1.4.30 Monitoring Internal Control Planned Corrective Actions184.108.40.206 Overview220.127.116.11 Background18.104.22.168 Authorities22.214.171.124 Definitions126.96.36.199 Acronyms188.8.131.52 Roles and Responsibilities184.108.40.206 Requirements Governing the Internal Control Process220.127.116.11 Joint Audit Management Enterprise System (JAMES)18.104.22.168.1 JAMES Users, Account Access, and Recertifications 22.214.171.124.2 JAMES User Roles126.96.36.199.3 JAMES Audit Report Numbering188.8.131.52.4 Numbering for Findings, Recommendations, and PCAs184.108.40.206.5 Important JAMES Data Fields and Terms220.127.116.11.6 Due Date Requirements18.104.22.168.7 Entering New Audit Entries into JAMES 22.214.171.124.8 Audit Reporting, Monitoring, and Requirements126.96.36.199.8.1 Treasury Monthly Reporting188.8.131.52.9 Category for Delays/Extensions in JAMES184.108.40.206.10 Reporting Procedures for Updating and Tracking Material Weaknesses, Significant Deficiencies, and Remediation Plans220.127.116.11.11 Closed PCA Quality Assurance Review18.104.22.168 MC ESC JAMES Statistical Analyses Tables22.214.171.124 Related Resources Part 1. Organization, Finance, and Management Chapter 4. Resource Guide for ManagersSection 30. Monitoring Internal Control Planned Corrective Actions 1.4.30 Monitoring Internal Control Planned Corrective Actions Manual Transmittal October 16, 2015 Purpose (1) This transmits revised IRM 1.4.30, Resource Guide for Managers, Monitoring Internal Control Planned Corrective Actions. Material Changes (1) This IRM was revised to reflect current practices and processes to assist managers and senior-level officials with effective monitoring and implementation of planned corrective actions (PCAs) affecting IRS internal control. It also contains revised detailed guidance for administering and updating the Treasury Joint Audit Management Enterprise System (JAMES) audit tracking system with information on recommendations and PCAs resulting from audits conducted by the Government Accountability Office (GAO) and Treasury Inspector General for Tax Administration (TIGTA). (2) Replaced FMC ESC (Financial and Management Controls Executive Steering Committee) with MC ESC (Management Controls Executive Steering Committee) to reflect the committee's name change. (3) New IRM subsections were added; therefore subsections were renumbered. (4) IRM 126.96.36.199, Authorities, revised. (5) IRM 1.4.30,4, Definitions, new. (6) IRM 188.8.131.52, Acronyms, revised. (7) IRM 184.108.40.206, Roles and Responsibilities, made minor revisions throughout. (8) IRM 220.127.116.11 (5), Roles and Responsibilities - Office of Internal Control (OIC), revised roles and responsibilities. (9) IRM 18.104.22.168 (6), Roles and Responsibilities - JAMES Audit Coordinators (JACs), revised roles and responsibilities. (10) IRM 22.214.171.124, Requirements Governing the Internal Control Process, new. (11) IRM 126.96.36.199.1, JAMES Users, Account Access, and Recertifications, added information on supporting information and PII and revised information on recertification. (12) IRM 188.8.131.52.2, JAMES User Roles, revised. (13) IRM 184.108.40.206.5, Important Data Fields and Terms, added information on the Status Date and Status/Comment Log (formerly Status Description). (14) IRM 220.127.116.11.6, Due Date Requirements, revised for clarification. (15) IRM 18.104.22.168.7, Entering New Audit Entries into JAMES, revised information throughout. (16) IRM 22.214.171.124.8, Audit Reporting, Monitoring, and Requirements, made revisions for clarification. (17) IRM 126.96.36.199.10, Reporting Procedures for Updating and Tracking Material Weaknesses, Significant Deficiencies, and Remediation Plans, revised. (18) IRM 188.8.131.52.11, Closed PCA Quality Assurance Review, new. Effect on Other DocumentsIRM 1.4.30, dated April 26,2013, is superseded. AudienceAll IRS Executives, Managers, and JAMES Audit Coordinators Effective Date(10-16-2015)Jeffrey S. WallbaumActing Chief Financial Officer 184.108.40.206 (04-26-2013) Overview It is essential that all managers, senior-level officials, and audit coordinators understand their roles, responsibilities, and requirements for monitoring Planned Corrective Actions (PCAs) in the Treasury Joint Audit Management Enterprise System (JAMES) audit tracking system. This IRM provides roles and responsibilities and guidance for maintaining the Treasury JAMES audit tracking system. The Chief Financial Officer (CFO), Corporate Planning and Internal Control (CPIC) unit, Office of Internal Control (OIC), developed and maintains this IRM. The CFO:CPIC:OIC administers the IRS internal control program. 220.127.116.11 (04-26-2013) Background Internal control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives; and in doing so, supports performance-based management. It also serves as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. It helps government program managers achieve desired results through effective stewardship of public resources. Systems of internal control provide reasonable assurance that the following objectives are being achieved: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations The IRS is subject to annual audits conducted by the Government Accountability Office (GAO) and the Treasury Inspector General for Tax Administration (TIGTA) to ensure its programs and activities operate according to established policies and procedures. Tracking issues, findings, recommendations, and the current status of PCAs resulting from annual audits is mandatory to comply with the intent of the standards of internal control. Treasury implemented the JAMES audit tracking system for use by all bureaus to track, monitor, and report the status of internal control audit results. 18.104.22.168 (10-16-2015) Authorities The following statutes and regulations are the most significant Laws and Federal regulations that affect the internal control program at the IRS: Federal Managers' Financial Integrity Act of 1982 (FMFIA) Federal Financial Management Improvement Act of 1996 (FFMIA) Chief Financial Officers Act of 1990 Office of Management and Budget (OMB) Circular A-123, Management's Responsibility for Internal Control Treasury Directive 40-04, Treasury Internal (Management) Control Program, issued January 4, 2001 Inspector General Act 1978, as amended OMB, Treasury, GAO, TIGTA, the Management Controls Executive Steering Committee (MC ESC), and the IRS CFO set standards and establish policies and procedures for the internal control program. 22.214.171.124 (10-16-2015) Definitions Below are definitions for terms used throughout this IRM. A6 Audit Summary Report – a report generated from JAMES used to verify information entered into JAMES. The report contains a summary of findings, recommendations, and PCAs, including the amount of any potential monetary benefits. Generally, the information in this report is entered verbatim from the TIGTA Corrective Action Form. Bureau Central Editor – the JAMES role with read and update capabilities used by OIC to perform the following actions: Enter material weaknesses, significant deficiencies, reportable conditions, remediation plans, and GAO/TIGTA audit reports findings, recommendations, and PCAs into JAMES Validate status updates entered by program users Reject status updates if they do not meet all reporting requirements and notify the Bureau Program Office (BPO) user that the status was rejected and the reason for the rejection Bureau Program Office (BPO) – the JAMES role used primarily by the business operating division (BOD) to read and update PCAs and to upload supporting documentation. Bureau Program Office Read-Only – the JAMES role that provides read-only access to the JAMES database. This role does not have the capability to view Limited Official Use and Sensitive But Unclassified audit reports or use of the supporting documentation feature. Corrective Action Form (CAF) Abstract – a form used by TIGTA to provide audit information to OIC for the entry of audit reports into JAMES. Draft Audit Report – a draft report prepared by TIGTA/GAO after the audit to provide management the opportunity to review findings and share concerns before the team issues the final report. Extended/Delayed – an option in JAMES used to extend a PCA due date, which requires the selection of a reason code from a drop-down listing. Final Audit Report – a report where TIGTA and GAO identifies opportunities to improve tax administration by conducting comprehensive, independent performance and financial audits of IRS programs, operations, and activities. Finding – describes the deficiency or opportunity for improvement in the remediation plan or audit report. Form 13872, Planned Corrective Action (PCA) Status Update for TIGTA/GAO/MW/SD/TAS/REM Reports – the form used by all BODs to update PCAs in JAMES, such as implementing, extending the due date, and/or making status updates. Internal Control – is an integral component of an organization’s management that provides reasonable assurance that the following objectives are being achieved: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations JAMES Recertification – annual verification of each JAMES user account to determine if the account is still needed or should be removed. Joint Audit Management Enterprise System (JAMES) – Treasury’s web-based audit tracking system used for tracking issues, findings, recommendations, and PCAs from TIGTA and GAO audit reports. Material Weakness – a deficiency, or combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent,or detect and correct, misstatements on a timely basis. Original Due Date – this is the initial date set by management to implement the action, which is taken from the corrective action plan. Ongoing – is used by management in lieu of a due date for unusual circumstances when no due date can be set, such as when legislative changes could take several years to implement. If the action is ongoing, the implementation date will be the date that the action or procedure started, with an explanation that it is an ongoing action. Planned Corrective Action (PCA) – contains a detailed description of how management will implement a recommendation to address the audit finding(s). The PCA also includes due date(s) and the responsible official(s). Quarterly Forecasts – a projection of the number of PCAs the BODs plan to meet, extend the due dates and/or require Information Technology’s involvement in order to be implemented. Recommendation/Issue – addresses the finding and provides TIGTA and GAO comments to management that, when implemented, will correct the issue. Rejected – the action recorded in JAMES when management disagrees with a TIGTA and GAO recommendation. Remediation Plan – a plan to achieve FFMIA compliance when an agency's annual review determines its financial management systems cannot prepare required financial statements and reports, cannot provide reliable and timely financial information for managing operations, and cannot account for assets in accordance with Federal accounting standards and the United States Standard General Ledger. Scorecard Report – a report that reflects monthly and year-to-date PCA audit activities and the total number of PCAs due in upcoming quarters. Treasury sets yearly goals for the percent of PCAs expected to be timely closed and provides the IRS a performance score of red, yellow, and green. This report receives a great amount of attention from senior management across Treasury, including the Deputy Secretary. Significant Deficiency – a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit the attention of those charged with governance. