AccessibilitySkip to Top NavigationSkip to Main ContentHome  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Part 3. Submission Processing

Chapter 0. General

Section 257. Management Accountability Review

3.0.257  Management Accountability Review

3.0.257.1  (10-01-2006)
Management Accountability Review

  1. The Management Accountability Review (MAR) provides internal guidance to ensure compliance with the Federal Manager's Financial Integrity Act (FMFIA) and the corresponding OMB Circular A-127, Financial Management Systems.

  2. This IRM dictates the requirements for the MAR and Annual Assurance Process for Submission Processing. Accounts Management and Field Compliance are only responsible for the Annual Assurance Process as described in IRM 3.0.257.7 and 8.

3.0.257.1.1  (10-01-2006)
Overview

  1. FMFIA mandates that internal accounting and administrative controls shall be established by each executive agency in accordance with standards prescribed by the Comptroller General and shall provide reasonable assurance that obligations and costs are in compliance with applicable law; funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation; and revenues and expenditures are properly recorded and accounted for. The Office of Management and Budget, in consultation with the Comptroller General, shall establish guidelines for the evaluation of systems of internal accounting and administrative control. Each year, the head of the agency, based on an evaluation conducted in accordance with established guidelines, must give a statement regarding the status of the agency's internal accounting and administrative controls, also known as the Annual Assurance Process and Statement.

  2. Other legislation, including the Federal Financial Management Improvement Act of 1996 (FFMIA) and the Chief Financial Officers Act of 1990 (CFO Act) also makes federal managers accountable for the system of internal controls in their operations and holds them responsible for the identification and correction of weaknesses or deficiencies identified in their reviews. See Exhibit 3.0.257 — 3, Related References.

  3. The IRS strengthened the accountability of the managers with the inclusion of the standard to "……establish and maintain necessary internal controls to guard against waste, fraud, and abuse," in every manager's evaluation (Performance Management System (PMS)).

  4. Beginning in FY 2006, additional policy changes as outlined in revisions to OMB Circular A-123 further strengthened requirements for conducting management's assessment of internal control over financial reporting, and emphasized the need for agencies to integrate and coordinate internal control assessments with other internal control-related activities.

3.0.257.1.2  (10-01-2006)
Management Accountability Review Process

  1. The intent of the MAR is to assist managers in fulfilling their legal responsibility to review management and internal controls on procedures or subsystems in their operations and to reduce or eliminate fraud, waste, and abuse of government funds by identifying and correcting deficiencies.

  2. The operational, financial and compliance internal/management controls cover all aspects of IRS operations. The MAR will:

    1. Ensure resource use is consistent with laws, regulations, and policies.

    2. Provide assurance that programs and resources are safeguarded against waste, fraud, abuse, mismanagement, and misappropriation.

    3. Ensure reliable data is obtained, maintained and disclosed in reports.

    4. Involve all levels of management to ensure the adequacy of controls in both program and administrative activities to achieve agency goals.

  3. Exhibit 3.0.257-1 depicts MAR's role in the Annual Assurance Process. Exhibit 3.0.257 – 23, MAR Model, is a guide to begin the process for your review.

  4. Exhibit 3.0.257 – 2, Review Questions, includes that portion of the Core Financial Checklist used in the IRS reviews. The Core Financial Checklist was developed to determine compliance with the principles and standards prescribed by the Comptroller General. The complete Core Financial Checklist can be found at GAO's Web Page: www.gao.gov

  5. Exhibit 3.0.257 – 21, Key to Questions, will assist the MAR coordinator and team members in the selection of appropriate questions for a particular subsystem. This key is only a guide.

    Note:

    If a question which was deemed appropriate in Exhibit 3.0.257 – 21 IS NOT appropriate for the subsystem being reviewed, mark the question Not Applicable and explain why. Contact the NHQ MAR Program Analyst. Also contact NHQ with additions and recommendations for Exhibit 3.0.257 – 21.

3.0.257.1.3  (10-01-2002)
Reviews

  1. This section provides instructions for reviews conducted on the tax processing Revenue Accounting System (RAS) for the Submission Processing Centers.

