Office
of Inspector General
January 12,
2007
The
Honorable J. Russell George
Inspector
General
Treasury
Inspector General for Tax Administration
Dear Mr.
George:
We have reviewed the system of quality
control for the audit function of the Treasury Inspector General for Tax
Administration (TIGTA) in effect for the year ended March 31, 2006. A system of quality control encompasses the
OIG’s organizational structure, and the policies adopted and procedures
established to provide it with reasonable assurance of conforming with generally
accepted government auditing standards (GAGAS).
The elements of quality control are described in GAGAS, promulgated by
the Comptroller General of the
Our responsibility is to express an
opinion on the design of the system and TIGTA’s compliance with the system
based on our review. We conducted our
review in accordance with the guidelines established by the President’s Council
on Integrity and Efficiency and the Executive Council on Integrity and
Efficiency. In performing our review, we
obtained an understanding of the system of quality control for TIGTA. In addition, we tested compliance with TIGTA’s
quality control policies and procedures to the extent we considered appropriate... These tests included the application of TIGTA’s
policies and procedures on selected audits.
Because our review was based on selective tests, it would not
necessarily disclose all weaknesses in the system of quality control or all
instances of lack of compliance with it.
Nevertheless, we believe that the procedures we performed provide a
reasonable basis for opinion.
Because there are inherent
limitations in the effectiveness of any system of quality control, departures
from the system may occur and not be detected.
Also, projection of any evaluation of a system of quality control to
future periods is subject to the risk that the system of quality control may
become inadequate because of changes in conditions, or because the degree of
compliance with the policies or procedures may deteriorate.
Our scope and methodology appears as
Appendix A. TIGTA was provided with a
draft report on November 22, 2006. TIGTA’s
response dated December 20, 2006, is included as Appendix B and was considered
in preparing the final report.
UNMODIFIED
OPINION REPORT
In
our opinion, the system of quality control for the audit function of the
Treasury Inspector General for Tax Administration (TIGTA) in effect for the
year ended March 31, 2006, has been designed to meet the requirements of the quality
control standards established by the Comptroller General of the United States
for a Federal Government audit organization and was complied with during the
year then ended to provide the OIG with reasonable assurance of conforming with
applicable auditing standards, policies, and procedures.
We
noted, however, conditions that warrant your attention, although they did not
impact our opinion. These matters are
described in the Findings and Recommendations that follow.
Findings and
Recommendations
Finding
1. Performance Audit Reports – Internal Control
Statement.
TIGTA’s performance audit reports did
not explicitly state the scope of
work on internal controls and any significant deficiencies in internal control
found during the audit. GAGAS at
paragraph 8.17 states: “Auditors should include in the audit report
the scope of work on internal control and any significant deficiencies found
during the audit.” TIGTA’s report
policy states that the results of review section of performance reports: “describes
the audit work conducted on internal controls and any significant weaknesses
identified during the audit.” Further,
TIGTA’s Checklist for Review of Individual Performance Audits asks the
question: “Did the report disclose the scope of work on internal controls and any
significant weaknesses identified?”
Eight of the 12 reports we reviewed did
not describe TIGTA’s work on internal controls or sufficiently describe the
significant deficiencies in internal controls.
The report writers stated they met the standard because their reports
implied or inferred work on internal control, and deficiencies were reported in
the findings. Further, TIGTA stated it
interpreted the standard as not requiring the use of the term “internal control”
and believes the detailed scope and objectives section of the reports
adequately described the specific internal controls reviewed without using the
term. We believe the standard does
require specific language and that TIGTA’s reports would benefit from such specificity. We contacted the General Accountability
Office (GAO) and asked if auditors should take the statement in paragraph 8.17
literally. GAO responded affirmatively.
Recommendation 1. TIGTA should specifically describe the work
on internal controls and internal control deficiencies in its performance
reports. We further recommend that the
Director, Office of Policy and Management, include this requirement as part of the
pre-issuance review.
Views of Responsible Official. Agree.
The Deputy Inspector General for Audit agreed to issue appropriate
guidance requiring auditors to describe internal controls in performance
reports and to add checks for internal controls to the pre-issuance review.