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. Sixty (60) Day Letter – the Commissioner’s written statement to Congress providing PCAs to address recommendations contained in a final GAO report. Status Update – provides actions taken by the BOD that correct identified deficiencies, produce recommended improvements, and/or demonstrate that audit findings are either invalid or do not warrant corrective action. 126.96.36.199 (10-16-2015) Acronyms This IRM contains the following acronyms and their meanings: Acronym Meaning ACFO Associate Chief Financial Officer BOD Business Operating Division BPO Bureau Program Office CAF Corrective Action Form CFO Chief Financial Officer CPIC Corporate Planning and Internal Control CUI Controlled Unclassified Information FARS Financial Analysis and Reporting System FFMIA Federal Financial Management Improvement Act of 1996 FMFIA Federal Managers' Financial Integrity Act of 1982 GAO Government Accountability Office JAC JAMES Audit Coordinator JAMES Joint Audit Management Enterprise System LOU Limited Official Use MC ESC Management Controls Executive Steering Committee MW Material Weakness OIC Office of Internal Control OIG Office of the Inspector General OMB Office of Management and Budget OS Operations Support Organization PCA Planned Corrective Action PII Personally Identifiable Information PO Program Office REM Remediation Plan SE Services and Enforcement Organization SBU Sensitive But Unclassified SD Significant Deficiency SOP Standard Operating Procedures TIGTA Treasury Inspector General for Tax Administration UWR Unified Work Request 188.8.131.52 (10-16-2015) Roles and Responsibilities The Department of the Treasury (Treasury) is responsible for: Overseeing the agency's internal control program to ensure compliance with applicable laws, policies, and procedures Working with IRS management when it cannot reach agreement on TIGTA audit recommendations Making final management decisions on audit recommendations when disagreement exists and resolution can not be reached between TIGTA and the IRS Ensuring that audit follow-up is an integral part of Treasury’s FMFIA compliance Monitoring and tracking all agency action plans for material weaknesses (MW), significant deficiencies (SD), remediation plans (REM), and audit report findings and recommendations in Treasury’s JAMES audit tracking system, and assessing the quality of performance and the effectiveness of internal control Evaluating and making recommendations to strengthen the internal control program Preparing reports for the Secretary of the Treasury, OMB, and Congress that contain data required by Section 5 of the Inspector General (IG) Act, and other reports required by statute or regulation The IRS Commissioner has overall organizational responsibility for: Ensuring the IRS internal control system adheres to statutory and regulatory standards related to internal control Ensuring that the performance plans for each Senior Executive Service (SES) member or equivalent employee having significant responsibilities for internal control contain appropriate performance requirements and expectations for such responsibilities Ensuring that recommendations are implemented, PCAs are taken in a timely fashion through independent verification, and that validation occurs Submitting statements to the appropriate Congressional committees and/or the Director of OMB, as required by statute or regulation, for audit reports issued by GAO Designating an Internal Control Officer to administer the internal control processes for his/her respective organization Designating an Audit Follow-up Officer The Chief Financial Officer (CFO) is the designated IRS Internal Control Officer and Audit Follow-up Officer and is responsible for: Overseeing the IRS internal control program Evaluating all systems of internal control on an ongoing basis and ensuring that audits, internal control reviews, risk assessments, and other evaluations are coordinated to complement one another with minimum duplication of effort Planning, directing, and evaluating implementation of the provisions in Treasury Directives, OMB Circulars, and FMFIA and FFMIA regulations and standards Reporting to Treasury all internal control deficiencies identified in audit reports, internal reviews, and from other sources that have the potential of meeting Treasury’s material weakness criteria Ensuring timely correction and validation of all identified program and operational deficiencies, both material and non-material Ensuring that detailed procedures, documentation, training, and reporting requirements related to the internal control program are issued and implemented Ensuring that appropriate IRS officials and the MC ESC are informed of situations that may jeopardize significant corrective action plan implementation Providing timely responses to Treasury, OMB, GAO, TIGTA, and IRS management Evaluating the program's performance and ensuring that internal control evaluations are an integral part of the IRS internal control program Reporting quarterly progress on remediation plans to OMB to achieve FFMIA compliance Representing the IRS in the audit resolution process where there is disagreement with an audit recommendation to attempt to negotiate and resolve differences before referral to the Deputy Secretary of the Treasury Advising and consulting with the Treasury Deputy Chief Financial Officer whenever a matter will be referred to the Deputy Secretary for resolution Coordinating the IRS response according to policies for corresponding with GAO (See TREASURY DIRECTIVE 40-02, Corresponding with the General Accounting Office (GAO)) The Associate CFO for Corporate Planning and Internal Control (ACFO for CPIC) is designated by the CFO to carry out the responsibility for administering the IRS internal control program. In addition to being the IRS MC ESC program executive, the ACFO for CPIC has audit follow-up responsibilities, which include: Coordinating the CFO’s written response with the responsible program office and the issuing audit organization no later than 30 days following the receipt of the draft report, which should include agreement or disagreement with recommendations contained in the draft audit report Submitting written responses to audit recommendations issued by GAO/TIGTA, when related to CFO PCAs, due dates, and other milestones for achieving results Ensuring that appropriate IRS officials and the MC ESC are informed of situations that may significantly jeopardize implementation of a PCA Providing timely responses for information provided by Treasury, OMB, GAO, TIGTA, and IRS management Providing information on the progress or issues regarding the remediation plan Ensuring that the content in JAMES is complete, and updated timely and accurately with specific data on material weaknesses, significant deficiencies, remediation plans, GAO and TIGTA audit findings, related recommendations, and action plans The Office of Internal Control (OIC) reports to the ACFO for CPIC and is responsible for carrying out the day-to-day internal control program, including audit follow-up. In accordance with Treasury, OMB, GAO, TIGTA, and IRS policy and procedures, the OIC’s audit follow-up responsibilities include: Acting as the IRS Responsible Official by administering and approving all IRS account authorizations for JAMES users Providing basic training on an as-needed basis to all JAMES users Entering, monitoring, and tracking material weaknesses, significant deficiencies, and GAO/TIGTA audit report findings, recommendations, and PCAs into JAMES Preparing the JAMES A6 Audit Summary Report when a new audit is issued. See IRM 184.108.40.206.7, The Joint Audit Management Enterprise System (JAMES), for more on the JAMES A6 Audit Summary Report Reviewing and validating all status updates entered into JAMES by the JAMES Audit Coordinators (JACs) Requesting that Treasury makes special JAMES changes such as reopening closed recommendations or reopening closed PCAs Maintaining complete and accurate records of IRS management updates and responses to the FMFIA and remediation plan corrective actions Providing direction and assistance to JACs and their managers, as needed Preparing, maintaining and providing guidance, and recommending policy and procedures for the internal control program Preparing reports required by Treasury, OMB, and IRS management on internal control Rejecting a PCA status and notifying the Program Office (PO) user if executive certification is not submitted for implemented PCAs within five work days of the due date Providing information to Treasury to add new JAMES users, modify accounts, and close inactive accounts Performing an annual quality assurance review on closed PCAs to ensure sufficient supporting documentation is available Reporting the results of PCAs reviewed to the BODs JAMES Audit Coordinators (JACs) are responsible for: Assisting management with the internal control program Serving as their function's primary liaison with the OIC Assisting management with meeting their reporting requirements under FMFIA, FFMIA, and/or other