Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Specialist Referral System

 

Privacy Impact Assessment - Specialist Referral System (SRS)

SRS System Overview

The Specialist Referral System (SRS) automates the audit referral request process for Large and Mid-Size Business (LMSB), Small Business Self-Employed (SBSE), Wage & Investment (W&I), and Tax Exempt Government Entities (TEGE) Field Specialists.  Agents and auditors can generate a referral request online which will automatically notify the appropriate Specialist Manager for the request.  The system is completely electronic and web-enabled, providing management necessary information reports.  The SRS application acquires data from three sources, including direct input from the Requestor, Manager, and Data Administrator.  Additionally, SRS is interconnected to another application, that is, the Corporate Authority Directory Service (CADS), to retrieve authentication information on end users on the Specialist Request form. 

SRS is a web-based, client server application that is accessed through the IRS intranet.  It allows IRS employees to enter a referral on behalf of a taxpayer whose return has been selected for audit.  The referral is transmitted to a manager who accepts or rejects the case.  If the case is accepted it is assigned to a specialist to perform their portion of the audit.

Using the SRS, you can generate referrals for the following specialist:
• Computer Audit Specialists (CAS)
• Economists
• Employee Plans
• Employment Taxes (LMSB, SB/SE and TE/GE)
• Engineering
• Excise Tax
• Exempt Organizations
• Federal, State and Local Government
• Financial Products
• Indian Tribal Government
• International
• Tax Exempt Bonds

Systems of Records Number(s) 

Treasury/IRS 42.001 Examination Administrative Files

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. 
Taxpayer Name
Taxpayer Identification Number (TIN)
Address
Years under audit
Activity code of taxpayer
Earliest statute date of taxpayer

B.
Window NT Logon User ID
Employee Business Unit
Manager / Requestor Name
Manager / Requestor E-mail
Manager / Requestor Phone number

C.
The SRS application audit log captures:
Type of event that occurred by a user
Sources of the event (user’s Standard Employee Identification Number (SEID))
Date and Time stamp of when that event occurred

Database audit records are not within the scope of the SRS system nor this PIA.  DB audit records fall within the boundaries of MITS-14.

D.
In certain cases, the Requestor Manager’s e-mail address and phone number are collected.  Additionally, all specialists and managers requiring access to submitted requests are stored with Name (first and last), E-mail address, Windows NT Logon User ID (no password), Business Unit (BU), and BU Area.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. Specialist and Approving Manager information is input by the SRS Designated Administrator through a web interface.

B. Taxpayer name and TIN are entered directly by the Requesting Auditor on the Specialist Referral Request Form web page.

C. The Corporate Authority Directory Service (CADS) – Discovery Directory is used by SRS to retrieve authentication information on end users on the Specialist Request form based on a Requestor’s Windows NT Logon User ID.  Data retrieved for CADS includes the Requestor’s and Requestor Manager’s name, e-mail address, and phone number. 

D. None.
E. None.
F. None.

3. Is each data item required for the business purpose of the system?  Explain.

Yes.  Each data element is required to automate the audit referral request process for Large and Mid-Size Business Division (LMSB), Small Business/Self-Employed Division (SBSE), Wage and Investment Division (W&I), and Tax Exempt and Government Entities Division (TEGE) Field Specialists. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

As the auditor enters the Specialist Referral Form, the Taxpayer Name will be validated for each entry.  The TIN will be validated for length and format.

Requestor and Manager information are derived from the Discovery Directory (mentioned in response to question 2) in real time. 

Specialist and Approving Manager Information are verified for accuracy and completeness by the SRS Administrator.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

Specialist Managers will be notified by e-mail of Referral Requests routed to them via database routing tables.  Each e-mail will include a link to the Referral Request record. 

