HEARING BEFORE THE
COMMITTEE ON FINANCE
April 12, 2007
Michael R. Phillips
Deputy Inspector General for Audit
Treasury Inspector General
for Tax Administration
STATEMENT OF
MICHAEL R. PHILLIPS
DEPUTY INSPECTOR GENERAL
FOR AUDIT
TREASURY INSPECTOR GENERAL
FOR TAX ADMINISTRATION
before the
COMMITTEE
ON FINANCE
“Filing Your Taxes: An Ounce of Prevention is Worth a Pound of
Cure”
April 12, 2007
Chairman
Baucus, Ranking Member Grassley, and Members of the Committee, I thank you for
the opportunity to testify today. I am
Michael R. Phillips, Deputy Inspector General for Audit at the Treasury
Inspector General for Tax Administration.
My comments today focus on the 2007 Filing Season, identity theft, tax
fraud and tax practitioners. Each of these
areas presents significant challenges for the Internal Revenue Service (IRS).
2007 Filing Season
The
2007 Filing Season appears to be progressing without major problems. As of March 24, 2007, the IRS reported that it
had received more than 73.7 million individual tax returns. Of those returns, more than 53.0 million (72.0
percent) were filed electronically. The
number of electronically filed tax returns is 5.6 percent higher than at the
same time last year. The IRS has issued more
than 62.9 million refunds for a total of $152.8 billion.
While
the IRS has seen a growth in the number of electronically filed tax returns so
far this filing season, the number of
Free File returns is down slightly. As
of
March 24, 2007, the IRS received approximately 2.8 million tax returns through
the Free File Program, compared to approximately 2.9 million returns at the
same time last year.
The
Free File Program provides taxpayers with access to free online tax preparation
and e-filing services made possible through a partnership agreement between the
IRS and the tax software industry. The IRS Restructuring and Reform Act of 1998 (RRA 98)[1] required the IRS to work with private industry to increase
electronic filing. In response to this
requirement, in 2003 the Department of the Treasury (Treasury), the Office of Management
and Budget, and the IRS launched the Free File Program featuring private-sector
partners that allow qualifying taxpayers to prepare and file their tax returns
online for free. The Treasury, the Office
of Management and Budget, and the IRS made this possible through a
public-private partnership with a consortium of tax software companies, the
Free File Alliance, LLC (
The RRA 98
established a goal for the IRS to have 80 percent of Federal tax and
information returns filed electronically by 2007. Recognizing that the IRS will not meet this
goal, the IRS Oversight Board recommended an extension of the goal to 2012. The IRS Oversight Board has consistently
stated that the 80 percent e-file goal has been a major contributing factor to
the growth of electronic filing. Based
on existing trends through 2006, it is indeed unlikely that a sufficient number
of taxpayers will shift to e-file in 2007 to overcome the IRS’ shortfall. Nevertheless, because the goal has had such a
positive effect, the IRS Oversight Board recommended that Congress extend it to
2012 and expand its scope. According to
IRS Oversight Board Chairman Paul B. Jones, “While it is clear that the IRS will not achieve the ambitious 80
percent goal this year, we do not view this as a failure. Rather, the IRS and its private sector
partners have achieved continuous and significant progress in all parts of
electronic tax administration very much in keeping with RRA 98’s intent.”
Providing Quality Customer Service
While
the IRS continues to face longstanding challenges, it deserves recognition for
making progress in an area that will always be a challenge: providing quality customer service to the
American taxpayer. Quality customer
service is the first component of Commissioner Everson’s principle for the IRS:
Service
+ Enforcement = Compliance. Over
the past few years, TIGTA audits have shown that the IRS has improved customer
assistance in its face-to-face, toll-free telephone, tax return processing, and
electronic services, including the IRS public Internet site (www.IRS.gov).[2]
IRS.gov
IRS.gov continues to be one of the most visited Web sites in the world, especially during filing seasons. As of March 24, 2007, the IRS reported more than 97 million visits to its IRS.gov Web site. Additionally, the IRS now provides practitioners with online tools to provide better service to their customers such as electronic account resolution, transcript delivery, and disclosure authorization.
