3.0.257  Systems Accountability Review

3.0.257.1  (10-15-2010)
Systems Accountability Review

  1. The Systems Accountability Review (SAR) provides internal guidance to ensure compliance with Public Law 97-255, the Federal Managers' Financial Integrity Act (FMFIA) of 1982, and the corresponding Office of Management and Budget (OMB) Circular A-127, Financial Management Systems.

  2. The intent of the SAR is to assist Submission Processing Center Managers in fulfilling their legal responsibility to review management and internal controls on procedures or systems in their operations and to reduce or eliminate fraud, waste, and abuse of government funds by identifying and correcting deficiencies. The Service is required to provide detailed documentation of the result of these reviews.

  3. The Chief Financial Officer (CFO) is responsible for ensuring that the reviews are scheduled as mandated by the U.S. Treasury (i.e., at least every three years). The Submission Processing Campuses are responsible for ensuring that the reviews are done thoroughly and that they are well-documented.

  4. The SAR is to be conducted on the systems that feed, control, and report all financial activities of the Service's tax processing system, including taxes owed, collected and refunded.

  5. The review is conducted on the eight sub-systems that make up the Revenue Accounting System (RAS). See below for definitions.

  6. The SAR results are part of the Annual Assurance Review conducted at each campus and must be completed in time to be included in the Annual Assurance Report. See IRM 1.4.2, Monitoring and Improving Internal Controls, for specific information on conducting the reviews to conform with the Annual Assurance.

3.0.257.1.1  (10-15-2010)
Revenue Accounting System

  1. The Revenue Accounting System (RAS) controls and reports all financial activities of the Service's tax processing system, including taxes owed, collected, and refunded. RAS maintains the Service's accountability; it interacts and touches all of the processing, examination, and collection systems in the campuses.

  2. The systems include the following:

    1. Automated Non-Master File (ANMF) provides a process for the assessment of taxes and collection of revenue which cannot be processed on Master File/CADE.

    2. Centralized Accounting Activity (CAA) provides for the processing of tax returns for foreign persons, the Possessions and Commonwealths of the United States; and for the receipt and disposition of funds from countries which have treaties with the United States.

    3. Electronic Federal Tax Payment System (EFTPS) is a system for initiating federal tax payments electronically for both business and individual taxpayers. An electronic pre-enrollment is required in order to access the application.

    4. Federal Tax Deposit (FTD) is a remittance collection system. This system collects only Business Master File (BMF) payments for withholding taxes. Payments are presented directly to the bank, and the deposit information is then sent by the bank to the service center.

    5. Integrated Data Retrieval System (IDRS) is a complex computer system with capability to promptly retrieve or update stored tax information to update the Master File/CADE accounts. Non-Master File taxpayer delinquent accounts (TDA) can also be accessed on IDRS for research purposes only.

    6. Integrated Submission and Remittance Processing (ISRP) is a self-contained system with the capabilities of capturing, formatting, and forwarding information pertaining to returns and remittances as machine-readable data to downstream processing.

    7. Redesign Revenue Accounting Control System (RRACS) is a fully automated system used to provide accounting and management control for all revenue accounting transactions.

    8. Master File (MF)/Customer Accounts Data Engine (CADE) consists of account information for each taxpayer and all electronic processing of all related transactions. The computing centers are primarily responsible for the maintenance of this system.

  3. All areas related to the processing of tax information will be considered for review in the appropriate system. The process is ALL INCLUSIVE for both pipeline and non-pipeline.

  4. The U.S. Treasury requires systems and applications to be reviewed a minimum of once every three years. In addition, reviews are required for any new system, or when significant changes to procedures or programming have occurred.

3.0.257.2  (06-02-2009)
Responsibilities

  1. This section defines the responsibilities of those involved with the reviews. National Headquarters (NHQ) refers to the CFO's office in Washington, DC. Headquarters (HQ) refers to the Submission Processing (SP) Headquarters in Cincinnati.

