HMRC audits are rarely about a single entry.
When an officer visits, they are looking to build an overall picture of the business’s customs controls. They will ask how declarations are prepared. They will interview key personnel. They will select entries for detailed review. They will test whether the data declared aligns with what was actually imported, paid and recorded internally.
In almost every audit, the common thread is data. Specifically, whether the business understands its CDS data well enough to explain it clearly and confidently.
Becoming audit-ready is about control, visibility and evidence.
Here are six practical steps businesses can take to become audit-ready using their CDS data.
1. Secure And Understand At Least Three Years of CDS Data
HMRC expects businesses to retain customs records for a minimum of four years. In practice, most audits focus on the most recent three.
Accessing your CDS data is the starting point, but audit readiness requires more than downloading files.
You should be able to:
Your CDS data tells a story. Audit risk increases when the business cannot articulate what that story is.
2. Know Your Duty Under Management (DUM)
One of the most common weaknesses identified during audits is a lack of clarity over total duty exposure.
Duty under management is not just what duty was paid. It is the cumulative value of your duty paid and duty saved/mitigated through the use of free trade agreements (FTAs) and special procedures. Importantly, this calculation must be in line with the three year audit window.
Example:
Period 36 months
Duty Paid £1,000,000
FTA Claimed £4,000,000
Special Procedures £5,000,000
Total DUM £10,000,000
Understanding this matters for two reasons:
If a business cannot state its total duty exposure, it is difficult to argue that the risk is being managed.
3. Validate Declaration Accuracy Early And Continuously
Errors are not unusual. Unidentified errors are the problem.
Audit-ready businesses do not wait for HMRC to identify issues. They validate declaration accuracy as part of ongoing controls.
This includes checking:
Early validation allows errors to be corrected before they become systemic. It also builds credibility.
4. Reconcile CDS Data Against Source Documents And Systems
CDS data should never sit in isolation.
To be audit-ready, businesses must be able to reconcile declarations back to:
What matters is that the business can demonstrate that:
A clear reconciliation trail is often the difference between a smooth audit and a prolonged enquiry.
5. Conduct Internal Audits And Evidence Them
HMRC does not expect businesses to outsource responsibility for compliance to brokers. The legal responsibility always remains with the importer.
Internal audits are a key expectation.
These do not need to be complex, but they must be:
Crucially, the business must be able to evidence that these checks took place. An undocumented control is indistinguishable from no control at all.
6. Establish A Clear HMRC Communication Protocol
When HMRC contacts a business, confusion often follows.
A communication protocol should define:
Clear governance reduces response times, avoids inconsistent messaging, and demonstrates organisational control.
Audit Readiness Is About Control, Not Compliance Theatre
HMRC audits are not designed to catch out well-governed businesses. They are designed to identify unmanaged risk.
Businesses that understand their CDS data, actively review it, and can explain it clearly are significantly better positioned when scrutiny arises.
Audit readiness is not a one-off exercise. It is an outcome of visibility, structure, and repeatable controls built around data.
If you can explain your data, you can defend your position.
And that is what HMRC is really looking for.
Start your free 14-day trial of CAT360 today and see how AI² - the fusion of automation and expert insight - can uncover savings, reduce risk, and give you full control of your customs operations. No card required, just instant intelligence.
.svg)
