Monitoring and Auditing

In order to maintain OHIO’s Export Control Compliance Program and ensure consistent adherence to U.S. export control laws, the ECC, ECO, Empowered Officials, Information Security Office and OHIO Internal Audit may conduct periodic reviews, risk assessments, and audits of all aspects of the University’s Export Control Program, including, but not limited to, RPS, TCPs, recordkeeping, and projects associated with export controls.

The purpose of the review is to identify noncompliance with OHIO policies and procedures, possible violations, and identify deficiencies in training, security, procedures, etc., for corrective action. Findings will be reported to the senior Empowered Official and other leadership as appropriate. The ECO will coordinate and conduct periodic reviews to ensure that the OHIO community understands the export compliance program outlined in this Manual and that all procedures contained in the program are being implemented. 

The ECO will document the results of such reviews. The University’s Office of Internal Audit will conduct a limited review of the export control program on an annual basis with a detailed review conducted every 3 to 4 years to ensure that OHIO is in compliance with the Federal rules and regulations related to export controls. Furthermore, the Office of Internal Audit will assist the ECO, upon request, in investigations related to potential export control violations.

OHIO’s internal audits or assessments should include, but not be limited to, the following:

  • Interviews with export-related personnel and management;
  • Analysis of export control checks especially screening practices and internal controls for compliance;
  • Comparison of operational practices to written procedures;
  • Review of management commitment;
  • Review of current policies and procedures including all written guidelines;
  • Review of training and education programs;
  • Review of the order processing system;
  • Analysis of the export authorization process;
  • Analysis of the implementation of export licenses including adherence to and tracking of license conditions;
  • Review of internal assessments;
  • Review of notifications of noncompliance;
  • Review of procedures for corrective action and follow-up;
  • Review of procedures related to visits or employment of foreign nationals;
  • Review of technology controls and technology transfers, including transfers via e-mails;
  • Review of procedural checklists for travel abroad, including for hand carried items like laptop computers;
  • Review of record keeping practices;
  • Sample review of export-related documents;
  • Analysis of sample transactions