  2. CFO coordinates the reviews through the Associate Chief Financial Officer for Revenue Financial Management (RFM).

  3. Director, SP:

    1. Designates a management official to ensure that the SAR is completed and documented appropriately.

    2. Signs and submits a SAR conformance statement for their center, which will be included in the Annual Assurance Statement.

  4. HQ SAR Management Official:

    1. Ensures SARs are properly conducted and documented in accordance with established procedures.

    2. Ensures review process is a continuous, ongoing process which involves all levels of management.

    3. Signs and submits quarterly reports timely on the status of corrective actions to NHQ.

    4. Designates a SAR Coordinator to oversee the process.

  5. NHQ SAR Program Analyst:

    1. Maintains, updates, and publishes IRM 3.0.257 for the SAR.

    2. Ensures that appropriate reviews are scheduled each year.

  6. HQ SAR Analyst:

    1. Ensures reviews are conducted as assigned by NHQ and are well documented.

    2. Maintains files to monitor and track deficiencies and activities to guarantee timely corrective action.

    3. Ensures centers submit quarterly deficiency status reports.

    4. Provides technical guidance to the SAR Coordinators.

  7. Campus SAR Coordinator:

    1. Selects team members who are technically proficient in the system under review.

    2. Trains team members.

    3. Ensures that team members record their time properly for the review (OFP 990-80360).

    4. Maintains centralized files for monitoring and tracking the review activities.

    5. Utilizes other reviews and studies to avoid duplication of efforts.

    6. Identifies deficiencies and reports the status quarterly.

3.0.257.3  (06-02-2009)
Review Process

  1. Prior to initiating a SAR, review the processes in the following sections.

3.0.257.3.1  (06-02-2009)
Centralized File

  1. A centralized file will enable anyone with a general functional knowledge to follow the review from beginning through to the final report, as well as the tracking and monitoring of the deficiencies. (Documentation must be stored in a locked cabinet in order to comply with security requirements.) Documentation should include, but is not limited to the following.

  2. Administrative files, such as:

    1. Index of files.

    2. Review process and narrative.

    3. Roster of assignments.

    4. Document library list.

    5. Actual/projected hours.

    6. SAR action plan.

    7. SAR quarterly status reports.

  3. Control logs, such as:

    1. Task control log.

    2. Risk/deficiency log.

  4. Deficiency files, such as:

    1. Deficiency documentation.

    2. Deficiency status report.

    3. Deficiency completion documentation.

    4. Procedures/systems change requests.

  5. Risk factors file, such as:

    1. Risk factor assessments from managers.

    2. Risk analysis process.

    3. Scope of review.

  6. Final report.

  7. Copy of the SAR IRM 3.0.257 in effect when review was done.

3.0.257.3.2  (06-02-2009)
Establish/Maintain Document Library

  1. Create a centralized reference library of documents for use throughout the review process (e.g., Internal Revenue Manuals, documents, reports, interviews, desk procedures).

  2. The library should include the documents needed to demonstrate compliance. Depending on the system being reviewed, the documents should be modified as required, with the objective of preparing the most effective evidence of compliance.

  3. Maintain a list of documents in the library.

    • The library may be rotated from year to year. Each year the library is updated with new IRMs, interviews, reports, etc. It is not intended that a new library be established each year.

    • Copies should be made of the documents in the library or from on-line research to substantiate the review questions and be filed in the case folders. When documentation requires numerous pages, reference the library in the case folder.

3.0.257.3.3  (06-02-2009)
Risk Assessment Process

  1. The risk assessment process is a determination of the high risk factors of a component's susceptibility to fraud, waste, or abuse.

  2. Management's participation in the risk assessment process is important to the success of the review. Prior to the review, the SAR coordinator may ask the campus director to issue a memorandum to gain feedback from management.

3.0.257.3.3.1  (06-02-2009)
Risk Analysis

  1. The SAR coordinator and team members should determine risk factors.

    Note:

    The following guidelines are not designed to be stringent requirements. The guidelines may be modified as required with the objective of performing the most effective risk analysis.

  2. For documentation purposes, the process used to determine the risk factors, names and titles of team members, and a summarized risk analysis must be retained in the SAR on-site files.

