WCO Customs Risk Management Compendium



Similar documents
SUPPLY CHAIN SECURITY: THE CUSTOMS COMMUNITY S RESPONSE

STRATEGIC PLAN 2013/2014 TO 2015/2016

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

ARTICLE 7.4: RISK MANAGEMENT

CHAPTER 5 MANAGING RISK IN THE CUSTOMS CONTEXT

Benefits of the Revised Kyoto Convention

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

CUSTOMS IN THE 21 ST CENTURY

Medical Devices. Safe, but are they secure? Dan Stoker, Consultant Professional Services, Coalfire

Border technology strategy. Chair: Mike Milford, First Assistant Secretary, Major Capability Division

POLICY. Number: Title: Enterprise Risk Management. Authorization

FRAMEWORK OF STANDARDS TO SECURE AND FACILITATE GLOBAL TRADE

How To Transform It Risk Management

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Strategic Risk Management for School Board Trustees

Annex 7: Capacity Building Plan to Improve Supply Chain Performance

Audit of the Test of Design of Entity-Level Controls

Technology Strategy April 2014

IT Security Risk Management: A Lifecycle Approach

P3M3 Portfolio Management Self-Assessment

Implementation of a Quality Management System for Aeronautical Information Services -1-

SAFE FRAMEWORK OF STANDARDS

CORPORATE INFORMATION AND TECHNOLOGY STRATEGY

Framework for Enterprise Risk Management

Supply-Chain Connectivity Framework

Enterprise Risk Management in Colleges and Universities

Governance, Risk, and Compliance (GRC) White Paper

Principled Performance & GRC

ENTERPRISE RISK MANAGEMENT POLICY

SAFE FRAMEWORK OF STANDARDS

WFP ENTERPRISE RISK MANAGEMENT POLICY

Performance Indicators for the Agreement on Trade Facilitation. January 2014

Internal Auditing Guidelines

ENTERPRISE RISK MANAGEMENT POLICY

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Single Window Interoperability (SWI) Discussion Paper

Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué Issy-les-Moulineaux

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

IFAD Policy on Enterprise Risk Management

PRODUCT CONFORMITY ASSESSMENT

Improving global standard to be a key driver of innovation. Colin MacNee. 2012, 2013, 2014 Duncan MacNee Limited.

CDC s Policy Analytical Framework. Centers for Disease Control and Prevention Office of the Associate Director for Policy

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

What changes will ISO 9001:2015 bring?

The Future of Census Bureau Operations

Framework for Cooperative Market Conduct Supervision in Canada

This is a sample chapter from A Manager's Guide to Service Management. To read more and buy, visit BSI British

POLICIES, RULES AND GUIDELINES

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

RULES GOVERNING COMPLIANCE OFFICERS OF DEALING MEMBER FIRMS 1

Asset Management Policy March 2014

The Copenhagen Decisions. Submission on the outcome of the Ad Hoc Working Group on Long Term Cooperative Action under the Convention under item 3

Customs Guidelines on Integrated Supply Chain Management

Infrastructure Asset Management Report

Operationalizing Data Governance through Data Policy Management

Tapping the benefits of business analytics and optimization

Internal Control Evaluations

IT Governance. What is it and how to audit it. 21 April 2009

Enterprise Risk Management: Taking the First Steps

NASCIO EA Development Tool-Kit Solution Architecture. Version 3.0

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

MGMT 4135 Project Management. Chapter-16. Project Oversight

Risk Management Basics - ISO Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

A Risk Management Standard

The Role of ITIL in IT Governance

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Board oversight of risk: Defining risk appetite in plain English

Periodic risk assessment by internal audit

Management Update: The Cornerstones of Business Intelligence Excellence

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Trade risk management: a global approach

Logical Framework Planning Matrix: Turkish Red Crescent Organisational Development Programme

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Information Security Management System for Microsoft s Cloud Infrastructure

Design Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation

APPENDIX B ABOUT U.S. CUSTOMS AND BORDER PROTECTION: MISSION AND CORE VALUES

INFORMATION AND DOCUMENTATION RECORDS MANAGEMENT PART 1: GENERAL IRISH STANDARD I.S. ISO :2004. Price Code

Strategic solutions to drive results in matrix organizations

LOGISTICS, SECURITY AND COMPLIANCE: THE PART TO BE PLAYED BY AUTHORISED ECONOMIC OPERATORS (AEOs) AND DATA MANAGEMENT

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Department of Veterans Affairs VA Directive VA Enterprise Risk Management (ERM)