Toll-Free Operations
As of March 24, 2007, the
IRS’ assistor level of service was 83.6
percent, which is a decrease of less than 1 percent compared to the same week
last year.[3] However, the cumulative filing
season assistor level of service is currently 2.5 percent higher than the IRS’
planned assistor level of service of 81.1 percent. The IRS
answered 10.3 million calls compared to 10.5 million at this time last
year. The IRS also completed
14.4 million automated calls; a decrease of 5.7 percent from last year’s 15.3
million. It appears that automation
demand is materializing slightly later than last year.
Taxpayer
Assistance Centers
Taxpayer Assistance
Centers (TAC) are walk-in sites where taxpayers can receive answers to both
account and tax law questions, as well as receive assistance in preparing their
returns. TIGTA is currently in the
process of making anonymous visits to TACs to determine if taxpayers are receiving
quality service, including correct answers to their questions. As of March 24, 2007, there was approximately
the same number of walk-in contacts as there was for the same period last year.
Volunteer Income Tax Assistance
(VITA) Program
The
Volunteer Income Tax Assistance (VITA) Program plays an increasingly important
role in the IRS’ efforts to improve taxpayer service and facilitate
participation in the tax system. The
VITA Program provides no-cost Federal tax return preparation and electronic
filing to underserved taxpayer segments, including low income, elderly,
disabled, and taxpayers with limited proficiency in English. These taxpayers are frequently involved in
complex family situations that make it difficult to correctly understand and
apply tax law.
For
Filing Season 2007, TIGTA is including the American Association of Retired Persons-sponsored
Tax Counseling for the Elderly sites in its testing of VITA sites. TIGTA plans to visit 39 VITA sites to
determine if taxpayers received quality service, including the accurate
preparation of their individual income tax returns. TIGTA developed scenarios designed to present
volunteers with a wide range of tax law topics that taxpayers may need
assistance with when preparing their tax returns. These scenarios included the characteristics
(e.g., income level, credits claimed, etc.) of tax returns typically prepared
by the VITA Program volunteers based on an analysis of the Tax Year 2005 VITA‑prepared
tax returns.
As of March 30, 2007, TIGTA has had 33 tax
returns prepared with a 48 percent accuracy rate, compared to the 39 percent
accuracy rate reported for the 2006 Filing Season. TIGTA’s
observations are that volunteers did not always use the tools and information
available when preparing returns. TIGTA
will report its final results in August 2007.
See Figure 1 for comparisons of VITA Program activities for the 2006 and
2007 Filing Seasons through March 24, 2007.
Figure 1 Year-to-Date Comparisons of the Returns
Prepared
During the 2006 and 2007 Filing Seasons
Through March 24, 2007
|
|
2006 Actual |
2007 Actual |
% Change |
|
Volunteer Return Preparation |
1.5 |
1.7 |
12.3% |
|
|
|
|
|
|
Volunteer E-File (percent) |
91.2% |
92.2% |
1.1% |
Source:
IRS 2007 Filing Season Weekly Reports.
TIGTA is also conducting limited tests to
determine if VITA sites are in compliance with privacy and security guidelines for
the protection of taxpayer information. TIGTA’s
results as of March 30, 2007, show:
- 97 percent (32 of 33) of volunteer computers were
password-protected.
- 39 percent (13 of 33) of volunteer computers had
encryption software.
For
Fiscal Year 2008, the IRS is requesting an additional $5 million and 46 Full
Time Equivalent[4] to
expand the VITA Program. According to the
IRS, this will help “expand the IRS’
volunteer return preparation, outreach and education, and asset building
services to low-income, elderly, Limited English Proficient, and disabled
taxpayers.”
