of tax law, the preparation of attestations is standard. In customs and foreign trade law, this service is relatively new and has so far only been offered by a few consulting firms. As foreign trade is becoming increasingly digitalised and more and more customs software and internal control programmes are being used, an attestation makes perfect sense.

A passed certificate is a double shield, so to speak. On the one hand, it shows companies that the software or system used fulfils all official requirements, and on the other hand, a certificate is the best testimony to the authorities, e.g. in the event of an external audit. It is the highest level of proof that you have dealt intensively with the legal requirements, take them seriously and act responsibly by aligning your internal organisation accordingly. Of course, a certificate can also be valuable for IT service providers because it gives them the assurance that the software has been developed properly."