5. The Model Strategies and Practical Measures are aimed at providing de jure and de

NSW Government Digital Information Security Policy

Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development

Disclosure to Promote the Right To Information

Australian Standard. Information technology Service management. Part 2: Guidance on the application of service management systems

S A F E FRAMEWORK OF STANDARDS

COMMISSION REGULATION (EU) No /.. of XXX

FINAL. World Education Forum. The Dakar Framework for Action. Education For All: Meeting our Collective Commitments. Revised Final Draft

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Transcription:

WCO Customs Risk Management Compendium

TABLE OF CONTENTS FOREWORD... V EXECUTIVE SUMMARY... VI I. INTRODUCTION... VIII II. GLOSSARY... X III. VOLUME 1... 1 1. RISK MANAGEMENT IN THE CUSTOMS CONTEXT... 3 Changing operating environment... 3 Compliance management approach... 4 2. DEVELOPING AN ORGANIZATIONAL FRAMEWORK FOR MANAGING RISK... 7 Overview... 7 Mandate and commitment... 7 Design of framework for managing risk... 8 Implementing risk management... 13 Monitoring and review of the framework... 20 Continual improvement of the framework... 21 Summary... 21 3. EMBEDDING RISK MANAGEMENT AS AN ORGANIZATIONAL CULTURE... 22 Risk management maturity... 22 Example of a risk management maturity model... 23 4. CONCLUSION... 27 5. BIBLIOGRAPHY... 29 6. ANNEXES... 31 ANNEX 1: RISK MANAGEMENT TECHNIQUES AND TOOLS... 31 ANNEX 2: COMPLIANCE MEASUREMENT... 38 ANNEX 3: APEC RISK MANAGEMENT PROCESS SELF-ASSESSMENT... 41 ANNEX 4: RISK ASSESSMENT/TARGETING CENTRES... 46 ANNEX 5: CASE STUDIES BY MEMBERS... 48 IV. VOLUME 2 (Restricted, for Members only)... 1 1. RISK ASSESSMENT, PROFILING AND TARGETING...1-1 2. RISK INDICATORS...2-1 2.1 General High-Risk Indicators...2.1-1 2.2 Standardized Risk Assessments, Model Risk Indicators/Profiles...2.2-1 2.3 Maritime-Cargo Risk Indicators and Manuals (Incoming Sea Containers)... 2.3-1 TABLE OF CONTENTS III

2.3.1 Pre-arrival phase...2.3.1-1 2.3.2 Arrival phase...2.3.2-1 2.3.3 Post-arrival phase...2.3.3-1 2.4 Air-Cargo Risk Indicators and Manuals...2.4-1 2.4.1 Pre-arrival phase...2.4.1-1 2.4.2 Arrival phase...2.4.2-1 2.4.3 Post-arrival phase...2.4.3-1 2.5 Land-Cargo Risk Indicators and Manuals...2.5-1 2.5.1 Arrival phase...2.5.1-1 2.5.2 Post-arrival phase...2.5.2-1 2.6 Handbook for Customs Officers on Risk Indicators: Factors for Intellectual Property Infringement...2.6-1 3. ANALYSIS GUIDELINES... 3-1 4. INFORMATION AND INTELLIGENCE...4-1 4.1 Global Information and Intelligence Strategy...4.1-1 4.2 National Information and Intelligence Strategy...4.2-1 IV TABLE OF CONTENTS

