Many companies have been highly public in sharing their tariff struggles:

• Ford Motor Company reported $700M in tariff costs and an annual net cost projection of $1B in its Q3 SEC filing — a significant bite out of Ford’s FY2024 reported net income of ~$5.9B. 
• FedEx withheld its full-year earnings guidance in late 2025, citing “erratic” tariff policies. They’re suing for a full tariff refund, noting “irreparable” volatility in their international shipping business.
• Columbia Sportswear’s CEO has talked about the “heavy lift” the company undertook to move production to countries like Vietnam and Indonesia — only to face new tariffs in those regions. 

The tariff landscape will keep evolving. But here’s what’s clear enough now:

• First-line teams in impacted organizations are seeking support from Trade Compliance teams to assess sourcing options to reduce tariff costs, adapt to and comply with fast-changing regulations, and ensure both internal and external auditability.
• Before 2025, most Internal Auditors had zero experience auditing tariffs. 
• Most Internal Audit teams are just getting started with tariff audit projects — and most of them are unsure how to proceed. They want to hear what other teams are doing and learning, helping them identify tariff audit projects that make sense for their organizations. 

In a recent Internal Audit Collective roundtable on tariffs, participants did just that, sharing their insights, questions, and planned or in-progress tariff audit projects. The consensus: In this uncharted, shifting landscape, impacted teams will benefit from staying connected, sharing updates and lessons learned. (Look for a follow-up roundtable soon.)  

Deniz Lustri (who led the discussion), Zorina Mohammed, and Alejandra Orjuela were able to share the most tariff audit project experience. While this article focuses primarily on information they shared, we’re grateful to all who participated. 

Below are key takeaways and helpful resources for understanding tariffs, tariff-related risks, and potential audit projects.

Defining Tariffs

Let’s start with the basics. The non-partisan Council on Foreign Relations gives a good rundown:

‍

• Tariffs are taxes imposed on foreign-made goods.
• They are paid by the importing business to its home country’s government.
• “Ad valorem” tariffs, levied as a fixed percentage of the imports’ value, are the most common. 
• “Specific tariffs” are charged as a fixed amount on each imported good. 

Commonly Impacted Industries

Roundtable participants came from a range of industries, including manufacturing, retail and consumer products, packaging, construction, and cargo airlines. Other commonly impacted industries include automotive, agriculture, shipping, logistics, travel/hospitality, and energy (e.g., solar panels, batteries).

Key Tariff-Related Risks 

Roundtable participants highlighted a range of risks, including:

• Volatile tariff landscape. Regulations and tariff rates change frequently, making compliance a moving target. For example, the U.S. Supreme Court’s February 20 decision invalidated tariffs issued under the International Emergency Economic Powers Act (IEEPA); many organizations have initiated the process of claiming refunds. President Trump then issued a new round of tariffs on February 22 under Section 122 of the Trade Act of 1974, which allows the president to impose tariffs for 150 days. However, congressional approval is required to extend them. 
• Supply chain concerns. Tariffs raise the cost of imported goods, compressing margins, increasing prices, and reducing demand. Organizations are weighing the pros and cons of supply chain concentration and diversification.
• Customs noncompliance. Failure to comply with customs regulations can result in penalties, shipment delays, and customs audits.
• Misapplication of USMCA rules. In particular, the United States-Mexico-Canada Agreement (USMCA) allows duty-free access for goods meeting specific rules of origin. Importers must declare products’ country of origin, value, and classifications and maintain documentation for five years. False statements can lead to severe penalties under the federal False Claims Act. 
• Incorrect tariff calculations and payments. As Zorina called out, “At the end of the day, tariffs are one line. But it’s a big impact on your inventory cost and cost of goods. If you’re getting it wrong, then you’re going to present the wrong information on both sides of the equation.” 