    1. Identify any functions or programs of a system that may be particularly vulnerable to waste, fraud, unauthorized use, and/or misappropriation.

    2. Brainstorm with team members to complete a risk analysis.

    3. Determine input and output controls; determine how they affect the adequacy and reliability of reports.

    4. Consider relationship and structure of accounting systems.

    5. Examine management reporting, integrity, and operational requirements.

    6. Validate system documentation and physical security.

  3. SAR coordinator and team members should complete a risk analysis/risk assessment report.

    Note:

    This step identifies internal controls not in place, areas vulnerable to fraud, waste or abuse, extent of coverage, and specific areas not covered. It also serves as an outline for the major review procedures to be used, such as, documentation, testing, and observation.

    1. Prepare a report on each high risk identified by managers, team members, or any other source.

    2. Determine special test approaches needed to determine deficiencies. If a review by the Treasury Inspector General for Tax Administration (TIGTA) or other reviews have already determined the deficiencies, then annotate the source and attach documentation. Further testing may not be needed and a corrective action plan may already exist.

    3. Conduct a test to determine if there is a deficiency. If a deficiency is determined, prepare a deficiency report and attach all documentation (risk review, test results, system changes). This documentation will be a part of the report.

    4. Use the risk assessment to determine in what direction the review should go.

3.0.257.3.4  (06-02-2009)
Identify Review Responsibilities

  1. Prepare a team roster. This document should contain background required for the system review and the name of the team members who will be conducting the review. This information is required for the final report.

  2. The team members will be conducting two types of reviews:

    • Interview - Those with questions requiring only documentation and statements of conformance. Questions can be assigned or worked from the team assignments in any sequence.

    • Testing - Those with questions requiring tests.

  3. The team determines:

    1. How to do the test.

    2. When to test.

    3. Where to perform the test.

    4. What process (how many samples) to test.

3.0.257.3.5  (06-02-2009)
Establish Control Logs

  1. Establish and maintain a set of logs to monitor and control the review for the system or process being reviewed.

  2. Set up the following:

    • Log to monitor the progress of each question, the responsible team member, and the date.

    • Log to monitor risks/deficiencies and documentation required. Once identified as a deficiency, a control number consisting of the site, fiscal year, and a three digit number (i.e., xSPC2004–001) is assigned.

    • Log to document each question as a permanent record.

3.0.257.3.6  (06-02-2009)
Prepare Case Folders

  1. Establish a case folder for each question to be answered.

    1. Test questions must be readily identifiable.

    2. Label each folder with year, system, question's number, and question.

    3. Attach a documentation control log to each folder.

    4. Label all documents in the folder with the year, system, question number, and question.

    5. Arrange documentation in the same order as on the documentation control log.

  2. Case folders and appropriate supporting data should be given primary consideration as these files will document the entire review and provide the reference point for every conclusion in the review, i.e., IRMs, interviews, desk instructions, examples, reports, etc.

  3. The following factors should be addressed when completing the document control log and documenting the review in the case folder:

    1. Source Data (e.g., IRM, job aid, desk guide).

    2. Location/Individual (identify resource, e.g., SERP, library, functional area).

    3. Narrative substantiating the conformance or deficiency.

    4. Signature of preparer and SAR coordinator.

  4. SAR coordinator will review and sign case folders, as completed, for documentation, completeness, and accuracy.

3.0.257.4  (06-02-2009)
Documentation Process

  1. Gathering adequate and correct documentation to certify that the IRS is in compliance, is crucial to the SAR. Some documentation will be found in the document library. The rest requires researching, observing, testing and interviewing. After each question has been reviewed and solid documentation gathered, a narrative is written with the results of the review and/or test.

3.0.257.4.1  (06-02-2009)
Initiate Documentation Process

  1. Documenting compliance, with a particular principle or standard in the questionnaire, requires a logical structured approach. Use the following guidelines during the documentation and review process:

    1. Use general system documentation (e.g., an accounting manual) to document broad principles and standards.

    2. Use the same documentation to demonstrate compliance with several broadly-stated principles and standards, when possible. This documentation should be maintained in the document library.

