Skip to main content
2022 Report

4.5.1. Internal control

As a specialised organ of internal control, it has the mission of assessing the internal control system and promoting its development by performing inspections of services and audits on the Agency's central and territorial organs.

Inspection activities:

The inspection activities of the Internal Audit Service are subject to the planning principle established by regulation for the Inspection of Services, with the Inspection of Services Action Plan being drawn up annually and approved by the President of the Tax Agency. The 2022 Plan is structured into 37 programs: On the one hand, a set of programmes linked to actions common to several areas and/or significant for the purposes of improving the results of the Tax Agency and, on the other, a series of programmes linked to the risk management of the Tax Agency, to the permanent monitoring of territorial bodies and the analysis and control of sensitive areas, security and institutional collaboration.

As a result of these inspection actions of services, the Internal Audit Service draws up reports which contain recommendations for the Tax Agency's Departments (motions) and the Management of the Units audited (proposals).

In 2022, 119 reports were prepared and in 2021, 127 were prepared.

Permanent monitoring and evaluation of the internal control systems management, risks and conducts

The Internal Audit Service carries out this monitoring and evaluation via the broadest cooperation with the Departments and Central Services and with the various Territorial Delegations.

This institutional collaboration with the different Departments is also exercised through the operation of the seven Sectoral Commissions for Security and Control, created in the Tax Agency for the following areas or sectors: Tax Management, Financial and Tax Inspection, Collection, Customs and Excise Taxes and Customs Surveillance, Tax Information Technology, General and Economic Management. The Vice-Presidency of each of the seven Commissions is held by an Inspector of the Internal Audit Service.

In 2006, the Tax Agency's Management Committee decided to draw up the Agency's first Risk Map, thereby incorporating a valuable instrument into its risk management system. The Sectoral Security and Control Committees are responsible for drawing up the sectoral maps, which are integrated into a single map by the Internal Audit Service.

For each of the selected risks, the working groups of the Sectoral Safety and Control Commissions determine a treatment, articulated in one or more measures whose application by the organization must serve to eliminate or reduce the value of the residual risk detected, that is, the impact and the probability of occurrence or both components at the same time.

Following this first Map, four more have been drawn up, one for each three-year period, the latest being for the 2020-2023 period, which contains 55 risks and 114 measures.

The Internal Audit Service considers that its contributions to the organization's results include its commitment to organizational improvement processes, the dissemination of best practices and the application of self-assessment programs. The control activity therefore has a proactive purpose of continuous improvement.

To contribute to these purposes and promote continuous improvement in work, the Service is a member of the Institute of Internal Auditors of Spain, collaborates with International Organizations in the development of technical assistance projects in the field of internal control, and participates in groups that promote the security of international exchanges of tax information (APRG Group of the Global Forum) and the management of institutional risks (Community of Interest of the Forum of Tax Administrations of the OECD on “ Enterprise Risk Management"). In 2022, the Service participated in the organisation of a Fiscalis Seminar on Technological Risks, held in Bari (Italy), with cybersecurity as the main topic.