audit reporting requirements Ensuring that action plans for material weaknesses, significant deficiencies, the remediation plan, and audit findings and recommendations are appropriate Ensuring that the most current status of action plans are posted in JAMES and that PCAs are implemented timely JAMES Primary Audit Coordinator. Management in each BOD should designate a JAMES primary audit coordinator and a JAMES secondary audit coordinator, as needed. This will allow the OIC staff to have one central point of contact for each BOD. Depending on the BOD, these duties can be performed by either the JAMES primary or secondary audit coordinator. The JAMES primary/secondary audit coordinator's responsibilities include: Providing technical assistance to management and review teams in the evaluation of controls Preparing and submitting verification of the completion of PCAs for significant deficiencies, material weaknesses, remediation plans, and GAO/TIGTA audit reports to the OIC Monitoring and updating the status of PCAs for material weaknesses, significant deficiencies, and GAO/TIGTA issued audit findings and recommendations into JAMES, as appropriate Reviewing new GAO and TIGTA audits entered into JAMES to ensure the accuracy of the findings, recommendations, PCAs, due dates, potential and actual monetary benefits, and assignments of responsibility Notifying the OIC when there are errors or problems in JAMES that may need further investigation, correction, or resolution through the A6 Audit Summary Report verification process Establishing and maintaining control records to monitor the remediation plan, material weaknesses, significant deficiencies, and PCAs (Records should be kept in accordance with GSA General Records Schedule 16 (Part 14) Management Control Records PDF) Following up with management to ensure that the status of each PCA is reported timely Entering the status of PCAs into JAMES when actions are completed and implemented Entering PCA Due Date extensions when more time is needed to complete the PCA. A PCA may need to be delayed in order to have a change in status to show that it was completed in a timely manner Example: Short term - will be completed within this fiscal year Example: Long-term - may need to establish a due date beyond the current fiscal year to develop solutions such as creating an IRM or implementing IT reprogramming requirements Uploading the required executive certifications via Form 13872 Assisting management in obtaining the appropriate concurrence to reject a recommendation, transfer responsibility, or cancel/revise a previously approved PCA Maintaining complete FMFIA, FFMIA, and other audit files to include documentation of corrective actions taken, executive certification of status updates, and concurrence memoranda Entering into JAMES the realized/unrealized monetary benefits for implemented PCAs that have potential monetary benefits, and uploading the required executive certification of the status updates via Form 13872 Serving as liaison between BOD management and the OIC for issue resolution Providing guidance to enable management to comply with internal policy and procedures to fulfill their reporting responsibilities Assisting management with preparing responses to draft audit reports in order to ensure that the responses address the issues, PCAs are concise and clear, proposed implementation dates are realistic, and ownership is accurately assigned Ensuring status updates are concise, clear, and comply with reporting requirements Ensuring PCAs address material weaknesses and significant deficiencies Ensuring status of implemented actions are entered into JAMES redundant within five work days of the due date to be considered timely, and that all extended actions are entered and updated in JAMES on or before the due date Ensuring the action status and due dates of the material weakness, significant deficiency, remediation plan, or audit report agree Note: It is especially important that all PCAs are entered and/or closed timely in JAMES in order for the IRS to achieve "Green" on the Treasury Scorecard Report Ensuring sufficient documentation supporting a PCA closure is available for five years after the fiscal year in which the PCA was closed 220.127.116.11 (10-16-2015) Requirements Governing the Internal Control Process The Heads of all BODs should adhere to the requirements governing the internal control process for JAMES by: Emphasizing the importance of following this guidance to ensure that the requirements governing the internal control process and the maintenance of supporting documentation and certification of corrective actions are met Directing BOD internal control staff to review and update their existing guidance, as necessary, to align with this IRM Maintaining proper separation of duties when approving the closure of corrective actions by ensuring that the same individual in the BOD does not sign Form 13872 as both the program coordinator and the approving official 18.104.22.168 (04-26-2013) Joint Audit Management Enterprise System (JAMES) JAMES is Treasury’s web-based audit tracking system. JAMES tracks issues, findings, and recommendations extracted from the Office of the Inspector General (OIG) and GAO and TIGTA audit reports. It also tracks the current status of PCAs for related material weaknesses, significant deficiencies, and remediation plans. In order to comply with the intent of FMFIA, OMB Circulars, and Treasury Directives, tracking these audits and PCAs is mandatory. Note: The IRS is primarily audited by GAO and TIGTA. The information contained in JAMES is used by Treasury to assess the effectiveness and progress of bureaus in correcting their internal control deficiencies and implementing audit recommendations. PCAs are entered into JAMES and must be updated on or before their scheduled due date to reflect their current status. JAMES allows bureau users to run reports to assess the effectiveness of programs, query by topic, and create management ad hoc reports. JAMES tracks status updates to support timely completion of PCAs for: Audit reports (OIG, TIGTA, and GAO) Material Weaknesses Significant Deficiencies and existing Reportable Conditions FMFIA Remediation Plan Actions Treasury upgrades the Disaster Recovery (DR) Servers annually. This requires OIC to test and verify access before and after Treasury has completed the server upgrade to ensure that all JAMES users can access the new URL with little or no interruptions. This also requires that all user identifications (IDs) and passwords are active while in the DR environment. OIC works with the IT organization help desk to resolve any discrepancies. This exercise usually lasts about two weeks. 22.214.171.124.1 (10-16-2015) JAMES Users, Account Access, and Recertifications Effective February 1, 2012, Treasury automated the Financial Analysis and Reporting System (FARS) e-Form, which is required to obtain JAMES access. The FARS e-Form is an electronic version of the paper-based FARS access request form. The FARS e-Form is integrated within the FARS application and is only accessible to the FARS designated responsible officials and the FARS help desk team. This form allows designated responsible officials to electronically submit and track all new and modified requests for JAMES access and allows Treasury to improve the cycle time for completing requests. To request access to JAMES, the JACs are responsible for providing the following user information to the designated IRS Responsible Official in the OIC: Name E-mail Address Telephone Number Level of Access/User Role: Bureau PO User (update Planned Corrective Actions) or Bureau PO Read Only (read and run reports) Account Type: New Account or Modify Account Office Organizational Symbols Example: OS:CFO:CPIC The IRS Responsible Official will complete and submit the FARS e-Form to Treasury electronically. The Treasury FARS help desk will establish the user account and notify the user by e-mail, providing a user ID and temporary password. When new users log into JAMES for the first time, they will be prompted to read and acknowledge the FARS Rules of Behavior document before gaining access to the application. To remove or modify JAMES accounts, the designated JAC must send an e-mail to the designated IRS Responsible Official in the OIC, providing the user’s name to be removed and/or the requested account modification. JAMES training material and on-line help information is located on the Treasury JAMES Home Page. Note: You must have a JAMES account to access this page. JAMES Recertification – Treasury requires JAMES users to recertify their access annually, which is initiated by the IRS Responsible Official. During this time, users may also inform the IRS Responsible Official if they no longer need their account or if any modifications are needed to their profile. The OIC will notify Treasury of the results of the recertifications by the response due date. 126.96.36.199.2 (10-16-2015) JAMES User Roles JAMES employs specific profile settings to control access and information updating privileges to its database. The three main profiles and privileges are presented below. Bureau Central Editor (The OIC Role). The Bureau Central Editor is able to read all data for the bureau and perform the following actions: Enter material weaknesses, significant deficiencies, reportable conditions, remediation plans, and GAO/TIGTA audit reports findings, recommendations, and PCAs into JAMES Validate status updates entered by program users Reject status updates if they do not meet all reporting requirements, and notify the PO user that the status was rejected and the reason for the rejection Provide basic JAMES training to new users Bureau Program Office (BPO) Users (referred to as JACs): The BPO has the capability to update PCAs when required. Validation of updates to a PCA is verified/approved by a Bureau Central Editor user. The BPO can view Limited Official Use (LOU), Controlled Unclassified Information (CUI), or Sensitive But Unclassified (SBU) audit reports as long as the PCA is assigned to their organization. The BPO is allowed to: Enter PCA status updates into JAMES - Entry of status updates by the JAMES program user is mandatory. The OIC will only enter a status update under extraordinary circumstances and will require supervisory approval Review new reports entered