Telephone Excise Tax Refunds
The
telephone excise tax refund is the most wide-reaching refund in the history of
the IRS. It is a one-time refund that
the IRS estimated would affect between 151 million and 189 million people,
including many without a filing requirement.
The IRS developed a process to refund these monies on a timely basis and
made the refund request process relatively easy for most taxpayers. At the same time, the IRS wanted to minimize
refunds in excess of taxes collected and discourage overstated refund requests.
To
minimize the number of overstated refund requests and the administrative burden
on individual taxpayers, the IRS decided to offer individuals standard refund
amounts. Use of the standard amounts should
significantly reduce taxpayer burden since no records are needed to support
taxpayers’ requests. Individuals do not
have to assemble 41 months of telephone bills to determine their refund amounts. Requesting the standard amounts requires the
completion of only one additional line on the tax return.
However,
taxpayers are not required to request the standard amounts. If taxpayers do not choose to claim the
standard amounts, they must file Form 8913, Credit for Federal Telephone Excise
Tax Paid, with their U.S. Individual Income Tax Return (Form 1040 series). Taxpayers must attach Forms 8913 to their Forms
1040 to support any claims for more than the standard amount.
The
standard amounts developed by the IRS have proved to be very effective. Through the week ending March 24, 2007, IRS
records indicate that 99.6 percent of telephone excise tax refund claims filed
was for standard amounts. However,
through this same time period, just over 30 percent of the individual tax
returns filed contained no claim for a telephone excise tax refund, which
indicates that many taxpayers may not be aware of their opportunity to claim
this refund. TIGTA will be monitoring
the steps the IRS takes to address this issue.[5]
Processing
Claims
TIGTA
has raised the following concerns to the IRS regarding the processing of
returns claiming telephone excise tax refunds for non-standard amounts:
- Thresholds
were set too high for the IRS to take action when taxpayers claimed
refunds for more than the standard amounts but did not provide the
required
Form 8913 to substantiate their claims. - Thresholds
were set too high for the IRS to take action when taxpayers’ entries on
their tax returns (Form 1040 series) did not correspond with amounts on
Form 8913, i.e., taxpayers claimed one amount on their tax return and a different amount on their Form 8913.
When
TIGTA reported these issues, the IRS took immediate steps to address the
problems.
Compliance
Efforts
The
IRS also developed a compliance strategy to address egregious claims. The strategy includes identifying tax returns
with claims for telephone excise tax refunds exceeding certain dollar
thresholds and freezing the telephone excise tax portion of the refunds
associated with those returns until the claims could be audited.
TIGTA
has also raised concerns with the IRS’ implementation of its compliance
strategy related to these claims. In TIGTA’s
opinion, the dollar threshold used to identify potentially egregious claims is
again set too high. TIGTA first raised this
concern to the IRS on February 16, 2007.
TIGTA analyzed over 23,000 claims that requested telephone excise tax
refunds for amounts considered to be highly questionable but that did not meet
the IRS’ criteria for further review. The
analysis revealed the following:
- The amount
of telephone excise tax refunds on these claims totaled more than
$21 million. - Taxpayers
making most of these claims (68 percent) would have had to pay long
distance or bundled telephone service charges equal to more than 25
percent of their total annual income to justify their claims.
- Taxpayers
making 11 percent of these claims would have had to pay more for long
distance or bundled telephone services in a year than their annual income
to justify their claims.
- As of March 24, 2007, over 39,000
such claims had been received that did not meet the IRS’ criteria for
review. The amount of telephone
excise tax refunds on these claims totaled over $33.8 million. Over 30,000 of these claims were on tax
returns with no Schedules C, E or F,[6]
which makes the claimed amounts even more questionable.
