1.4.31 IRS Quality Assurance Program

Manual Transmittal

December 15, 2017

Purpose

(1) This transmits IRM 1.4.31, Resource Guide for Managers, IRS Quality Assurance Program.

Material Changes

(1) IRM 1.4.31.1, Program Scope and Objectives, changed the title from IRM 1.4.31.1, Overview, to align with internal control requirements identified in IRM 1.11.2, Internal Revenue Manual (IRM) Process, as follows:

  1. IRM 1.4.31.1.1, Background, moved content from IRM 1.4.31.2, Background, that describes quality assurance.

  2. IRM 1.4.31.1.2, Authorities, moved content from IRM 1.4.31.3, Authorities, to provide oversight agency internal controls guidance and moved additional Treasury Department Guidance from IRM 1.4.31.8.2, Review Selection Criteria.

  3. IRM 1.4.31.1.2.1, Federal Managers’ Financial Integrity Act, created a new subsection and moved content from IRM 1.4.31.3, Authorities, and IRM 1.4.31.9, Federal Management Integrity Criteria for Quality Assurance Reviews, to highlight oversight agency internal controls guidance.

  4. IRM 1.4.31.1.2.2, Government Accountability Office (GAO) Standards for Internal Control in the Federal Government (Green Book), created a new subsection, moved and updated content from IRM 1.4.31.3, Authorities, to provide internal controls standards and principles.

  5. IRM 1.4.31.1.2.3, OMB Circular A-123, created a new subsection moved and updated content from IRM 1.4.31.3, Authorities, oversight agency internal controls guidance.

  6. IRM 1.4.31.1.2.4, Treasury Department Requirements, created a new subsection, moved and updated content from IRM 1.4.31.3, Authorities, to describe departmental internal controls guidance.

  7. IRM 1.4.31.1.3, Responsibilities, created a new subsection, moved and updated content from 1.4.31.6, Roles and Responsibilities, to describe the roles and responsibilities for all participating in the Quality Assurance Program.

  8. IRM 1.4.31.1.3.1, Operating and Functional Division Program Roles and Responsibilities created a new subsection and moved content from 1.4.31.6.1, Operating and Functional Division Program Roles and Responsibilities, to describe duties.

  9. IRM 1.4.31.1.3.2, Enterprise Risk Management Roles and Responsibilities, created a new subsection and added new content to describe duties.

  10. IRM 1.4.31.1.3.3, Chief Financial Office Roles and Responsibilities, created a new subsection and moved content from 1.4.31.6.2, CFO Program Roles and Responsibilities, to describe duties.

  11. IRM 1.4.31.1.3.4, Statistics of Income (SOI) Program Roles and Responsibilities, created a new subsection and moved content from 1.4.31.6.3, Statistics of Income Program Roles and Responsibilities, to describe duties.

  12. IRM 1.4.31.1.4, Program Management and Review, created a new subsection and added new content to identify program reports and effectiveness measures.

  13. IRM 1.4.31.1.5, Program Controls, created a new subsection and added new content to address program controls developed to oversee the program.

  14. IRM 1.4.31.1.6, Definitions, moved content from IRM 1.4.31.4 Definitions, and added new definitions for corrective action plan, enterprise risk management, financial statement assertions, findings, management information only, modified assurance, unmodified assurance, and no assurance. Expanded the definition for Standards for Internal Control in the Federal Government (Green Book). Definitions are updated to align with Treasury Department guidance.

  15. IRM 1.4.31.1.7, Acronyms, moved content from IRM 1.4.31.5, Acronyms, to provide those related to the Quality Assurance Program.

  16. IRM 1.4.31.1.8, Related Resources, moved content from IRM 1.4.31.11, Related Resources, to provide Quality Assurance Program links to oversight agency guidance and IRMs.

(2) IRM 1.4.31.2, IRS Quality Assurance Program Framework, moved and updated content from IRM 1.4.31.7, IRS Quality Assurance Program Framework, that describes the Quality Assurance Program components.

(3) IRM 1.4.31.2.1, Executive Oversight, added Treasury Department guidance regarding the IRS senior assessment team.

(4) IRM 1.4.31.2.2, Managerial Assertions, moved and updated content from IRM 1.4.31.7.1, Managerial Assertions, to address the internal control questionnaires, surveys and certification instruments.

(5) IRM 1.4.31.2.3, Quality Assurance Reviews moved and updated content from IRM 1.4.31.7.2, Quality Assurance Reviews, to address managerial, operational, program and quality assurance reviews completed by the operating/functional divisions.

(6) IRM 1.4.31.2.4, Policy and Guidance, changed the subsection name, moved and updated content from IRM 1.4.31.7.4, Policy and Guidance, to describe the Quality Assurance Program activities.

(7) IRM 1.4.31.2.5, Annual Assurance Statement, moved and updated content from IRM 1.4.31.7.5, changed the subsection name and updated content for modified and unmodified assurance.

(8) IRM 1.4.31.3, Quality Assurance Memoranda, created a new subsection and moved content from IRM 1.4.31.6.2, CFO Program Roles and Responsibilities, to describe the memoranda used by the Quality Assurance Program.

(9) IRM 1.4.31.3.1, Quality Assurance Call Memorandum, created a new subsection to describe the purpose and business unit notifications.

(10) IRM 1.4.31.3.2, Annual Assurance Call Memorandum, created a new subsection and updated content for Attachment 2, Identification of Quality Assurance Reviews.

(11) IRM 1.4.31.4, Quality Assurance Review Listing, created a new subsection to discuss the quality assurance review listing previously called the quality assurance catalog and moved content from IRM 1.4.31.8, Quality Assurance Program Process, and Procedures. Added new content including the Quality Assurance Review Listing components and risk ranking for each review.

(12) IRM 1.4.31.4.1, Identification of IRS Quality Assurance Reviews, created a new subsection and added new content on how the Quality Assurance Review Listing is updated by the annual assurance call memorandum submissions from the Form 14750, IRS Quality Assurance Review Questionnaire.

(13) IRM 1.4.31.4.2, Federal Manager’s Financial Integrity Act Sampling, created a new subsection and added new content on how the Quality Assurance Review Listing is updated by reviews from the new FMFIA sampling of IRS manager’s certifications of the status of internal controls within their purview.

(14) IRM 1.4.31.4.3, New Initiatives, created a new subsection and added new content on how the Quality Assurance Review Listing is updated by new initiatives identified by the Management Control Executive Steering Committee (MC ESC) or the Senior Executive Team (SET).

(15) IRM 1.4.31.5, Quality Assurance Forms, created a new subsection that provides the three officially published IRS quality assurance forms used for the review process.

(16) IRM 1.4.31.5.1, Form 14750, IRS Quality Assurance Review Questionnaire, moved content from IRM 1.4.31.8.3, Quality Assurance Review Checklist, and added new content for purpose, instruction and examples.

(17) IRM 1.4.31.5.2, Form 14750-A, IRS Quality Assurance Review Checklist, created a new subsection and related content that describes the form used to complete Quality Assurance Reviews.

(18) IRM 1.4.31.5.3, Form 14750-B, IRS Quality Assurance Review Notification, created a new subsection and content that describes the form used by CFO to provide status to the operating/functional divisions selected for review.

(19) IRM 1.4.31.6, Quality Assurance Program Review Process and Procedures, moved and updated content from IRM 1.4.31.8, Quality Assurance Program Review Process and Procedures, used in the Quality Assurance Program.

(20) IRM 1.4.31.6.1, Timing of Reviews, moved and updated content from IRM 1.4.31.8.1, Review Timing, to provide the Quality Assurance Program review dates.

(21) IRM 1.4.31.6.2, Review Selection Criteria moved and updated content from IRM 1.4.31.8.3, Review Selection Criteria, to include prior year selection elimination and A-123 transactions testing.

(22) IRM 1.4.31.6.3, Review Selection Notification, created a new subsection and content that describes how the operating/functional divisions receive e-mail notification on which reviews have been selected for the fiscal year and related attachments such as the Form 14750, IRS Quality Assurance Review Questionnaire.

(23) IRM 1.4.31.6.4, Volunteer Review Team Training, changed the title, moved and updated content from IRM 1.4.31.8.4, Review Team Selection and Training, to detail introductory training, mini-refresher training and ad hoc open calls where a variety of topics are discussed.

(24) IRM 1.4.31.6.5, Review Methodology, moved and updated content from IRM 1.4.31.8.5, Review Methodology, including instructions on the use of one Form 14750-A, IRS Quality Assurance Review Checklist per review.

(25) IRM 1.4.31.6.6, Review Documentation, moved and updated content from IRM 1.4.31.8.6, Review Documentation, describing documentation characteristics.

(26) IRM 1.4.31.6.7, Records Retention, moved and updated content from IRM 1.4.31.8.7, Records Retention, adding a description of CCH Teammate audit software used for documentation.

(27) IRM 1.4.31.7, Identifying and Developing Quality Assurance Reviews, moved, updated content and changed the title from IRM 1.4.31.10, Developing Quality Assurance Reviews, to assist operating/functional divisions in determining whether to develop reviews and describe what components should be included.

(28) Minor editorial changes have been made throughout the document.

Effect on Other Documents

IRM 1.4.31, dated August 8, 2015, is superseded. This IRM supports IRM 1.4.2, Resource Guide for Managers, Monitoring and Improving Internal Control.

Audience

All IRS Managers

Effective Date

(12-15-2017)

Ursula S. Gillis
Chief Financial Officer

Program Scope and Objectives

  1. This IRM provides guidance on the processes and procedures for the IRS Quality Assurance Program designed to support the annual assurance statement required by the Federal Managers' Financial Integrity Act (FMFIA) and activities defined by OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, Appendix A: Internal Control over Financial Reporting.

  2. Purpose: The IRS Quality Assurance Program identifies and assesses the many management, operational, program and quality assurance internal control reviews completed by the operating/functional divisions.

  3. Audience: All IRS managers.

  4. Policy Owner: The Chief Financial Officer (CFO) developed and maintains this IRM. CFO develops internal control policy, performs A-123 internal control testing, and conducts compliance reviews and program evaluations to pursue an unmodified audit opinion on IRS financial statements. CFO also provides audit-focused training, business-practice development, audit policy, and oversight.

