4.47.1 Computer Audit Specialist Program (CAS)

Manual Transmittal

February 23, 2021

Purpose

(1) This transmits revised IRM 4.47.1, Computer Audit Specialist, Computer Audit Specialist Program (CAS).

Material Changes

(1) IRM 4.47.1.1 has been renamed to Program Scope and Objectives in accordance with the internal control requirements described in IRM 1.11.2, Internal Management Documents System, Internal Revenue Manual (IRM) Process.

(2) Added the following new subsections to IRM 4.47.1.1 and rearranged content to conform to the prescribed format:

IRM Section Number Title
4.47.1.1.1 Background
4.47.1.1.2 Authority
4.47.1.1.3 Roles and Responsibilities
4.47.1.1.4 Program Goals
4.47.1.1.5 Training
4.47.1.1.6 Acronyms
4.47.1.1.7 Related Resources

Effect on Other Documents

IRM 4.47.1 dated August 31, 2002 is superseded.

Audience

All operating divisions and functions.

Effective Date

(02-23-2021)

John V. Cardone
Assistant Deputy Commissioner Compliance Integration
Large Business and International Division

Program Scope and Objective

  1. Purpose: This section provides information concerning the Computer Audit Specialist Program including:

    • Authority

    • Roles and responsibilities

    • Program goals

    • Scope of activity

    • Monitoring

    • Data files and programs

    • Organization

    • Training

    It provides guidance to CAS with respect to their responsibilities in both examination cases and assignments from non-examination sources.

  2. Audience: The intended audience is CASs, statistical sampling coordinators and all IRS employees who request CAS services in support of field examinations, non-examination assignments, and projects.

  3. Policy Owner: LB&I Policy under the Strategy, Policy and Governance office in the Assistant Deputy Commissioner Compliance Integration organization.

  4. Program Owner: Director of Field Operations South Central (DFO-SC) in the Western Compliance Practice Area (WCPA).

Background

  1. The CAS Program’s primary responsibility is to support field examinations involving the use of large electronic data files received from taxpayers and support tax issue development where complex data analysis using advanced programming skills is required. Field employees in the CAS program consist of CASs and statistical sampling coordinators.

  2. A CAS is an experienced revenue agent who has completed an intensive computer-training program concentrating on large computer systems that process voluminous amounts of data. While their primary activity is to support large and medium sized corporate and partnership examinations focusing on various tax issues, CAS will also work on assigned projects requiring complex data analysis or application development.

  3. A statistical sampling coordinator (SSC) is a CAS with advanced training in statistical analysis and methodology. SSCs review taxpayer statistical samples used to generate amounts on a tax return or apply statistical sampling methodology to support tax issues raised during LB&I field examinations. Please refer to IRM 4.47.3 for guidelines and procedures a CAS or SSC should follow when considering the use of statistical sampling.

Authority

  1. By law, the Service has the authority to conduct examinations under Title 26, Internal Revenue Code, Subtitle F – Procedure and Administration, Chapter 78, Discovery of Liability and Enforcement of Title, Subchapter A, Examination and Inspection, which includes, but is not limited to, the following IRC sections:

    1. IRC 7602, Examination of books and witnesses

    2. IRC 7605, Time and place of examination

  2. For additional information see IRM 4.10, Examination of Returns, and IRM 4.46, LB&I Examination Process.

Roles and Responsibilities

  1. Director of Field Operations South Central (DFO-SC) - The DFO-SC has responsibility for this program. All inquiries, correspondence, reports, etc., pertaining to the CAS Program should be directed to this office. The DFO-SC will:

    • Monitor the overall effectiveness of the program.

    • Research technical and innovative aspects of Automatic Data Processing (ADP) examinations.

    • Establish a national inventory of computer assisted audit techniques and issue guidelines for their use.

    • Coordinate the securing of professional ADP technical assistance and advice to field offices.

    • Plan and coordinate the development of computer programs for nationwide use as prototype programs and special purpose programs.

    • Review, recommend, and assist in the development of proposed legislation, regulations, rulings, and procedures to resolve ADP auditing problems.

    • Analyze, evaluate, and make recommendations on both technical and ADP training needs for examiners.

    • Promote overall awareness of appropriate security procedures.

    • Encourage the effective development and use of computer assisted audit techniques in carrying out the Service's objectives.

  2. CAS territory manager - The CAS territory manager’s role is to:

    • Monitor, coordinate, and report on the overall effectiveness of the CAS Program within the territory.

    • Provide inter- and intra-territory coordination for (1) assignments of CASs outside of their team areas; (2) requests between territories for services of examination personnel who have specialized talents needed; and (3) requests between territories for services regarding record retention evaluations for LB&I cases.