  2. The service is required to provide detailed documentation of the results of these reviews. RAS is divided into eight subsystems:

    • Interim Revenue Accounting Control System (IRACS)

    • Federal Tax Deposit (FTD)

    • Integrated Data Retrieval System (IDRS)

    • Master File (MF)/Customer Accounts Data Engine (CADE)

    • Automated Non-Master File (ANMF)

    • Centralized Accounting Activity (CAA)

    • Electronic Federal Tax Payment System (EFTPS)

    • Integrated Submission and Remittance Processing (ISRP)

  3. The U.S. Treasury requires systems and applications to be reviewed a minimum of once every three years. In addition, reviews are required for any new subsystem or when significant changes to procedures or programming have occurred. The Review Schedules can be found under 'Schedules' at http://mcap.web.irs.gov/.

3.0.257.2  (10-01-2005)
Accountability Review Process

  1. This section defines the responsibilities of the officials involved with the reviews, describes RAS, and outlines the major tasks of a detailed review. See Exhibit 3.0.257 – 24, MAR Calendar, for timelines.

3.0.257.2.1  (10-01-2006)
Responsibilities

  1. The COMMISSIONER has overall responsibility for the Service's internal controls and accounting systems.

  2. The CHIEF FINANCIAL OFFICER (CFO) coordinates the Service's efforts of evaluation and improvement. The CFO reports on the effectiveness of the management controls and accounting systems.

  3. The NATIONAL HEADQUARTERS (NHQ) MAR PROGRAM ANALYST in the CFO office will:

    1. Provide support for the MAR review.

    2. Maintain, update, document and publish IRM 3.0.257 for the MAR.

    3. Ensure subsystems are scheduled every three years.

    4. Ensure new subsystems are added to the testing schedule for detailed review.

    5. Ensure an Annual Assurance is conducted at the National Level.

    6. Provide guidance to make certain the reviews are well documented and completed with established procedures.

    7. Maintain files to monitor and track revenue accounting deficiencies at NHQ level to ensure timely corrective action.

    8. Prepare statement on NHQ review for Annual Assurance letter.

    9. Provide reports on deficiencies and on the status of corrective actions as appropriate.

  4. The HEADQUARTERS (HQ) SUBMISSION PROCESSING CENTER (SPC) MAR COORDINATORS will:

    1. Oversee the MAR review according to guidance in IRM 3.0.257.

    2. Ensure that the accounting systems evaluations are conducted in centers and are well documented.

    3. Maintain files to monitor and track deficiencies and activities to guarantee timely corrective action.

    4. Ensure centers submit quarterly deficiency status reports.

    5. Provide technical guidance to the SPC MAR Coordinators to guarantee consistency in the scope of the review. Ensure standards of materiality, testing criteria documentation, and related requirements are met.

    6. Ensure that adequate training is provided.

    7. Consolidate and prepare fully supportable annual reports on the status of HQ's MARs.

    8. Oversee the Annual Assurance Process .

    9. Submit call memo to centers with any directives requiring an annual assessment of management controls and report on Annual Assurance Processes.

    10. Compile all annual conformance statements. Report on the status of internal controls and review of the accounting systems.

  5. The DIRECTORS, SUBMISSION PROCESSING have overall accountability for the centers' internal control and accounting systems and will:

    1. Sign and submit Statement of Assurance/Conformance annually.

    2. Ensure extensive centralized files of documentation are maintained to monitor the campus' conformance and assurance review activities.

    3. Designate a Management Official to oversee the MAR process.

  6. The SUBMISSION PROCESSING CENTER MAR MANAGEMENT OFFICIALS will:

    1. Ensure MARs are properly conducted and documented in accordance with established procedures.

    2. Ensure review process is a continuous, ongoing process which involves all levels of management.

    3. Timely sign and submit quarterly reports on the status of corrective actions to their HQ.

    4. Provide Annual Assurance/Conformance Statement to HQ.

    5. Designate a MAR coordinator to oversee the process and serve as a point of contact to HQ. The coordinator should have management experience and be analytical with a background in financial management and accounting.

  7. The SUBMISSION PROCESSING CENTER MAR COORDINATORS (technical experts) will:

    1. Establish and conduct a MAR review according to guidance in IRM 3.0.257.

    2. Select team members who are technically proficient in the subsystems under review and should include members from all three campuses.

    3. Train team members.

    4. Be familiar with the resources in Exhibit 3.0.257 – 3.

    5. Maintain centralized files for monitoring and tracking the center's review activities.

    6. Utilize management reviews and studies, and other reviews, to avoid duplication of efforts.

    7. Identify deficiencies and report the status quarterly.

    8. Complete an Annual Assurance Process.

    9. Receive and disseminate the Annual Assurance call memo from HQ.

    10. Provide support to management on Management Control Accountability Project (MCAP), IRM 1.4.2, Monitoring and Improving Internal Accounting and Administrative Controls.