FOREWORD We live in an extremely fast moving world where global trade is fundamental to economic growth and social development. A stable trading environment enables economies to reap many benefits which can impact positively on society and the way people live. Customs plays a significant role in ensuring that global trade meets regulatory requirements and conforms to national laws. Changes in the strategic landscape of Customs operating environment and long-term growth in trade and travel volumes have affected the way Customs administrations are managed and approach their tasks. New government priorities, along with emerging challenges at the border, have led many administrations to seek a more structured and systematic way to manage risk. Today, Customs is required to address risk wherever it is found and increasingly as early in the supply chain as possible. Together with other key buildings blocks outlined in the WCO s Customs in the 21 st Century strategic vision, and standards and guidelines contained in the revised Kyoto Convention and the SAFE Framework of Standards, the application of risk management is a critical element that underpins all modern Customs administration. Increased automation and the submission of more comprehensive information earlier in the supply chain has enabled Customs to improve risk assessment and deployment of targeted Customs controls concentrated on the high-risk end of the risk continuum. Corresponding effective and efficient controls in turn give Customs the opportunity to facilitate low-risk movements and promote key government goals relating to the facilitation of trade and travel. The Members and Secretariat of the WCO, in partnership with their private sector and academic partners, have worked hard to gather and consolidate the latest knowledge on risk into this new WCO Customs Risk Management Compendium; a practitioners guide that includes best practices, useful case studies and real-life examples from around the world. Being a living document, the Compendium will be continuously updated to reflect the latest developments in risk management and WCO Members best practices. This will ensure that it remains relevant and indispensable to the global Customs community. We hope that widespread use of this reference tool will lead to improved Customs controls and enhanced facilitation of cross-border flows of goods, people and conveyances. Kunio Mikuriya Secretary General World Customs Organization FOREWORD V

EXECUTIVE SUMMARY Customs administrations should aim for a reasonable and equitable balance between ensuring compliance, and minimizing disruption and cost to legitimate trade and the public. Through the adoption of a holistic risk-based compliance management approach, optimal levels of both facilitation and control can be achieved. A key feature of this approach is to actively steer the client population towards voluntary compliance (low risk) leaving more scarce control resources to be deployed towards the high-risk end of the risk continuum. A robust organizational risk management framework is one of the preconditions for a risk-based compliance management approach. The framework provides the foundation and organizational arrangements for risk management, allowing individual risks to be identified, assessed and managed across the organization by empowering officers at all levels to make risk-based decisions in a structured and systematic manner. For risk management to be effective, it needs to be embedded as an organizational culture and be part of the way Customs runs its business. Anecdotal experience provided by Members indicates that it may take several years, and requires strong ongoing commitment from managers and staff at all levels. Administrations should monitor, review and assess their risk management practices and continuously develop them. At the operational level, Customs administrations are encouraged to implement risk-based control procedures that are informed by intelligence and information holdings. The aim of these procedures is to identify reliable operators/persons and lowrisk consignments/transactions which may benefit from greater facilitation as opposed to those that require higher levels of control. The Compendium includes practical and operational tools that allow Customs to assess, profile and target the flows of goods, people and means of conveyance that cross international borders and to determine what levels of intervention may or may not be required. VI EXECUTIVE SUMMARY

EXECUTIVE SUMMARY VII

I. INTRODUCTION International trade is a key driver of economic growth and development. It raises living standards in both developed and developing countries, contributes to the reduction of poverty as well as creating a more stable, secure and peaceful world 1. Customs administrations play an integral role in world commerce. They have the essential task of enforcing the law, collecting duties and taxes, providing prompt clearance of goods and ensuring compliance. 2 Recently the increased complexity and volume of international trade, fueled by technological advances that have revolutionized global trading practices, have significantly affected the way Customs administrations carry out their responsibilities and organize their business operations. Today Customs is required to provide extensive facilitation of trade while maintaining control over the international movement of goods, persons and means of transport. In seeking to achieve a balance between these goals, Customs has been moving away from traditional control methods and adopting new thinking and approaches to its tasks. Customs administrations are increasingly adopting risk management techniques to determine where the greatest areas of exposure to risk exist and how to effectively allocate scarce resources to manage these risks. This enables the objectives set for Customs by government to be achieved and the expectations of the trading community and citizens alike to be met. Risk management is by no means a new invention for Customs and it would be true to say that all administrations apply some form of risk management, either formal or informal, in their activities. However, research carried out by the WCO Secretariat indicates that risk management is sometimes progressed in an ad hoc or intuitive manner and is not necessarily always practised in a systematic and structured way 3. To overcome the pitfalls of a siloed approach, many administrations are implementing new business models and pursuing a more disciplined and structured approach to managing risk. This Compendium provides a common reference document for the concepts associated with risk management in Customs, and will assist Members in their efforts to develop and implement an all encompassing administration-wide approach to risk management. The Compendium builds on the wide range of risk managementrelated Customs instruments and tools, and updates and consolidates the work by the WCO, enabling the international Customs community to speak as one in relation to the methodology it uses when managing risk. The Compendium has five purposes. First, it defines some of the key terminology associated with risk management. Second, it outlines the Customs context for managing risk. Third, it presents the key components of a holistic organizational risk management approach including a systematic methodology for managing risk. Fourth, it sets out various techniques and tools for managing risk in practice. Fifth, it presents Members experiences in risk management in the form of case studies. The Compendium is comprised of two separate but interlinked volumes. Volume 1 starts by outlining the changing operating environment and defines the need to adopt a holistic risk-based compliance management approach that enables administrations to operate more effectively and efficiently and to better meet their objectives (Chapter 1). It then describes the different building blocks of an organizational risk management framework. These building blocks include mandate and commitment, risk governance arrangements, implementation of risk management, monitoring and review, and mechanisms for continuous learning and development of the 1. WCO (2008), Customs in the 21 st Century Strategy, p. 2. 2. WCO (1999), RKC GA Guidelines 6 on Customs Controls, p. 5. 3. According to the Consolidated Results of the SAFE Framework Implementation Survey (June 2010, Annex to Doc. SP0329, p. 9) The survey results clearly indicate that the majority of Members surveyed have generally implemented and invested in automation of risk management. A needs analysis seems, however, to indicate that the quality of risk management could be improved and that many administrations still need to incorporate risk management as part of the organizational culture and of the decision-making process at all levels of the organization. VIII I. INTRODUCTION