Finding
2. Performance Audit Reports – Reporting on the
Validity and Reliability of Computer-Process Data.
TIGTA’s performance audit reports did
not state whether or not TIGTA performed tests to assess the validity and
reliability of computer-processed data.
The GAGAS at paragraphs 8.12 and 8.44 require the auditor to comment on
the reliability of information from an agency’s database. TIGTA’s report policy states the results of
review section of performance reports: “Will briefly contain the source of any
computer-generated data evaluated and the methods used to determine their
validity and reliability.” We noted
four reports where the sources of computer-processed data were cited in the
report, but the report did not discuss the tests performed to assess the
validity of the data. Even if no tests
of the data are required (i.e. data used for background purposes), the GAGAS
require auditors to state in the report that the data was not verified. This condition was also reported in the
previous peer review report. TIGTA
management stated they were aware the reports needed better language to comply
with GAGAS and had issued a memorandum to the audit staff to that effect in
January 2006.
Recommendation 2. TIGTA should comment not only on the source
of computer-processed data, when data are mentioned in audit reports, but also
whether or not it performed audit tests to assess the validity and reliability
of the data. Additionally, if TIGTA
performs such tests, the report should briefly describe the tests and their
results. We further recommend that the
Director, Office of Policy and Management, include this requirement as part of
the pre-issuance review.
Views of Responsible Official. Agree.
Additional guidance will be issued to require auditors to report on
whether or not audit tests were performed to assess the validity and
reliability of the data to the extent such data are significant to an audit’s
findings, conclusions, or recommendations.
Checks will also be added to the pre-issuance review.
Finding
3. Internal Quality Assurance Reviews
TIGTA can enhance its quality control
system by centralizing the responsibility for conducting the Internal Quality Assurance
Reviews under the Director of Office Management and Policy. The GAGAS at paragraph 3.49 sets forth
general standards for systems of quality control. TIGTA’s policies comply with those standards
and the PCIE’s guidelines on Quality Assurance Programs. Currently, each TIGTA division performs a
review of another division every three years.
However, TIGTA has not established specific procedures for conducting
internal reviews. The review process
used did not conform to TIGTA’s normal performance audit process in that those
auditors performing the quality assurance review were not involved in obtaining
and evaluating the reviewed office’s responses and they were not required to
sue checklists and independent referencing.
One audit manager was not allowed to review results from the prior
review, another team did not prepare standard work papers, but used informal
spreadsheets and Word files and other work papers were not complete. As a
result, the reviews were not consistent and the directors and audit managers
were unfamiliar with the review process.
Recommendation. TIGTA should centralize the responsibility
for quality reviews under one Director and conduct the reviews using auditing
procedures that are consistent with performance auditing standards.
Views of Responsible Official. Agree.
The internal quality assurance reviews will be centralized under the
Director, Office of Management and Policy, who will conduct the reviews using
auditing procedures consistent with performance audit standards.
Sincerely,
/s/
Kenneth M. Donohue
Kenneth M. Donohue
Inspector General
Appendix A
Peer
Review Scope and Methodology
We tested compliance with Treasury
Inspector General’s system of quality control to the extent we considered
appropriate. These tests included a
review of 12 of 170 audit reports issued during the September 30, 2005, and
March 31, 2006 semiannual reporting periods.
We also reviewed the internal quality reviews performed by Treasury
Inspector General for Tax Administration during the same period.
