Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Headquarters Employee Plans Inventory Control

 

Privacy Impact Assessment – Headquarters Employee Plans Inventory Control (HQEP) 

HQEP System Overview

HQEP is an application that controls Tax Exempt/Government Entities, Employee Plans case inventory of tax law specialists in the Headquarters Employee Plans Technical Division.  It monitors case inventory by group and specialist; tracks time spent on each case; generates timesheets; processes user fees; and creates inventory and accomplishment reports.  HQEP includes the Employee Plans Compliance Resolution System (EPCRS) Research and Inventory System (ERIM).  ERIM is a subsystem of HQEP.  ERIM data helps to ensure that plans with pending Voluntary Compliance Program requests are not inadvertently examined. 

Systems of Records Number(s)
 
Treasury/IRS 50.222 TE/GE Case Management Records
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.  * Point of contact data:
o Organization Taxpayer name
o Plan Sponsor
o Employer Identification Number (EIN)
o Organization Phone Number
o Organization Address
o Contact person’s name (or Power of Attorney)
B.  * Tax Law Specialist (TLS) name
C.  System Level – User Login/Logout time is recorded.  Application level - Identity of user who last modified case data or inventory information is recorded.
D.  Lookup information:
o Project work codes
o Control number / Case Number
o User fee information:
* Fee type
* Check amount
* Bank name

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. No data elements are obtained from other IRS databases.
B.  Data obtained from Plan Sponsor’s, Plan Administrator’s, or Individual Taxpayer‘s correspondence or application includes:  name, address, employee identification number, bank name, check number and user fee amount.
C.  Data obtained from Tax Law Specialist includes:  login, password, name, employee number and hours worked on cases.
D.  No.
E.  No.
F.  No.

3. Is each data item required for the business purpose of the system?  Explain.

Yes.  All data items are used by management to support case inventory control, inventory monitoring (ie: by group and specialist), and processing user fees, as well as reporting functions.  Regarding “user Fees” - This is a fee required by Congress that must accompany a ruling request.  This is a one time fee that is paid by the applicant to have their request processed.  The fee does not guarantee a favorable ruling. 

The fee is non-refundable in the event the application does not meet the requirements as described in the Internal Revenue Code.  A report is generated from HQEP which automatically split the fund into two accounts IRS account and General Treasury Fund Account. 

4. How will each data item be verified for accuracy, timeliness, and completeness?

Timeliness:  A manual check is made by a senior tax law specialist when cases are screened for assignment, as to the data items, by checking the paper submission and the date stamped on the submission by the user fee clerk. 
 
Accuracy:  A manual check is made by a senior tax law specialist when cases are screened for assignment as to the accuracy of the data items by checking the taxpayer's paper submission. 

Completeness:  The HQEP system verifies an address through an automated completion check. 

5. Is there another source for the data?  Explain how that source is or is not used.

No.  The data is received from physical documents received from plan submitter.

6. Generally, how will data be retrieved by the user? 

Data will be retrieved by users through the IRS LAN via intranet access only.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  Data can be retrieved by any field within the database; specifically, EIN, plan name, and case number.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

User groups define the appropriate level of system access based on job duties.  Groups are maintained for the following roles:

* TE/GE staff
* Developers 
* System Administrators
* DBA 
* Users can only view cases assigned to their group (e.g., Examiners) specifically on a “need to know” basis in support of their job duties.
* User fee specialists 

9. How is access to the data by a user determined and by whom? 

Data access is granted on a “need to know” basis.  The OL5081 (Online 5081) is used to document access requests, modifications, and terminations for all types of users, including System Administrators.  When a new user needs access to IRS systems or applications, the user’s manager or designated official, completes an OL5081 requesting access for the new user.  OL5081 is an online form, which includes information, such as the name of the system or application, type of access, and the manager’s signature approving authorization of access.  The completed OL5081 is submitted to the System Administrator, who assigns a user ID and an initial password. 

Before access is granted, the user is required to digitally sign OL5081 acknowledging his/her security responsibilities when using the system.  Users are prevented from exceeding their assigned access privileges.  Before users can have access to HQEP they must also have their profile entered into the Control Table.  This table determines which “menu” they are allowed access to.  Menu system limits access to certain screens.  Further Informix permissions must be set if they are allowed to add new records, update current ones or be able to delete any records.  These permissions are set by creating GRANT scripts and are implemented by a Database Administrator.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes.  HQEP does share Voluntary Compliance and waiver data with Return Inventory Classification System (RICS) on a daily basis:  RICS provides users access to return and filer information related to the filing and processing of Employee Plan (EP), Exempt Organization (EO), and Government Entity (GE) forms.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

RICS: 
* C&A – Certification current. 
* PIA –  expired on 9/29/05

12.  Will other agencies provide, receive, or share data in any form with this system?

No.  HQEP does not receive or send information to any systems outside of the IRS.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

Application specific data retention and elimination procedures are not codified.  Records persist in database tables as “closed” cases, but are not eliminated.  Some data will be archived to another table within HQEP when a new law requires all plans to come in for approval (otherwise, records stay indefinitely.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. 

No.  HQEP does not use technology in a new way.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

No.  Entities are identified by EIN.  A user may also retrieve the organization name and organization address, but this information is only used for the business purpose of the system (ie: to support case inventory control, inventory monitoring (ie: by group and specialist), specialist time management, and processing user fees, as well as reporting functions.).

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

Yes.  HQEP’s monitoring functions extend to case inventory information only. 

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  Taxpayers and employees/specialists are not treated differently by the use or reports generated from HQEP. 

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Taxpayers are provided the specialist’s contact information to discuss negative determinations or to update incorrect case information. 

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

No.  HQEP does not use persistent cookies or other tracking devices to identify web visitors.
 


Page Last Reviewed or Updated: April 26, 2006