  5. Primary Stakeholders: This policy and these procedures apply to IRS managers responsible for creating and monitoring the results of management, operational, program and quality assurance internal control reviews.

  6. Program Goals: The IRS Quality Assurance Program supports the Annual Assurance Statement signed by the Commissioner and submitted to the Department of the Treasury as required by the FMFIA on the IRS status of internal controls.

Background

  1. Quality assurance is a planned, systematic approach designed to provide confidence that programs, products, policies, and procedures will conform to established requirements throughout their life cycle. The term “product" is used in this IRM to describe processes and systems developed, produced, and acquired by the IRS to carry out critical missions and functions.

  2. Quality assurance identifies unsatisfactory trends and conditions, prevents defects and non-conformances, and corrects factors to contribute to improved processes and outcomes.

  3. Quality assurance uses a variety of administrative, analytical, and technical methods and techniques to enhance the excellence and reliability of products and services. The IRS approach to quality assurance addresses an entire range of activities described for each functional program and/or a variety of systematic activities designed to identify and prevent defective or ineffective processes, and to verify that processes are acceptable and perform as intended.

  4. Recently, a number of factors have exerted a significant influence on the federal government’s quality assurance programs such as:

    1. Internal control requirements

    2. Advances in technology

    3. More sophisticated and complex products and services, such as new software

    4. Greater concern for reliability, user satisfaction, and security

    5. More emphasis on economy, timely delivery, and the cost of quality

    6. More stringent quality and reliability requirements

  5. Quality assurance reviews give the IRS added assurance that it is adhering to internal control and management guidance, standards, regulations, and legislation through a formal objective assessment process. Quality assurance reviews evaluate and document internal control activities over financial reporting in:

    1. Annual financial statements

    2. Other significant internal or external financial reports

    3. Compliance with laws and regulations related to those financial reports

Authorities

  1. Federal Managers' Financial Integrity Act (FMFIA) of 1982

  2. Standards for Internal Control in the Federal Government (Green Book) GAO-14-704G

  3. OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control

  4. Treasury Department Requirements

  5. Government Auditing Standards (Yellow Book) GAO-17-313SP

  6. IRM 1.4.2, Monitoring and Improving Internal Control.

  7. IRM 1.4.3, IRS Guidance for Implementing OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, Appendix A: Internal Control Over Financial Reporting.

Federal Managers’ Financial Integrity Act
  1. The Federal Managers' Financial Integrity Act (FMFIA) requires each executive agency to establish internal accounting and administrative controls. These controls provide reasonable assurance that:

    1. Obligations and costs comply with applicable law.

    2. Funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation.

    3. Revenues and expenditures applicable to agency operations are properly recorded and accounted permitting the preparation of accounts, reliable financial and statistical reports, and maintaining accountability over assets.

  2. The FMFIA is a response to continuing disclosures of waste, loss, unauthorized use, and misappropriation of funds or assets associated with weak internal control and accounting systems. This law includes program, operational, and administrative areas, as well as accounting and financial management. The Act requires agency heads to submit an annual statement of assurance to the President and Congress on the adequacy of internal control and actions taken to correct identified weaknesses. Each annual statement must also include a report on whether the agency's accounting system conforms to the principles, standards, and other related FMFIA requirements.

  3. The FMFIA requires Federal agency managers to establish internal accounting and administrative controls according to Government Accountability Office (GAO) standards. The FMFIA further requires Federal agency managers to annually:

    1. Evaluate and report on the effectiveness of internal control and financial accounting systems according to FMFIA Sections 2 and 4 respectively.

    2. Evaluate whether their agency’s internal controls comply with GAO’s standards according to Office of Management and Budget (OMB) guidelines.

    3. Issue a statement of assurance and indicate full compliance or non-compliance.

  4. IRS management, operational, program and quality assurance reviews conducted by operating/functional divisions support internal accounting and administrative controls prescribed by FMFIA.

Government Accountability Office (GAO) Standards for Internal Control in the Federal Government (Green Book)
  1. As required by FMFIA, GAO established the Standards for Internal Control in the federal government. The standards provide the overall framework for establishing and maintaining internal control, and for identifying and addressing performance and management challenges and areas at greatest risk of fraud, waste, abuse, and mismanagement.

  2. The overall internal control framework is illustrated below:

    Figure 1.4.31-1

    This is an Image: 66821002.gif
     

    Please click here for the text description of the image.

  3. The standards comprise a major part of managing an organization, including plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. The three-column table below describes GAO's standards for internal control in the Federal Government. The first column identifies the standard number, the second column lists the standard, and the third column describes the standard.

    GAO’s Standards for Internal Control in the Federal Government
    No. Standard Standard Description
    1. Control Environment The control environment is the foundation for an internal control system. It provides the discipline and structure, which affect the overall quality of internal control. It influences how objectives are defined and how control activities are structured. The oversight body and management establish and maintain an environment throughout the entity that sets a positive attitude toward internal control.
    2. Risk Assessment Having established an effective control environment, management assesses the risks facing the entity as it seeks to achieve its objectives. This assessment provides the basis for developing appropriate risk responses. Management assesses the risks the entity faces from both external and internal sources.
    3. Control Activities Control activities are the actions management establishes through policies and procedures to achieve objectives and respond to risks in the internal control system, which includes the entity’s information system.
    4. Information and Communications Management uses quality information to support the internal control system. Effective information and communication are vital for an entity to achieve its objectives. Entity management needs access to relevant and reliable communication related to internal as well as external events.
    5. Monitoring Internal control monitoring assesses the quality of performance over time and promptly resolves the findings of audits and other reviews. Corrective actions are a necessary complement to control activities in order to achieve objectives.
  4. Policymakers and program managers are continually seeking ways to improve accountability in achieving an entity’s mission. A key factor in improving accountability in achieving an entity’s mission is to implement an effective internal control system. An effective internal control system helps an entity adapt to shifting environments, evolving demands, changing risks, and new priorities. As programs change and entities strive to improve operational processes and implement new technology, management continually evaluates its internal control system so that it is effective and updated when necessary.

OMB Circular A-123
  1. OMB Circular A-123 provides specific requirements for assessing and reporting on controls in the federal government. The term internal control in this document covers all aspects of an entity’s objectives for operations, reporting, and compliance. The circular:

    1. Requires Federal managers to take systematic and proactive measures to develop and implement appropriate internal control for results-oriented management.

    2. Describes the requirements of FMFIA as "an umbrella under which other reviews, evaluations, and audits should be coordinated and considered to support management’s assertion about the effectiveness of internal control over operations, financial reporting, and compliance with laws and regulations."

      Note:

      "Other reviews" that FMFIA reporting should coordinate and consider include activities under the Government Performance and Results Act Modernization Act (GPRAMA), such as developing strategic plans, setting performance goals and measures, and reporting annually on actual performance results compared to goals.

  2. OMB Circular A-123 states:

    1. "Internal control guarantees neither the success of agency programs, nor the absence of waste, fraud, and mismanagement, but is a means of managing the risk associated with Federal programs and operations." By including "programs and operations," OMB emphasizes goals set by the organization, risks agencies face in meeting those goals, whether agencies have identified and assessed risks, and whether agencies have taken steps to manage those risks.

    2. "Management is responsible for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations. Management shall consistently apply the internal control standards to meet each of the internal control objectives and to assess internal control effectiveness. When assessing the effectiveness of internal control over financial reporting and compliance with financial-related laws and regulations, management must follow the assessment process contained in Appendix A. Annually, management must provide assurances on internal control in its Agency Financial Report, including a separate assurance on internal control over financial reporting, along with a report on identified material weaknesses and corrective actions."

  3. Appendix A of Circular A-123 requires Federal agencies to assess effectiveness of internal control over financial reporting separately.

  4. Additional FMFIA policy is issued in OMB Circular A-123, Appendix D, Compliance with the Federal Financial Management Improvement Act of 1996, governing agencies’ financial management systems. Financial management systems must be in place to process and record financial events effectively and efficiently and provide complete, timely, reliable, and consistent information for decision makers and the public. In support of these objectives, each agency must establish and maintain a single integrated financial management system that complies with internal control standards, among other requirements, as defined in OMB Circular A–123 and successor documents. See OMB Circular A-123, Appendix D.

  5. According to the OMB Circular A-123 Implementation Guide:

    1. Federal agencies are subject to numerous legislative and regulatory requirements that promote and support an effective internal control framework. Similarly, numerous reviews are performed by management, or on management’s behalf, throughout the year to comply with various laws and regulations.

    2. Agencies should strive to integrate control-related activities within the control framework outlined in Circular A-123. In particular, management should identify opportunities to integrate and coordinate in order to leverage the internal reviews already being performed.

      Example:

      Internal reviews are required by the Federal Information Security Management Act of 2002 (FISMA) and the Improper Payments Elimination and Recovery Act (IPERA) of 2010. Management should consider the results of these reviews to identify gaps between baseline control activities, the documentation, and the assessment process for financial reporting.

    3. The results of the work performed under these laws may also be used to support management’s assertion as to the effectiveness of the internal control. The desired approach would be to design the testing and assessment to accomplish all requirements in the most efficient manner.

Treasury Department Requirements
  1. Treasury’s governance for internal control initiatives under FMFIA states; "that Bureaus and Offices are responsible for following the guidance and are required to prepare and submit their respective assurance statements in support of Treasury Secretary’s annual assurance statement."

  2. The Quality Assurance Program follows the Department of the Treasury Guidance (issued annually) that:

    1. Presents the background for OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control, Appendix A.

    2. Describes the updated methodology for the fiscal year assessment plan describing the overall approach for the documentation, testing, and assessment of internal control over financial reporting.

    3. Provides definitions and assessment parameters defining key factors of the plan, presents the implementation of the testing plan, and describes the actions to be taken to execute the methodology.

    4. Provides summary information on the Department of the Treasury annual assurance statement guidance that is distributed by the Office of the Treasury Deputy Chief Financial Officer (TDCFO) in July.