into JAMES - JAMES is programmed to send an automated e-mail notification to inform the OIC Bureau Central Editor that a status update is available for review in JAMES Upload all supporting documentation and Form 13872 into JAMES Bureau Program Office Read Only: This role provides read-only access to the JAMES database, except for LOU, CUI, or SBU audit reports. Read Only users cannot view supporting documentation for the PCA. 188.8.131.52.3 (04-26-2013) JAMES Audit Report Numbering Each TIGTA and GAO audit report is assigned a unique Audit Number. This is the number assigned to the final report and is the number entered in JAMES for tracking and reporting purposes. TIGTA Audit Report Number – Each report number begins with the complete fiscal year and is followed by subject and audit identifying numbers Example: 2015-10-053 GAO Audit Report Number – Each report is assigned an identification number Example: GAO-15-001. The two middle digits (15) represent fiscal year 2015 and is followed by the report number (001) assigned by GAO 184.108.40.206.4 (04-26-2013) Numbering for Findings, Recommendations, and PCAs For each audit report, JAMES tracks the findings, the recommendations/issues for each finding, and the PCA(s). The numbering in JAMES is displayed as a one or two-digit number for findings, recommendations, and PCAs, which may not match the numbering in the audit report. Finding – the first number in a three-digit series when referring to the recommendation or corrective action of a GAO or TIGTA audit report and describes the deficiency or opportunity for improvement in the remediation plan or audit report Example: 1-1-1, 2-1-1 , 3-1-1. It reads, Finding 1, Recommendation/Issue 1, Planned Corrective Action 1; Finding 2, Recommendation/Issue 1, Planned Corrective Action 1; Finding 3, Recommendation/Issue 1, Planned Corrective Action 1 Recommendation/Issue – the second number in the three-digit series following the Finding number when referring to the recommendation or corrective action. A Finding may have more than one Recommendation/Issue; which addresses the material weakness or significant deficiency for the preceding Finding Example: 1-1-1 , 1-2-1, 1-3 -1. It reads, Finding 1, Recommendation/Issue 1, Planned Corrective Action 1; Finding 1, Recommendation/Issue 2, Planned Corrective Action 1; Finding 1, Recommendation/Issue 3, Planned Corrective Action 1 Planned Corrective Action (PCA) – the third number in the three-digit series. The PCA description contains the details of the management corrective action or how management will implement a recommendation to address the issue and to correct the weakness. The description also shows measures taken to address audit findings and recommendations, including due dates and responsible officials Example: 1-1-1 , 1-1-2, 1-1-3 . It reads, Finding 1 – Recommendation 1 – Planned Corrective Action 1; Finding 1 – Recommendation 1 – Planned Corrective Action 2; Finding 1 – Recommendation 1 – Planned Corrective Action 3 Note: A Recommendation [Issue] may have more than one PCA . 220.127.116.11.5 (10-16-2015) Important JAMES Data Fields and Terms Actual Better Used Funds - Funds actually resulting in revenue enhancements rounded to the nearest dollar. Note: (Refer to Funds Put to Better Use below for clarification) Actual Revenue Funds - Funds to the nearest dollar actually resulting from revenue enhancements due to implementation of an audit recommendation. Audit Report Issue Date – The date the final report was issued by the originator. Description - A brief presentation that describes the material weakness or significant deficiency. Disallowed Cost – Refers to a questioned cost identified by the auditors that management has agreed should not be charged to the government. This cost needs to be reimbursed by repayment, reduction of costs, or offset. Entry Date –The date the report was entered into JAMES. Finding – A written explanation which describes the deficiency or opportunity for improvement in the remediation plan or audit report. Funds Put to Better Use – This field is completed when closing a PCA and should contain the actual savings or revenue amount expected to be realized by the BOD once the PCA is implemented. This only appears in audit recommendations indicating that funds could be used more efficiently if management took steps to implement and complete the recommendations. Such as: Reducing outlays De-obligating funds from programs or operations Implementing recommendations for improvements to operations resulting in cost savings Avoiding unnecessary expenditures noted in pre-award reviews of contract agreements Preventing erroneous payment for refundable credits such as the Earned Income Tax Credit or Child Tax Credit Identifying savings Internal Revenue Manual (IRM) and Standard Operating Procedure (SOP) – Indicates an IRM and/or SOP should be created or revised to address audit recommendations. This is official guidance or policy that may be revised or created to address an audit recommendation. PCAs that contain IRM or SOP actions may be closed in JAMES once the documents have been sent for publication. The OIC requires information and documentation with Form 13872, such as: The date the document was sent for publication Documentation that illustrates that the end-users have received notification of the guidance change through a memorandum or hot topic alert A receipt from Publishing indicating that the IRM/SOP was timely received by their office Issue/Recommendation - The Issue, which is also referred to as the Recommendation, is the second number in the series. Example: 1-1-1, 1-2-1. The Issue/Recommendation addresses the corresponding corrective actions in a material weakness or significant deficiency. Note: A Finding may have more than one Issue/Recommendation. Management Decision – Discusses the management decisions made in response to TIGTA and GAO audit reports and includes actions identified to address the audit findings and recommendations. Monetary Benefits – PCAs containing monetary benefits must include the dollar amount and an explanation of what management did to realize the savings. If only a portion of the monetary benefits was realized, indicate the amount that was not realized in the status update along with a brief justification. Stating the monetary benefit amount without a justification is not acceptable. Planned Corrective Action (PCA) – An action IRS management agreed to take to address the audit finding recommendation/issue. It represents the third number in the series. Example: 1-2-3, which reads: Finding 1 – Recommendation/Issue 2 – Corrective Action 3 Note: This field contains a concise description of each management corrective action to address the recommendation/issue, to correct the weakness, or to implement a recommendation. It also provides measures taken to address audit findings and recommendations/issues, including due dates and responsible officials. Potential and/or Realized Monetary Benefits – Reflects the potential monetary benefits identified by TIGTA/GAO and the amount that could be realized when the recommendation is implemented. Potential Better Used Funds – Assertion by GAO or TIGTA that funds could be more efficiently used if management took actions to implement and complete the recommendation. This will be specified as a dollar amount. Some specific types of actions are: Reduction in outlays De-obligation of funds from programs or operations Withdrawal of interest subsidy costs on loans, or loan guarantees, insurance, or bonds Not incurring costs by implementing recommended improvements related to the operations of the IRS, a contractor or grantee Any other savings that are specifically identified Questioned Costs – Costs identified in the audit report that are in question due to: An alleged violation of a provision of a law, regulation, contract, or other requirement governing the expenditure of funds An audit finding where the cost is not supported by adequate documentation (an unsupported cost). Unsupported costs are recorded and rounded to the nearest dollar An audit finding that expenditure of funds for the intended purpose is unnecessary or unreasonable Note: The phrase "disallowed cost" means a questioned cost that management has sustained or agreed should not be charged to the government. Report Title – The title of the material weakness, significant deficiency, remediation plan, or audit report. Responsible Employee – The organization(s) name and symbols responsible for managing and updating the PCA. Example: Chief Financial Office, Corporate Planning and Internal Control, Office of Internal Control - OS:CFO:CPIC:IC Responsible Organization – The organization(s) responsible for receiving and analyzing audit reports, providing timely responses to the audit organization, and taking corrective action, when appropriate. It lists the IRS organizational symbols for the responsible organization at the highest executive level, as well as the organization responsible for establishing the PCAs. Use the organizational symbols for the responsible organization. Example: OS:CFO Status Date – The date that the PCA was last updated. For implemented or cancelled actions, the status date is the close date. This does not necessarily reflect the actual date the action was completed. The actual completion date should be entered on Form 13872 in Box 4b, Effective Date, and in the text of the PCA narrative in JAMES. Note: For PCAs with extended due dates, enter the future implementation date. Status/Comment Log - Contains a concise description of the action taken and its actual completion date, a reason for delaying completion of an action (when appropriate), and a current status update. Note: The written narrative in the Status/Comment Log should be the same wording used on Form 13872 in Box 7, Specific Action Taken. Unified Work Requests (UWRs) - Indicates whether Information Technology services are involved in the completion of a PCA. The UWR must be implemented (implementation date must be included) before the OIC will close a related PCA. Submission of the UWR does not constitute closure. A UWR might be required when issuing regulations, notices, announcements, configuring software and hardware for IRS systems and products, and designing and developing new or enhanced systems. Note: For PCAs that involve UWRs, the act of submitting a UWR does not close the PCA since the element of risk will not be fully resolved/addressed until the UWR has been implemented. 