These risks were top of mind for roundtable participants. But this list is obviously not exhaustive. That’s why we’re also providing…

Helpful Resources for Making Sense of Tariff-Related Risks

Providing high-quality assurance and advisory assistance requires understanding what tariffs are, how they work, and how they can impact our businesses, partners, and vendors. Resources include:

• Updates: J.P. Morgan Global Research maintains a running tracker of updates and analysis. UN Trade & Development’s dashboard is customizable by industry, country, and date. 
• History: Thomson Reuters’ history of U.S. tariffs offers helpful context. 
• Impact data: The World Trade Organization shares tariff and import data for 150+ economies.  The World Bank’s WITS aggregates data on tariffs and trade flows and includes a tool for modeling trade impacts. Purdue’s Global Trade Analysis Project (GTAP) offers expert analysis, databases, and models for trade policy and tariff scenario analysis. 
• Risk Insights: Kiel Institute for the World Economy publishes policy analysis and risk insights. Foley & Lardner outlines import risks and how to manage them.  

Defining Internal Audit’s Role 

No big surprise here, but Internal Auditors aren’t the tariff experts. 

“Internal Audit should not take over the process. We should not be the only line of defense, and that’s important,” said Zorina.

“We are part of the process, but still keeping our independence,” emphasized Deniz. “We’re not advising them on what to do and how to do it.”

To that end, most Internal Audit teams are partnering with groups like Finance, Trade Compliance, Inventory Management, or Supply Chain groups on tariff audit projects. Some are also bringing in external expertise, teaming with co-sourcing providers (Big Four and other consultants). 

Potential Tariff Audit Projects

Notably, most roundtable participants are just getting started in their tariff audit journeys. That said, several potential, planned, or in-progress tariff audit projects were discussed. 

Leading Practice: A Cross-Functional Tariff Team 

Notably, both teams further along in their tariff audit journeys shared the same leading practice: Assembling a cross-functional team responsible for ongoing tariff process oversight.

Deniz and Alejandra’s organization formed a Tariff Integration Team that includes Supply Chain, Engineering, Controllership, IT, Trade Compliance, Legal, and Internal Audit. “This is not a one-time project. It’s here to stay. It’s a group that will be working together for the foreseeable future to lower tariff-related costs, make sure we are complying with regulations, and provide clear records for audit — not only our audits, but customs audits,” explained Deniz. To that end, the team is: 

• Checking where products and parts are made
• Looking at costs of materials, components, and testing
• Ensuring that products can be qualified as USMCA
• Considering other ways of sourcing or assembling products
• Getting legal advice, including having an external firm review everything to ensure that decisions are compliant with laws and regulations
• Recording the outcome of all discussions in decision trees (more on this below) 

Zorina’s organization is creating a Trade Compliance Center of Excellence. She explained that the group will work together to “set the benchmark for how the process should work throughout the organization” and drive change through all of the various business locations. But as Zorina pointed out, “While we want to get involved at every level, we don't have the expertise.” Accordingly, Internal Audit is primarily involved on a transactional basis (e.g., when reviewing incoming shipments, they verify that shipments can be tied back to what business stakeholders say they are and validate them against payments). 

Tariff Process Reviews

These reviews examine how tariff processes of different locations in the organization are working and the impact tariffs are having. Reviews focused on:

• Understanding how well-defined business locations’ tariff processes are, including ensuring clear accountability and cross-functional communication. Supply Chain, Product Development, Finance, and Inventory Management may all know what they have to do — but as one team found, “Everybody is managing on their own… nobody’s speaking to each other.” Internal Audit focused on helping ensure that groups have a clear understanding of processes sooner, including that (1) all parties are aware of the process, (2) the process includes validation of payments and calculations, and (3) process owners are clearly identified, enabling fast responses if changes or issues arise.
• Validating sources of origin, making sure correct Harmonized Tariff Schedule (HTS) codes were assigned and correct tariffs were calculated. Internal Audit found some locations relying on customs brokers to log shipments and assign codes but weren’t internally validating code accuracy. They relied on the Supply Chain team to help identify the proper codes, which have not been timely.   
• A more basic “kick the tires” approach to start, including having process owners walk through policies, procedures, controls, potential break points, ownership, and how things are working. They’ll also look at how teams ensure a dynamic approach that allows them to quickly adapt to changes and problems. Beyond that, they hope to help the first line identify potential strategic opportunities (e.g., pricing actions to recover costs).