    3. Be specific with reference names.

  2. Conduct testing when:

    1. The answer to the question is unknown.

    2. Further proof of compliance beyond documentation is required.

    3. Questions are identified as tests.

    4. IRM procedures are not being followed.

    5. Internal controls indicate a problem exists.

    6. There are no controls.

    7. Prior reports (i.e., PAS, TIGTA, GAO) indicate a problem exists.

    8. Managers indicate a problem exists.

3.0.257.4.2  (06-02-2009)
System Flowcharts

  1. An important part in the system evaluation process is to obtain a general understanding of how the overall financial management system operates using flowcharts. This includes the purpose and use of the systems, the relationship of these systems to each other, and how they function. Such information may already be available in a system design or operating procedures manual. If not, it should be developed. It will be useful in understanding how the system operates and in making reviews or evaluations of the system elements.

  2. These flowcharts should be part of the document library and used to train team members.

3.0.257.4.3  (06-02-2009)
Internal Control Documentation

  1. Internal controls ensure timely and accurate processing of receipts, returns, delivery of services, and safeguarding of taxpayer information. The review of internal controls is an integral part of the SAR.

  2. All reviews should produce documentation on procedures performed and results obtained. In each question, document in a narrative the following:

    1. Whether internal controls exist.

    2. If one or more deficiencies are identified, analyze and consider how the application of the internal control standards might correct the problem.

    3. When corrections require NHQ level to correct any or all of the deficiencies, prepare a Form 5391, Procedures/Systems Change Request, and a report of the pending control deficiency.

  3. Internal control documentation should:

    1. Be present (to the extent required by management) to effectively control operations.

    2. Be considered adequate if the information is understandable.

    3. Include written material to describe organizational structure, operating procedures, and administrative practices (i.e., policies and procedures, organization charts, manuals, memoranda, and flow charts).

    4. Communicate responsibilities and authorities for accomplishing programs and activities.

    5. Show the type and scope of review as well as the location/individual.

    6. Provide the pertinent dates and facts, the key findings and the recommended corrective actions.

3.0.257.4.4  (06-02-2009)
Perform Documentation Review

  1. Independent review must be performed to assess the quality, adequacy, and shortfalls in the documentation review process.

    • SAR coordinator must perform a review of ALL documentation and sign/initial the case folder.

    • SAR coordinator must provide the appropriate management official a monthly status report, at a minimum.

    • SAR management official or a designee must review 10% of the testing documentation.

  2. The objective of periodic documentation reviews is to gain reasonable assurance that the review process is executed and deficiencies are identified.

3.0.257.5  (06-02-2009)
Perform Testing

  1. The Service is required by law to conduct reviews of their accounting systems to determine conformance with regulations, principles, and standards.

  2. Consider all factors in the tax accounting system to determine the appropriate type and extent of testing. Analyze each test question to determine how to test for compliance.

  3. Use judgment in each phase of the testing process.

  4. Consider risk assessment in selecting test plans.

  5. Analyze results of prior system testing in the development of the test plans.

  6. Test the critical aspects. Individuals with extensive knowledge of a system may find it operates differently than previously understood.

  7. Test the entire transaction, from initial authorization through processing, posting to the accounts, and reporting. Manual as well as automated operations should be included.

  8. Testing may include:

    1. Interviewing person who is operating the system.

    2. Observing operating procedures.

    3. Examining system documentation.

    4. Applying procedures to live transactions and comparing results.

    5. Reviewing error reports and evaluating error follow-up procedures.

  9. Design tests to disclose whether valid transactions are processed properly and whether invalid transactions are rejected.

3.0.257.5.1  (06-02-2009)
Select Testing Approach

  1. Evaluate the following key factors to determine the appropriate extent and amount of testing for a particular circumstance.

    1. Purpose of Testing — Tests performed for financial or operational audits require more comprehensive documentation than a review for conformance to general principles and standards.

    2. Nature of Internal Control — Under strong internal controls, certain test procedures may be unnecessary, and the extent of coverage can be limited. If internal controls are strong, fewer periods, or a smaller percentage of dollar or transaction volumes may need to be tested.