    5. Presents the fiscal year timeline displaying the guidance critical dates.

Responsibilities

  1. This section provides responsibilities for:

    1. IRS Operating/Functional Divisions

    2. Enterprise Risk Management Program Office

    3. Chief Financial Officer (CFO)

    4. Statistics of Income (SOI)

IRS Operating and Functional Division Program Roles and Responsibilities
  1. The operating/functional divisions are responsible for internal controls and implementing quality assurance programs. The goal is to create independent quality assurance processes complimentary to, but separate from, the CFO Quality Assurance Program, including:

    1. Interpreting internal control and quality assurance policy and providing general technical guidance and direction to executives and managers.

    2. Completing the annual GAO Internal Control Evaluation Tool.

    3. Identifying and developing quality assurance reviews for their organizations to meet internal control objectives such as management, operational, program and quality assurance reviews based on strategic and performance goals.

    4. Submitting the Form 14750, IRS Quality Assurance Review Questionnaire for each identified management, operational, program and quality assurance review.

    5. Identifying the executives responsible for internal control in their operating/functional divisions.

    6. Identifying Quality Assurance Program review volunteers for their organizations to participate as reviewers in the IRS quality assurance reviews led by the CFO.

    7. Advising all executives and managers of internal control and quality assurance review requirements including coordinating the FMFIA Managers' Assessment annual internal control certifications and reporting activities.

    8. Providing input to the CFO on best practices and IRM guidance updates for quality assurance reviews.

    9. Developing and presenting appropriate quality assurance training for their organizations.

    10. Tracking and addressing open GAO, Treasury Inspector General for Tax Administration (TIGTA) and A-123 audit findings and recommendations.

Enterprise Risk Management Roles and Responsibilities
  1. The Enterprise Risk Management Program supports the identification, assessment, and mitigation of risks, and provides senior management the information necessary to make sound decisions.

  2. In evaluating the effectiveness of operating/functional division’s management, program, operational and quality assurance reviews, review volunteers seek to address enterprise risks in completing the Form 14750-A, IRS Quality Assurance Review Checklist.

Chief Financial Officer Roles and Responsibilities
  1. The CFO develops financial management policy and procedures, and performs A-123 testing and program evaluations as part of the IRS clean audit approach. The CFO provides overall program direction for the IRS Quality Assurance (reviews) and Annual Assurance (FMFIA Manager’s Assessment) programs including developing and implementing policy, training, and reports to executive leadership.

  2. The CFO Quality Assurance Program responsibilities include:

    1. Establishing and documenting the Quality Assurance Program framework and related components.

    2. Developing the annual Quality Assurance Program project timeline and plan, that identifies yearly tasks, new projects, due dates, and points of contact to conduct the continuous Quality Assurance Program reviews.

    3. Issuing the Quality Assurance Call Memorandum and the Annual Assurance Call Memorandum to operating/functional divisions for the quality assurance process review.

    4. Developing the annual Quality Assurance Program communications plan.

    5. Updating and maintaining the Quality Assurance Review Listing through operating/functional division submissions of Form 14750, IRS Quality Assurance Review Questionnaires, as part of the Annual Assurance Review process and the FMFIA sampling of IRS managers who complete the annual FMFIA Manager's Assessment.

    6. Updating the Tactical Review Assessment Plan (TRAP).

    7. Collaborating with operating/functional divisions to identify best practices and program improvements.

    8. Providing Quality Assurance Program liaisons with procedures for conducting the annual quality assurance reviews.

    9. Developing and maintaining Electronic Learning Management System (ELMS) training courses for the IRS Quality Assurance Program.

    10. Maintaining a website with references for training, new program policy, frequently asked questions, and program updates.

    11. Updating the IRS Quality Assurance Program IRM.

    12. Maintaining records retention of work papers for the annual quality assurance reviews.

    13. Tracking the status of open review findings and recommendations.

    14. Providing the quality assurance review executive updates to the Management Controls Executive Steering Committee (MC ESC).

Statistics of Income (SOI) Program Roles and Responsibilities
  1. SOI assists in the Quality Assurance Program reviews by:

    1. Providing review selections based on CFO criteria when requested (Quality Assurance and FMFIA sample).

    2. Developing and maintaining procedures for review selection.

    3. Working with the CFO to gather all information necessary to implement the sample selection procedures.

Program Management and Review

  1. Program Reports: The Quality Assurance Program reports include:

    1. Management Controls Executive Steering Committee (MC ESC) briefings

    2. Deputy Commissioner Business Performance Reviews (BPR)

    3. Review results notifications to the operating/functional divisions on Form 14750-B, IRS Quality Assurance Review Notification

    4. Quality Assurance Program Timeline

    5. Quality Assurance Program Communications Plan

  2. Program Effectiveness: The Quality Assurance Program effectiveness is determined by the:

    1. Ability to support the Annual Assurance Statement signed by the IRS Commissioner and submitted to the Treasury Department on the status of internal controls.

    2. Ability to survey the universe of potential reviews adequately.

    3. Continuous program improvement based on best practices discussions with operating/functional division discussions, such as the Quality Assurance Program enhancements including the FMFIA sampling, developing and updating official IRS forms used in the review process and providing case studies and instructions.

    4. Quality Assurance Program training and increased managerial awareness of internal controls.

  3. All Quality Assurance Program documentation and reports are stored on the CFO shared drive and in CCH Teammate, as appropriate.

Program Controls

  1. Access to the Quality Assurance Program information stored on the CFO shared drive, in SharePoint and on CCH Teammate is protected by limiting access to those individuals that manage the program.

Definitions

  1. Annual FMFIA Managers’ Assessment - A manager's review of the effectiveness of controls within his/her area of responsibility and the documentation of that review through written and signed certifications. The involvement of each level of management in certifying the control environment within his/her sphere of operations assists in identifying risks at all levels. All managers and executives must complete the FMFIA Managers’ Assessment.

  2. Assurance Statement - A managerial certification that represents an informed judgment as to the overall adequacy and effectiveness of internal control.

  3. Continuous Monitoring - A process and technology used to detect compliance and risk issues associated with an agency’s financial and operational activities.

  4. Corrective Action Plan - Describes the specific ineffective control weaknesses and the actions necessary for resolution. Plans should include the specific steps to correct the root causes of the weaknesses, responsible individuals and organizations, completion dates, and a description of testing or validation methods to ensure findings were appropriately addressed. For any internal controls over financial reporting deemed ineffective as a result of testing and not resolved by June 30, bureaus must develop and submit corrective action plans to the Department.

  5. Effective Controls - Designed to safeguard assets, check the accuracy and reliability of accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies.

  6. Enterprise Risk Management (ERM) - A discipline that addresses the full spectrum of an organization’s risks, including challenges and opportunities, and integrates them into an enterprise-wide, strategically aligned portfolio view. ERM contributes to improved decision making and supports the achievement of an organization’s mission, goals, and objectives.

  7. Financial Audit: IRS's Fiscal Year Financial Statements (The Blue Book) - GAO annually audits the IRS financial statements to determine whether the financial statements are fairly presented and IRS management maintained effective internal control over financial reporting. GAO also tests IRS compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements.

  8. Financial Statement Assertions - Are representations by management embodied in the financial statements and other financial reports of components can be classified in the following broad categories:

    1. Presentation and Disclosure - Addresses whether particular components of the financial statements are properly classified, described, and disclosed.

    2. Existence and Occurrence - Addresses whether assets or liabilities of the entity exist at a given date and whether recorded transactions have occurred during a given period.

    3. Rights and Obligations - Addresses whether assets or liabilities of the entity exist at a given date and whether recorded transactions have occurred during a given period.

    4. Completeness and Accuracy - Addresses whether all transactions and accounts that should be presented in the financial statements are so included.

    5. Valuation and Allocation - Addresses whether asset, liability, net position, revenue, and expense components have been included in the financial statements at appropriate amounts.

  9. Finding - An observation of the internal control results from evaluating the collected audit evidence against audit criteria. Audit findings indicate conformity or nonconformity. If the audit criteria are selected from legal or other requirements, the audit finding is either compliance or non-compliance. If a significant issue is identified during the audit, the issue is classified as a finding. Findings include the criteria or basis for determining that a problem exists, a condition or situation that was observed, the effect of the condition, and the root cause of the problem to the extent that it can be determined. Findings should result in recommendations that resolve the issue and are helpful to management. For Quality Assurance review purposes, recommendations should be actionable items.

  10. Government Accountability Office (GAO) - An independent, nonpartisan agency that works for Congress. GAO investigates how the federal government spends taxpayer dollars. The GAO mission is to support the Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. GAO provides Congress with timely information that is objective, fact-based, nonpartisan, non-ideological, fair, and balanced.

  11. Government Auditing Standards (The Yellow Book) - Provides guidance for conducting high quality audits with competence, integrity, objectivity, and independence. The GAO Yellow Book is used by auditors of government entities that receive government awards, and other audit organizations performing Yellow Book audits.

  12. Internal Control - A process used by management to help an entity achieve its objectives. Internal control helps an entity run its operations efficiently and effectively, report reliable information about its operations, and comply with applicable laws and regulations.

  13. Judgmental sample - is a non-probability sample of a population where the results do not project to the entire population.

  14. Management Controls - A term used interchangeably with internal controls.

  15. Management Controls Executive Steering Committee (MC ESC) - An advisory committee to the IRS Commissioner, chaired by the Deputy Commissioner for Operations Support, that has overall responsibility for determining that the IRS has an effective internal control program in place.

  16. Methodology - A documented process for applying standards when assessing, documenting, and reporting on internal control over financial reporting.

  17. OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control - Provides guidance to agencies and individual federal managers on taking systematic and proactive measures to:

    1. Develop and implement appropriate, cost-effective internal control for results-oriented management.

    2. Assess the adequacy of internal control in federal programs and operations.

    3. Assess and document internal control over financial reporting.

    4. Identify needed improvements and take corresponding corrective action.

    5. Report annually on internal control through management assurance statements.

  18. Operating/Functional Divisions - The IRS areas organized around customers with similar needs. The scope of IRS operations includes collecting individual and corporate taxes, examining returns, assisting taxpayers, and servicing tax-exempt organizations.