18.104.22.168.6 (10-16-2015) Due Date Requirements Original Due Date – The initial due date that management expects to implement the action, which is taken from the corrective action plan and is the due date agreed upon by IRS management in the "Management Response to Draft Report." If management does not provide a specific proposed implementation date for a PCA, the OIC will assign an original due date. For material weaknesses, reportable conditions, and remediation plans, this will not be done without prior notification to the coordinator. Note: Due dates should be realistic and allow sufficient time for implementation, review, verification of status, timely submission to the OIC, and entry into JAMES. Due dates should be scheduled for the 15th of the month, even when the 15th of the month falls on a Saturday, Sunday, or holiday. This is done in order to maintain consistency in reporting requirements. If the PCA is to be Met by the end of the fiscal year, the due date should be 09/30/YYYY (YYYY being the current year). JAMES Due Date – A corrective action must have an original due date when loaded into the JAMES tracking system. JAMES will not accept: Corrective action(s) without an original due date Proposed implementation dates with "To Be Determined" "Ongoing" may be used only in unusual circumstances, such as when legislative changes could take several years to implement. If the action is ongoing, the implementation date will be the date that the action or procedure started, with an explanation that it is an ongoing action. For reporting to be considered timely, all status updates to implement PCAs must be completed and reported in JAMES within five working days of the scheduled due date. Extended PCAs must be reported in JAMES on or before the due date and a Form 13872, along with any supporting documentation, must be uploaded into JAMES during the same period. Assignment of a Due Date by the OIC – When warranted, the OIC will assign the original due date to the PCA that is different from the date provided by management when the due date: Is prior to the issue date of the audit report Is prior to the month the report is entered into JAMES Falls in the same month the report was entered into JAMES Falls in the month after the report was entered into JAMES Note: When these situations occur, OIC adds up to an additional two months to the original due date shown in the final audit report and that due date is then entered into JAMES. The OIC assigns new due dates to allow management sufficient reporting time to avoid being penalized for not having met the due date. Completed Planned Corrective Action (Implementation Date) – For a PCA completed prior to an audit report issue date, the JAMES original due date and completion date is the report entry date. Example: If the report issue date is 05/06/20xx and the OIC entered the report on 05/15/20xx, the original due date and completion date will be 05/15/20xx. Open Planned Corrective Actions – For open PCAs that do not have specific due dates or have due dates prior to, during, or after the audit report issue date, the original due date assigned will be the 15th day of the second month following the JAMES entry month. Example: If the report issue date is 06/27/20xx, the OIC assigned due date would be 08/15/20xx. . Note: Choose due dates carefully. Only Treasury can change an original due date after it is entered into JAMES. Only legitimate entry errors will be submitted to Treasury for correction and not all requests for PCA due date adjustment(s) are approved by Treasury. Status Dates for Actions Implemented after Entry into JAMES - Implemented actions must be closed on or before the scheduled due date and entered into JAMES within the five work-day time frame to meet the scheduled due date. Supporting documentation must be uploaded into JAMES during the same time period. The OIC will backdate the status date to reflect the current due date and validate implementation, if the above certification data has been submitted during the five work-day time period. All Other Implemented PCAs - For all other implemented PCAs, the close date will be the status date the PO user updated the PCA. The OIC will validate the status if all of the reporting requirements are met and a completed Form 13872, along with any supporting documentation, is uploaded into JAMES. Reject Status - The OIC will reject the status of a PCA if executive certification (Form 13872) has not been uploaded within five work days of the entry date, signatures are missing or invalid, or the status does not adequately address the PCA. The OIC will immediately contact the program user of any errors found and request corrections be made promptly in order for the PCA to be considered as recorded timely. When corrections are not made, the program user will receive an automatic e-mail notification from JAMES stating that the PCA has been rejected. 22.214.171.124.7 (10-16-2015) Entering New Audit Entries into JAMES The OIC enters all GAO and TIGTA audit reports into JAMES. GAO Audit Reports (Process Overview) – The Commissioner must submit a written response to Congress with PCAs to address the recommendations within 60 days from the date GAO issues a final audit report. This response is known as the "60-Day Letter." When GAO issues a final audit report, the OIC is sent an e-mail notification stating that a new report has been issued and is posted on the GAO website. The OIC enters the findings and recommendations from the audit report and notifies the responsible JAC that the report has been entered into JAMES The responsible BOD must prepare a response for the Commissioner’s signature for delivery to Congress within 60 days from the date of the GAO final audit report. The response must address the recommendations and provide PCAs and implementation dates for those recommendations that are in agreement, and a reason for those that are not in agreement Once completed, the responsible BOD forwards the response to Legislative Affairs Legislative Affairs (60-Day Letter) – When a response to a GAO audit report is received from the responsible BOD, Legislative Affairs sends the 60-Day Letter with the response to the Commissioner for approval and signature and subsequently, to the appropriate members of Congress and the OIC. Approved/Signed 60-Day Letter – The OIC enters the PCAs with the due dates provided in the 60-Day Letter and uploads the 60-Day Letter into JAMES. Implementation of PCAs is based on the dates assigned in the 60-Day Letter. Whenever the implementation date does not provide adequate time to implement the corrective action due to a delay in receiving the approved 60-Day Letter, OIC will move the due date forward (up to two months) to allow the BOD sufficient time to implement the PCA and to avoid being penalized for not having met the due date. Review of New GAO Actions in JAMES – Once the OIC has entered the corrective actions into JAMES, the JAC will be notified by e-mail and provided with an A6 Audit Summary Report. The JAC will review the data on the report to ensure that the PCAs, due dates, and the assignment of responsibility are accurate. The OIC must be notified of any errors as soon as possible. TIGTA Audit Reports (Process Overview) – When TIGTA issues audit reports, they provide the OIC with the corresponding audit abstract known as a Corrective Action Form (CAF) abstract. Hard copies of TIGTA audit reports can be printed from the TIGTA website. Information is extracted from the TIGTA CAF abstract and is loaded into JAMES as soon as possible after receipt (generally within 30 days of the report's date of issuance, which is dependent upon TIGTA internal processing). Exception: Redacted reports can take longer to enter into JAMES due to TIGTA's restrictions of releasing the report to the general public. (These are reports that have sensitive and/or classified information removed or filled-in with dots/dashes etc.) These reports are often delayed anywhere from three to eight weeks or longer due to additional editing and processing before public release. Since the OIC updates JAMES based on the CAF abstract, there is a time lag that could delay these actions. For general processing, the OIC will: Review the TIGTA report and CAF abstract to ensure they are in agreement. Finding(s), recommendation(s), corrective action(s), responsible official(s), and any identified potential and actual monetary benefits are entered into JAMES from the CAF abstract. Notify the JAC that the report has been entered into JAMES. The JAC will review the entry for accuracy, due dates, monetary benefits, and assignment of responsibility. Errors must be reported to the OIC as soon as possible. In situations where IRS management agreed with draft TIGTA audit report recommendations related to monetary benefits but later disagreed with the recommendations in the TIGTA audit extract, an executive signature is required. Request that a management decision in response to the TIGTA audit report be provided within the required 30 days from the issuance of the draft report. If management has not responded or an action plan is missing for the agreed-to recommendations, the OIC will report the pending action plans as past due. When TIGTA receives the IRS response with an action plan, they will provide a revised CAF abstract containing the IRS corrective action and any TIGTA comments. Any past due corrective action plans will be entered into JAMES and the JAC will be notified. Note: Management decisions that disagree with TIGTA audit findings and recommendations after the final report is issued require TIGTA written concurrence/non-concurrence. A copy must be provided to the OIC. Review of new TIGTA audit entries in JAMES – At the end of the month, the OIC will notify the JAC by e-mail and provide a copy of the A6 Audit Summary Report containing Findings, Recommendations and PCAs entered into JAMES. The JAC will review the JAMES data to ensure that the PCAs, due dates, and the assignment of responsibility are accurate and notify the OIC of any errors as soon as possible. The JAC will review new reports and action plans carefully to ensure: Each recommendation is associated with the appropriate finding. The