    • Consult with and assist personnel in the resolution of ADP auditing problems.

    • Monitor the territory’s use of generalized, prototype, and special purpose computer programs in order to eliminate any duplication of effort.

    • Accumulate, analyze, and disseminate information and experiences gained from review and monitoring of groups’ activities.

    • Provide coordination within IRS to plan and evaluate computer assisted techniques used in case examinations, and to ensure participation of CASs in the initial planning of each case and the use of CASs as information specialists.

    • Assist in identifying ADP training needs and make recommendations regarding methods and content to the DFO-SC.

    • Monitor, promote, and evaluate appropriate established security procedures. This includes assisting in the identification of security problems and following up to ensure that corrective actions identified during reviews by security functions have been implemented.

    • Ensure that articles are submitted for sharing of programs to the DFO-SC.

    • Identify computer applications and auditing techniques that may be useful on a nationwide basis and submit them to the DFO-SC.

    • Review, discuss, and comment on the effective development and use of computer assisted audit techniques with territory personnel.

    • Ensure that all territories utilize examination time from CASs in planning, performing, and coordinating computer assisted audits to the maximum extent possible.

    • Hold conferences with professional accounting, legal, and tax societies and other interested groups to promote and gain favorable reception for computer assisted audits.

    • Monitor and review all non-case related applications.

  3. CAS team manager - The CAS team manager's role is to:

    • Establish procedures to ensure the maximum availability of CASs to examine computerized books and records where feasible and to increase examination efficiency.

    • Identify ADP training needs for examining agents for program consideration.

    • Identify and advise the CAS territory manager of unusual ADP auditing problems encountered during examinations.

    • Make requests to the CAS territory manager for ADP assistance and provide ADP assistance when resources are available.

    • Provide security for taxpayers’ ADP records removed from their premises as prescribed in IRM.

    • Use outside professional courses, trade magazines, etc., to provide opportunities for CASs to keep abreast of current ADP developments which affect accounting records processing.

    • Hold conferences with professional accounting, legal and tax societies and other interested groups to promote and gain favorable reception for computer assisted audits.

    • Develop procedures that cover basic security responsibilities within the CAS work areas.

    • Promote the use of computer assisted auditing and statistical sampling techniques in all program areas.

    • Participate in the initial planning of each examination.

    • Ensure the CAS does not use any taxpayer machine-sensible records pertaining to a particular tax return until after the person responsible for examining the return has initiated the examination.

    • Ensure the CAS is involved in the initial phases of the examination for the purpose of performing a systems analysis, identification of the audit trail or other application, including the use of statistical sampling techniques as deemed appropriate.

    • Ensure that the CAS is involved throughout the examination for advice and application of innovative computer programs. At or near the conclusion of the examination, the CAS must be available to discuss prior applications, suggest changes or improvements and consider updating any record retention limitation agreement(s).

    • Share with the case manager the activities of the CAS assigned to the examination.

    • Consult with managers to ensure their record retention needs are being met.

    • Participate in post examination critiques when deemed appropriate.

    • Maintain an inventory of generalized, prototype, and special purpose computer applications used or developed in the group. These will be housed on the computer applications section of the CAS SharePoint site.

    • Ensure the AIMS data base properly identifies entities having a record retention limitation agreement.

    • Utilize direct examination time of CASs in planning, performing, and coordinating computer assisted audits to the maximum extent possible.

    • Ensure that each use of a CAS represents the most efficient and effective possible employment of examination resources.

    • Ensure that the most cost-effective equipment is used by CASs.

    • Establish, maintain and monitor security procedures as may be required.

    • Establish guidelines for the proper documentation of applications performed on each case.

  4. Computer Audit Specialist (CAS) - The role of the CAS is the LB&I information specialist with regard to large complex computerized accounting systems. The CAS is also a recognized expert in the application of statistical sampling techniques. To fulfill this role, the CAS is involved in:

    • Providing analyses of complex computerized accounting systems;

    • Determining/recommending the most effective method to provide audit data required by examiners;

    • Validating taxpayer created statistical samples;

    • Providing examiners with technical guidance during IRS statistical sample development;

    • Providing computer analyses of large volumes of data;

    • Assisting examiners with the reconciliation of data to book trial balance and tax return line amounts;

    • Designing applications using both standard and custom computer programs, and

    • Searching continually for creative and innovative ways to use computer assisted auditing techniques.

Program Goals

  1. The organizational goal of the CAS Program is to provide efficient access to and analyses of electronic records to support the activities of the LB&I business unit. To accomplish this goal, the CAS Program will:

    • Improve the efficiency and effectiveness of LB&I field examinations by supporting tax issues identified by audit teams.

