Section 32. Internal Control Review Program

(1) This transmits revised IRM 1.4.32, Resource Guide for Managers, Internal Control Review Program.

Material Changes

(1) Minor editorial changes made throughout the IRM.

Effect on Other Documents

IRM 1.4.32, dated January 31, 2022, is superseded.

Audience

All business units

Effective Date

Teresa R. Hunter
Chief Financial Officer

1.4.32.1 (01-31-2022)

Program Scope and Objectives

  1. This IRM provides general guidance on the Internal Control Review (ICR) program and the established procedures designed to support the CFO’s efforts to improve the quality of IRS internal controls throughout the IRS. The ICR program provides business units with insight into the effectiveness of their implemented corrective actions for audit recommendations issued by the Government Accountability Office (GAO) and TIGTA, which evaluates critical controls over IRS programs that may be high-risk, high-priority or high-visibility. This independent examination assists the business units when they review and evaluate their internal control processes.
  2. Purpose: Internal controls include activities used to monitor processes, procedures and programs to ensure they are operating as intended. Effective internal controls are also the first line of defense for safeguarding assets, preventing and detecting errors and mitigating risk. Internal controls are a vital tool allowing each manager to evaluate and monitor programs proactively and eliminate deficiencies timely. Business unit program managers have the primary responsibility for ensuring effective controls over their specific programs. The ICR analyst performs reviews to determine whether there are any internal control deficiencies and provides recommendations to improve or strengthen internal controls. The ICR program assists IRS senior leadership with oversight by providing independent insight into the status of program controls.
  3. Audience: IRS managers and employees.
  4. Policy Owner: The CFO, Office of Internal Controls (IC), is responsible for this IRM.
  5. Program Owner: Internal Reviews, Internal Control Review program, promotes knowledge management and sharing of internal controls throughout the Service by reviewing, testing, measuring and reporting on various controls.
  6. Primary Stakeholder: This IRM and its related procedures apply to the entire IRS workforce. It is incumbent upon the program owners to evaluate the effectiveness of their programs. The term “program” in this IRM includes processes, projects, operations and any supporting activities.
  7. Program Goals: The Servicewide ICR program supports ongoing program improvements by conducting a thorough analysis of internal controls and identifying potential deficiencies. The process is intended to allow ICR to evaluate the way a program works and make recommendations for improvements to controls and risk mitigation strategies. This, in turn, allows the program owners to develop and implement process improvements and strengthen controls, thereby eliminating deficiencies and mitigating risks before a program failure occurs or external stakeholders are adversely affected.

1.4.32.1.1 (01-31-2022)

Background

  1. This section clarifies ICR’s role throughout the Service:
  1. The ICR program partners with the business units to identify gaps, deficiencies, weaknesses or program concerns and to provide the business units with recommendations to improve or strengthen internal controls.
  2. The ICR analyst applies a variety of methods (for example, administrative, analytical or technical) when evaluating and examining a program, procedure or process.
  3. Once the ICR analyst concludes the review, the Office of Internal Controls issues the relevant business unit’s report to the point of contact (POC). The relevant business report includes results, conclusions, recommendation and findings, if applicable.
1.4.32.1.2 (01-19-2024)

Authorities

  1. Federal Manager’s Financial Integrity Act (FMFIA) of 1982. Under 31 USC Section 3512(c) and (d) of the FMFIA, federal agencies are required to establish internal control over their accounting and administrative (operational) activities and review internal control systems periodically. The FMFIA also requires GAO to prescribe internal control standards to serve as criteria for those reviews.
  2. Standards for Internal Control in the Federal Government (also known as the “Green Book”) GAO-14-704G. The GAO issued Standards for Internal Control in the Federal Government (Green Book). The Green Book provides the overall framework for agencies to establish, maintain and assess internal control over agency operations. As part of the monitoring component, the Green Book directs agency personnel to monitor their respective internal control systems, evaluate the results and remediate identified internal control deficiencies timely.
  3. Treasury Directive 40-04, Treasury Internal Control Program. Treasury Directive 40-04, Treasury Internal Control Program (TICP) (dated 7/12/2017), requires bureau heads and other officials to take all necessary steps to create an environment within their respective organizations that ensures adherence to all applicable statutory and regulatory standards related to operational, financial, program and administrative internal controls. This includes providing assurances to Treasury that the internal controls within their respective organizations adhere to applicable statutory and regulatory standards and ensure timely completion of corrective actions for identified control deficiencies.