numbering of the recommendations for a particular finding always starts with the numbering sequence of 1, 2, 3. Note: The recommendation number in JAMES may not match the recommendation number in the final audit report. The audit report may number recommendations in sequential order irrespective of their relationship to the findings. The same is true for PCAs. Each PCA is associated with a recommendation. JAMES requires that all PCAs for a particular recommendation begin with the number one (1). Reviewing A6 Audit Summary Reports – At the end of each month, the OIC sends an A6 Audit Summary Report to the JAC to verify information entered into JAMES for new TIGTA and/or GAO Audit Reports. Generally, the information is entered verbatim from the TIGTA CAF abstract. However, the OIC will not make corrections to typographical errors or misspellings unless the errors significantly change the intent or meaning of the finding, recommendation or PCA. When verifying the A6 Audit Summary report, the JAC will ensure the: JAMES due date is correct, as stated in the "Management Response to the Draft Report" Finding, Recommendation, and PCA are as stated in the audit report PCA is aligned with the appropriate recommendation BOD management agrees to potential "Monetary Benefits," if identified Note: A tracking method is in place to account for the realized/unrealized benefit when the recommendation is implemented. Any disagreement must be addressed in the IRS official response to TIGTA. A concurrence memorandum, signed by a responsible official at the executive level, is only required if there is a substantial disagreement or if monetary benefits have been identified. Disagreements after the final audit report is issued require TIGTA's written concurrence/nonconcurrence and a copy must be provided to the OIC. Note: If the recommendation is rejected, then the associated monetary benefit is rejected as well. Note: If the information contained in JAMES is correct, the JAC will send the OIC an e-mail of concurrence by the response due date to verify information entered into JAMES. 126.96.36.199.8 (10-16-2015) Audit Reporting, Monitoring, and Requirements All implemented PCA updates must be uploaded and entered into JAMES within five work days of the due date. The due date is considered Day One. Any extended/delayed PCAs must be reported in JAMES on or before the scheduled due date and a Form 13872 must be uploaded into JAMES during the same time period. Scorecard Reporting Definitions: MET - PCAs that were implemented on or before the scheduled PCA due date MISSED - PCAs that were never implemented or that were implemented, cancelled, or extended after the scheduled PCA due date CANCELLED - PCAs that were cancelled on or before the scheduled PCA due date EXTENDED/DELAYED - PCAs that were extended on or before the scheduled PCA due date and the final implementation was not accomplished by the due date established by the responsible organization JACs are responsible for monitoring PCAs and for performing the following tasks: Verifying the accuracy of the report content and uploading a signed Form 13872 into JAMES with the updated status within five work days of the due date for each PCA due Ensuring that status updates are prepared and uploaded into JAMES when PCAs are due (the OIC will receive an e-mail indicating that a PO user has updated a PCA in JAMES) Setting due dates for new or extended/delayed PCAs that are realistic, and allow sufficient time for review and verification of the status and uploading into JAMES for timely submission to the OIC Obtaining the appropriate concurrence when rejecting a previously agreed-to recommendation, cancelling or revising a PCA, or transferring responsibility to another functional area Ensuring that proper documentation to verify implementation of the PCA is maintained and uploaded into JAMES Entering the current status into JAMES for the OIC validation Note: Responses received via Form 13872 must be uploaded into JAMES. Required Documents: To update PCAs, a Form 13872 must be completed and contain the following: The official signature of the executive, responsible official, or their designee (Electronic signatures on Form 13872 are acceptable; however, signatures shown as "/s/" are not acceptable) Identification of the audit report number, report title, recommendation, and corrective action number Note: Failure to comply with reporting requirements will result in the response being rejected. This could result in late action plans or a Missed on Treasury’s Performance Measures Scorecard. Uploading and Attaching Documents into JAMES - It is mandatory that all supporting documentation be stored in JAMES. The completed, signed, and dated PCA status update on Form 13872 must be uploaded into JAMES at the time the PCA is updated. In addition to the Form 13872, all PCAs are required to have supporting documentation for PCA closure. This also includes material weaknesses, significant deficiencies, and remediation plan actions. Note: As of October 1, 2014, the only acceptable form of executive certification will be the Form 13872. This is done in order to maintain consistent reporting standards IRS-wide and comply with TIGTA audit reporting requirements. Other "custom-made" forms will no longer be acceptable by the OIC and will be returned to the JAC. Data entered into JAMES must be the same as the narrative provided on Form 13872. The Form 13872 must be completed accurately and all signatures and dates must be present. Both handwritten and electronic signatures are acceptable. Note: A "/s/" on the signature line indicating a signature of approval is not acceptable for official approval. This will result in the documentation being returned to the JAC for a proper signature(s). Steps for Uploading/Attaching Supporting Documentation into JAMES: Click "Update PCA" to save the status changes Click "Supporting Documentation" at the bottom right Provide a description of the document in the supporting documentation box and provide the date you are attaching it (Form 13872 - 10-2010) Click "Browse," choose a file, and select the document to be attached (make sure the file name includes the date) Click "Load" and the uploaded document should appear in the box at the bottom of the screen Click "Back to PCA" to return to the original PCA screen Click "Update PCA" to finalize all changes Timeliness of JAMES Reporting - PCAs are considered to be completed timely when one or more of the following occurs: PCA was completed on or before the assigned due date in JAMES Description of the action taken addresses the specific issues of the PCA Action agrees with the stated PCA and is fully implemented Supporting documentation that is approved by the responsible official is uploaded into JAMES for implemented and closed PCAs Tracking and Reporting Monetary Benefits: Monetary benefits must be addressed before a corrective action can be closed. A statement explaining what was done to realize the amount must be included when the PCA is updated and noted on Form 13872. Simply indicating $0 without an explanation and/or "No Monetary Benefits Realized" is not acceptable and will not be validated by the OIC. A thorough explanation as to how the monetary benefit calculation was obtained must be provided, even if the net results are less than what was originally agreed to and/or result in $0 dollars realized. In the event that management disagrees with the TIGTA potential benefits estimate, the disagreement must be stated in the IRS official "Management's Response to Draft Report." When monetary benefits are not addressed by management in the final response, it is concluded that the IRS is in agreement with the monetary benefits stated in the final audit report. Any disagreement after the final report is issued must have a signed concurrence (either original or electronic) from TIGTA to close the recommendation/PCA without addressing the realized benefits, and a copy must be provided to the OIC. To document disagreement with TIGTA’s stated potential monetary benefits, the OIC will enter $1 in JAMES in the realized monetary benefits field as notification to the Department of the Treasury that management disagreed with TIGTA regarding the estimated monetary benefits. If TIGTA and management cannot reach an agreement over potential benefits, the issue may be elevated to the Department of the Treasury for further discussion and/or resolution. If a portion of the dollar amount was realized, indicate the amount realized in the appropriate box in JAMES and provide an explanation in the status field that describes the basis for the amount realized and a reason for the amount not realized, if appropriate. If monetary benefits have been identified and a PCA contains more than one responsible official, management should determine during the draft stage of the audit report response who will report on the potential benefits. If a recommendation contains multiple PCAs and monetary benefits have been identified for one of the PCAs, the other PCAs related to that recommendation will be affected in JAMES. The responsible official for the PCA containing the monetary benefits must address the benefits before the PCA can be closed in JAMES. The responsible official for the remaining PCAs will enter $0 in the appropriate box and report in the status field that monetary benefit has been or will be addressed in the PCA by another named official. If management disagreed with the benefits, $1 will appear in JAMES for all related PCAs associated with that recommendation. If TIGTA issues an audit report where the PCA has been implemented but the recommendation contains monetary benefits, the OIC will notify the BOD(s) that the recommendation is closed but management still needs to address the monetary benefits. If management cannot provide the realized monetary benefits amount upon request, a due date must be provided indicating when the monetary benefit information will be provided. If management cannot timely address the monetary benefits and does not provide a due date, the OIC will enter a two-month due date for management to provide the necessary data, even though the PCA is considered closed. Outcome measures’ responsibilities must be addressed during the draft audit stage, not when being entered into JAMES. Outcome measures must be entered into JAMES as a