The
IRS set its threshold high because its examination resources are limited and
because it believes that examinations of returns claiming the Earned Income
Credit (EITC) [7] and
other discretionary examinations will result in higher assessment rates than
examinations of the telephone excise tax refund claims. However, other factors may need to be considered. For example:
- Many taxpayers filing large claims
appear to be entering the total amount billed for long distance and
bundled service rather than the Federal excise tax associated with those
amounts. This may be due to
taxpayers misunderstanding the instructions on Form 8913. Taxpayers making legitimate mistakes may
very well be willing to self-correct their returns if the IRS informs them
that they appeared to have claimed their entire phone bill or long
distance bill rather than only the Federal excise tax associated with their
bill. Addressing many of these
cases may not require examination resources.
- Because telephone excise tax refund
claims are not subject to the regular assessment process, most of these claims
should be worked before refunds are issued. Discretionary examination programs can
be worked after refunds are issued, if necessary.
- If worked prior to the refunds being
issued, these cases represent dollars that can be immediately recognized
by the Federal Government as improper refunds not issued. In contrast, other examination cases
represent assessments that may or may not be collected. A recent TIGTA report found that in FY
2004, the IRS assessed more than $2.1 billion in additional taxes on
high-income taxpayers through its examination program. The report estimated that approximately
$1.2 billion (57 percent) of that amount was either abated or not collected after an average of 608 days from the date of assessment.[8] - The telephone excise tax refund is a
high profile issue. For example,
inappropriate telephone excise tax refund claims are now the Number One item
in the IRS’ “Dirty Dozen” list of tax scams. In a news release issued early in the
filing season, Commissioner Everson stated, "People requesting an inflated amount will likely see their refund
frozen, may have their entire tax return audited and even face criminal
prosecution where warranted. We
won't stand idly by while some people try to cheat their neighbors and
make off with money they don't deserve.” Allowing fraud to go unchecked in an
area that the IRS has declared as a major priority may have a very
negative effect on taxpayer compliance in the future.
Taking into consideration the
preceding factors, TIGTA recommended that the IRS re-examine all options at its
disposal to address significantly more inappropriate telephone excise tax
refund claims, including offering taxpayers the opportunity to self-correct
their returns, postponing some examination work, and having non-examination
employees work (or partially work) some of the simpler cases.
The IRS responded to TIGTA’s
concerns, stating that it does not plan to make adjustments to the threshold
amounts. The IRS’ written response did
not address TIGTA’s recommendation to allow taxpayers to self-correct their
returns; however, during discussions IRS officials stated that they had no
plans to issue notices to taxpayers and allow them to self-correct their errors
because IRS officials believe: such
notices would be ineffective; the IRS has limited resources to work the
responses; and there would be many “no response” cases for them to work.
Given the opportunity, many
taxpayers overclaiming the telephone excise tax refund based on a
misunderstanding of the instructions for Form 8913 may voluntarily self-correct
the error. However, the time for IRS to
develop a process and notice to facilitate this is limited and may actually be
past.
TIGTA
has also shared concerns about paid preparers and the telephone excise tax
refund with the IRS. As of March 24,
2007, a paid preparer had filed over 1,300 other returns with telephone excise
tax refund claims exceeding the standard amounts. Only 8 of this preparer’s claims have
exceeded the IRS’ tolerance. TIGTA
referred this preparer to the IRS’ Criminal Investigation function. The IRS requested information from TIGTA
regarding on other questionable preparers that may be avoiding IRS
scrutiny. TIGTA provided the requested
information to the IRS on other preparers.
Among them:
- One preparer has filed 1,019 claims
totaling over $677,000. The claims
are all under IRS’ tolerance, and most of the claims are for one of five
amounts that are repeated on the filed claims.
- One preparer has filed 1,138
claims. The preparer has filed
returns for taxpayers in 31 different States. In addition to telephone excise tax
refund claims, over 95 percent of the returns also claim employee business
expenses.
Notice Trends
Many
taxpayers who are 65 years or older (seniors), taxpayers who have claimed the
EITC, and taxpayers who have computed self-employment tax have received
repetitive math error notices (i.e., the taxpayers had received a notice
addressing the same issue in the prior year).