    3. Materiality — The greater the value of the items, the more testing required.

    4. Risk — Accounts such as refunds or cash, which may be more susceptible to irregularities, may require more extensive tests than other accounts subject to less risk.

    5. Past Experience — Problems with account balances, transactions, or other areas discovered in prior year's reviews and/or audit findings indicate more testing is required.

    6. Cost/Benefit Considerations — Often the cost of testing, in terms of time and resource requirements, may be greater than the potential benefits to be gained.

  2. The following are ways to determine what procedure will result in the best documentary evidence for each test objective.

    1. A 100% test of all transactions.

    2. A judgmental sampling.

    3. A statistical sampling.

    4. A single transaction test.

    5. Observation test procedures.

3.0.257.5.2  (06-02-2009)
Select Sampling Techniques

  1. Emphasis is placed on sampling methods and techniques because 100% testing of all transactions is not practical or required.

  2. Select a portion of the items from a population with the intention of arriving at a conclusion about characteristics present in the population. This technique is called sampling. Population is defined as the total set of items, persons, etc., from which a sample is taken.

  3. The test can either be an attribute or a variable. For example:

    • An attribute is a qualitative characteristic of a population which is either present or not present. For example, a schedule is present or missing, the authorizing signature is valid or not valid on a return, or the transaction is recorded or not recorded in the proper account period.

    • A variable is a deviation from normal or standard processing. For example, a foreign check deposit.

  4. Use a simple sampling plan to keep the amount of testing to a minimum.

  5. Select a small sample to test different attributes when controls are operative and there is a small population (less than 500 items) or there are only manual records.

3.0.257.5.3  (06-02-2009)
Sampling Plan

  1. Design the sampling plan for each test question using the following steps:

    1. Determine sampling objective.

    2. Establish error criteria.

    3. Estimate sample size.

    4. Select sample and perform testing.

    5. Analyze sample selected.

    6. Evaluate and document test results.

3.0.257.5.4  (06-02-2009)
Determine Sampling Objective

  1. Identify exactly what it is that you are trying to determine from the sample.

  2. Determine the sampling approach to test and the techniques to be used. Assess the circumstances surrounding the population and system being tested.

  3. Use one sample plan to test for more than one attribute when possible.

  4. Analyze the current system being reviewed. Accomplish this by reviewing prior work, walk-throughs, and internal control evaluations.

3.0.257.5.5  (06-02-2009)
Establish Error Criteria

  1. Define what constitutes an error or a control deviation. The definition should not be so broad as to be meaningless nor so narrow as to create trivial and possible incorrect distinctions.

  2. Be specific in planning a test. Identify only the types of errors which are of significance to the principal objectives of the test.

3.0.257.5.6  (06-02-2009)
Estimate Sample Size

  1. Review a large enough quantity to obtain a valid result.

  2. Consult a statistician or other trained personnel if you are still unsure after reviewing the information provided.

3.0.257.5.7  (06-02-2009)
Select Sample

  1. Sample patterns to consider:

    • Random — This is the most widely used sample selection technique. A random sample is one in which every possible combination of items in the population has an equal chance of being selected. Random selection usually involves the use of a computer, and/or random number tables.

    • Non-Random — This method provides for a selection of items in such a way that there is a uniform interval between sample items. It provides for the selection of items systematically, for example, every ninth item.

    • Judgmental — This type of sampling relies entirely on the discretion and judgment of the reviewer in deciding volume and items. A judgmental sampling is used for small populations, where internal controls have been found effective, and when it is not cost effective to select a statistical sampling.

3.0.257.5.8  (06-02-2009)
Test Questions

  1. To determine whether a system is in conformance, it is necessary to review and test the system in operation. The review questions provide guidance as to the type of testing required. Choose the ones that seem applicable to the system under review. The questions that will require an actual test are identified. These questions are based on the Joint Financial Management Improvement Program (JFMIP) Core Financial Questions that were originally selected for use in FMFIA conformance reviews. The numbering identifies on which JFMIP question they are based.