Decision Tree Drafting/Review

Decision trees are rule sets documenting management’s decisions of where products’ key components should be sourced/made. As Deniz explained, decision trees also “document when a product qualifies for USMCA benefits, as well as which sourcing options we have in order to save on tariffs based on the current rules and which options might create compliance risks, so that the organization can mitigate those risks.” Decision trees are reviewed by Legal to become official guidance on how organizations source and make their products.

Some teams are documenting their organizations’ decision trees and — as part of tariff audit projects — are making sure the business is following the decision trees as drafted. 

As Alejandra explained, when the organization launches a new product, “We make sure they go to the correct decision tree, take the right decision, and are then able to correctly decide the right HTS code, and that the control for the region is correctly set up in SAP. Because that is when they can get lost.” 

However, as Alejandra and Zorina both emphasized, the onus is on the first line to proactively ensure they’re assigning the codes correctly — not waiting until Internal Audit completes their review.

Internal Audit can also play a key change management role relative to decision trees. As Zorina shared, “Change takes time. It requires reinforcing with everyone that when you’re adding a new item, you need to follow the decision tree. If you’re not following it, that’s where the QC of your data comes into play. As things are added on, there must be quality control to validate that the information is accurate.” Ultimately, as people get into the habit of using the decision tree properly and knowing the data will be QC’d, accuracy increases and QC levels can ultimately drop.

Data Governance Audit Support

Because some coding errors may result from incorrect master data setup in SAP, Internal Audit can advise the organization’s Trade Compliance team on a master data governance project. Zorina explained, “If someone’s doing something wrong but there's no review, that's where Internal Audit can provide some assurance. If this is the setup, show me how you’ve decided that this is how it should be classified in SAP.” 

Again, however, because Internal Audit are not the tariff experts, our role is simply to identify potential problems — not provide the solutions for how to fix them. 

Third-Party Vendor Audits

In a case where the business has outsourced tariff compliance to a third-party vendor, Internal Audit is scoping out a vendor audit (e.g., looking for overpayment or underpayments). 

Organizations use their own internal tariff systems, and third-party brokers use their own systems. So it’s important to assess: Is everyone communicating and saying the same things? Or do views differ, such that one party is allocating the wrong code and the wrong tariffs are being paid? 

While the first line is responsible for verifying that brokers are using the correct codes, Internal Audit can help provide assurance.

THE LAST WORD: Make Internal Audit Part of the Tariff Conversation

First, if you are in an impacted industry and Internal Audit isn’t yet part of the tariff conversation, step up and start a dialogue. 

• Reach out to the teams on the front lines of managing tariffs. Share what other companies are doing (e.g., forming a cross-functional tariff team, tariff process reviews, decision trees). 
• Find out how you can help. Add it to your audit plan.
• Stay tuned for the next Internal Audit Collective roundtable on auditing tariffs.

The Internal Audit teams who’ve been diving in on tariffs are a fantastic example of how to be a next-generation audit team positioned to keep driving relevant value for their organizations.

Tariffs are a new and emerging risk area. Internal Auditors are proactively stepping up to be part of the solution, playing a larger role than we have traditionally taken. 

Maybe, the more Internal Audit focuses on new and emerging risks, the more opportunity we’ll have to change our role from “compliance police” to trusted advisors.

At minimum, helping to carry out some of the advisory projects recommended by our organizations’ subject matter experts is a great opportunity to help the business see your team differently. 

‍