whole dollar amount - do not use decimals. Example: Enter $2,500,000 not $2.5 mil. If cost savings cannot be realized, enter $0 in the appropriate box. This indicates that management agrees with the amount of the questioned costs, but the cost cannot be reimbursed or offset. This should also be reflected on Form 13872 with an explanation stating why the cost cannot be reimbursed or offset. If unique situations occur, they will be handled on a case-by-case basis and involve all parties concerned. Note: When addressing PCAs, the narrative on Form 13872 should match the narrative input into JAMES by the JACs. Delaying/Extending Due Dates - When updating JAMES to delay and/or extend due dates, provide the: Delayed/extended completion date - set a realistic due date when completing, implementing, or closing the action Description of the reason for the delay/extension in closing or implementing the action Form 13872 should be signed by IRS executive level management and uploaded into JAMES Cancelled/Rejected TIGTA Audit Recommendations:- BOD management should submit requests for cancellations or rejections of PCAs directly to TIGTA. Any related correspondence must be sent to the OIC JAMES staff and uploaded into JAMES as back-up documentation. TIGTA written concurrence is required for recommendations and corrective actions agreed to in the final report to be cancelled in JAMES BOD cancellation requests must identify the report, finding, recommendation, and PCA, if appropriate Requests must include the reason the corrective action or recommendation will not be implemented and the effective date for the cancellation or rejection The JAC, along with the responsible function, can work with TIGTA before the official memo is sent because they can require information before agreeing to cancel the PCA Cancelled/Rejected GAO Audit Recommendations: BOD management should submit requests for cancellations or rejections of PCAs directly to GAO. Any related correspondence must be sent to the OIC JAMES staff and uploaded into JAMES as back-up documentation. The BOD provides GAO written concurrence to cancel a corrective action that was originally agreed to in a 60-Day Letter The BOD request should be presented to GAO, via memorandum or e-mail, identifying the report, finding, recommendation, and PCA. The request must include the reason the corrective action or recommendation will not be implemented and the effective date for the cancellation or rejection. The JACs along with the responsible functions can work with GAO before the official memo is sent as GAO can require information before agreeing to cancel the PCA. If a concurrence is received, the JACs will enter the status into JAMES and the OIC will validate the cancellation Transfer of Responsibility for Audit Recommendations Resolution (Transfer of PCA Responsible Organization/Responsible Employee from one BOD to a different BOD): A PCA being transferred to a different BOD must have signed concurrence from the executive or management official accepting responsibility for the PCA. An e-mail from the accepting executive or management official is sufficient. The transferring official will provide the new responsible official with the necessary JAMES reports and any other pertinent documentation to ensure timely reporting. Senior executives can make transfers of responsibility within their functional area without the required concurrence of the accepting official. When this occurs, the senior executive and/or JACs will need to notify the OIC of this change, so that the responsibility codes can be changed in JAMES. Revised Corrective Actions - Whenever BOD management requests a revised due date or revision to a TIGTA or GAO PCA, the following must be specified: Reason the action is being revised. Description of the new action. Revised due date, unless the original due date is still applicable. Note: TIGTA Audit Reports: When there are significant revisions to corrective actions, as it relates to TIGTA audit reports, BODs should send their request to TIGTA for concurrence. The signed TIGTA concurrence should be sent to the OIC via memorandum or e-mail for entry into JAMES. Note: GAO Audit Reports: When there are revisions to corrective actions originally agreed to in the GAO 60-Day Letter, related correspondence must be sent to the OIC JAMES staff and uploaded into JAMES as back-up documentation. The same request and notification procedures outlined above in the Cancelled/Rejected Audit Recommendations category apply to revisions. Adding or Closing an Implemented PCA - In order to add or close a PCA that has been implemented, the changes should include: A concise description of the action A proposed implementation date The current status of the PCA Note: Set realistic due dates and completion dates. If the corrective action has been implemented, any realized "Monetary Benefits" that were identified in the recommendation should be noted. Requesting an Extension for PCA Due Date - An extension is needed when management has determined that the PCA cannot be completed by the scheduled due date. Therefore, a new due date should be established to allow enough time for management to close the PCA. When a BOD executive determines that they will need to request an extension of a PCA due date, the following steps should be taken: The BOD executive submits documentation via Form 13872 citing the reasons for the delay and requests an extension The BOD JAC enters the information from the documentation into JAMES The JAC must have the PCA extension request in JAMES on or before the PCA due date and executive certification must be uploaded into JAMES during the same time period The BOD JACs will upload the documentation into JAMES and select the reason for the extension using the reasons listed in IRM 188.8.131.52.9, Category for Delays/Extensions in JAMES Once the OIC approves/disapproves the extended due date, the action is automatically updated in JAMES as well Note: An extension of a PCA due date does not negate a "Missed" due date for tracking purposes on the Treasury Performance Measures Scorecard. OIC Weekly Audit Reporting - The OIC prepares weekly statistics to keep management informed of the progress of PCAs. These statistics reflect weekly and year-to-date percentages on how well the BODs are doing in responding to their PCAs. The year-to-date report, which is produced each month, indicates a red, yellow, and green performance score. Quarterly Forecasts - The OIC prepares a quarterly forecast of PCAs to project whether BODs plan to meet or extend any PCA due dates. In addition, the BODs identify PCAs that require IT involvement, providing clarifying information (i.e. Work Request, Work Order #, and points of contact) that would allow IT staff members to research and identify the status of the action item and determine potential impact (if any) to successfully complete the PCA. It also requires the BODs to assess whether the IT action will prevent closure of the PCA. See IRM 184.108.40.206, MC ESC JAMES Statistical Analyses Tables, for an example of a 4th Quarter PCA projections table. MC ESC Reporting - The OIC prepares statistics for the quarterly MC ESC Subgroup meetings and for the quarterly MC ESC meetings, to keep executives apprised of any possible issues that may need their attention. The year-to-date report indicates a red, yellow, and green performance score. See IRM 220.127.116.11, MC ESC JAMES Statistical Analyses Tables, for examples of YTD Analysis and IT Involvement tables. 18.104.22.168.8.1 (10-16-2015) Treasury Monthly Reporting Treasury prepares various performance reports that reflect monthly and year-to-date PCA audit follow-up activities, as well as the total number of PCAs due in upcoming quarters. Treasury sets yearly goals for the percent expected to be timely closed and provides the IRS a performance score of red, yellow, and green. This performance report receives a great amount of attention from senior management across the Department of the Treasury including the Deputy Secretary. The OIC reviews the IRS audit activity for the stated reporting periods for accuracy in anticipation of questions from upper level management. Due to heightened awareness and the overall impact to the Treasury scorecard, it is critical to establish realistic due dates and timely implement PCAs. 22.214.171.124.9 (10-16-2015) Category for Delays/Extensions in JAMES Both the IRS and Treasury departmental offices track extension activities in JAMES. The PO is required to use the appropriate reason for delay when completing Form 13872, to extend PCAs in JAMES. If a PO provides an extension request via Form 13872, the PO must ensure that the appropriate reason is included in the documentation and select the appropriate box in JAMES. The list below provides all of the reasons with a brief definition. These reasons may also be found on Form 13872 in item 4c and in the drop down menu box in JAMES: Research/Analyze Data – Delays in implementation in order to perform additional analysis or studies Publishing – Delays in issuing or publishing guidance or manuals Concurrence – Delays due to PCAs that are coordinated with other offices before the action could be implemented, closed, or cancelled Monetary Benefits – Delays to address associated actual monetary benefits Legislation – Delays due to waiting for the resolution of a legal issue and/or Congressional action Clearance – Routing delays for comments or reviews (supporting documentation must show that it is in the final stage of the review process) Budget – Delays due to waiting for the approval of funding Resources – Delays due to the lack of sufficient resources due to budget constraints Contracting – Delays due to waiting for contract awards or when procurement activities are not complete Information Technology – Unforeseen release delays due to programming or hardware/software issues 126.96.36.199.10 (10-16-2015) Reporting Procedures for Updating and Tracking Material Weaknesses, Significant Deficiencies, and Remediation Plans This information is provided for JACs who may have additional PCAs related to a specific material weakness or significant deficiency that are duplicated in a remediation plan and also tracked in JAMES. These PCAs are handled separately and currently are not reported in the Treasury Performance Measures Scorecard. Once the