    11. Assist managers in conducting annual self-assessment.

    12. Prepare the response to the Annual Assurance memo in accordance with instructions in IRM 3.0.257.8.

  8. MANAGEMENT ACCOUNTABILITY REVIEW TEAM will:

    1. Commit to the MAR process.

    2. Attend a formal training.

    3. Be familiar with the resources in Exhibit 3.0.257–3.

    4. Understand and apply the processes related to the MAR.

    5. Prepare case folders for each system question assigned.

    6. Research for supporting documentation and prepare written narratives of findings.

    7. Maintain accurate and complete case file records.

    8. Obtain a valid sample for testing.

    9. Discuss status of the review with the coordinator on a regular basis.

    10. Provide information to management of findings on an ongoing basis.

    11. Assist in development and implementation of local corrective measures for weaknesses determined during the review.

    12. Finalize the data to become part of the Conformation Report for the Annual Assurance Process.

    13. Ensure effective use of resources of time funded for MAR (OFP 990–80360).

    14. Ensure that internal controls are in place.

  9. MANAGEMENT ACCOUNTABILITY REVIEW TEAM ASSISTANT (if applicable) will:

    1. Obtain supplies needed to perform the review.

    2. Print computer-generated labels for the MAR questions.

    3. Assist the team with any computer activities.

    4. Assist the team with any clerical needs.

    5. Set up appointments with subject matter experts.

    6. Maintain all control logs.

3.0.257.2.2  (10-01-2002)
Revenue Accounting System (RAS)

  1. The Revenue Accounting System (RAS) controls and reports all financial activities of the Service's tax processing system, including taxes owed, collected, and refunded. RAS maintains the Service's accountability; it interacts and touches all of the processing, examination, and collection systems in the service center.

3.0.257.2.3  (10-01-2002)
RAS Subsystems

  1. The RAS consists of eight subsystems.

    1. Interim Revenue Accounting Control System (IRACS) is a fully automated system used to provide accounting and management control for all revenue accounting transactions.

    2. Federal Tax Deposit System (FTD) is a remittance collection system. This system collects only Business Master File (BMF) payments for withholding taxes. Payments are presented directly to the bank, and the deposit information is then sent to the service center. This activity occurs only in Austin, Cincinnati, Kansas City, and Ogden.

    3. Master File (MF)/Customer Accounts Data Engine (CADE)(Automated Data Processing System) consists of account information for each taxpayer and all electronic processing of all related transactions. The computing centers are primarily responsible for the maintenance of this system.

    4. Automated Non-Master File (ANMF) provides a process for the assessment of taxes and collection of revenue which cannot be processed on Master File/CADE. This activity has been consolidated to Cincinnati and Philadelphia.

    5. Integrated Data Retrieval System (IDRS) is a complex computer system with capability to promptly retrieve or update stored tax information which will work in harmony with the Master File/CADE accounts. Non-Master File taxpayer delinquent accounts (TDA) can also be accessed on IDRS for research purposes only.

    6. Integrated Submission and Remittance Processing (ISRP) is a self-contained system with the capabilities of capturing, formatting, and forwarding information pertaining to returns and remittances as machine-readable data to downstream processing.

    7. Centralized Accounting Activity(CAA) provides for the processing of tax returns for foreign persons, the Possessions and Commonwealths of the United States; and for the receipt and disposition of funds from countries which have treaties with the United States. This accounting activity is centralized at the Philadelphia Campus.

    8. Electronic Federal Tax Payment System (EFTPS) is a system for initiating federal tax payments electronically, both business and individual taxpayers. An electronic pre-enrollment is required in order to access the application. This activity is centralized at the Memphis Campus.

  2. All areas related to the processing of tax information will be considered for review in the appropriate subsystem. The process is ALL INCLUSIVE to pipeline and non-pipeline.

3.0.257.3  (10-01-2002)
Review Process

  1. To initiate a review, a risk analysis should be performed, documentation sources identified, responsibilities identified, logs established, and document library maintained.

3.0.257.3.1  (10-01-2006)
Centralized File

  1. The Centralized File will enable anyone with a general functional knowledge to follow the review from beginning through the final report, as well as the tracking and monitoring of the deficiencies.

