Skip to main content
Report 2022

4.5.1. Internal control

As a specialised organ of internal control, it has the mission of assessing the internal control system and promoting its development by performing inspections of services and audits on the Agency's central and territorial organs.

Inspection activities:

The inspection actions of the Internal Audit Service are subject to the planning principle established by regulation for the Inspection of Services, with the Action Plan for the Inspection of Services being prepared annually, which is approved by the President of the Tax Agency. The 2022 Plan is structured into 37 programs: on the one hand, a set of programs linked to actions common to several areas and/or significant for the purposes of improving the results of the Tax Agency and, on the other, a series of programs linked to the risk management of the Tax Agency , to the permanent monitoring of territorial bodies and the analysis and control of sensitive areas, security and institutional collaboration.

As a result of these inspection actions of services, the Internal Audit Service draws up reports which contain recommendations for the Tax Agency's Departments (motions) and the Management of the Units audited (proposals).

In 2022, 119 reports were prepared and in 2021, 127 were prepared.

Permanent monitoring and evaluation of the internal control systems management, risks and conducts

The Internal Audit Service carries out this monitoring and evaluation via the broadest cooperation with the Departments and Central Services and with the various Territorial Delegations.

This institutional collaboration with the different Departments is also exercised through the operation of the seven Sectoral Security and Control Commissions, created in the Tax Agency for the following areas or sectors: of Tax Management, Financial and Tax Inspection, Collection, Customs and Special Taxes and Customs Surveillance, Tax Informatics, General and Economic Management. The Vice-Presidency of each of the seven Commissions is held by an Inspector of the Services of the Internal Audit Service.

In 2006, the Management Committee of the Tax Agency decided to prepare the Agency's first Risk Map, thus incorporating a valuable instrument into its risk management system, with the Sectoral Security and Control Commissions being in charge of the preparation of sector maps, which are integrated into a single map by the Internal Audit Service.

For each of the selected risks, the working groups of the Sectoral Safety and Control Commissions determine a treatment, articulated in one or several measures whose application by the organization must serve to eliminate or reduce the value of the residual risk detected, that is, that is, the impact and the probability of occurrence or both components at the same time.

After this first Map, four have been prepared, one for each triennium, the last corresponding to the period 2020-2023, which contains 55 risks and 114 measures.

The Internal Audit Service considers that among its contributions to the organization's results is the commitment to organizational improvement processes, the dissemination of best practices and the application of self-assessment programs. The control activity has, consequently, a proactive purpose of continuous improvement.

To contribute to these purposes and promote continuous improvement in work, the Service is a member of the Institute of Internal Auditors of Spain, collaborates with International Organizations in the development of technical assistance projects in the field of internal control, and participates in groups that promote the security of international exchanges of tax information (APRG Group of the Global Forum) and the management of institutional risks (Community of Interest of the Forum of Tax Administrations of the OECD on “ Enterprise Risk Management"). In 2022, the Service has participated in the organization of a Fiscalis Seminar on Technological Risks, held in Bari (Italy), with cybersecurity as a background issue.