MC ESC approves the final corrective action plan for a material weakness, the OIC will enter the description, issues, and corrective actions into JAMES. The responsibilities outlined below are addressed from the material weakness and significant deficiency perspective since the same data is used to update the remediation plans. Unique remediation plan requirements are identified separately. The material weakness and significant deficiency plans are monitored by the MC ESC and the committee is briefed as needed. The remediation plans are updated quarterly for submission to Treasury and OMB. See IRM 1.4.2, Resource Guide for Managers, Monitoring and Improving Internal Control, for further information on the MC ESC program. Report Number – The report number contains the assigned material weakness, significant deficiency, audit report number, and remediation plan number. A report cannot be accessed in JAMES for status update unless the correct report number is entered in the Data Entry screen. The OIC assigns the numbers for material weaknesses, significant deficiencies, and remediation plans. Material Weaknesses and Significant Deficiencies – Each material weakness or significant deficiency is assigned an identification number. Example: IRS-2A-12-01. "IRS" identifies the agency; "2A" identifies the type of weakness or deficiency (financial or administrative); "12" identifies the fiscal year; and "01" is specific to that weakness or deficiency. Remediation Plan Number – Each remediation plan is assigned an identification number. Example: IRS-REM-12-1, IRS-REM-12-2. Reporting Procedures - Status updates and executive certification information (i.e., supporting documentation and Form 13872) must be entered into JAMES no later than five work days from the due date to be considered timely. When entering data into JAMES: Identify the material weakness/significant deficiency issue and PCA being updated Identify the other action plan, finding, and corrective action being simultaneously updated. Separate memoranda for each action plan are not required or recommended Provide status updates (see paragraph (3) above and paragraph (5) below) Update JAMES and upload the proper documentation at the same time Note: If a remedy is duplicated in another material weakness, significant deficiency, or audit report, then the status for all action plans may be reported with one submission. Identify the other action plans(s) and actions(s) being simultaneously updated. Separate Forms 13872 for each action plan are not required or recommended. Status Updates – The table below describes what should be done for various situations when updating the status in JAMES. If . . . Then . . . The responsibility for an action is shared by another BOD, The JAC must coordinate status updates with the other responsible official in order to ensure the accuracy of content, due dates, and resources. The status is completed, The information below must be included when updating material weaknesses and/or significant deficiencies.Actual completion date A brief description of the action taken Note: The action taken must agree with the stated corrective action and be implemented The status was extended or delayed, The information below must be included when updating material weaknesses and/or significant deficiencies.A revised estimated completion date A brief justification for the delay in implementing the PCA A proposed new due date when the BOD will expect to have the PCA completed timely The status is cancel/significant revision, The criteria below must be included when updating material weaknesses and/or significant deficiencies.Approval from the appropriate executive committee or designee The request and justification for the cancellation or revision must be submitted to the OIC. JAMES must be updated and the justification uploaded into JAMES Check the material weakness and/or significant deficiency to see if the corrective action being cancelled is duplicated in the remediation plan Requests to cancel an action must include an effective cancellation date The OIC will present the request to cancel/revise to the appropriate official(s) and notify management regarding the approval/disapproval to cancel The OIC will also notify Treasury to make the approved changes in JAMES The status is transfer of responsibility, The criteria below must be included when updating material weaknesses and/or significant deficiencies.Signed concurrence from the official accepting responsibility is required The transferring official should provide the new responsible official with the necessary JAMES reports and any other pertinent documentation to ensure timely reporting To add a PCA, enter: A concise description of the PCA A proposed implementation date or completion date, if the PCA has already been implemented Current status Responsible official(s) Identify any corresponding audit finding, recommendation, corrective action, or remediation plan corrective action that may be duplicated or needs to be added to the corresponding action plans For newly identified issues, provide a brief description of the issue. Long-term actions may require interim actions and due dates Remediation Plan Reporting and Procedures: Agencies that are not in substantial compliance with FFMIA must develop a remediation plan to achieve compliance. The plan must include resources, planned remedial actions, and intermediate target dates necessary to bring the financial management system into substantial compliance. The Deputy Commissioner, Operations Support, has overall responsibility for the remediation plan. The MC ESC monitors the plan and the OIC tracks the plan in JAMES. Note: See IRM 1.4.2, Resource Guide for Managers, Monitoring and Improving Internal Control, for further information regarding the MC ESC. OIC Responsibilities: In addition to responsibilities outlined in IRM 188.8.131.52, Roles and Responsibilities, the OIC is responsible for the following issues regarding the MC ESC in JAMES: Monitoring and tracking the remediation plan in JAMES Preparing the annual call memorandum for the required quarterly report Verifying the accuracy of status updates and resources and preparing a final quarterly report for submission to OMB, Treasury, and GAO Coordinating MC ESC briefings four times (at the discretion of the MC ESC) per fiscal year on the current status and progress of the remediation plan Elevating significant issues or requests reported by management to the appropriate IRS official 184.108.40.206.11 (10-16-2015) Closed PCA Quality Assurance Review Effective October 1, 2014, the OIC began conducting monthly reviews, using a statistical sample of closed PCAs, to ensure sufficient documentation was submitted to support closure. Each sample reviewed is reported on Form 14668, Closed PCA Quality Assurance Review Notification. JAMES stores supporting documentation for the PCA closure. The information contained in JAMES can be viewed by parties outside of the IRS; therefore, Personally Identifiable Information (PII) is prohibited. Supporting documentation that contains PII should not be uploaded into JAMES. It should be retained by the JAC for five years following the fiscal year in which the PCA was closed. 220.127.116.11 (04-26-2013) MC ESC JAMES Statistical Analyses Tables The following statistical tables show sample JAMES reporting analyses prepared weekly for the CFO in monitoring organizational performance and presented in the MC ESC quarterly meetings. These tables identify the PCA status for the BODs and use the following definitions: Met - PCAs that the BODs project should be implemented in the upcoming quarter; PCAs that were implemented on or before the scheduled PCA due date Extended/Delayed - PCAs that the BODs project could possibly be extended in the upcoming quarter; PCAs that were extended on or before the scheduled PCA due date and the final implementation was not accomplished by the due date established by the responsible organization The organization symbols used in the JAMES analyses tables are: Organizational Symbol Organization Title AP Chief, Appeals OS:A Chief, Agency-Wide Shared Services OS:CFO Chief Financial Officer OS:CTO Chief Technology Officer OS:HC IRS Human Capital Officer OS:P Director, Privacy, Government Liaison & Disclosure SE:ACA Director, Affordable Care Act Office SE:CI Chief, Criminal Investigation SE:LB Commissioner, Large Business and International Division SE:OLS Director, Office of Online Services SE:RPO Director, Return Preparer Office SE:S Commissioner, Small Business/Self Employed Division SE:T Commissioner, Tax Exempt and Government Entities Division SE:W Commissioner, Wage and Investment Division SE:WO Director, Whistleblower Office 4th Quarter PCA Projections either "Met" or "Extended" : Responsible Organization Extended Met Grand Total AP 0 1 1 OS:A 0 2 2 OS:CFO 0 2 2 OS:CTO 1 8 9 OS:HC 0 1 1 OS:P 0 1 1 SE:ACA 0 1 1 SE:CI 0 5 5 SE:LB 0 13 13 SE:OLS 2 0 2 SE:RPO 2 3 5 SE:S 1 13 14 SE:T 2 3 5 SE:W 0 19 19 SE:WO 0 6 6 Grand Total 8 78 86 Performance 9.30% 90.70% Year-To-Date (YTD) Analysis: Organization Extended Met Grand Total Percentage (%) Met Color Score AP 0 4 4 100% Green OS:A 4 59 64 92.19% Green OS:CFO 0 8 8 100% Green OS:CTO 6 63 69 91.30% Green OS:HC 1 12 13 100% Green OS:P 0 2 2 100% Green RAS 0 4 4 100% Green SE:ACA 0 2 2 100% Green SE:CI 0 6 6 100% Green SE:LB 3 9 12 75% Yellow SE:OLS 0 2 2 100% Green SE:RPO 0 10 10 100% Green SE:S 5 57 62 91.94% Green SE:T 0 7 7 100% Green SE:W 2 117 119 98.32% Green SE:WO 3 0 3 0.00% Red TA 3 2 5 40% Red Grand Total 28 364 392 Performance 7.14% 92.86% 4th Quarter PCAs with IT Involvement: Organization IT Involvement IT Involvement Impact Ability to Implement PCA Total PCAs Due 4th Quarter AP 1 1 1 OS:A 0 0 2 OS:CFO 1 1 2 OS:CTO 9 2 9 OS:HC 0 0 1 OS:P 0 0 1 SE:ACA 0 0 1 SE:CI 0 0 5 SE:LB 0 0 13 SE:OLS 2 2 2 SE:RPO 2 2 5 SE:S 1 1 14 SE:T 0 0 5 SE:W 2 2 19 SE:WO 0 0 6 Grand Total 18 11 86 Performance 20.93% 12.79% 18.104.22.168 (04-26-2013) Related Resources IRM 1.4.2, Resource Guide for Managers, Monitoring and Improving Internal Control. TREASURY DIRECTIVE 40-02, Corresponding with the General Accounting Office (GAO). TREASURY DIRECTIVE 40-03, Treasury Audit Resolution, Follow-Up, and Closure. TREASURY DIRECTIVE 40-04, Treasury Internal (Management) Control Program. OMB website. GAO website. TIGTA website.