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  A Requestor’s Windows NT Logon User ID is used by SRS to retrieve authentication information on end users from the Corporate Authority Directory Service (CADS) – Discovery Directory.  Nevertheless, taxpayer data is not retrievable.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

The SRS application has nine (9) types of users within the application.  Each of these users has different access levels, which is determined by their title and role within the IRS.  The following list provides the type of user and their role:
User  - This is an everyday IRS employee who can only access the main SRS application web site via the IRS intranet in order to enter a formal referral into the application.
Super User (Level 6) - This LMSB IRS employee is designated to access anything on the application, this user will solve day to day problems, and grant higher level permissions within the application.  In addition, assume the role of a system administrator. 
99 Authority  (Level 99) - This is the SRS contractor application developer. This contractor is responsible for making changes to the system, routing changes, group changes, designation changes, delete files, generate referrals, and adding new roles.
Director (Level 5) - This user has the authority to generate and look at reports.
Analyst (Level 4) - This user is a program analyst and has the ability to look at all data within their program to analyze the information for the program manager.
Program Manager (Level 4) - This user has the authority to look at all cases and reports within their program.
Territory Manager (Level 3) - This user has the authority to  access the cases and reports within their territory.
Specialist (Level 1) - This user receives the referrals and is assigned to work on the case.
Field Specialist Manager (Level 2) - This user receives the referral and makes the decision to reject or accept the referral. If the referral is accepted this user will assign the case to a specialist.

9. How is access to the data by a user determined and by whom? 

Form 5081 will be required for any person requiring access to the data retrieval section of the application (Reports, Request approvals/routing/assignments) and administrative interface.  The OL5081 (Online 5081) is used to document access requests, modifications, and terminations for all types of users, including System Administrators.  When a new user needs access to IRS systems or applications, the user’s manager or designated official, completes an OL5081 requesting access for the new user.  OL5081 is an online form, which includes information, such as the name of the system or application, type of access, and the manager’s signature approving authorization of access.  The completed OL5081 is submitted to the system administrator who authorize elevated to the application, Before access is granted, the user is required to digitally sign OL5081 acknowledging his/her security responsibilities when using the system.

Contractors must have a moderate-risk background investigation performed before being granted a clearance and, thereafter, authorization to access the system.

The system administrator for SRS is a IRS LMSB Program Analyst.

Managers are entered and assigned an access level by the SRS Designated Administrator.

Taxpayer name and TIN will be initially entered by the Requesting Auditors.  Managers and specialists accessing requests will be programmatically authenticated using the system’s routing tables before they are allowed to access request records routed to them.

All SRS business function are performed in IRS government facilities or accessed via IRS secure VPN utilizing MITS-26 Remote enterprise access.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

The Corporate Authority Directory Service (CADS) – Discovery Directory is used to retrieve authentication information on end users on the Specialist Request form.  The CADS application is used to collect and index Corporate data.  Data retrieved for CADS includes the Requester’s and Requestor Manager’s name, e-mail address, and phone number. CADS-extracted data will be used in creating SRS request records.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Certification and Accreditation:

The CADS-Discovery Directory holds a current C&A  dated February 4, 2005 in the Mission Assurance Master Inventory, expiring on February 4, 2008 (or until the system undergoes a major change).

Privacy Impact Assessment:

The CADS-Discovery Directory does not hold a current PIA.  The last PIA was approved on September 3, 1999 according to the Office of Privacy PIA Inventory.  However, records indicate that CADS was recertified in 2002 and that no significant changes to data collection, maintenance, or handling have occurred since that time or are anticipated.  CADS remains the exclusive authoritative resource for employee identification and location information when used for purposes of employee authentication.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

IRM 1.15.23, Records Management, Records Control Schedule for Tax Administration – Examination, dated November 1, 2002 is the IRM guidance that is followed for the disposal of records.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Database routing tables will be used to identify the appropriate Specialist Manager to review the request based on audit location, activity code, and specialist type requested by the auditor.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.  No.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  The system is not designed to treat taxpayers, employees, or others disparately.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Not applicable. The system allows auditors to request the assistance of specialists and routes those requests to the appropriate specialist managers, but plays no direct role in any negative determinations.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

No.  Persistent cookies are not implemented in SRS.
 


Page Last Reviewed or Updated: March 17, 2006