  19. Quality Assurance (QA) - A planned, systematic approach to provide confidence that programs, processes, products and services will conform to established requirements throughout their life cycle.

  20. Risk - An event that may occur and affect the achievement of a business objective.

  21. Risk Assessment - A process allowing an entity to consider the extent that potential events will affect the achievement of objectives.

  22. Standards for Internal Control in the Federal Government (Green Book) - Sets internal control standards for federal entities. An entity uses the Green Book to design, implement, and operate internal controls to achieve its objectives related to operations, reporting, and compliance as required by the FMFIA. The Green Book requires that management:

    1. Develops and maintains documentation of its internal control system.

    2. Creates policies stating the organization’s internal control responsibilities.

    3. Documents and evaluates ongoing monitoring and separate evaluations to identify issues, corrective actions, and remediation, in a timely fashion.

    4. Support for any principle deemed relevant to the agency.

    Those who use the Green Book are:

    1. Program managers at federal agencies,

    2. Inspector general staff conducting a financial or performance audit,

    3. Independent public accountants conducting audits of expenditures of federal dollars to state agencies, or

    4. Compliance officers responsible for making sure that personnel have completed required training.

  23. Structured Management Review (SMR) - A review of documented continuous monitoring activities including quality assurance reviews or other independent internal reviews put in place to cover many IRS internal control activities during the normal course of operations.

  24. Tactical Review Assessment Plan (TRAP) - An overarching review plan for selected quality assurance reviews that will occur during a fiscal year. The TRAP includes standard operating procedures for the selection criteria, risk assessment, and rotation schedule.

  25. Treasury Inspector General for Tax Administration (TIGTA) - The organization established under the IRS Restructuring and Reform Act of 1998 to provide independent oversight of IRS activities. TIGTA promotes the economy, efficiency, and effectiveness in administering the internal revenue laws. It is also committed to the prevention and detection of fraud, waste, and abuse within the IRS and related entities.

  26. Work papers - Are the records and documentation of management, operational, program and quality assurance reviews. They represent all quality assurance materials, including, but not limited to:

    1. Operating/functional division training material

    2. Completed Forms 14750-A, IRS Quality Assurance Review Checklist

    3. Completed Forms 14750, IRS Quality Assurance Questionnaire

    4. IRM extracts and/or references

    5. Operating/functional division’s standard operating procedures

    6. Review reports provided by the selected operating/functional division

    7. Copies of TIGTA or GAO audit findings and recommendations

    8. Latest FMFIA Managers’ Assessment

    9. GAO Internal Control Evaluation Tool, if applicable

    10. Reviewer notes, findings, and recommendations

Acronyms

  1. This IRM contains the following acronyms and meanings:

    Acronym Meaning
    ACFO Associate Chief Financial Officer
    AFR Agency Financial Report
    BUN Business Unit News (IRWeb)
    CFO Chief Financial Officer
    ELMS Enterprise Learning Management System
    ERM Enterprise Risk Management
    FISMA Federal Information Security Management Act
    FMFIA Federal Managers’ Financial Integrity Act
    FOD Functional Operating Division
    FY Fiscal Year
    GAO Government Accountability Office
    GPRAMA Government Performance and Results Act Modernization Act
    IFS Integrated Financial System
    IPERA Improper Payments Elimination and Recovery Act
    MC ESC Management Controls Executive Steering Committee
    MIO Management Information Only
    NTA National Taxpayer Advocate
    OCS Office Communications Server
    OMB Office of Management and Budget
    PII Personally Identifiable Information
    QA Quality Assurance
    RCG Risk and Control Group (Treasury Department)
    RRACS Redesign Revenue and Accounting System
    SAT Senior Assessment Team
    SBU Sensitive But Unclassified
    SET Senior Executive Team
    SMR Structured Management Review
    SOI Statistics of Income
    SOPs Standard Operating Procedures
    TDCFO Treasury Deputy Chief Financial Officer
    TIGTA Treasury Inspector General for Tax Administration
    TRAP Tactical Review Assessment Plan
    UWR Unified Work Request

Related Resources

  1. OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control.

  2. Federal Managers' Financial Integrity Act (FMFIA) of 1982.

  3. Government Accountability Office (GAO) Comptroller General.

  4. Financial Audit: IRS's Fiscal Year Financial Statements (The Blue Book).

  5. Government Auditing Standards (The Yellow Book).

  6. Standards for Internal Control in the Federal Government (Green Book).

  7. Federal Information Security Management Act of 2002 (FISMA).

  8. Improper Payments Elimination and Recovery Act (IPERA) of 2010.

  9. IRM 1.15.2, Records and Information Management, Types of Records and Their Life Cycles.

  10. IRM 1.4.2, Monitoring and Improving Internal Control).

  11. IRM 1.4.3, IRS Guidance for Implementing OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control, Appendix A: Internal Control Over Financial Reporting.

  12. The Quality Assurance Review Listing plus instructions and examples of the Form 14750, IRS Quality Assurance Questionnaire and Form 14750-A, IRS Quality Assurance Review Checklist are available on the CFO website under the Quality Assurance Program section.

IRS Quality Assurance Program Framework

  1. The IRS Quality Assurance Program goal is to support the Annual Assurance Statement signed by the Commissioner and submitted to the Treasury Department, as required by the FMFIA.

  2. The IRS Annual Assurance Statement is supported by the:

    1. FMFIA Managers’ Assessment on the status of internal controls within the manager’s purview

    2. A-123 internal control testing results for specified transactions

    3. GAO Internal Control Evaluation Tool

    4. Quality assurance reviews that assess the status of internal controls for selected reviews

    5. Material weakness remediation plan (as necessary)

  3. The table below describes the elements that support the Annual Assurance Statement.
    The first column identifies the name of the element and the second column provides a description of the element.

    Element Description
    FMFIA Managers’ Assessment IRS managers’ certifications are signed and dated by on or around July 31 that assess the effectiveness of internal control and identify any potential risks. These managers’ certifications are submitted to the CFO as part of the Annual Assurance process.
    A-123 Internal Control Testing Results A-123 tests use OMB guidance and the Treasury Department’s methodology to assess internal control over financial reporting at the transaction level for:
    • Budget and Finance

    • Accounting

    • Purchasing

    • Accounts Payable and Payments

    • Sales, Accounts Receivable, and Collections

    • Management of Assets and Liabilities

    • Reporting and Information

    • Information Technology

    The methodology includes the operational environment of internal control, such as:
    • Financial reporting compilation and preparation

    • The control environment

    • Compliance with laws and regulations

    • Audit report findings and recommendations

    Internal control testing occurs as of June 30th (interim) and September 30 (4th quarter).
    Quality Assurance Program Reviews Within the Quality Assurance Program framework is an assessment of selected management reviews, operational reviews/program evaluations, and quality assurance reviews performed by the operating/functional divisions to meet performance and internal control goals and objectives. Quality Assurance Program Reviews occurs between February and June.
    GAO Internal Control Evaluation Tool (Abbreviated) The Evaluation Tool is based upon the guidance provided in the GAO Standards for Internal Control in the Federal Government (Green Book). The Green Book provides the context for the use and application of the checklist. The Evaluation Tool is completed in the first two quarters of the fiscal year.
    Material Weakness Remediation plan (as necessary) The IRS monitors material weaknesses and prepares corresponding corrective action plans. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, timely. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements timely.
  4. The IRS Quality Assurance Program catalogs the body of work in management, operational, program and quality assurance internal control reviews performed by the operating/functional divisions designed to support internal control objectives and continuously improve programs. The Quality Assurance Review Listing documents those reviews. The Quality Assurance Program consists of the following components:

    1. Executive oversight

    2. Managerial assertions

    3. Quality assurance reviews

    4. Policy and guidance

    5. Annual Assurance Statement

    Figure 1.4.31-2

    This is an Image: 66821001.gif
     

    Please click here for the text description of the image.

Executive Oversight

  1. The Quality Assurance Program executive oversight component fulfills a critical management and integration function for financial and internal/management controls. Led by the Deputy Commissioner for Operations Support, the Management Controls Executive Steering Committee (MC ESC) is an advisory committee comprised of operating/functional division senior executives who have overall responsibility for determining that the IRS has an effective internal control program. The MC ESC serves as the IRS Senior Assessment Team (SAT) governs the IRS internal control program. The SAT includes individuals from all parts of the organization who may affect internal controls over financial reporting, including strategic, operational (including Information Technology (IT)), financial, and programmatic aspects.

  2. The MC ESC meets quarterly and provides a top leadership perspective addressing important cross-functional issues and advising the Commissioner and Deputy Commissioners.

Managerial Assertions

  1. The Quality Assurance Program managerial assertions component leverages existing internal control questionnaires, surveys, and certification instruments to reduce managerial burden. These instruments include:

    1. Government Accountability Office (GAO) Internal Control Evaluation Tool. This tool assesses the organizational status of internal control and is based on GAO's Standards for Internal Control in the Federal Government, that was issued to assist agencies in maintaining or implementing effective internal control and to help determine what, where, and how improvements can be implemented. The tool provides a systematic, organized, and structured approach to assessing the internal control structure. The five sections of the checklist correspond to the five standards for internal control (control environment, risk assessment, control activities, information and communications, and monitoring). Each section contains a list of major factors to be considered when reviewing internal control as it relates to the particular standard. These factors represent some of the more important issues addressed by the standard. Included under each factor are points and subsidiary points that users should consider when addressing the factor. The points and subsidiary points are intended to help IRS managers consider specific items that indicate the degree to which internal control is functioning based on an informed judgment. This tool is assembled and completed within the first two quarters of the fiscal year.

    2. FMFIA Managers’ Assessment. This questionnaire is an individual manager’s assessment of the status of internal control based on the administrative controls within their purview. IRS managers report to the CFO through the Annual Assurance Review process. The compilation of the managers' certifications is the basis for the Commissioner’s annual assurance statement required by the FMFIA. These certifications are signed and dated by IRS managers on or around July 31.