    Note:

    Documentation must be stored in a locked cabinet in order to comply with security requirements.

  2. Documentation will include, but is not limited to:

    1. Administrative Files

        Index of Files
        Review Process and Narrative
        Roster of Assignments
        Document Library List
        Actual/Projected Hours
        MAR Action Plan
        MAR Quarterly Status Reports

    2. Control Logs

        Task Control Log
        Risk/Deficiency Log

    3. Deficiency Files

        Deficiency Documentation
        Deficiency Status Report
        Deficiency Completion Certificates
        Systems Change Requests/On-line Resources

    4. Risk Factors File

        Risk Factor Assessment Memorandum
        Risk Analysis Check Sheets and Assessments (team analysis and management responses)
        Risk Analysis/Scope of Review

    5. Final Report

    6. MAR IRM 3.0.257

3.0.257.3.2  (10-01-2006)
Establish/Maintain Document Library

  1. Create a centralized reference library of documents for use throughout the review process (e.g., IRMs, LEMs, documents, reports, interviews, desk procedures).

  2. Exhibit 3.0.257-4 provides suggested types of documents needed to demonstrate compliance and are recommended as part of the Document Library. Depending on the system being reviewed, the documents should be modified as required, with the objective of preparing the most effective evidence of compliance.

  3. Maintain a list of documents in library.

    1. The Document Library may be rotated from year to year. Each year the library is updated with new IRMs, interviews, reports, etc. It is not intended that a new library be established each year.

    2. Copies should be made of the documents in the library or from on-line research (e.g., SERP, etc.) to substantiate the questions and be filed in the case folders. When documentation requires numerous pages, reference the Document Library in the case folder on Exhibit 3.0.257 – 5, Documentation Control Log, or Exhibit 3.0.257 – 6, Test Documentation Control Log.

3.0.257.3.3  (10-01-2006)
Risk Assessment Process

  1. The risk assessment process is a systematic approach to determine high risk factors of a component's susceptibility to fraud, waste, or abuse.

  2. Management's participation in the risk assessment process is important to the success of the review. Prior to the review, the MAR Coordinator may issue a memorandum (See Exhibit 3.0.257-7) to gain feedback from management.

3.0.257.3.3.1  (10-01-2005)
Risk Analysis Check Sheets

  1. For documentation purposes, the process used to determine the risk factors, names and titles of team members, and a summarized risk analysis must be retained in the MAR on-site files.

  2. MAR coordinator and team members may determine risk factors.

    Note:

    The following guidelines are not designed to be stringent requirements. The guidelines may be modified as required with the objective of performing the most effective risk analysis.

    1. Identify any functions or programs of a system that may be particularly vulnerable to waste, fraud, unauthorized use, and/or misappropriation.

    2. MAR coordinator will brainstorm with team members to complete a risk analysis. Exhibit 3.0.257 – 8, Risk Analysis Check Sheets, and Exhibit 3.0.257 — 9, Summarizing Risk, may be used.

    3. Determine input and output controls; determine how they affect the adequacy and reliability of reports.

    4. Consider relationship and structure of accounting systems.

    5. Examine management reporting, integrity, and operational requirements.

    6. Validate system documentation and physical security.

  3. MAR coordinator and team members may complete Exhibit 3.0.257 – 10, Risk Analysis/Assessment Report.

    Note:

    This step identifies internal controls not in place, areas vulnerable to fraud, waste or abuse, extent of coverage, and specific areas not covered. It also serves as an outline for the major review procedures to be used, such as, documentation, testing, and observation.

    1. Prepare a report on each high risk identified by managers, team members, or any other source.

    2. Determine special test approaches needed to determine deficiencies. If TIGTA or other reviews or tests have already determined the deficiencies, annotate the source and attach documentation. FURTHER TESTING MAY NOT BE NEEDED and a corrective action plan may already exist or have been completed.

    3. Conduct a test to determine if there is a deficiency. If a deficiency is determined, prepare a final Deficiency Report and attach all documentation (Risk Review, test results, system changes/on-line resources). This documentation will be a part of the report.

    4. Use the risk assessment to determine in what direction the review should go.

3.0.257.3.4  (10-01-2006)
Identify Review Responsibilities

  1. Prepare the MAR Team Roster (See Exhibit 3.0.257-11). This document should contain background required for the system review and the name of the team members who will be conducting the review. This information is required for the final report.