  2. I.A. Core Financial System Management - Accounting Classification Structure Management Process

    1. 1.1 Do all documents have Transaction Codes (TCs), Document Locator Numbers (DLNs), etc., and are assets and liabilities classified as such?

    2. 1.3 Does the system separate the types of transactions in the process, have a chart of accounts for each appropriation and entity, and report the total of each appropriation and entity separately?

    3. 1.6 & 1.7 Does the workflow maintain controls based on organization structure by office, division, and branch, and tie programs and projects to the responsible units?

    4. 1.8 Does the system supply the necessary documentation (such as SF-215, Deposit Ticket) that identifies agency location codes and appropriation fund symbols for all transactions and reports required by Treasury (such as SF 224, Statement of Transactions)?

    5. 1.11 Is there a structure in place to identify and classify types of revenue/receipts so that they are represented as such on the agency's financial statements?

    6. 1.12 & 1.13 Does the system provide the capability to classify accounting transactions by data elements such as miscellaneous funds, appropriations, etc., and define additional data elements to meet data classification and/or control or reporting needs of the agency?

    7. 1.14 (TEST) Is there a capability and utilization of check digits, drop down menus, scanned entries and programmable keyboard functions so that the user input is minimized, data entry is made easier, and errors are controlled and reduced?

  3. I.B. Core Financial Management - IRS General Ledger Accounts Process Account Definition

    1. 1.20 (TEST) Does the system provide subsidiary ledger support for IRS General Ledger accounts?

    2. 1.24 (TEST) Are transactions posted and transaction codes used correctly?

    3. 1.31 Does the system have the capability to add, modify, and maintain editing before final payment posting, and do authorized personnel control it?

    4. 1.32 Are validity checks performed on batches of work? Can duplicate or skipped batches be identified? Is reconciliation performed on amounts and transactions in a batch?

    5. 1.33 (TEST) Are audit trails present? Can they be used to trace a transaction from its origination to final posting? Can they be used to identify the originator?

    6. 1.34 Are transaction details provided that support account balances?

    7. 1.35 (TEST) Can transactions be traced back to their source documents? Can transactions be traced to the ledger entry and financial reports?

    8. 1.36 Are reversals and corrections documented and approved?

    9. 1.37 Can items for review be selected based on user-defined criteria (i.e., by type of transaction)?

    10. 1.38 Are audit trails utilized and do they identify document input, change approval, and deletions by the originator?

  4. I.D. Core Financial System Management - Transaction Control Process - Transaction Processing

    1. 1.39 Does the system post to the current and prior months concurrently until month-end closing, and maintain and provide on-line queries and reports on balances separately for the current and prior months?

    2. 1.40 Does the system, at year end, post to the current year by month as well as to the prior year, regardless of when year-end closing occurs?

    3. 1.41 (TEST) Does the system identify errors and allow for their correction?

    4. 1.42 Are record formats standard between systems? Are there validation checks throughout the process?

    5. 1.43 Are both batch and on-line data entry used? Are they both edited and updated in the same manner?

    6. 1.44 Can multiple users access and enter data at the same time?

    7. 1.45 Are management controls in place and working as required?

    8. 1.49 Does data entry allow for verification?

  5. I.E. Core Financial System Management - Archiving and Purging Process

    1. 1.52 (TEST) Are transactions and related information archived? Is there a way to access this information?

    2. 1.55 Are records maintained in accordance with federal regulations?

  6. II.B. General Ledger Management - Accruals, Closing, and Consolidation Process

    1. 2.5 Does the system provide the capability for multiple preliminary year-end closing before final year-end closing, while maintaining the capability to post current period data?

  7. II.C. General Ledger Management - General Ledger Analysis and Reconciliation Process

    • 2.16 & 2.17 (TEST) Can out-of-balance conditions discovered during reconciliation be corrected and is an audit trail of the corrections maintained?

  8. III.A. Payment Management - Payee Information Maintenance Process

    1. 4.6 Does the system allow for more than one check for the same taxpayer or one check for multiple taxpayers?

