4.47.1 Computer Audit Specialist Program (CAS)220.127.116.11 Overview/Background18.104.22.168.1 Objectives22.214.171.124.2 Role of the Computer Audit Specialist (CAS)126.96.36.199 Scope of Activity188.8.131.52.1 Case Related Applications184.108.40.206.2 Non-Case Related Applications220.127.116.11.3 Applications with Potential for Nationwide Use18.104.22.168 Program Responsibilities22.214.171.124.1 National Program Manager126.96.36.199.2 Territory Manager188.8.131.52.3 CAS Team Manager184.108.40.206 Monitoring The CAS Program220.127.116.11.1 Sources of Information18.104.22.168.2 Monitoring Activities22.214.171.124 Data Files and Programs126.96.36.199.1 Local Service Bureau and Commercial Time-Sharing Facilities Part 4. Examining ProcessChapter 47. Computer Audit SpecialistSection 1. Computer Audit Specialist Program (CAS) 4.47.1 Computer Audit Specialist Program (CAS) 188.8.131.52 (08-31-2002) Overview/Background This chapter outlines the objectives, responsibilities, applications and scope of the Computer Audit Specialist Program (CAS). The use of special auditing techniques are needed in dealing with the volume and complexity of accounting records being produced by automated data processing systems. Computer Audit Specialists (CAS) are experienced revenue agents who have received training in computer technology and computer auditing techniques. 184.108.40.206.1 (08-31-2002) Objectives The main objective of the Computer Audit Specialist Program is to provide comprehensive computer support to the activities of LMSB operating division, primarily in coordinated industry examinations. In order to accomplish the main objective, the CAS must: Receive adequate and effective training. Receive adequate computer equipment. Receive adequate time to apply computer auditing techniques. Maintain an active working relationship with the large case team. 220.127.116.11.2 (08-31-2002) Role of the Computer Audit Specialist (CAS) The Role of the CAS is to be the LMSB information specialist with regard to complex computerized accounting systems. Within the framework of these large, complex accounting systems, the CAS is also a recognized expert in the application of statistical sampling techniques. To fulfill this role, the CAS is involved in: providing analyses of complex computerized accounting systems; determining/recommending the most effective method to provide audit data required by examiners; providing computer analyses of large volumes of data; designing, independently, applications using both standard and custom computer programs, and searching continually for creative and innovative ways to use computer assisted auditing techniques. 18.104.22.168 (08-31-2002) Scope of Activity Record evaluations, reevaluations and retention agreements. Evaluations of taxpayer computerized accounting systems and preparation of record retention limitation agreements, see chapter 2, subsection 2.3 of this handbook. Initial evaluations will only be conducted when requested by the taxpayer. Reevaluations may be initiated by the Territory Managers at times other than during an examination if deemed appropriate. The CAS will not ask for future years’ returns and return information. The CAS will only request and review information pertinent to record retention evaluations or reevaluations. Such reviews do not constitute the commencement of an examination. Recommendations resulting from record evaluations are made to permit a taxpayer to limit the volume of records otherwise required to be retained, yet ensure that adequate information will be available for future examinations. Record retention limitation agreements will be prepared incorporating record retention recommendations. Letters or notifications may be issued to taxpayers that do not wish to enter into a record retention limitations agreement. The CAS will ensure that the AIMS data base properly reflects whether or not the taxpayer has entered into a record retention limitation agreement. 22.214.171.124.1 (08-31-2002) Case Related Applications CASs are primarily intended to be used in the examination of tax returns by performing case related applications which are consistent with the role of the CAS as defined in the IRM. Case related is defined as all computer applications where time is properly chargeable to direct examination time on the Examination Technical Time Report, Form 4502. Case related applications also include TEGE, SB/SE, CID, Appeals, Counsel, and Grand Jury activities even though time may properly be charged to non-direct examination time, and regardless of the case’s status on AIMS. The application must involve analyzing data from the taxpayer’s books and records and/or the analysis of other information to determine compliance with the Internal Revenue Code. Program Manager approval is required for all case related applications that will require the use of commercial timesharing or local service bureau facilities where the estimated cost is in excess of $10,000. 126.96.36.199.2 (08-31-2002) Non-Case Related Applications Non-case related is defined as all management reports and applications which do not relate to the examination of the taxpayer’s books and records or other relevant data. Local ITS staffs should be utilized to the maximum extent possible for these types of applications. Non-case related applications requiring 16 hours or less of CAS resources, do not require approval of the CAS Territory Manager. 188.8.131.52.3 (08-31-2002) Applications with Potential for Nationwide Use CASs should identify and explore potential computer applications that may have broad nationwide use to expedite or reduce the cost of investigations, examinations, and special projects. These ideas may be developed during examination or special project work. These ideas should be submitted to the Program Manager as early as possible in the development stage so they can be reviewed before extensive resources are expended and possible duplication of effort takes place. 184.108.40.206 (08-31-2002) Program Responsibilities The National Office, Program Manager, and Territory Manager have defined responsibilities with respect to the program. 