    • Improve tax compliance by using advanced application and programming skills to identify and develop tax issues during LB&I field examinations.

    • Support LB&I projects by using advanced software application and programming skills to analyze and prepare large and/or complex electronic data files.

    • Support IRS business units by developing custom software applications that can be used by IRS employees to enhance the performance of their jobs.

    • Improve the efficiency and effectiveness of LB&I tax examinations, studies, and projects by optimizing the use of statistical sampling methods when possible.

  2. To support this goal, the DFO-SC will:

    • Explore and identify areas where CAS support may be used to improve the quality and effectiveness of examinations, campaigns, and compliance projects.

    • Work with the CAS territory managers to identify, evaluate, and procure the tools necessary for CAS to effectively and efficiently perform their assigned duties.

    • Work with the CAS territory managers to provide training recommendations and assist in the development of training for CASs.

    • Coordinate and monitor the completion of the annual Federal Information Security Management Act (FISMA) training that is required for each CAS and CAS manager.

Training

  1. It’s important that CASs have the highest level of expertise to fully support LB&I activities. The core training for CASs currently includes:

    • CAS Core Training Phase I: Role of the CAS

    • CAS Core Training Phase II: Data Concepts featuring Structured Query Language (SQL)

    • CAS Core Training Phase III: Programming Logic featuring Visual Basic for Applications (VBA)

    • CAS Core Training Phase IV: Statistical Sampling and Audit Tools

    • CAS Core Training Phase V: Capstone

  2. In addition to the core training, CASs will receive continuing professional education and advanced training in other computer assisted audit techniques as they become relevant or pertinent.

  3. CASs and CAS managers will complete 8 hours of FISMA security related information technology training annually.

  4. CAS territory managers will complete 4 hours of FISMA related training annually.

Acronyms

  1. The table below contains commonly used acronyms:

    Acronym Term
    ADP Automatic Data Processing
    AIMS Audit Information Management System
    CAS Computer Audit Specialist
    CI Criminal Investigation
    DFO-SC Director of Field Operations South Central
    ERCS Examination Returns Control System
    FISMA Federal Information Security Management Act
    IBMIS Issue Based Management Information System
    IMS Information Management System
    LB&I Large Business & International
    SB/SE Small Business/Self-Employed
    SQL Structured Query Language
    SSC Statistical Sampling Coordinator
    TE/GE Tax Exempt & Government Entities
    UIL Uniform Issue Listing
    WCPA Western Compliance Practice Area

Related Resources

  1. Technical and procedural information used by CAS to accomplish program goals are described in IRM 4.47.2, CAS Technical and Procedural Information.

  2. Technical and procedural information used by SSC to accomplish program goals are described in IRM 4.47.3 Statistical Sampling Auditing Techniques.

Record Evaluation and Feedback

  1. For evaluations of taxpayer computerized accounting systems and preparation of record retention limitation agreements refer to CAS IRM 4.47.2.3. Initial evaluations will only be conducted when requested by the taxpayer. Re-evaluations may be initiated by the CAS territory managers at times other than during an examination if deemed appropriate. The CAS will not ask for future years’ returns and return information. The CAS will only request and review information pertinent to record retention evaluations or reevaluations. Such reviews do not constitute the commencement of an examination.

  2. Recommendations resulting from record evaluations are made to permit a taxpayer to limit the volume of records otherwise required to be retained yet ensure that adequate information will be available for future examinations. Record retention limitation agreements will be prepared incorporating record retention recommendations. Letters or notifications may be issued to taxpayers based on analyses and conclusions about their computerized accounting systems and record retention practices. The CAS will ensure that if a taxpayer has a record retention agreement it is properly reflected in the AIMS database. If a taxpayer record retention agreement exists, the CAS will advise the CAS manager to determine if further action is required.

Issue Related Applications

  1. In order to monitor issue related applications, the CAS and CAS manager should ensure that the appropriate Uniform Issue Listing (UIL) codes are used when preparing audit plans and as time is charged to each case.

  2. The UIL codes used by other audit team members should be used by the CAS when providing support and assistance directly to the development of the issue. Time spent developing applications, gathering or analyzing data or interpreting results in the development of an issue should be charged to the same UIL codes as the other members of that issue team.

    • UIL 7602.00 – This UIL code should be used for book to tax reconciliations (i.e. high-level reconciliation). This includes reconciliations using tax preparation software data, reconciliations involving schedule M items, or account number to tax return line number mapping.

    • UIL 7453.31 – This UIL code should be used for general CAS related activity performed prior to issue identification stage of the examination (not specific to a single issue). It may also be used for reconciliations and processing of data below the book to tax reconciliation level when no issues are involved. For all other reconciliations and processing work performed as a result of audit issue development refer to guideline (1) above.