Taxpayers who receive repetitive notices may not understand or are
repeatedly overlooking specific instructions provided by the IRS. These taxpayers may also not understand an
area of tax law. Additionally, the
current filing information available to these taxpayers, including notices, may
be inadequate. Notices should not only
inform taxpayers of their errors but should also educate them on the issues,
and be a means to ensure that the errors do not occur in the future. Unclear or inadequate tax information and
notices create an additional burden on taxpayers and often result in additional
work and expense for the IRS.
Annually, the IRS sends over 100 million
notices to taxpayers; the IRS estimates this costs more than $400 million.[9] Over 7 million of these notices are math
error notices, which inform taxpayers that changes were made to their tax
returns as a result of mathematical or clerical errors. The notices explain the nature of the changes
and include account statements showing how the changes affect the returns. Overall, the vast majority of taxpayers
receiving these notices do not repeat their errors in subsequent years. Further, very few business taxpayers receive
repeat math error notices. The notices
with a higher repeat rate are those sent to individual taxpayers and are
related to a few areas of tax law. Five
notices accounted for 40 percent of all repetitive math error notices issued to
individual taxpayers, despite being only 13 percent of the total number issued.
- Senior
taxpayers repeatedly made two errors when computing their taxes: (1) miscomputing their taxable amounts
of Social Security benefits and (2) claiming an incorrect standard
deduction. Random non-statistical
samples of 80 senior taxpayers making one of these two errors showed that
95 percent had prepared their own returns.
The average age of these taxpayers was 72, and 24 percent of them
were 80 years of age or older.
- Taxpayers
repeatedly made two errors related to the EITC. Most of these taxpayers made calculation
errors, and others inappropriately claimed the EITC after having been
prohibited from doing so and not recertifying that they were qualified for
the EITC. Taxpayers making the
repetitive calculation errors had either: (1) used the EITC Tables
incorrectly year after year; or (2) filed a Profit or Loss From Business
(Schedule C) but, for two or three years in a row, had failed to deduct
one-half of their self-employment tax from the earned income amounts
before computing the EITC. The
issue regarding recertification for the EITC has been reported in prior TIGTA
audit reports, and the IRS is working on corrective actions; therefore,
TIGTA made no recommendations concerning the issue.
- Taxpayers
made repetitive errors when computing or reporting their self-employment
tax. Many of the taxpayers in TIGTA’s
sample calculated the self-employment tax correctly but repeatedly carried
the wrong amounts forward to their U.S. Individual Income Tax Returns
(Form 1040). Other taxpayers
calculated the self-employment tax incorrectly. A common cause was that taxpayers did
not begin the computation by multiplying the self-employment earnings by
92.35 percent, as instructed.
TIGTA recommended that the IRS modify the
math error notices that have been sent repeatedly to taxpayers, to provide a
clearer and more informative explanation of the errors taxpayers are
making. In addition, TIGTA recommended
that the IRS make changes to the forms and instructions associated with the
provisions that have resulted in issuance of an inordinate number of repetitive
notices. Finally, the IRS should
continue to build on the research and analysis already performed to develop the
most effective ways to simplify tax preparation for senior taxpayers.[10]
Customer Account Data Engine
The
Customer Account Data Engine (CADE) project will provide the foundation for
managing taxpayer accounts to achieve the IRS’ modernization vision. The CADE consists of databases and related
applications that will replace the IRS’ existing Master File processing
systems, which are the IRS’ official repository of taxpayer information.
Congress
authorized $54 million in Fiscal Year (FY) 2005 and $60 million in
FY 2006 for the CADE. Additionally, the
IRS requested $85 million in FY 2007 for the CADE, but this amount has been
reduced to about $58 million. Through FY
2007, CADE project release costs total about $233.9 million. The IRS initiated the CADE project in
September 1999 and began delivering releases in August 2004.