220.127.116.11.1 (08-31-2002) National Program Manager The National Program Manager has responsibility for this program. All inquiries, correspondence, reports, etc., pertaining to CAS should be directed to this office. The National Program Manager will: Monitor the overall effectiveness of the program. Research technical and innovative aspects of ADP examinations. Establish a national inventory of computer assisted audit techniques and issue guidelines for their use. Coordinate the securing of professional ADP technical assistance and advice to field offices. Plan and coordinate the development of computer programs for nationwide use as prototype programs and special purpose programs. Review, recommend, and assist in the development of proposed legislation, regulations, rulings, and procedures to resolve ADP auditing problems. Analyze, evaluate, and make recommendations on both technical and ADP training needs for examiners. Promote overall awareness of appropriate security procedures. Encourage the effective development and use of computer assisted audit techniques in carrying out the Service's objectives. 18.104.22.168.2 (08-31-2002) Territory Manager The Territory Manager will: Monitor, coordinate, and report on the overall effectiveness of CAS Program within the territory. Provide inter-and-intra-territory coordination for (1) assignments of CASs outside of their group areas; (2) requests to other territories for services of examination personnel who have specialized talents needed; and (3) requests from or to other territories for services regarding record retention evaluations for primary and support coordinated industry cases. Consult with and assist personnel in the resolution of ADP auditing problems. Monitor the territory’s use of generalized, prototype, and special purpose computer programs in order to eliminate any duplication of effort. Accumulate, analyze, and disseminate information and experiences gained from review and monitoring of groups’ activities. Provide coordination within LMSB to plan and evaluate computer assisted techniques used in coordinated industry case examinations, and to ensure participation of CASs in the initial planning of each coordinated industry case and the use of CASs as information specialists. Assist in identifying ADP training needs and make recommendations regarding methods and content to the National Program Manager. Monitor, promote, and evaluate appropriate established security procedures. This includes assisting in the identification of security problems and following up to ensure that corrective actions identified during reviews by security functions have been implemented. Ensure that articles are submitted for sharing of programs to the National Program Manager. Identify computer applications and auditing techniques that may be useful on a nationwide basis and submit them to the National Program Manager. Review, discuss, and comment on the effective development and use of computer assisted audit techniques with territory personnel. Ensure that all territories utilize examination time from CASs in planning, performing, and coordinating computer assisted audits to the maximum extent possible. Hold conferences with professional accounting, legal, and tax societies and other interested groups to promote and gain favorable reception for computer assisted audits. Monitor and review all non-case related applications. 22.214.171.124.3 (08-31-2002) CAS Team Manager The CAS Team Manager will: Establish procedures to ensure the maximum availability of CASs to examine computerized books and records where feasible and where this will increase examination efficiency. Identify ADP training needs for examining agents for program consideration. Identify and advise the CAS Territory Manager of unusual ADP auditing problems encountered in audits. Make requests to the CAS Territory Manager for ADP assistance when needed, and conversely, provide ADP assistance when resources are available. Provide security for taxpayers’ ADP records removed from their premises as prescribed in IRM, Physical and Document Security Handbook. Provide means, such as outside professional courses, trade magazines, etc., for the CASs to keep abreast of developments in ADP as it affects the processing of accounting records. Hold conferences with professional accounting, legal and tax societies and other interested groups to promote and gain favorable reception for computer assisted audits. Develop procedures that cover basic security responsibilities within the CAS work areas. Promote the use of computer assisted auditing and statistical sampling techniques in all specialist program areas, (engineering, international, excise and employment tax areas). Participate in the initial planning of each coordinated examination. Ensure the CAS does not use any taxpayer machine-sensible records pertaining to a particular tax return until after the person responsible for examining the return has initiated the examination. Ensure the CAS is involved in the initial phases of the examination for the purpose of performing a systems analysis, a stratification or other application, including the use of statistical sampling techniques as deemed appropriate. Ensure that the CAS is involved throughout the examination for advice and application of innovative computer programs. At or near the conclusion of the examination, the CAS must be available to discuss prior applications, suggest changes or improvements and consider updating any record retention limitation agreement(s). Share with the team manager the activities of the CAS assigned to a CIC case. Consult with specialty managers to ensure that their special record retention needs are met (i.e., Engineering, International, Excise, Employment, etc.). Participate in post examination critiques when deemed appropriate. Maintain an inventory of generalized, prototype, and special purpose computer programs used or developed in the group; and ensure that all CASs review the Computer Applications Digest for programs previously written that can be utilized with little or no modification in order to eliminate duplication of effort. Ensure the AIMS data base properly identifies entities having a