  2. The team members will be conducting two types of reviews:

    1. Review of questions requiring only documentation and statements of conformance. Questions can be assigned or worked from the Task Control Log in any sequence.

    2. Review of questions requiring tests.

  3. The team determines:

    • how to do the test

    • when to test

    • where to do the test

    • what process (how many samples)

3.0.257.3.5  (10-01-2006)
Establish Control Logs

  1. Establish and maintain a set of logs to monitor and control the review for the system or process being reviewed.

    1. Exhibit 3.0.257 – 12, Task Control Log — Monitors the progress of each question by team member and date.

    2. Exhibit 3.0.257 – 13, Risk/Deficiency Log — Monitors risks/deficiencies and documentation required. Once identified as a deficiency, a control number consisting of the site, fiscal year, and a three digit number (i.e., OSPC2004–001) is assigned.

    3. Exhibits 3.0.257 – 5 & 6, Document Control Logs — Documents each question in a permanent record.

3.0.257.3.6  (10-01-2006)
Prepare Case Folders

  1. Establish a case folder for each question identified on questionnaire key (Exhibit 3.0.257–21) for the subsystem being reviewed. Folders should be linked to appropriate questions. (See Exhibit 3.0.257-2).

    1. Test questions must be readily identifiable. Folders may be color coded for identification.

    2. Label each folder with year, system, question's number, and question. Labels can be computer generated

    3. Attach a completed Documentation Control Log (Exhibit 3.0.257-5) or the Test Documentation Control Log (Exhibit 3.0.257-6) to each folder.

    4. Label all documents in the folder with the year, system, question's number, and question.

    5. Arrange documentation in the source order in the folder. (Same order as listed on the Documentation Control Log Sheet.)

  2. Case folders and appropriate supporting data should be given primary consideration as these files will document the entire review and provide the reference point for every conclusion in the review, (i.e., IRMs, interviews, desk instructions, examples, reports, etc.).

  3. The following factors should be addressed when completing the Document Control Log and documenting the review in the case folder:

    • Source Data (e.g., IRM, job aid, desk guide)

    • Location/Individual (identify resource, e.g., SERP, library, functional area).

    • Narrative substantiating conformance or deficiency.

    • Signature of preparer and MAR Coordinator.

  4. MAR coordinator will review and sign case folders, as completed, for documentation, completeness, and accuracy.

3.0.257.4  (10-01-2002)
Documentation Process

  1. Gathering adequate and correct documentation to certify that the IRS is in compliance is crucial to the MAR. Some documentation will be found in the Document Library; the rest require researching, observing, testing and interviewing. After each question has been reviewed and solid documentation gathered, a narrative is written with results of the review and/or test.

3.0.257.4.1  (10-01-2006)
Initiate Documentation Process

  1. Documenting compliance with a particular principle or standard in the questionnaire requires a logical structured approach. Use the following guidelines during the documentation and review process:

    1. Use the Suggested Documentation Roster (Exhibit 3.0.257-4) as a starting point. The guidelines provide examples of documentation used to demonstrate compliance.

    2. Use general system documentation (e.g., an accounting manual) to document broad principles and standards.

    3. Use the same documentation to demonstrate compliance with several broadly-stated principles and standards, when possible. This documentation should be maintained in the Document Library.

    4. Be specific with references (i.e., Specific=IRM 3.17.63.1.1; Non-specific=Accounting Manual).

  2. Conduct testing when:

    1. The answer to the question is unknown.

    2. Further proof of compliance beyond documentation is required.

    3. Questions are identified as tests.

    4. IRM procedures are not being followed.

    5. Internal controls indicate a problem exists.

    6. There are no controls.

    7. Prior reports (i.e., PAS, TIGTA, GAO) indicate a problem exists.

    8. Managers indicate a problem exists.

3.0.257.4.2  (10-01-2002)
System Flowcharts

  1. An important part in the system evaluation process is to obtain a general understanding of how the overall financial management system operates. This includes the purpose and use of the systems and subsystems, the relationship of these systems to each other, and how they function. Such information may already be available in a system design or operating procedures manual. If not, it should be developed. It will be useful in understanding how the system operates and in making reviews or evaluations of the system elements.

    1. Obtain the information to prepare each flowchart by reviewing existing documentation and reports, interviewing appropriate personnel, reviewing forms generated or processed, and observing operating activities.

