Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Automated Substitute for Return

 

Privacy Impact Assessment - Automated Substitute for Return (ASFR)

ASFR System Overview

Automated Substitute for Return is an IRS-developed National Standard Application written in XXXXX and currently installed XXXXXXXXXXXXXXX.  ASFR is a batch-processing application that performs complex computations and tax calculations enabling tax examiners to issue accurate notices and assessments based on IRP information and to resolve return delinquency cases on individual taxpayers.  Currently, cases of delinquent modules are received in ASFR from the Integrated Data Retrieval System (IDRS).  The data is then transmitted to the XXXXXXXXXX via File Transfer Protocol (FTP) from XXXXXXXXXXXXXX.  When funding is available ASFR will be  XXXXXX XXXXXXXXXXXXXXXX.  

 Systems of Records Notices

Treasury/IRS 22.061Individual Return Master File (IRMF)
Treasury/IRS 24.030 CADE Individual Master File
Treasury/IRS 24.046 CADE Business Master File
Treasury/IRS 24.047--AutomatedUnder Reporter Case File
Treasury/IRS 26.016--Returns Compliance Programs (RCP)
Treasury/ IRS 34.037--IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A.  Taxpayer Data:  Compilation of all data available on any individual type of tax return, to include Taxpayer’s name, address, phone number, Taxpayer’s Social Security Account Number, Tax Owed, and Taxpayer Income

B.  Employee Data:  Employee Name (First, middle, last), Employee Identification Number (EIN).

C.  Audit Trail Information:  Password associated with the EIN
D.  Other: ASFR does not contain other data or files.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS - All above information.

B & C. Taxpayer & Employee -  Information will be collected from taxpayers if the taxpayer responds or files a return. All other ASFR information is in the form of extracts from current IRS databases.  ASFR only processes Individual Master File (IMF) cases, no Business Master File (BMF) cases.  Information about payers of income is from IRS files.  It is not received from other sources.

D. Other Federal Agencies - No other Federal agencies provide data to ASFR. ASFR does not receive or give any info to any other agencies.

E. State & Local Agencies -    No State or Local agencies provide data to ASFR. ASFR does not receive or give any info to any other agencies. 

F. Other Third Party Sources - No information is obtained from third party sources. ASFR does not give any info to other third party sources.  

3.  Is each data item required for the business purpose of the system?  Explain.

Yes, The purpose of this system is to gather tax information for individuals that have not filed tax returns and create the missing returns for them. Any information that will help in the computation of an accurate taxpayer return is needed to complete this task.

4. How will each data item be verified for accuracy, timeliness, and completeness?

ASFR is a batch-processing application that performs complex computations and tax calculations enabling tax examiners to issue accurate notices and assessments based on IRP information and to resolve return delinquency cases on individual taxpayers. ASFR data is subjected to supervisory and management review and internal control audits in accordance with Office of Management and Budget (OMB) Circular A-123, Internal Control Reviews. Information from IRS systems is relied upon as accurate and the taxpayer is asked to provide information, updates and corrections if he or she feels it is in error.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

Data retrieval within the ASFR System is permitted through approved use of the "query" or "search" command within the applications. Data access is limited to those IRS employees previously granted access to ASFR via the IRS Form 5081.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?   Yes.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

ASFR has identified the following user groups:

  • ASFR System Administrators
  • ASFR Operators
  • ASFR Functional Security Coordinators
  • ASFR National Office Support Staff
  • ASFR Developers
  • IRS General Users (Customer Service, Field Representatives, etc.)

9. How is access to the data by a user determined and by whom? 

Access to ASFR is established through use of the IRS Form 5081. 
Each employee must be granted access to ASFR in writing. Specific permissions (Read, Write, Modify, Delete, Print) are defined on the 5081 form and set (activated) by the SA or Functional Security Coordinator prior to the employee being allowed network and ASFR access. The IRS Form 5081 is maintained on file with the SA/Functional Security Coordinator. ASFR also has a login/password screen in addition to the operating system. Employees must be a valid ASFR employee to be granted access to ASFR. Information on permissions is included in the form 5081 also.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

ASFR receives data from:  Integrated Data Retrieval System (IDRS), Inventory Delivery System (IDS), Masterfile and Standardized Integrated Access (SIA) 

ASFR sends data to:  Collection Data Mart (MISTLE), Notice Information Management System (NIMS), Alternate Waysof Filing (AWF),  Standardized Integrated Access (SIA) ASFR creates or updates taxpayer records and sends out letters requesting taxpayer information to create or update returns. 

ASFR can only be accessed by logging onto the operating system and then into the ASFR application. At the time of this assessment, no other systems have been identified that access or share data in the ASFR.

(ASFR currently resides on the XXXX, but when funding is available it will XXXXXXXXXXXX.) 

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Programs are executed on a weekly basis to check what data should be eliminated.  As cases progress through ASFR, if the cases are closed and closing transactions are posted on IDRS, cases will be eliminated from ASFR.  ASFR processes the "current" tax year and five prior tax years.  For example, in June 2003, we started processing tax year 2001 cases.  On ASFR we are now processing 2001, 2000, 1999, 1998, 1997 and 1996 cases.  Any case prior to 1996, ASFR posts a closing transaction on IDRS and then eliminates the case from ASFR after confirmation of the transaction posting.    

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.   No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

This system receives cases from IDRS (Case Creation Analysis) to look for people who have not filed income tax returns and looks on associated IRP documentation for sufficient information to create a tax return for them.  It then tries to locate the taxpayer to give them a chance to provide their return voluntarily. If they don't, they are assessed tax per information collected.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Yes. ASFR will monitor (through the Audit Trail) the actions of User Groups as defined to ASFR.

ASFR protects data by assigning system attributes and resources to pre-defined user groups. The action of each user is monitored by the ASFR audit functions. Audit trails are reviewed by Functional Security Coordinators.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  Cases come to ASFR from IDRS based upon selection criteria in case creation.  Once the case comes into ASFR, all cases are processed the same.    

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Yes. Letters are produced and sent out to the taxpayer to inform them of any planned adjustments to their account.  It tells them their tax status and how to contact us.  After the first notice (the Audit Notice) is sent to the taxpayer, they are given 90 days to respond before any action is taken.  After 90 days a second notice (Statutory Notice) is sent out to inform them of their appeal rights. The Statutory Notice informs them of their appeal rights and how to file them. 

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  No.
 


Page Last Reviewed or Updated: November 03, 2004