    • UIL 6662.01 – This UIL code should be used when considering inadequate records or other potential record retention or internal control inadequacies (including the issuance of feedback letters to taxpayers).

Case Related Applications

  1. CASs are primarily intended to be used in the examination of LB&I tax returns by performing case related applications which are consistent with the role of the CAS as defined in the IRM. Case related is defined as all computer applications where time is properly chargeable to direct examination time on the ERCS Monthly Time Report.

  2. Case related applications also include TE/GE, SB/SE, CI, Appeals, Counsel, and Grand Jury activities even though time may properly be charged to non-direct examination time, and regardless of the case’s status on AIMS. The application must involve analyzing data from the taxpayer’s books and records and/or the analysis of other information to determine compliance with the Internal Revenue Code.

Non-Case Related Applications

  1. Non-case related is defined as all management reports and applications which do not relate to the examination of the taxpayer’s books and records or other relevant data. Non-CAS staff should be used to the maximum extent possible for these types of applications.

  2. Non-case related applications requiring more than 16 hours of CAS resources require CAS territory manager approval. Non-case related applications requiring 16 hours or less of CAS resources requires CAS team manager approval.

Applications with Potential for Nationwide Use

  1. CASs should identify and explore potential computer applications that may have broad nationwide use to expedite or reduce the cost of investigations, examinations, and special projects. These ideas may be developed during examination or special project work. These ideas should be submitted to the DFO-SC as early as possible in the development stage so they can be reviewed before extensive resources are expended and possible duplication of effort takes place.

Monitoring the CAS Program

  1. The effectiveness of the program is monitored by automated systems, periodic time reports and other sources of information.

Sources of Information

  1. The Issue Based Management Information System (IBMIS) is used to monitor the activities of the CAS. This automated system provides activity on a case by case basis. It provides information as to the time planned and expended by all members of the examination team, including CASs. It also provides information on the different aspects of CAS involvement in significant issues and in the application of statistical sampling auditing techniques.

Monitoring Activities

  1. Using IBMIS allows for monitoring:

    1. Level of computer audit support being provided by CASs on significant issues within LB&I.

    2. Use of statistical sampling auditing techniques in LB&I.

    3. Amount of CAS designated staff days expended, by activity code.

  2. IBMIS will be reviewed to determine if CAS participation is appropriate for their approved scope of the examination.

  3. Territory and team managers responsible for SRS Referral input should have ongoing discussions to determine if all reasonable requests for CAS assistance are being filled to the satisfaction of the requesting party, and to explore areas where assistance should, or could have been provided or improved.

  4. Record retention activity will be reviewed to ensure that all appropriate cases received adequate record retention agreement consideration.

  5. Record retention limitation agreements will be reviewed to determine if they meet examination needs, including those of any examination specialty. Outdated agreements must be reviewed to determine if suitable action has been initiated on cases where there is a reasonable potential for the use of computer assisted audit techniques in future examinations.

Data Files and Programs

  1. All taxpayer information and computer programs must be controlled and stored in accordance with IRM Part 10 (Security, Privacy and Assurance) and the currently applicable data security guidance.

  2. Appropriate security must be maintained for all non-taxpayer data files and programs.

  3. When original machine-sensible records are taken from a taxpayer’s place of business, care must be taken to ensure that appropriate security measures are taken and that an appropriate receipt is issued pursuant to Policy Statement 4–8.

  4. All machine-sensible media shipped between IRS offices or non-IRS offices must be transmitted by a traceable and receipted method. Consideration should be given to using Form 3210, Document Transmittal.

Use of Non-IRS Facilities

  1. If any CAS is offered free computer processing by another agency, IT Security and Disclosure functions must be notified to ensure that appropriate security is maintained. Contracts with commercial firms, inter-agency agreements and no-cost agreements may require prescribed safeguards, provisions, pre-contract award site reviews, and annual contractor safeguards review. All jobs must be processed in such a manner that the case or project will be identifiable in billing statements. Billings should be reviewed regularly by CAS group managers to ensure that only official and authorized work is performed, and that there have been no breaches of security. Copies of invoices should be obtained for this purpose from the IRS official that receives the vendor invoices and approves them for payment.

  2. The following are requirements for using commercial time-sharing systems.

    • Sign-off procedures must be used when leaving the terminal.

    • A unique password and user ID or other access identifier should be used to prevent unauthorized access.

    • CASs must have an individual password and user ID assigned.

    • The user ID must be disabled or deleted whenever a person leaves the CAS group.

    • Proper security must be maintained on all passwords limiting knowledge of the password to the CAS and that person’s team manager.

    • All passwords must be changed per the security policy regarding use of the system or if a security breach is suspected.