risk analysis and management - first step to …...trade e –session: 09h00 –09h50 risk analysis...
TRANSCRIPT
TradeE– Session:09h00– 09h50
Riskanalysisandmanagement
FirststeptoanAEOcertification
Jointfacilitators
MarkIsaacson,ActingDirector,Buffalo,NYCTPATFieldOffice,CBP
JuanitaMaree,ManagementCommittee,SouthAfricanAssociationofFreightForwarders(SAAFF)
Riskanalysisandmanagement
FirststeptoanAEOcertification
Program
a. Slidepresentation: MarkIsaacson. (Governmentview)b. Q&Ac. Slidepresentation:JuanitaMaree(PrivateSector/Businessview)d. Q&Ae. Howdoweworkjointlyonthisjourney: MarkIsaacsonf. Q&Ag. Summary,conclusion&whatdidwelearnfromthisTrackE- session
GovernmentPerspective
Riskanalysisandmanagement
FirststeptoanAEOcertification
Risk Assessment Tools
Presenter’s Name June 17, 2003
Risk Assessment Tools
5
Presentation Overview§Background
§Five Step Risk Assessment Process
§Mapping Cargo/Data Flow
§Supply Chain Threats
§Vulnerability Assessments
§Final Thoughts
§Questions & Answers
Presenter’s Name June 17, 2003
Risk Assessment Tools
6
Background§Risk Assessment and the Minimum Security Criteria
§CTPAT 5 Step Risk Assessment Process Guide – 2010
§CTPAT’s Five Step Risk Assessment – 2013
§CTPAT Website
§CTPAT Partner Library
Presenter’s Name June 17, 2003
Risk Assessment Tools
7
Five Step Risk Assessment Process§Mapping Cargo/Data Flow
§Threat Assessment
§Vulnerability Assessment
§Action Plan
§Documenting the Procedure
Presenter’s Name June 17, 2003
Risk Assessment Tools
8
Mapping Cargo/Data Flow
Presenter’s Name June 17, 2003
Risk Assessment Tools
9
Mapping Cargo/Data Flow§ Identify all business partners involved, whether directly
or indirectly contracted
§ Services provided
§ Physical addresses
§ Identify modes of transportation
§Determine nodes (country of origin, transit points, etc.)
§Establish acceptable transit times
§ Identify locations where cargo may rest and the duration
Presenter’s Name June 17, 2003
Risk Assessment Tools
10
Supply Chain Threats§Terrorism
§Narcotics smuggling
§Human smuggling / trafficking
§Hijacking / theft
§Cyber Crime
§Political / social unrest
§Natural disasters
§Agricultural threats
Presenter’s Name June 17, 2003
Risk Assessment Tools
11
Threats – Modified Door Equipment
Presenter’s Name June 17, 2003
Risk Assessment Tools
12
Threats – Modified Door Equipment
Presenter’s Name June 17, 2003
Risk Assessment Tools
13
Threats – Modified Door Equipment
Presenter’s Name June 17, 2003
Risk Assessment Tools
14
Threats - Counterfeit Seals
Presenter’s Name June 17, 2003
Risk Assessment Tools
15
Threats – GPS/Cell Phone Jammers
Presenter’s Name June 17, 2003
Risk Assessment Tools
16
Threats – Identity TheftAcquisition of sensitive information
§Company name / Business Entity Identifier (BEI)
§Bond
§Supply chain business partners
§Shipping documents
§Typical commodities and quantities
§Cargo flow
Presenter’s Name June 17, 2003
Risk Assessment Tools
17
Threats – Identity TheftMitigating the Threat
§Safeguarding company information
§Secure disposal of trade sensitive information
§Monitor ACE reports
§ Predefined and user customized available
§ Review activity
§ Identify and report suspicious transactions
Presenter’s Name June 17, 2003
Risk Assessment Tools
18
Threats – Cyber Crimes§Malware
§Phishing
§Employees
§Third-Party Service Providers
United States Computer Emergency Readiness Team (US-Cert) – www.us-cert.gov
§ Current activity
§ Alerts and tips
§ Weekly bulletins
Presenter’s Name June 17, 2003
Risk Assessment Tools
19
Threats – Natural Disasters
Presenter’s Name June 17, 2003
Risk Assessment Tools
20
Mitigating Threats§Understand the threats to your supply chain based on
business model and cargo flow