    2. 4.7 Are audit trails on endorsement of checks sufficient to research or trace payee?

    3. 4.8 Are audit trails produced on listings with taxpayer information?

    4. 4.24 (TEST) Are payments posted to the correct account? Is the taxpayer's account balance properly reduced?

  9. III.B. Payment Management - Payment Execution Process

    1. 4.47 Can multiple payments for the same taxpayer be combined to show one payment?

  10. IV.B. Receipt Management - Unpaid Assessments Management Process

    1. 5.16 Does the taxpayer's account show unpaid assessments through transaction codes and reference numbers?

    2. 5.17 Can the system be queried for balances due and account information?

    3. 5.29 Are payments applied and the taxpayer's account updated properly?

    4. 5.30 Can payments be split and applied to more than one taxpayer's account?

    5. 5.38 Can taxpayers use cash or credit cards to pay their liabilities?

  11. VI.A. Reporting - Access to Information Process

    1. 7.1 Can the system be queried to present specific data as requested by the user?

    2. 7.5 Can analysts obtain reports from the system?

    3. 7.6 Can historical files be easily accessed?

    4. 7.7 Can all users perform a 'print screen'?

  12. VI.B. Reporting - Financial Reporting Process

    1. 7.10 Does the system provide summarized data electronically to systems used by the agency for decision support, and provide for the preparation of financial statements from the general ledger, and by line of business?

    2. 7.14 Are formatted reports for specific needs generated for management's use?

  13. VI.C. Reporting - System Monitoring Process

    1. 7.18 Is the system monitored to determine if operations are on schedule? Can it alert management timely regarding any malfunctions?

    2. 7.19 Are statistics provided to management regarding employee access of systems? Are reports generated or accessed by management?

    3. 7.20 Does the system perform verification of data? Are reports generated?

    4. 7.21 Does the system provide a way to trace data errors?

  14. VII. Other Questions

    1. 8.1 Does the supervisor/manager of the respective system know what other systems affect their process and what systems their process affects?

    2. 8.2 Does the system provide for separation of duties?

    3. 8.3 Does more than one technician or supervisor have a working knowledge of each system? Is the responsibility for programs rotated among technicians?

    4. 8.4 Does a workflow diagram exist for the system? Is it current? How is it updated? How often? By whom?

    5. 8.5 Does a contingency or disaster preparedness plan exist? Does it include processing priorities? Does it contain specific employee responsibilities?

3.0.257.5.9  (06-02-2009)
Analyze Sample Selected

  1. Examine the sample for errors.

  2. Include errors not contemplated when planning the test.

  3. Consider, resolve, and document the cause and possible implications of any errors or deviations found.

    Note:

    Search for missing items as thoroughly as possible. The inability to examine a missing item might result in the failure to detect an error of importance.

  4. Evaluate the sampling results by deciding whether the sample has adequately met the test objectives. If the sample does not satisfy the test objectives, the sample size may be increased or alternate procedures may be performed.

3.0.257.5.10  (06-02-2009)
Evaluate and Document Test Results

  1. In the process, substantial documentation and evaluation should have been performed so the reviewers can find area(s) of deficiency, if they exist. The IRS is required to monitor the progress and correction of deficiencies identified in the SAR reviews.

3.0.257.6  (06-02-2009)
Deficiencies and Resolution

  1. Determine if any of the deficiencies can be resolved locally, or if any of the deficiencies require NHQ approval or correction. Prepare a report which includes the following information (and monitor the progress of the resolution):

    1. A control number for monitoring (i.e., xSPC2004–001).

    2. Review that identified the deficiency (i.e., SAR, Annual Assurance Process, or other review).

    3. Name of campus.

    4. A short descriptive title of the issue.

    5. SAR coordinator and telephone number.

    6. Description of the deficiency in terms of its effect on mission accomplishment.

    7. The impact to the agency in quantitative and specific terms about what undesirable consequences could occur if the deficiency is not corrected, such as, lost revenue, error rates, and impact on compliance, taxpayer burden, operating efficiency, etc.