    2. Keep the flowchart simple. Avoid excessive detail that could make the flowchart confusing. Concentrate on the data flow, description of the data, and functions. Include sufficient detail to permit identification of the various parts of the system subject to examination.

    3. Flowchart the procedures. Show the flow of data and events, indicate to whom reports are sent, and provide a narrative following the sequence of the chart. Ensure that the chart follows a logical sequence.

    4. Identify the points at which data enters and leaves the system, the disposition of documents and data, or other products generated.

  2. These flowcharts should be part of the Document Library and used to train team members.

3.0.257.4.3  (10-01-2006)
Internal Control Documentation

  1. Internal controls ensure timely and accurate processing of returns, delivery of services, and safeguarding of taxpayer information. The review of internal controls is an integral part of evaluating RAS and the Annual Assurance Process.

  2. All reviews should produce documentation on what was done and what was found. In each question, document in a narrative the following:

    1. If internal controls exist.

    2. If one or more deficiencies are identified, analyze and consider how the application of the internal control standards might correct the problem.

    3. When corrections require NHQ level to correct any or all of the deficiencies, prepare System Change Request(s) (Form 5391) and Report of Pending Control Deficiency (Exhibit 3.0.257-14).

  3. Internal control documentation should:

    1. Be present to the extent required by management to effectively control operations.

    2. Be considered adequate if the information is understandable .

    3. Include written material to describe organizational structure, operating procedures, and administrative practices (i.e., policies and procedures, organization charts, manuals, memoranda, and flow charts).

    4. Communicate responsibilities and authorities for accomplishing programs and activities.

    5. Show the type and scope of review as well as the location/individual.

    6. Provide the pertinent dates and facts, the key findings and the recommended corrective actions.

3.0.257.4.4  (10-01-2002)
Perform Documentation Review

  1. Independent review must be performed to assess the quality, adequacy, and shortfalls in the documentation review process.

    1. MAR Coordinator must perform a review of ALL documentation and sign/initial the case folder.

    2. MAR Coordinator must provide the Management Official a monthly status report, at minimum.

    3. MAR Management Official or a designee must review 10% of the testing documentation.

  2. The objective of periodic documentation reviews is to gain reasonable assurance that the review process is executed and deficiencies are identified.

3.0.257.5  (10-01-2006)
Perform Testing

  1. The Service is required by law to conduct reviews of their accounting systems to determine conformance with regulations, principles, and standards.

  2. To determine whether a RAS subsystem is in conformance, it is necessary to review and test the system in operation. The questions in Exhibit 3.0.257-2 provide guidance as to the type of testing required.

  3. Exhibit 3.0.257-21 provides assistance in choosing appropriate questions for each RAS subsystem test.

  4. Consider all factors in the tax accounting system to determine the appropriate type and extent of testing. Analyze each test question to determine how to test for compliance.

  5. Use judgment in each phase of the testing process. No simple criteria can be established to determine the required testing.

  6. Consider risk assessment in selecting test plans.

  7. Analyze results of prior system testing in the development of test plans.

  8. Test the critical aspects. Individuals with extensive knowledge of a system may find it operates differently than previously understood.

  9. Test the entire transaction, from initial authorization through processing, posting to the accounts, and reporting. Manual as well as automated operations should be included.

  10. Testing may include:

    1. Interviewing someone operating the system.

    2. Observing operating procedures.

    3. Examining system documentation.

    4. Applying procedures to live transactions and comparing results.

    5. Reviewing error reports and evaluating error follow-up procedures.

  11. Design tests to disclose whether valid transactions are processed properly and whether invalid transactions are rejected.

3.0.257.5.1  (10-01-2002)
Select Testing Approach

  1. Evaluate the following key factors to determine the appropriate extent and amount of testing for a particular circumstance.

    1. Purpose of Testing — Tests performed for financial or operational audits require more comprehensive documentation than a review for conformance to general principles and standards.

    2. Nature of Internal Control — Under strong internal controls, certain test procedures may be unnecessary, and the extent of coverage can be limited. If internal controls are strong, fewer periods or a smaller percentage of dollar or transaction volumes may need to be tested.

    3. Materiality — The greater the value of the items the more testing required.

    4. Risk — Accounts such as refunds or cash, which may be more susceptible to irregularities, may require more extensive tests than other accounts subject to less risk.

    5. Past Experience — Problems with account balances, transactions, or other areas discovered in prior year's reviews and/or audit findings indicate more testing is required.