§Be aware of current events that may impact your supply chain
§Establish relationships and communicate with supply chain business partners
§Participate in industry groups
§Provide ongoing security and threat awareness training
§Conduct regular audits of security procedures
Presenter’s Name June 17, 2003
Risk Assessment Tools
21
Vulnerability AssessmentsAssessments of internal and business partner security measures to identify gaps and weaknesses
§ Internal / External audits of security procedures
§Business partner screening
§Security questionnaires
§Site visits
§CTPAT / AEO status verification
Presenter’s Name June 17, 2003
Risk Assessment Tools
22
Common Gaps and Vulnerabilities§Security procedures are not documented
§Employees not trained properly on established procedures
§Established procedures not being followed
§Absence of checks and balances
§Lack of internal audits/testing
§Lack of continuity plan
Presenter’s Name June 17, 2003
Risk Assessment Tools
23
Common Gaps and Vulnerabilities§Lack of effective tracking and monitoring
§Anomalies are not investigated
§Sub-contracting controls
§Poor physical access controls
§Not actively engaging with supply chain business partners
§Lack of upper management support
Presenter’s Name June 17, 2003
Risk Assessment Tools
24
Final Thoughts§Conduct regular risk assessments
§ Identify the business partners and cargo flow for each of your supply chains
§Know the potential threats within your supply chains
§Regularly identify gaps and vulnerabilities, both internally and with business partners
§Establish corrective action plans to address vulnerabilities
§Upper management support is critical
Presenter’s Name June 17, 2003
Risk Assessment Tools
25
Questions?
Mark IsaacsonActing Director Buffalo, New York Field OfficePhone: 716-5656-3202Email: [email protected]
PrivateSectorPerspective
Riskanalysisandmanagement
FirststeptoachieveanAEOcertification
RiskindicatorsintheSupplyChain
Takeortolerate Treat Transfer Terminate
Accepttherisk Takeactiontoreducerisk Passresponsibility End/donot
proceed
AEO
Government’sapproachtoEnd-to-EndSupplyChainrisk
1 3 42
WCOInstruments,GuidelinesandDeploymentsfortheanalysisofRiskManagementinEnd-to-EndSupplyChain
Isthereabalance?
ProfWiddowson
MovementfromTransactionalbaserisktoEntitybaserisk
AEO
CountriesarenowrequiredtoimplementaprogramwithintheWTOTradeFacilitationAgreement
1980’s
“PioneeringTrustedTradercomplianceprograms”
• ProvidingefficiencyforCustomsandbenefits/simplificationsforbusiness
• LedbySweden(Stairway),NetherlandsandCanada
• Enabledbyelectronicsystems
• SupportedbyAudit
• 1990’scommonadoptionofriskmanagementapproach
• “Accreditation”includedinWCOKyotoConvention
2001-2005
“EmergenceofSafetyandSecurityprograms”
• Triggeredby9/112001:terrorattackonNewYork
• Nov2001:USCBPinitiateCustoms-TradePartnershipAgainstTerrorism(C-TPAT),forUSAimporterstosecuretheirsupplychain
• Focusswitchestosecuringexportsprocesses
• 2005:WCOIntroduceAEOwithinSAFEFramework
• EuropeanschemesincorporateSecurity
2007-2018
“AEOHarmonisationandglobaluptake”
• AEOMutualrecognition:ledbyUSA:EU,Japan,NZ,Korea,China,Singapore
• Expansionofbenefitslinkedtocomplianceandsecuritystatuses,perroleplayer
• ManyCustomsinitiateanAEOProgram,supportedbyWCOcapacitybuilding
• 2013:WTOBalipackageTFA,makesAEOscompulsory
• 2015:WCOSAFEexpandstoincludeallborderagencies
AEOCustomstobusinesspartnershipprogramshavedevelopedover40years
• Simpleweightofeachcriteria
• Multi-criteriaanalysis• Randomselection
Traditionalapproach: Currentapproach:
Differentindicators
RelationshipoftheextendedSupplyChain
Singleriskassessmentindicator=Strategiesfordecisionmakers
Targethighriskshipments
Intelligentriskassessmentmethod
TradefacilitationCustomsControl
AEO