During
Calendar Year (CY) 2006, the CADE posted over 7.3 million tax returns and
generated more than $3.4 billon in refunds.
This is a significant increase over the
1.4 million tax returns posted in CY 2005 that generated refunds totaling more
than $427 million. The CADE is now in
the process of completing delivery of Release 2.2. Release 2.2 will process 2007 Filing Season tax
law revisions (Tax Year 2006) and additional tax forms.[11]
On
February 27, 2007, the IRS and the PRIME[12]
contractor put Release 2.2 into production, but because computer reports on the
number of returns received did not match the number of returns posted, the CADE
was turned off and tax returns were sent back to the current IRS processing
system. The IRS reports that a major
portion of Release 2.2 was successfully put into production on March 6, 2007, (seven
weeks late). On the first day, it posted
over 571,000 tax returns of which 566,332 contained refunds. Because of the late start into production, the
IRS goal of using the CADE to process 33 million tax returns will not be met. According to IRS officials, the latest
estimate is that the IRS will complete the deployment of Release 2.2 by the end
of April 2007, and it will post between 16 million to 19 million returns during
the 2007 Filing Season.
Electronic Fraud Detection System
The Electronic Fraud Detection System (EFDS) is the
primary information system used to support the Criminal Investigation
Division’s Questionable Refund Program, which is a nationwide program
established in January 1997 to detect and stop fraudulent and fictitious claims
for refunds on income tax returns. Last
year, the EFDS was not operational because the IRS and its contractors were
unable to launch a Web-based version of the EFDS application (Web EFDS),
resulting in an estimated $318.3 million in fraudulent refunds being issued as
of May 19, 2006.[13]
On April 19, 2006, all system development
activities for the Web EFDS were stopped, and all efforts were focused on
restoring the client-server EFDS for use on January 16, 2007. The restoration effort required the
contractors to prepare the EFDS and the related databases for 2007 by starting
with the 2005 EFDS and updating it with the 2006 and 2007 tax law changes.
In October 2006, TIGTA initiated an audit to
determine whether the IRS was adequately monitoring the contractor’s
development efforts in 2006 to ensure that a system was delivered in time for
the 2007 Filing Season. TIGTA found that the IRS improved controls over the EFDS restoration
activities, including executive governance and project management. As a result, project risks were being
identified and mitigation actions were being taken to ensure that the EFDS was
implemented and fraudulent refunds stopped during 2007.[14]
On January 16, 2007, the IRS and its
contractors put the EFDS into production.
The IRS reported that the telephone excise tax refund, split refund, and
extender legislation requirements were implemented as scheduled on January 29,
2007. The IRS also reported that the
EFDS continues to operate without critical problems.
Identity Theft
Identity
theft is a growing national problem, but the percentage of identity theft cases
affecting tax administration is still relatively small. Out of the 246,035 identity theft complaints
reported to the Federal Trade Commission in 2006, approximately
20 percent (49,699 complaints) have had some impact on tax administration. The remaining identity theft complaints were
related to credit card fraud, telephone and utilities fraud, bank fraud,
Government benefits fraud, and other forms of fraud. While the overall number of taxpayers
affected by identity theft related to tax administration is small, it can be
very frustrating and time consuming for each victim to resolve his or her
situation with the IRS.
There
are two primary types of identity thefts that relate to tax
administration. The first type involves
an individual using another person’s name and Social Security number to file a
fraudulent tax return in order to steal a tax refund. The second type involves using another
person’s Social Security number to obtain employment.
According
to the identity theft complaints that the Federal Trade Commission received
during 2002‑2006,[15]
the number of fraudulent tax returns filed as a result of an identity theft has
steadily increased from 3,075 to 15,254 (396 percent increase). The number of complaints on employment-related
identity theft fraud more than doubled from 15,049 to 34,445 (129 percent) during
the same time period.