    8. Brief summary of the approach you will use to correct the deficiency. Describe how you plan to collect the data for the results indicator. Some possible methods include using existing management information and performance statistics, special surveys, sampling and data analysis, management control reviews, audits, and staff interviews.

  2. It is recommended that a summary of deficiencies be maintained on all open deficiencies. The summary should contain: deficiency number, deficiency title, actions completed, and actions to be completed.

  3. If the control deficiency will not be completed by the end of the SAR review, develop a corrective plan of action. With the assistance of management, include the following:

    1. Any steps that have already been completed and the completion date.

    2. Those steps that will take place within the next 6 months and the target completion date.

    3. The steps that will be completed more than 12 months from now, and the target completion date.

  4. Once the deficiency is corrected, provide results to HQ in either the final or quarterly report with the following information (where possible, duplicate the information provided when deficiency was identified):

    1. The control number.

    2. Review during which the deficiency was identified.

    3. Name of campus.

    4. A short descriptive title of the issue.

    5. Date of completion.

    6. Description of the deficiency in terms of its effect on mission accomplishment.

    7. Provide an explanation of corrective actions taken, validation process used, and results.

    8. Signature of SAR Coordinator and either a management official or the SPC Director (as applicable to your site).

  5. Maintain the signed document in the SAR file at your site.

3.0.257.6.1  (06-02-2009)
Procedures/Systems Change Requests

  1. When a procedures/systems change request is submitted to NHQ to correct a deficiency:

    1. Submit notice of the pending deficiency to HQ in the annual or quarterly report.

    2. Attach a copy of the procedures/systems change request.

    3. HQ will provide a semi-annual report to service centers on all open deficiencies and status.

    4. HQ will monitor and forward any decision to the service center.

    5. SAR coordinators will track the open deficiencies at their site.

  2. When a procedures/systems change request is denied by NHQ, the submitting office is in agreement with the denial, and the deficiency is corrected, attach the response and a statement of agreement to the closed deficiency, referencing the NHQ response as justification.

  3. When procedures/systems change request is denied by NHQ, the submitting office is not in agreement with the denial and the deficiency is not corrected, prepare an appeal memo with the following information:

    1. An in-depth description of the deficiency.

    2. Recommended corrective actions.

    3. Problems and impact on the agency operations if corrective action is not taken.

  4. FAX a copy of the appeal memorandum, procedures/systems change request, and denial to SAR coordinator at HQ.

  5. The SAR coordinator will coordinate with HQ on status until NHQ responds to the appeal.

    Note:

    This is considered an open deficiency on the quarterly status report.

3.0.257.7  (06-02-2009)
Reports

  1. The review process is documented primarily with quarterly status reports and a conformance report.

3.0.257.7.1  (06-02-2009)
SAR Quarterly Status Report

  1. The SAR Coordinator and/or the management official will monitor and report quarterly on all deficiencies until closed with a certificate.

  2. Quarterly status report, will contain:

    1. Copies of new deficiencies identified during the quarter and procedures/systems change requests, if required.

    2. Copies of prior deficiencies when milestone or target dates have changed.

    3. Certificate on any deficiencies completed during the quarter with substantial documentation.

    4. Actions taken to obtain target dates on open deficiencies.

  3. Copies of the quarterly status reports and attachments (i.e., completion certificates with original signatures) must be retained in the on-site SAR file.

  4. The quarterly status reports are due October 30, January 30, and April 30. The quarter ending June 30 will be included in the conformance report.

  5. The quarterly status reports are transmitted via mail or facsimile to HQ's SAR Coordinator.

3.0.257.8  (06-02-2009)
SAR Records

  1. SAR records should be maintained for 6 years from year of review.

  2. All SAR records must be available to Treasury, GAO, or TIGTA personnel in any subsequent managerial review of accounting practices.

  3. The records should contain:

    1. Work papers.

    2. Evaluations of operations and program activities.

    3. Reports.

    4. Other documentary evidence collected during review of such systemic operations to comply with mandatory reviews as established by the Department of the Treasury.


More Internal Revenue Manual