Quality Assurance Reviews

  1. The quality assurance reviews component of the Quality Assurance Program validates the operating/functional divisions' assessments of the effectiveness of IRS operational and internal control by selecting a number of:

    1. Management and operational reviews

    2. Program evaluations

    3. Quality assurance reviews

  2. The quality assurance reviews are generally completed between February and June using Form 14750-A, IRS Quality Assurance Review Checklist, and are based on documentation from:

    1. Quality assurance reviews conducted throughout the IRS to carry out its critical mission and functions

    2. Review policy and guidance

    3. Review reports that detail the area reviewed and the results

    4. FMFIA Managers' Assessment results

    5. Enterprise Risks

    6. GAO, TIGTA and/or A-123 audit findings and/or recommendations

    7. GAO Internal Control Evaluation Tool results, as applicable

  3. The quality assurance reviews are completed annually by operating/functional division review volunteers.

  4. The quality assurance review findings and recommendations are documented and presented to the:

    1. Operating/functional division quality assurance point of contact

    2. Program executive responsible for the area

    3. MC ESC

  5. Work papers and review documentation are stored electronically on the CFO shared drive, the Quality Assurance SharePoint site and/or in the CCH Teammate audit software.

Policy and Guidance

  1. The policy and guidance component of the Quality Assurance Program addresses the CFO duties for developing:

    1. IRM and standard operating procedures (SOPs)

    2. Sample selection, risk assessment, and rotation schedule

    3. Quality Assurance Review Listing

    4. Volunteer review team training and Electronic Learning Management System (ELMS) training

    5. Program forms (in the Form 14750 series)

    6. Documentation including memoranda, findings, and recommendations

    7. Reference material and website maintenance

    8. Retention and storage

Annual Assurance Statement

  1. The assurance statement is a certification that represents the IRS Commissioner's informed judgment as to the overall adequacy and effectiveness of internal control. The Commissioner will provide one of the following:

    1. Unmodified statement of assurance: There are no material weaknesses or lack of substantial compliance reported. All evidence indicates that the organization's controls are effective and operating as intended.

    2. Modified statement of assurance: The organization’s controls are generally effective and operating as intended, considering the exception(s) explicitly noted (one or more material weaknesses or lack of substantial compliance reported).

    3. Statement of no assurance: There are no processes in place or there are pervasive material weaknesses.

  2. The CFO takes the following steps in the annual assurance process:

    1. Request that the operating/functional divisions complete and return the GAO Internal Control Evaluation Tool during the months of January and February to evaluate the status of internal control within the operating/functional division.

    2. Complete A-123 internal control testing of key financial transactions as required by Treasury Department guidance.

    3. Assemble FMFIA Managers’ Assessment of internal control and assurance letters.

    4. Complete quality assurance reviews based on judgmental or random selection and updates the Quality Assurance Review Listing based on operating/functional divisions’ submissions of Form 14750, IRS Quality Assurance Review Questionnaire.

    5. Share the proposed IRS assurance statement with the MC ESC prior to submitting it to the Treasury Department with copies to TIGTA and GAO, when final.

Quality Assurance Memoranda

  1. The CFO issues the Quality Assurance Call Memorandum and the Annual Assurance Call Memorandum to the operating/functional divisions to:

    1. Announce the quality assurance review period for the fiscal year

    2. Obtain management, operational, program review and quality assurance reviews for the Quality Assurance Review Listing

    3. Identify operating/functional division executive responsible for internal control

    4. Identify review volunteers

Quality Assurance Call Memorandum

  1. The Quality Assurance Call Memorandum is signed by the Deputy Commissioner, Operations Support, and is generally issued between December and January.

  2. This memorandum announces the quality assurance review period for the fiscal year cycle and requests support from operating/functional divisions to assist in conducting quality assurance reviews by:

    1. Identifying an executive responsible for internal control for each operating/functional division. This designee will be notified of issues that arise during the quality assurance review and receive the completed review results. The Quality Assurance Executive Contact Listing is updated annually with information received from the operating/functional divisions.

    2. Designating staff to assist in the quality assurance process. These review volunteers will receive training and conduct the review(s) for each selected operating/functional division

      Note:

      While all operating/functional divisions are represented on the Quality Assurance Review Listing, not all are selected for review.

  3. An e-mail notification is prepared by the CFO and sent to Senior Executive Team members. The e-mail request includes a copy of the memorandum and an information request to provide the names of the executive responsible for internal control and the review volunteers.

  4. IRWeb Business Unit News (BUN) articles also provide general IRS awareness about the Quality Assurance Call Memorandum, the fiscal year selected reviews, and the submission deadlines.

  5. The Quality Assurance Call Memorandum, BUNs and executive contact listing are available on the CFO website under the Quality Assurance Program.

Annual Assurance Call Memorandum

  1. In FY 2012, the IRS Annual Assurance Process was expanded to identify key management reviews, operational reviews, program evaluations, and quality assurance reviews conducted by the operating/functional divisions to assess the effectiveness of IRS operational controls.

  2. The Annual Assurance Call Memorandum contains guidance issued to the Senior Executive Team (SET) on:

    1. Completing the annual FMFIA Managers’ Assessment of internal controls,

    2. Preparing the manager’s annual assurance memorandum, which is a one or two-page certification containing a specific statement on the status of internal control and corrective action plans for any newly identified significant control deficiencies, and

    3. Identifying their organization’s quality assurance reviews.

  3. The Annual Assurance Call Memorandum is generally issued in the third quarter of the fiscal year, between April and May with a submission due date around the end of July.

  4. Attachment 1 - Annual Assurance Review Process- requests that operating/functional divisions consider the results from management, operational, program, and quality assurance reviews as support for the annual certification. These reviews are the annual Federal Manager’s Financial Integrity Act (FMFIA) Managers’ Assessments that determine the effectiveness of internal controls within their area of responsibility and include the preparation of individual written certifications to support the overall operating/functional division’s certification.

  5. Attachment 2 - Identification of IRS Quality Assurance Reviews - requests that operating/functional divisions submit new quality assurance reviews that were not previously submitted. This includes identifying all quality assurance reviews that test or review work quality, measure quality of data, identify trends, problem areas, and improvements to program effectiveness in light of applicable directives, standards, and procedures. These reviews include work process, program, or operation management reviews, as well as operational reviews and site visits.

  6. Attachment 2 notifies operating/functional divisions that their management reviews, program evaluations, and quality assurance reviews may be selected for further review.

  7. The Annual Assurance Call Memorandum and Quality Assurance Review Listing are available on the CFO website under the Quality Assurance Program section.

Quality Assurance Review Listing

  1. The Quality Assurance Review Listing is an inventory of IRS internal control reviews in a workbook format. It is updated based on Forms 14750, IRS Quality Assurance Review Questionnaire submitted by the operating/functional divisions from:

    1. The Annual Assurance Call Memorandum request for the validation and verification of reviews on the QA Review Listing.

    2. The FMFIA sampling of selected managers who completed the FMFIA Managers’ Assessment.

    3. New IRS initiatives identified by the MC ESC or the SET.

  2. Key columns on the Quality Assurance Review Listing include:

    1. Organization Title - Naming the operating/functional division

    2. Organizational Code - Indicating the operating/functional division symbols. Large operating/functional divisions are encouraged to provide the lowest level of organization code possible to differentiate reviews with similar names.

      Example:

      OS: CFO denotes the Operations Support Deputy Commissioner area and the Chief Financial Officer

    3. Frequency - Providing whether the review occurs weekly, monthly, quarterly, annually, ad hoc, or some other frequency

    4. Quality Assurance Review Name - Providing the name of the operating/functional division review

      Example:

      Manual Interest Quality Review, Civil Penalty Quality Review, Lockbox IT Security Review

    5. Risk - Provides a risk rating of high, medium or low.

    The CFO assigns risk ratings as follows:

    1. High Risk - Denotes affirmative responses to questions 5, 6, 7 and 10.

    2. Medium Risk - Denotes Security and Financial related reviews or responses that may affect multiple operating/functional divisions for question 3.

    3. Low Risk - Denotes a review with a frequency of meeting at least monthly or more for question 9.

  3. The CFO assesses each review and assigns a high risk rating depending on the responses to Form 14750, IRS Quality Assurance Review Questionnaire, as follows:

    1. Question 5 - Does the review encompass any identification of material internal control issues defined as significant problems or significant level of errors? If so, describe and provide the corrective actions taken.

    2. Question 6 - Does the review include identification for IRS Enterprise or Servicewide risks? If so, describe the risks and how they were addressed.

    3. Question 7 - Has the review been the subject of Congressional scrutiny or press coverage? If so, describe.

    4. Question 10 - Is a report on the results of the review compiled and forwarded to senior management for evaluation and follow-up action (indicate whether the report is retained in a permanent file for examination by IRS external auditors such as GAO or TIGTA and/or A-123 Internal Control review team).

  4. The CFO assesses each review and assigns a medium risk rating depending on the responses to the Form 14750, IRS Quality Assurance Review Questionnaire as follows:

    1. Question 3 - Provide a brief description of the review, the area of focus, and the expected and/or actual outcome.

  5. The CFO assesses each review and assigns a low risk rating depending on the responses to Form 14750, IRS Quality Assurance Review Questionnaire, as follows:

    1. Question 9 - What is the time period covered by the review and/or the frequency of the review performance.

  6. The CFO will assess the operating/functional divisions' Form 14750, IRS Quality Assurance Review Questionnaire, submissions to:

    1. Identify gaps where operating/functional divisions may need to develop managerial reviews and determine appropriate treatment.

    2. Determine whether duplicate reviews can be eliminated, combined, or leveraged in some other way.

    3. Categorize the reviews by risk.

  7. The CFO may annotate the names the Quality Assurance Review Listing to indicate the source or critical information concerning the review, as follows:

    1. New - Indicates a new review for the fiscal year.

    2. Revised - Indicates that the review has been updated, such as changes for the point of contact or organizational codes to reflect reorganizations.

    3. FMFIA - Indicates that the review originated from the FMFIA sampling.

  8. The CFO may develop new annotations as needed.

Identification of IRS Quality Assurance Reviews

  1. Annual Assurance Call Memorandum, Attachment 2, requests that operating/functional divisions review the Quality Assurance Review Listing and:

    1. Identify and submit new quality assurance reviews.

    2. Update and resubmit quality assurance reviews, as needed.

    3. Indicate which reviews should be deleted.

    4. Break out and resubmit quality assurance reviews that encompass more than one review.

      Note:

      A review called "Quality Assurance Reviews" may incorporate several different reviews either by location or work type. In this case, CFO requests the operating/functional division to submit a separate Form 14750, IRS Quality Assurance Review Questionnaire, for each review.