In
July 2005, TIGTA reported[16]
that the IRS lacked a corporate strategy to adequately address identity theft
issues. In response to some of TIGTA’s recommendations,
the IRS agreed to develop: (1) updated
agency-wide communication tools to be used to educate and assist taxpayers with
information about identity theft; (2) agency-wide standards to ensure that the
information taxpayers were asked to provide to substantiate identity theft claims
is consistent throughout the IRS; (3) specific closing codes for cases
involving identity theft that would allow the IRS to track and monitor the
effect of identity theft on tax administration; and (4) processes to
proactively identify instances of identity theft.
In
response to TIGTA’s report, the IRS established the Identity Theft Program
Office in October 2005 to provide centralized development of policy and
procedural guidance within tax administration and to implement an agency-wide
strategy composed of three components: outreach,
prevention and victim assistance. The
Office was established in the Wage and Investment Division to facilitate cross-functional
coordination.
During
the past two years, the Identity Theft Program Office has predominantly focused
on outreach and education efforts. For
example, the Office created the Identity Theft Webpage on IRS.gov and prepared various
publications and a DVD on identity theft.
In addition, the Office has drafted a memorandum for IRS employees,
standardizing the following documentation requirements for taxpayers to
substantiate identity theft:
- Authentication
of identity – a copy of one of more valid U.S. Federal or State
government-issued forms of identification (i.e., social security card,
passport, driver’s license, and State identification card).
- Evidence
of identity theft – a copy of a police report or Affidavit of Identity
Theft filed with the Federal Trade Commission.
Although
TIGTA recommended in its 2005 report that the IRS standardize the requirements
for taxpayers to support their identity theft claims, as of April 2007, the
memorandum that the IRS created to disseminate this information to its
employees is still under review and has not yet been issued.
The
IRS currently does not have a uniform process in every function for identifying
cases closed as a result of identity theft.
In response to TIGTA’s recommendation, the IRS agreed to refine certain coding
to identify some identity theft case closures.
For example, starting with Tax Year 2003, the IRS began using unique
codes in one of its databases for identity theft case closures that resulted in
no change in the tax liability (thus indicating that the actual taxpayer did
not underreport; rather the underreporting came as a result of another person
using the number for employment). However,
the special codes are not readily identifiable as identity theft closures to
most IRS employees. The IRS is currently
in the process of establishing a universal identity theft code. This coding will allow anyone looking at an
account on the Master File to see if a taxpayer has previously reported to the
IRS that his or her identity had been stolen.
Given
the limited identity theft case tracking information currently available, the
IRS, in TIGTA’s opinion, still lacks the comprehensive data needed to determine
the impact that identity theft has on tax administration. More importantly, the IRS is unable to
identify specific identity theft trends or take proactive steps to identify these
cases in order to reduce the burden on taxpayers.
TIGTA
is currently reviewing the IRS’ identity theft efforts. During TIGTA’s on-going review, the Identity
Theft Program Office has stated that the IRS does not use the Federal Trade
Commission’s Identity Theft Clearinghouse database because all information is
self‑reported by the taxpayer without any form of data validation, and a
majority of the identity theft complaints are for consumer fraud (i.e. stolen
credit cards) rather than tax administration.
According to an October 20, 2006, IRS briefing document, leveraging the
identity theft information gathered from agencies such as the Federal Trade
Commission to better identify taxpayers who have been victims of identify theft
was rated as one of the lowest scoring strategies.
The
IRS has not performed analyses to identify employers who consistently report
wages for employees using stolen Social Security numbers. The IRS’ actions are therefore largely
re-active in assisting victims of identity theft after they contact the IRS as
a result of notice or enforcement action.
The Identity Theft Program Office does not track the number of identity
theft referrals to the Criminal Investigation function. However, the Criminal Investigation function
only investigates identity theft issues in conjunction with other criminal
offenses.
The
problem of using a stolen Social Security Number for employment is compounded
by the limited actions that employers may take.