HowdoesAEOlinkintoanIntelligentRiskAssessmentmethodology
Achievingsuchabalancecanprovidesignificantflow-onbenefitsfornationaleconomies(TrendandRoberts,2010)andtheissueoftradefacilitation
JuanitaMaree(2017),adoptedfromWiddowson,2005,2007,2011,incorporatingAEO/AO;businesspartnershipsSAFEPillarII
a
c
b
d
HowdowenavigateactivitiesthattriggeraRiskinthemovementofgoods
Forexample:FCLImportandtheRelationshipLinkage
ACountry’sProgram
SupplyChain
Security
ComplianceBenefits
LinksintheAuthorised EconomicOperator
1
3
2
TraderBenefit/CustomsAdministrationBenefit
MRA
Growthincrease,improvetheeaseofdoingbusiness
Questionnaire
• Selling|BuyingCycle
• Relatedparties
• HSmaintenance
• System
• Solvency
• Managementteam&
expertise
1
Customsadministration,conductaudit:- Physicalwalkthrough
- Process,activities,reports
3 Identifygap
4 Complianceimprovementplan
5 Conductfinalaudit
6 Testknowledgeoftrader
7 Awardstatus
8 Maintenanceplan2
GenericAEOprogramfromaBusinessviewpoint
• Risk Profile identify risks vs. AEO Customs risk framework
• Customs identifies tests to mitigate each risk (from AEO policies)
• Customs identifies further information required & sample(s) required from client to test controls
Customs Audit Plan • Tests to be done• Job admin plan (who,
when, where, why, how?)
• Confirm Team logistics & admin
• Engage client
Execute Customs verifications
• Use audit policy & AEO checklists
• Audit report• Communicate results
to client
• Initiate any AEO Improvements required
• Customs consolidates all tests & outcomes
• Checks client has passed test of competence
• Submits case to certification body
• Decide on AEO certification
• Award Status & risk profiles
• AEO benefits• Monitor status
Risk Audit Planning Audit AEO Certification
• Client performs self assessment & risk assessment
• Client submits other information required
Identify list of relevant risks to
test vs. AEO criteria
AmorescientificviewtoverifyAEOcriteriaforaccreditation
• Greenlaneselectivity• Choiceofinterventionlocationwherepossible,dependingoninspectionprocess• Reduceddataanddocumentation• AccesstoCustomssimplifications• Priorityprocessingandservice• Customerrelationshipmanager
• ensuretimely,resolutionbyCustoms• Accesstospecialistresourcesforcomplexissuese.g.Tariff,valuation&originrulings• CounselonCustomsmatters
• Lowersuretyrequirement• Paymentandaccountbasedbenefits• MutualRecognitionofAEOstatuswithleadingtradingpartners(seamlessflowofcargo)• GovernmentAgencybenefits
AwiderangeofAEObenefitstoBusiness,Privatesector
39
Accreditation/Entityassuranceaudits
ProactiveClientEngagement
RemoveMandatoryChecks
Simplifications
Inspection
Complianceaudits(customsregimes)
REGISTRATION DECLARATION ASSESSMENT INSPECTION AUDIT
AEO
Res
ourc
e D
istr
ibut
ion
Value-Adding Activities
Automatedprocessingthroughintegratedriskassessment
Entity-basedperformanceaudits(Systemsandprocesses)
Typi
cal C
usto
ms
Res
ourc
e D
istr
ibut
ion
AEObenefittoCustomsAdministrationandlawenforcementagencies
keyshiftfrombeinga‘GateKeeper’toamodern‘RiskManager’
PillarIII
PillarI
PillarII
EngagementscriticalinyourCountry
End-to-Endview
• Traceabilityofcargoinsideacontainer
• ReportonstockkeepingunitLevel
FullPictureoftheSupplyChain3rd PartyReporting
RegulatoryEnvironment
Processes
Technology
FULLVISIBILITY
HowdoweCo-operateonthisjourney?
Riskanalysisandmanagement
FirststeptoanAEOcertification
Summary,conclusion&lessonslearned
Riskanalysisandmanagement-
FirststeptoachieveanAEOcertification
TradeE– Session:09h00– 09h50
Riskanalysisandmanagement
FirststeptoachieveanAEOcertification
Jointfacilitators
MarkIsaacson,ActingDirector,Buffalo,NYCTPATFieldOffice,CBP
JuanitaMaree,ManagementCommittee,SouthAfricanAssociationofFreightForwarders(SAAFF)