  2. To aid in planning for future Quality Assurance Program reviews, operating/functional divisions are encouraged to provide senior leaders’ suggestions on quality assurance reviews that merit consideration for additional review. Input by operating/functional divisions is important and will help in designing a quality assurance review plan to best address issues that are important to the IRS.

    Note:

    Every manager (e.g., unit, group, section, office) must complete an FMFIA Managers’ Assessment. However, every manager may not have management or operational reviews, program evaluations, or quality assurance reviews, and may not be required to submit Form 14750, IRS Quality Assurance Review Questionnaire. However, managers that respond positively to the FMFIA Managers’ Assessment questions about establishing and monitoring quality assurance reviews should be able to identify those reviews and document them on the Form 14750, IRS Quality Assurance Review Questionnaire, especially if selected for review.

Federal Manager’s Financial Integrity Act Sampling

  1. The FMFIA Managers’ Assessment is one of the bases for the Annual Assurance Statement of internal controls signed by the IRS Commissioner and submitted to the Treasury Department. Traditionally, CFO receives a summary statement from the operating/functional division heads of office regarding the FMFIA Managers’ Assessments.

  2. There is a direct relationship between the FMFIA Managers’ Assessments and the quality assurance review process. The following FMFIA questions under Section I: Internal Controls Review and Monitoring and Risk Assessment, address the quality assurance reviews:

    • Manager establishes and performs internal control reviews (i.e. management or operational reviews, program evaluations, and quality assurance reviews).

    • Manager monitors internal control results during the year from management or operational reviews, program evaluations, and quality assurance reviews, and develops and implements appropriate corrective action plans

  3. The Quality Assurance Program team requests the entire population of IRS managers who responded to the FMFIA Managers’ Assessment from the Annual Assurance program team who maintain the annual list of IRS managers. The Quality Assurance Program forwards the annual IRS manager listing to SOI for sample selection based on the following criteria:

    1. The IRS manager had positive responses to both quality assurance questions.

    2. The IRS manager was a permanent manager (not acting).

    3. The IRS manager was not selected in a prior year.

  4. The FMFIA Managers’ Assessment sample allows the CFO to verify that managers:

    1. Understand internal controls

    2. Are able to identify and provide the name of the management, program, operational, and quality assurance review(s) that they relied on to answer the assessment control questions found in the annual FMFIA Managers’ Assessment

  5. The selected IRS managers are notified by e-mail that they have been selected for review by the IRS Quality Assurance Program. The IRS managers are asked to provide completed Forms 14750, IRS Quality Assurance Review Questionnaire, for each review that they established and monitored as part of their internal control operations.

  6. The FMFIA sample is generally selected in the first quarter of the new fiscal year.

  7. The Quality Assurance Review Listing is updated with the Form 14750, IRS Quality Assurance Review Questionnaires received from the selected managers. Reviews derived from the FMFIA sampling are designated as "FMFIA" on the Quality Assurance Review Listing.

New Initiatives

  1. Periodically, new IRS initiatives are identified by the MC ESC or the SET and require new management, operational, program or quality assurance reviews.

  2. These new reviews are identified outside of the normal annual assurance process and the end-of-July call that requests operating/functional divisions to update the Quality Assurance Review Listing or FMFIA sampling that results in new reviews. These new reviews may result from GAO, TIGTA, A-123 testing findings and recommendations, or an increased awareness of a particular program or new initiative.

  3. The CFO will request the point of contact information and assist the operating/functional division in completing the Form 14750, IRS Quality Assurance Review Questionnaire, to describe the new review including the timing, reports, risk level, etc.

  4. The CFO will update and post the Quality Assurance Review Listing with the new reviews.

Quality Assurance Program Forms

  1. There are certain forms used within the Quality Assurance Program. These forms are available on the IRS Intranet (IRWeb) under Forms, Publications and Documents. There is a special section called the IRS Quality Assurance Program that contains:

    1. Form 14750, IRS Quality Assurance Review Questionnaire

    2. Form 14750-A, IRS Quality Assurance Review Checklist

    3. Form 14750-B, IRS Quality Assurance Review Notification

  2. Annually, the quality assurance forms are reviewed based on best practices and updated as needed.

  3. New quality assurance forms may be added as the program expands and the need for new information arises.

Form 14750, IRS Quality Assurance Review Questionnaire

  1. The Form 14750, IRS Quality Assurance Review Questionnaire, allows operating/functional divisions to provide information that describes their management, operational, program and/or quality assurance reviews.

  2. The Form 14750, IRS Quality Assurance Review Questionnaire, is prepared in response to:

    1. The Annual Assurance Call Memorandum

    2. FMFIA Managers’ Assessment internal control sampling results

    3. New IRS initiatives identified by the MC ESC or the SET

  3. The Forms 14750, IRS Quality Assurance Review Questionnaire, submitted by the operating/functional divisions are used to compile the Quality Assurance Review Listing, which is updated annually.

  4. The CFO will examine the Form 14750, IRS Quality Assurance Review Questionnaire, to:

    1. Identify information gaps where operating/functional divisions may need to provide additional clarifying information or address conflicting information.

    2. Validate the name of the review, the organization, and the operating/functional division organization code.

    3. Determine whether multiple reviews exist on one Form 14750, IRS Quality Assurance Review Questionnaire, that may need to be documented separately.

    4. Determine the risk level of the review.

    5. Update the Quality Assurance Review Listing.

    6. File the reviews in the CFO shared drive by fiscal year and operating/functional division.

Form 14750-A, IRS Quality Assurance Review Checklist

  1. The Form 14750-A, IRS Quality Assurance Review Checklist, is used by the operating/functional division review volunteers to assess the selected review. Review volunteers are trained on completing the Form 14750-A, IRS Quality Assurance Review Checklist, at the beginning of the review period, generally in February. Examples and instructions are provided in the review volunteer’s training.

  2. The Form 14750-A, IRS Quality Assurance Review Checklist, contains four sections and summarizes the selected review results:

    1. Section 1, Introduction provides a description of the selected review. Information from the Form 14750, IRS Quality Assurance Review Questionnaire may be used to complete this section. QA review volunteers may complete the checklist in an interview setting, if preferred.

    2. Section 2, Review Scope provides information about the volunteer reviewers and describes how long the volunteer reviewers took to complete the review, what period of time the review covers, and what documents the volunteer reviews examined in completing their assessment.

    3. Section 3, Control Review provides information about the review volunteer’s assessment of the selected review. Information from the Form 14750, IRS Quality Assurance Review Questionnaire, may be used to complete this section. Provide explanations in the comment section beside the “No” box for each question.

    4. Section 4, Results/Findings requires a conclusion from the volunteer review team whether the review controls are Effective or Ineffective.

      Note:

      Responses to Section 3, Control Review questions B, F, I, and J may result in a recommendation in Section 4, Results/Findings

      .

  3. General tips for completing the Form 14750-A, IRS Quality Assurance Review Checklist;

    1. Schedule an interview with the point of contact listed on the Form 14750, IRS Quality Assurance Review Questionnaire. The point of contact may be able to walk you through the review process and familiarize you with the associated work papers and reports, the review goals, objectives and expected outcomes.

    2. Schedule enough time to complete the review. The CFO estimates that reviews take 20-40 hours to complete based on prior year completion times.

      Note:

      Review completion estimates may vary from year to year.

      Note:

      The review period generally begins in February and ends on June 1; however these dates are subject to change annually.

    3. Verify that the operating/functional division review volunteer is someone other than the point of contact listed on the Form 14750, IRS Quality Assurance Review Questionnaire.

      Note:

      In smaller operating/functional divisions, there may be a limited staff. Please contact the CFO to determine alternatives.

    4. Determine if there are multiple reviews contained within one review. Select one review topic or location with the highest risk level.

      Note:

      If resources are available, the volunteer review team may decide to assess all the review activities. Complete a separate Form 14750-A, IRS Quality Assurance Review Checklist, for each review. A corresponding Form 14750, IRS Quality Assurance Review Questionnaire, must also be prepared. Please contact the CFO for additional instructions.

    5. Gather and examine work papers such as IRM references, SOPs, oversight agency guidance and the latest copy of the completed review.

    6. The IRS requires the protection of personally Identifiable information (PII) and sensitive but unclassified (SBU) information. Volunteer reviewers should request sanitized documents, especially those related to taxpayers, IRS managers and employees. In addition, the name of the office and various case data may be redacted as it is considered evaluative.

    7. Determine whether the review identifies IRS Enterprise or Servicewide risks, has been the subject of Congressional scrutiny or press coverage, and/or addresses material internal control issues.

    8. Attach work papers to the Form 14750-A, IRS Quality Assurance Review Checklist, using the paperclip icon.

      Note:

      The CFO will provide instructions for work papers annually.

    9. Determine whether or not the review is effective. This requires a conclusion from the review volunteer.

    10. Findings are observations of the status of internal control results against audit criteria. Findings indicate conformity or nonconformity, and compliance or non-compliance for legal or other requirements.

      Note:

      Findings/recommendations may be benign, such as a notation to continue the review.

    11. If the review is effective but could use enhancements, discuss recommendations with the point of contact and document a corrective action plan in Section 4, Results/Findings.

      Note:

      Findings for selected reviews receive follow-up for the status of actions in the subsequent fiscal year.

  4. The Form 14750-A, IRS Quality Assurance Review Checklist, examples and instructions are available on the CFO website under the Quality Assurance Program section. The form is also available on the IRS Intranet.

Form 14750-B, IRS Quality Assurance Review Notification

  1. The Form 14750-B, IRS Quality Assurance Review Notification, is used by the CFO to evaluate the completeness and accuracy of the selected review results prepared by the operating/functional division review volunteers.

  2. The CFO:

    1. Reviews all Forms 14750-A, IRS Quality Assurance Review Checklist, and associated work papers prepared by the volunteer review team.