The Social Security Administration’s Web site directs employers not to
use the Social Security Number Verification Service “to take punitive actions against an employee whose name and Social
Security Number do not match Social Security’s records.” The Web site also states:
- “A mis‑match does not imply that
you or the employee intentionally provided incorrect information.
- A mis-match does not make any
statement about an employee’s immigration status and is not a basis, in
and of itself, for taking any adverse action against an employee. Doing so could subject you to
anti-discrimination or labor law sanctions.”
The
IRS is in the process of moving the Identity Theft Program Office from the Wage
and Investment Division to the Mission Assurance and Security Services (Mission
Assurance) organization. According to
the December 21, 2006, Memorandum of Understanding between Mission Assurance
and the Wage and Investment Division, “…Identity
Theft will be incorporated as part of enterprise information protection and
will not be managed as a stand alone program office.” In fact, none of the Identity Theft Program
staff are moving to Mission Assurance.
Mission Assurance “may facilitate
but will not direct activities determined to be tax administration or
individual taxpayer assistance in nature.”
Mission Assurance’s specific role will be further refined as the
organization engages with the business divisions.[17]
The
impact of the Identity Theft Program Office reorganization is unclear. However, TIGTA believes that in the
short-term the IRS’ assistance to individual taxpayers victimized by identity
theft will not improve from this realignment.
TIGTA
is also currently conducting an audit to determine
the progress the IRS has made in ensuring the privacy and security of
personally identifiable information. The
assessment will be based on prior audits of significant privacy-related issues
that TIGTA reported during the past four fiscal years.
The
IRS processes over 130 million tax returns and processes personally
identifiable information on approximately 240 computer systems. Almost all of its employees and contractors
have access to at least some of this information, making the protection of the
data a significant challenge. The
sensitivity of the data also makes IRS computer systems an attractive target for
hackers and others who could use the information for identity theft.
The
IRS has taken several actions to protect personally identifiable information in
its possession and to make the IRS a more security conscious organization.
·
The
IRS has established a Security Service and Privacy Executive Steering Committee
to serve as the primary governance body for all matters relating to security
and privacy issues in the IRS.
·
Communications
from the IRS Commissioner have set the tone to create a strong security
environment by advising IRS managers that employees need to be reminded of
their responsibilities to safeguard personally identifiable information and by
dispelling the perception that security is solely the responsibility of the
Mission Assurance and Security Services organization.
·
The
importance of protecting personally identifiable information will be emphasized
in a video scheduled for distribution to IRS employees in the third quarter of
Fiscal Year 2007. The video will include
statements by the IRS Commissioner and the Treasury Inspector General for Tax
Administration.
·
The
IRS has made significant improvements in its certification and accreditation[18]
process. For Fiscal Year 2006, the IRS
reported its computer systems had a certification and accreditation rate of 95
percent, which is an improvement over Fiscal Year 2005 when only 35 percent of
the systems were certified and accredited.
·
The
IRS has made steady progress in recent years in complying with the requirements
of the Federal Information Security Management Act of 2002. During 2006, the IRS reassessed the security
risks of its computer systems, and TIGTA is confident that the inventory is
substantially complete and the risk categorizations of the computer systems are
accurate.
·
The
IRS satisfied a major requirement of the Consolidated Appropriations Act of
2005[19]
by appointing a Chief Privacy Officer to assume responsibility for privacy and
data protection policies. The Chief
Privacy Officer completed a comprehensive assessment of the IRS’ privacy and
data protection procedures and made recommendations to strengthen the controls.
However,
TIGTA’s reviews during the past four fiscal years identified persistent
computer security weaknesses that continue to jeopardize the security of personally
identifiable information. IRS managers
and employees are not complying with established security procedures. Furthermore, IRS executive management is not
holding managers and employees accountable for carrying out their
responsibilities and for ensuring that managers and employees are aware of the security
risks associated with their positions. The
following are some of the security issues that TIGTA identified during the last
four fiscal years.