approach (Chapter 2)4. Embedding risk management as an organizational culture and building risk management capacity in gradual steps are discussed in Chapter 3. Finally, Chapter 4 briefly summarizes and draws together the key issues outlined in Volume 1. Volume 2 deals with operational risk management. It includes enforcement sensitive material for Customs only purposes, including numerous practical guides and templates for assessing risks in relation to the movement of goods, people, conveyances, economic operators and other parties to international trade. The topics covered in Volume 2 can be categorized into four broad clusters: risk assessment, profiling and targeting; risk indicators; analysis; and information and intelligence. The Compendium is a living document and will be continually updated to reflect the latest developments regarding risk management practices in today s constantly changing Customs operating environment. The responsibility for keeping Volume 1 updated resides with the Permanent Technical Committee (PTC), whereas the Enforcement Committee (EC) will manage the instruments contained in Volume 2. 4. The narrative in this part of the Compendium is closely aligned with International Organization for Standardization (ISO) Standard 31000:2009 Risk management Principles and guidelines I. INTRODUCTION IX

II. GLOSSARY Key risk management terms used in the Compendium are listed below. Information: Any data, whether or not processed or analyzed, and documents, reports, and other communications in any format, including electronic, certified or authenticated copies thereof. Intelligence: A product, derived from the collection and processing of relevant information, which acts as a basis for user decision-making. Nominal data: All available data related to an identified or identifiable natural (real) and/or legal person, including but not limited to identification numbers, tax-related numbers (e.g. VAT number), and items related to physical identification. Risk: Effect of uncertainty on objectives. Risk analysis: Systematic use of available information to determine how often defined risks may occur and the magnitude of their likely consequences. Risk appetite: Amount and type of risk that an administration is willing to pursue or retain. Risk assessment: Overall process of risk identification, risk analysis, risk evaluation and prioritization. Risk evaluation and prioritization: Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. Risk indicators: Specific criteria which, when taken together, serve as a practical tool to select and target movements that pose a risk of potential non-compliance with Customs laws. Risk management: Coordinated activities by administrations to direct and control risk. Risk management framework: Set of components that provide foundation and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization. Risk management plan: Scheme within the risk management framework specifying the approach, management components and resources to be applied to the management of risk. Risk management policy: Statement of an administration s overall intentions and direction regarding risk management. Risk management process: Systematic application of management policies, procedures and practices to the activities of documenting, communicating, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk. Risk owner: Person or entity with the accountability and authority to manage a risk. Risk matrix: Tool for ranking and displaying risks by defining ranges for consequence and likelihood. Risk profile: Description of any set of risks, including a predetermined combination of risk indicators, based on information which has been gathered, analyzed and categorized. Risk register: An organizational planning document identifying the administration s risks and allocating risks to risk owners. Risk tolerance: An administration s or stakeholder s readiness to bear the risk after risk treatment, in order to achieve its objectives. Risk treatment: Decision or action taken in response to an identified risk. Targeting: The selection for examination/audit of a certain consignment, passenger, means of transport, transaction or entity based on risk analysis, profiling, document review, observation and questioning techniques. Note: The term selectivity is sometimes used instead of targeting. X II. GLOSSARY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information