    2. Summarizes the results for each selected review on Form 14750-B, Quality Assurance Review Notification.

    3. Stores work papers and related e-mail communications on the CFO shared drive, Quality Assurance SharePoint site and on CCH Teammate.

    4. Identifies trends and missing reviews to update the Quality Assurance Review Listing.

  3. On Form 14750-B, IRS Quality Assurance Review Notification, Notes section, the CFO may provide:

    1. Findings that include the criteria or basis for determining that a problem does exist, a condition or situation that was observed, the effect of the condition, and the root cause of the problem to the extent that it can be determined. If a significant issue is identified (such as non-compliance with Terms and Conditions in an award or grant), the issue is a finding. Review volunteers or the CFO may identify findings. Findings should result in recommendations that resolve an issue and are helpful to management.

    2. Management Information Only (MIO) is a finding issued by CFO that does not compromise internal control integrity but could present a problem in the future. It is designed to make management aware of a potential future issue that may arise if improvements are not made to the control.

  4. The CFO shares findings using Form 14750-B, IRS Quality Assurance Review Notification, with the selected operating/functional division point of contact, next level manager and responsible executive.

  5. The Associate Chief Financial Officer (ACFO) provides a summary e-mail notification including Form 14750-B, IRS Quality Assurance Review Notification, to the head of office, when all the reviews for that operating/functional division are complete.

  6. Form 14750-B, IRS Quality Assurance Review Notification, is available on the CFO website under the Quality Assurance Program section and on the IRS Intranet.

Quality Assurance Program Review Process and Procedures

  1. The Quality Assurance Program review essentially is an assessment of selected operating/functional divisions management reviews, program evaluations, operational, and quality assurance reviews to determine the effectiveness of the controls.

  2. The quality assurance review is considered an inspection-type control test.

    Note:

    An inspection control test examines the evidence of a given control, such as looking for signatures of a reviewing official or reviewing reconciliations and reports.

Timing of Reviews

  1. The Quality Assurance Program reviews generally occur January through June and are timed to support the IRS Assurance Statement submission to the Treasury Department.

  2. Quality assurance reviews for operating/functional divisions products, processes, and procedures are considered continuous monitoring activities.

    Note:

    Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organization’s financial and operational activities. The financial and operational environment consists of the people, processes, and systems working to support efficient and effective operations. Controls are put in place to address risks within these components. Continuous monitoring actively identifies, quantifies, and reports control failures such as duplicate vendor records, duplicate payments, and transactions that fall outside of approved parameters. It highlights opportunities to improve operational processes.

Review Selection Criteria

  1. The CFO determines a specified number of reviews for the current fiscal year based on review selection criteria.

  2. The number of management, program, operational and quality assurance reviews selected for each fiscal year is based on a combination of the following:

    1. Judgmental or random selection by SOI. A judgmental sample is a non-probability sample, meaning that the sample results are not projected to the entire population. Reviews are selected by high and medium risk level.

    2. Elimination of reviews selected the previous two fiscal years.

      Note:

      Reviews that have findings/recommendations from the previous year will require follow-up in the current fiscal year.

    3. Elimination of reviews that are tested as part of the A-123 internal control testing and Program Assessments.

    4. CFO risk and ranking criteria including oversight agency guidance (Treasury Department and GAO) and risks identified by the Enterprise Risk Management and the National Taxpayer Advocate programs, A-123 transactional internal control testing, and audit findings/recommendations.

  3. Enterprise Risk Management: Provides the program portfolio view of enterprise risks that are most critical to all layers of management, up to and including the Commissioner's Office, across IRS operations and critical initiatives.

  4. National Taxpayer Advocate (NTA) Annual Report to Congress: Identifies IRS challenges and risks.

  5. CFO A-123 Risk Assessment (updated annually): Presents the A-123 transactional rotation schedule for internal control testing determined by the following Treasury Department requirements:

    1. Risk level has been identified by the known susceptibility to errors, existence of manual versus automated processes, and the total dollar balances of the financial statement line items associated with the process.

    2. Transactions deemed to be high risk and associated with processes that contribute at least 10 percent to the Department of the Treasury financial statement line item balances are tested annually.

    3. Transactions that are rotated every three years are those transactions that have not had a documented history of vulnerabilities or errors and are associated with processes that contribute less than 10 percent to the balance of the Department of the Treasury financial statement line items.

  6. Material Weaknesses: Identify areas for improvement and include open items from remediation and action plans.

  7. Audit Findings: Identify open GAO financial reporting audit recommendations and TIGTA reports.

  8. The Green Book and The Yellow Book: Provide GAO's Standards for Internal Control in the Federal Government (The Green Book) and Government Auditing Standards (The Yellow Book).

  9. The CFO selection criteria and justification are documented and maintained on the CFO shared drive for reference.

  10. The CFO will review and update the Tactical Review Assessment Plan (TRAP), Quality Assurance Program timeline, and standard operating procedures. The TRAP is the overarching review plan that will cover a segment of the quality assurance reviews that take place throughout the IRS including:

    1. Selected review rotation (number of reviews)

    2. Risk assessment designations (high, medium, and low)

    3. Hierarchy of reviews

  11. The CFO will develop a detailed quality assurance review schedule to select the appropriate timing of the reviews and obtain sufficient resources to complete the reviews.

  12. The CFO will develop a new listing of selected quality assurance reviews each fiscal year.

    Note:

    Reviews that have been completed within the last two years will be eliminated from selection.

  13. The CFO will monitor the schedule and inform the MC ESC of any review delays, emerging trends and impending issues.

Review Selection Notification

  1. Each operating/functional division executive responsible for internal control is notified that his/her operating/functional division is selected for review by e-mail.

  2. The review notification:

    1. Identifies the operating/functional division’s selected review(s).

      Note:

      The review selection is judgmental or random. To the best of its ability, not discounting risk level, the CFO will attempt to alleviate an unfair review burden on any one operating/functional division.

    2. Designates the review period for the fiscal year.

    3. Requests the names of review volunteers who will complete the selected review(s).

    4. Indicates the review volunteers’ training date(s).

    5. Provides references and attachments such as the Form 14750, IRS Quality Assurance Review Questionnaire, associated with each selected review, a blank Form 14750-A, IRS Review Checklist, to be completed for each selected review, and the current Quality Assurance Call Memorandum.

Volunteer Review Team Training

  1. The Quality Assurance Program is supported by review volunteers from operating/functional divisions, generally:

    1. Assurance statement process liaisons

    2. Audit liaisons and the operating/functional division risk liaisons

    3. Embedded financial and other staff

  2. Review volunteers must be:

    1. A program manager, coordinator, or staff member familiar with either the FMFIA Managers’ Assessment process, quality assurance reviews, internal control testing, risk assessment, or the assurance process.

    2. Available to participate during the scheduled review dates.

    3. Different than the review point of contact identified on the Form 14750, IRS Quality Assurance Review Questionnaire.

  3. The volunteer review team is assigned reviews that correspond to their operating/functional division. The size of the review team is based on the number of quality assurance reviews selected for the fiscal year.

  4. The training session topics include, but are not limited to:

    1. How to read/understand the Form 14750, IRS Quality Assurance Review Questionnaire.

    2. How to complete the Form 14750-A, IRS Quality Assurance Review Checklist, and attach work papers.

    3. How to locate QA reference materials.

    4. How to document results and recommendations.

  5. The CFO schedules and conducts two main training sessions, a primary introductory session and a mini-refresher session. Additionally, conference calls are scheduled periodically to address topics of interest to the volunteer review team.

  6. The review team training presentation is available on the CFO website under the Quality Assurance Program section.

Review Methodology

  1. Using the Form 14750-A, IRS Quality Assurance Review Checklist, the Quality Assurance Program review validates aspects of the:

    1. Support documentation of the operating/functional divisions' management and operational reviews, program evaluations, and quality assurance reviews.

    2. Information contained on the Form 14750, IRS Quality Assurance Review Questionnaire.

    3. Selected FMFIA Managers’ Assessments.

    4. GAO Internal Control Management Tool, as needed.

    Note:

    The CFO may expand the quality assurance review for individual controls at a more detailed level to isolate risks and undertake a corrective action plan, if necessary.

  2. The quality assurance review may be conducted virtually or through other electronic media.

    1. Virtual reviews are held at a specified location. Selected review files must be provided via secure, encrypted methods to protect personally identifiable information (PII) and sensitive but unclassified (SBU) information. The volunteer review team examines documents to determine whether the review controls are effective. Printed copies of electronic documents are destroyed after use, unless necessary to support findings.

    2. Other electronic media reviews are on-line reviews that may be conducted through the Office Communications Server (OCS), or other similar electronic media and the use of shared work spaces to make documentation available to multiple reviewers. OCS merges real-time communications (instant messaging, voice, video, application sharing) and near-time communications (e-mail, voice mail, fax) with presence information (indication of users real-time availability across locations and devices), and allows for effective communications across a number of communications channels for employees, regardless of their location.

  3. The volunteer review team completes the Form 14750-A, IRS Quality Assurance Review Checklist, one Form 14750-A, IRS Quality Assurance Review Checklist is used for each review. A selected review may contain multiple locations or timing. Select the one review topic or location with the highest risk level. Please contact the CFO for additional instructions.

    Note:

    When a volunteer reviewer determines that there are multiple activities (e.g., data security, case reviews and employee performance), select the activity with the highest risk level and complete a separate Form 14750-A, IRS Quality Assurance Review Checklist. Note the specifics of the selection in Section 2, Review Scope.

    Example:

    An operational review may contain multiple components (e.g., employee appraisals, courier service reviews, employee performance reviews, payment processing reviews, and physical/data security requirements). Each component of the review is separate and distinct from other components. In this scenario, if resources permit, the volunteer reviewers may prepare five separate Forms 14750-A, IRS Quality Assurance Review Checklist. Also prepare a corresponding Form 14750, IRS Quality Assurance Review Questionnaire, for each review.

  4. The volunteer review team may share findings with the selected operating/functional division point of contact, next level manager, and the appropriate executive.