Our audit was conducted at TIGTA
Headquarters in
Schedule of Audits Reviewed
|
HOP |
2005-10-035 |
02/17/2005 |
Review of the Exempt Organization
Function Process for Reviewing Alleged Political Campaign Intervention by Tax
Exempt Organizations |
|
HOP |
2005-10-125 |
08/10/2005 |
Additional Actions Are Needed to
Ensure Section 527 Political Organizations Publicly Disclose Their Activities
Timely and Completely |
|
HOP |
2006-10-060 |
03/22/2005 |
Invoice Audits of the Taxpayer Burden
Simulation Models Contract |
|
ISP |
2005-20-027 |
01/12/2005 |
The Method of Tracking Corrective
Actions for Known Security Weaknesses Has Not Been Adequately Developed |
|
ISP |
2006-20-001 |
10/18/2005 |
The Excise Files Information
Retrieval System Has Not Been Effectively Implemented |
|
ISP |
2006-20-031 |
02/22/2006 |
Secure Configurations Are Initially
Established on Employee Computers, but Enhancements Could Ensure Security Is
Strengthened After Implementation |
|
WIP |
2005-40-015 |
12/10/2004 |
Application of the Earned Income
Credit Two-Year Ban Could be More Consistent, Accurate and Clear to Taxpayers |
|
WIP |
2005-40-039 |
03/11/2005 |
The Earned Income Credit
Recertification Program Continues to Experience Problems |
|
WIP |
2006-40-061 |
03/22/2006 |
The |
|
SBP |
2005-30-131 |
09/23/2005 |
More Effective Procedures Are Needed
to Process taxpayer’s Claims That They Did Not Request Employer
Identification Numbers Assigned to Them |
|
SBP |
2005-30-142 |
09/21/2005 |
Collection Field function Needs to Improve
Case Actions to Prevent Employers From Incurring Additional Trust Fund Tax
Liabilities |
|
SBP |
2006-30-006 |
11/22/2005 |
Internal Revenue Service Needs a
Coordinated National Strategy to Better Address an Estimated $30 Billion Tax
Gap Due to Non-Filers |
Appendix B
TIGTA’s Comments
December 20,
2006
The Honorable Kenneth M. Donohue
Inspector General
United
States Department of Housing and Urban Development
Dear
Mr. Donohue:
Thank you for the opportunity to
respond to your November 22, 2006, draft report on the system of quality
control for the Treasury Inspector General for Tax Administration’s (TIGTA)
Office of Audit (OA). We are pleased
that your review confirmed that OA’s system of quality control has been
designed in accordance with the requirements of the quality standards
established by the Comptroller General of the
We have reviewed your comments and
recommendations and will take the following actions to enhance our quality
control system.
OA Action – The Deputy
Inspector General for Audit will issue a memorandum to all OA employees as a
reminder that the assessment of internal controls should be documented in the
working papers for each project. The
memorandum will also advise all OA employees that performance reports must
describe the work on internal controls and internal control deficiencies. This guidance will also be incorporated into
the TIGTA Operations Manual. The
Director, Office of Management and Policy, will modify pre-issuance review
guidelines to include checks for reporting on internal controls and internal
control deficiencies. The planned
completion date for this action is January 15, 2007.
OA Action – On January 26,
2006, the Deputy Inspector General for Audit issued a memorandum to all OA
employees on assessing the reliability of computer-processed data. The memorandum provided guidance for
assessing and reporting on the reliability of computer-processed data that are
significant to an audit’s findings, conclusions, or recommendations. The contents of the memorandum were
subsequently incorporated into the TIGTA Operations Manual. In addition to the January 26, 2006,
guidance, the Deputy Inspector General for Audit will issue a memorandum to all
OA employees reminding them that not only should audit reports comment on the
source of all computer-processed data, but also on whether or not audit tests
were performed to assess the validity and reliability of the data to the extent
such data are significant to an audit’s findings, conclusions, or
recommendations. This additional
guidance will also be incorporated into the TIGTA Operations Manual. The Director, Office of Management and
Policy, will modify pre-issuance review guidelines to include additional checks
for comments on the reliability and validity of computer-processed data as well
as the source. The planned completion date
for this action is January 15, 2007.
OA Action – Effective
January 1, 2007, OA will centralize responsibility for internal quality
assurance reviews under the Director, Office of Management and Policy, and will
conduct the reviews using auditing procedures consistent with performance audit
standards.
If you have any further questions, please
contact me at (202) 622-6500, or your staff may contact Michael R. Phillips,
Deputy Inspector General for Audit, at (202) 927-7085.
Sincerely,
/s/ Russell
George
J. Russell George
Inspector
General