A nascent risk management organization within the Internal Revenue Service's information technology shop could serve as a case study for whether the tax agency should embrace a formal risk management process supported by dedicated staff, says the Treasury Inspector General for Tax Administration.

TIGTA, in a report dated Sept. 2, notes that risk management has been a Government Accountability Office area of concern since January 2005. TIGTA defines risk management as the identification of possible future events that may affect the ability of an organization to meet its objectives - and the implementation of preparatory actions.

The IRS modernization information technology services organization, known as MITS, is in the early stages of developing a "formalized, integrated risk management framework" with a group headed by a senior executive to focus on managing risk applicable to IRS IT operations.

"We believe this initiative should be monitored by the IRS in order to fully evaluate potential benefits," auditors say. The IRS office of program evaluation and risk analysis should conduct periodic reviews, the report adds.

IRS Chief Financial Officer Pamela LaRue--the OCFO has overall responsibility for support IRS risk management efforts--says in the agency's official response to the audit that the program evaluation office serves only in an advisory and support role at the request of senior leadership. She disagrees with a TIGTA recommendation that the office develop procedures for the review of risk management activities, but says that office officials will serve as an advisor to senior MITS management in monitoring and evaluating the risk management IT effort.

For more:
- download the TIGTA audit, 2011-10-096 (.pdf)

Related Articles:
IRS ITIL falls short, says TIGTA
TIGTA: IRS.gov offers better service than telephone assistance
TIGTA: Programming errors at IRS complicate tax processing