  5. The CFO examines all Forms 14750-A, IRS Quality Assurance Review Checklist, prepared by the volunteer review team for completeness, especially noting whether review processes are subject to audit and internal control activities over financial reporting, and then:

    1. Summarizes the results for each operating/functional division.

    2. Verifies storage of the quality assurance review work papers and related e-mail communications on the CFO shared drive or the Quality Assurance SharePoint site.

    3. Provides notification to the responsible executive of each operating/functional division.

    4. Reports overall results to the MC ESC.

Review Documentation

  1. The CFO stores quality assurance review work papers and related e-mail communications on:

    1. The CFO shared drive, by fiscal year and by operating/functional division.

    2. CCH TeamMate, a Windows-based audit management system that may be used by the Quality Assurance Program to prepare work papers for the reviews conducted. CCH TeamMate helps to manage the audit process, including: scheduling, planning, execution, review, and report generation. CCH TeamMate generates a Work Papers Procedures Report that provides a reference number and document title of documentation used for steps and results. CCH TeamMate allows users to create, review and approve audit documentation. CCH TeamMate allows users to cross-reference, import, and track the status of results.

    3. Other designated storage media/applications including the Quality Assurance SharePoint site.

    Note:

    Form 14750-A, IRS Quality Assurance Review Checklist, containing findings and recommendations that are accepted by the operating/functional division, are retained indefinitely until the recommendations are implemented. After the findings and recommendations are addressed, the work papers are retained for three years.

    Note:

    Any review materials (work papers) provided to the review team should be retained and forwarded to CFO along with the Form 14750-A, IRS Quality Assurance Review Checklist, for storage.

  2. Review work papers represent all quality assurance materials, including, but not limited to:

    1. Operating/functional division training material

    2. Completed Forms 14750-A, IRS Quality Assurance Review Checklist

    3. Completed Forms 14750, IRS Quality Assurance Review Questionnaire

    4. IRM extracts and/or references

    5. Operating/functional division standard operating procedures

    6. Review reports provided by the selected operating/functional division

    7. Copies of GAO, TIGTA, and A-123 audit findings/recommendations

    8. Latest FMFIA Managers’ Assessment

    9. GAO Internal Control Evaluation Tool, if applicable

    10. Reviewer notes, findings, and recommendations

  3. Review documentation should be:

    1. Sufficient: Complete and accurate to provide full support for findings, conclusions and judgments.

    2. Competent: Permit a reader with some knowledge of the subject to reach the same conclusion(s).

    3. Relevant: Information restricted to matters that are materially important and relevant to the objectives of the audit.

    4. All evidence needs to demonstrate how the reviewer arrived at the conclusion(s) and should provide a basis for determining whether the conclusions are reasonable and accurate.

  4. A status summary of the selected quality assurance reviews is provided to the MC ESC and included in the Annual Assurance Statement.

Records Retention

  1. All quality assurance review work papers are retained for three years.

  2. The CFO summarizes the results for each selected review organized by operating/functional division (usually using an electronic spreadsheet). The summary is completed usually within two weeks after the quality assurance review period ends and is stored on the CFO shared drive or other designated location.

  3. Quality assurance review documentation is considered a temporary record. Selected review records must be closed out at the end of the fiscal year and destroyed three years after closure as follows:

    1. E-mail communications including selected review notifications

    2. Review documentation, checklists and work papers

    3. Review findings and recommendations

    4. Operating/functional division Quality Review Questionnaires

    Note:

    The retention requirement for QA work papers and summary review results applies only to CFO. Operating/functional divisions should refer to IRM 1.15.2, Records and Information Management, Types of Records and Their Life Cycles, for retention guidance.

  4. These record retention policies may be superseded by IRS record retention policies, litigation holds, or other retention requirements.

Identifying and Developing Quality Assurance Reviews

  1. Operating/functional divisions are encouraged to examine operations and identify new reviews using components of:

    1. Form 14750, IRS Quality Assurance Review Questionnaire. This questionnaire asks for specific information about any review that should be considered when developing new reviews including required IRM and SOP guidance, description, reports, frequency and contacts.

    2. Form 14750-A, IRS Quality Assurance Review Checklist, under Section 3, Control Review. Section 3 asks questions about review components such as required IRM and SOP guidance, review reports, review relationship to financial reporting, and executive and managerial notifications of findings/recommendations.

  2. The IRS Quality Assurance Program examines the internal controls of management reviews, operational reviews, program evaluations, and quality assurance reviews developed by the operating/functional divisions. Examples of existing IRS quality assurance reviews include:

    1. Operational Reviews

    2. Appeals Quality Measurement System

    3. Quality Analysis and System Review

    4. Manual Refund Reviews

    5. 100-Day Case Reviews

    6. Application Development Quality Assurance Audits

    7. Integrated Functional Test and Exercises Evaluation

    8. Interest Penalty Payment Review and Report

    9. Quality Assurance Internal Compliance Review

    10. Operational Review of Employment Tax Groups

    11. Tax Exempt Bonds Quality Review Program

  3. The CFO will assess the Quality Assurance Review Listing consisting of quality assurance, management, and operational reviews to recommend new reviews for operating/functional divisions where gaps are identified.

  4. Sources for new reviews may be identified by examining:

    1. Existing IRM guidance and confirming that processes and procedures have associated reviews.

    2. Executive, managerial and management officials’ commitments and program goals.

    3. TIGTA, GAO and CFO A-123 transactional testing recommendations.

    4. Newly enacted legislation.

    5. Threats and trends (e.g., cyber terrorism and identity theft).

    6. Survey results.

  5. In designing new reviews, operating/functional divisions should make certain that they follow guidance from:

    1. GAO Standards for Internal Control (Green Book)

    2. OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control

  6. Verify that the internal controls are defined in terms of specific requirements to be met and that the requirements are communicated to and understood by those responsible for managing them.

  7. Verify that controls are tested by individuals other than those routinely executing them.

  8. Operating/functional divisions’ quality assurance reviews may use the following techniques:

    1. Inspection - requires a review examining the evidence of a given control.

      Example:

      Looking for signatures of a reviewing official or reviewing past reconciliations.

    2. Observation - requires watching actual controls in operation.

      Example:

      Observing a physical inventory or watching a reconciliation occur.

    3. Re-performance - requires re-completing a given control.

      Example:

      Re-calculating an estimate or re-performing a reconciliation.

    Note:

    The IRS Quality Assurance Program review component is an inspection type review. Reviews developed by the operating/functional divisions may use any suitable technique.

  9. Operating/functional divisions are encouraged to:

    1. Develop management, program, operational, and quality assurance reviews that address a single activity. Identifying one review process that occurs over multiple locations is considered one review. Reviews with multiple activities (e.g., data security, case reviews and employee performance) should be separated, as practical.

    2. Test the performance of the new review and refine the review techniques and documentation.

    3. Complete a Form 14750, IRS Quality Assurance Review Questionnaire, for the new review as part of the annual assurance call memorandum process. The new review will be incorporated into the Quality Assurance Review Listing.

  10. The IRS internal control environment continues to improve through the corrective actions implemented by management. The management commitment to excellence, accountability, and compliance with applicable laws and regulations is evidenced in actions to establish effective controls, make sound determinations on corrective actions, and verify and validate the results.

Quality Assurance Knowledge and Skills

  1. Generally, quality assurance work requires the following kinds of knowledge and skills:

    1. Knowledge of pertinent product, process, or procedure characteristics, methods and processes.

    2. Knowledge of quality assurance/control methods, principles, and practices, including statistical analysis and sampling techniques.

    3. Knowledge of inspection, test, and measurement techniques.

    4. Knowledge of the relationship of quality assurance to other activities such as tax administration, legal and judicial activities, administrative hearings to resolve income tax and collection controversies, including collection due process activities, financial reporting/auditing, and assessment and supporting tax and/or financial systems.

    5. Skill in interpreting and applying products, processes or procedures, specifications, technical data, regulations, policy statements, and other guideline materials.

    6. Skill in conducting studies and investigations, problem analysis, and developing logical and documented recommendations.

    7. Skill in written and oral communications.

    8. Skill in establishing effective interpersonal relationships.

Structured Management Reviews (SMRs)

  1. Quality reviews and quality assurance processes that are already in place are considered Structured Management Reviews (SMRs) and may be tested as part of the A-123 internal control testing process.

    Example:

    The A-123 transaction test called AC-6: Administrative Cash Reconciliation, verifies that internal control procedures governing IRS cash reconciliations are in place and working effectively. Cash reconciliations are performed monthly and the A-123 testing is performed on three monthly reconciliations.

  2. SMRs may serve as assurance of testing of internal control, but the review must meet specific criteria. The documentation should contain sufficient information to enable an individual with no previous connection with the evaluation to understand what was reviewed, what was found, and to verify the reviewer’s judgments and conclusions. See IRM 1.4.3.11.3, Evaluate Structured Management Review (SMR).

  3. An SMR should have the following elements:

    1. Documented procedures that guide the SMR.

    2. Reviews performed at regular intervals.

    3. Documented and independent review of results.

    4. Documented process to resolve noted deficiencies.


    The three-column table below provides questions to address in developing a new quality assurance review. The first column provides the question, the second column is used to determine a yes or no answer, and the third column is used to explain the results of the answer.

    Quality Assurance Review Development Questions YES or NO Explain
    Is the SMR actually being used as designed?    
    Is the SMR meeting the internal control objectives?    
    Do the personnel executing the SMR have adequate skills and receive sufficient training to complete review?    
    Are adequate procedures in place for the SMR?    
    Is the guidance for the SMR followed?    
    Were issues/errors/concerns adequately and consistently addressed and documented?    
    Is the guidance for the SMR consistently followed for error determination and documentation requirements?    
    Do the personnel have adequate time, resources, etc. to execute the SMR competently?    
    Are the sample sizes and sample methodologies appropriate for the internal control?    
    Is a documented SMR in place and is it being monitored by an appropriate level of management?    
    Is the SMR performed an appropriate number of times per year to fulfill the internal control function?    
    Is the review performed at an appropriate time in the process to allow for error correction and prevention of a similar error?    
    Is management using the results of the SMRs to correct the error, process, or procedure?