Treasury Inspector General for Tax Administration
Office of Audit
Risk Management Efforts Could Be Improved with CLEARLY Defined Procedures and Expanded Information Sharing
Issued on September 2, 2011
Highlights of Report Number: 2011-10-096 to the Internal Revenue Service Chief Financial Officer and Director, Office of Research, Analysis, and Statistics.
IMPACT ON TAXPAYERS
The Federal Government should be effective and spend taxpayer dollars wisely. The proactive management of organization-level risks is critical to the Internal Revenue Service’s (IRS) ability to both meet its strategic objectives and provide stakeholders with confidence that it is operating effectively and efficiently.
WHY TIGTA DID THE AUDIT
This audit was initiated to determine whether the IRS has an efficient process for managing risks to the achievement of its strategic objectives. This review is part of our Fiscal Year 2011 Annual Audit Plan and addresses the major management challenge of Leveraging Data to Improve Program Effectiveness and Reduce Costs.
WHAT TIGTA FOUND
The IRS can take additional actions to improve its risk management process. Specifically, TIGTA found that the efficiency of the Executive Steering Committee’s (ESC) risk management efforts could be improved by developing guidelines detailing how the ESCs should identify, assess, address, and monitor risks applicable to their responsible areas. In addition, the IRS should implement a methodology that supports the timely sharing of identified risks between the ESCs. Further, regular internal reviews of the ESCs’ risk management activities would assist management in ensuring the ESCs are operating effectively. By taking these actions, TIGTA believes the IRS can better ensure its risk management activities are effectively coordinated and its resources are allocated efficiently to manage those risks that may impact its ability to achieve organizational goals.
TIGTA also determined that the IRS’s Modernization and Information Technology Services organization is in the early stages of developing a more formalized risk management framework supported by a dedicated executive. This initiative should be monitored by the IRS to study the potential benefits and the costs and steps involved in moving long term towards a more formal IRS-wide risk management process.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Chief Financial Officer develop procedures to guide the risk management activities of the ESCs, require the ESCs to post risk information in a readily accessible location, and require the ESCs to notify the Chief Financial Officer when a new ESC is implemented. TIGTA also recommended that the Director, Office of Research, Analysis, and Statistics, develop procedures requiring the review of risk management activities of the ESCs on a routine basis. Finally, TIGTA recommended that the Chief Financial Officer and the Director, Office of Research, Analysis, and Statistics, jointly monitor and evaluate the Modernization and Information Technology Services organization’s risk management initiative to study the potential benefits in moving towards a more formal IRS-wide risk management process.
IRS management agreed with two recommendations. Management stated they plan to compile a list of ESCs and monitor the Modernization and Information Technology Services organization’s risk management initiative. However, management disagreed with our recommendation to develop procedures to guide the risk management activities of the ESCs, require the ESCs to post risk information, and perform ongoing reviews of the ESCs’ risk management efforts. TIGTA maintains that procedures, better information sharing, and periodic assessments of its risk process would provide additional assurance that the IRS is effectively managing corporate risks.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to:
Email Address: TIGTACommunications@tigta.treas.gov
Phone Number: 202-622-6500
Web Site: http://www.tigta.gov