record retention limitation agreement. Utilize direct examination time of CASs in planning, performing, and coordinating computer assisted audits to the maximum extent possible. Ensure that each use of a CAS represents the most efficient and effective possible employment of examination resources. Ensure that the most cost effective equipment is used by CASs. Establish, maintain and monitor security procedures as may be required. Establish guidelines for the proper documentation of applications performed on each case. All Managers of technical employees in LMSB, SBSE, TEGE and W&I will comply with the requirements of the former Handbook for Examination Group Managers. This includes ensuring that employees are: Aware of IRM, Computer Audit Specialist Program and the utilization of a CAS. Aware of when a CAS must be requested as required by IRM. Aware of the availability of statistical sampling applications in examinations. Submitting timely requests for assistance so that the CAS may be involved in the planning and initial phases of the examination. All examiners will request the assistance of a CAS: For all cases where Form 5546, Examination Return Chargeout, states "Record Retention Agreement on File" . For all examinations of corporations with an activity code of 219 or above where the taxpayer has a computerized accounting system. All requests will be made in a timely manner so that the CAS may be involved in both the planning and the initial phases of the examination. 126.96.36.199 (08-31-2002) Monitoring The CAS Program The effectiveness of the program is monitored by automated systems, quarterly time reports and other sources of information. 188.8.131.52.1 (08-31-2002) Sources of Information The following reports/forms are used to monitor the activities of the CAS. Coordinated Examination Management Information System. (CEMIS) This automated system provides coordinated industry activity on a case by case basis. It provides information as to the time planned and expended by all members of the examination team, including CASs. It also provides information on the different aspects of CAS involvement in significant issues and in the application of statistical sampling auditing techniques. Record retention agreement data is also provided along with data on non-CIC case referrals. Table 37, Examination Program Monitoring (Report Symbol NO–4000–454). This report provides, on a quarterly basis, time applied by CASs and revenue agents in direct and indirect examination time categories. 184.108.40.206.2 (08-31-2002) Monitoring Activities Using CEMIS and Table 37 allows for monitoring: Level of computer audit support being provided by CASs on significant issues within LMSB. Use of statistical sampling auditing techniques in LMSB. Amount of CAS designated staff years expended, by activity code. Statistics on non-CIC case referrals, by case activity code. CEMIS will be reviewed to determine if the CAS is an active participant during the entire examination. Interviews will be conducted with territory managers, team managers responsible for CIP, and specialty managers to determine if all reasonable requests for CAS assistance are being filled to the satisfaction of the requesting party, and to explore areas where assistance should, or could have been provided or improved. Record retention activity will be reviewed to ensure that all appropriate cases received adequate record retention agreement consideration. Record retention limitation agreements will be reviewed to determine if they meet examination needs, including those of any examination specialty. Outdated agreements must be reviewed to determine if suitable action has been initiated on cases where there is a reasonable potential for the use of computer assisted audit techniques in future examinations. 220.127.116.11 (08-31-2002) Data Files and Programs All taxpayer information and computer programs must be controlled and stored in accordance with the former IRM, Physical and Document Security Handbook. Appropriate security must be maintained for all non-taxpayer data files and programs. When machine-sensible records are taken from a taxpayer’s place of business to conduct a computer application at a commercial or other Government agency site, care must be taken to ensure that appropriate security measures are taken and that an appropriate receipt is issued pursuant to Policy Statement P–4–8. All magnetic tapes or other machine-sensible media shipped between IRS offices or non-IRS offices must be transmitted by a traceable and receipted method. Consideration should be given to using Form 3220, Magnetic Media Transmittal. (See IRM 2.7.4, Magnetic Media Management). 18.104.22.168.1 (08-31-2002) Local Service Bureau and Commercial Time-Sharing Facilities General information on local service bureaus and time sharing. If any CAS is offered free computer processing by another agency, ITS Security and Disclosure functions must be notified to ensure that appropriate security is maintained. Contracts with commercial firms, inter-agency agreements, and no cost agreements may require prescribed safeguards, provisions, precontract award site reviews, and annual contractor safeguards review. All jobs must be processed in such a manner that the case or project will be identifiable in billing statements. Billings should be reviewed regularly by CAS group managers to ensure that only official and authorized work is performed, and that there have been no breaches of security. Copies of invoices should be obtained for this purpose from the IRS official that receives the vendor invoices and approves them for payment. Commercial Time-sharing requirements. Sign-off procedures must be used when leaving the terminal. A unique password and user ID or other access identifier should be used to prevent unauthorized access. CASs must have an individual password and user ID assigned. The user ID must be disabled or deleted whenever a person leaves the CAS group. Proper security must be maintained on all passwords limiting knowledge of the password to the CAS and that person’s team manager. All passwords must be changed at least twice a year or if a security breach is suspected.