Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Accounts Management Services

 

Privacy Impact Assessment – Accounts Management Services

AMS System Overview:

Accounts Management Services is a strategic program to deliver improved customer support and functionality by leveraging existing IRS applications and new technologies to bridge the gap between modernization and legacy systems.  During the IRS Modernization, Vision and Strategy process in 2006, the IRS decided on a strategy to use and retain Customer Account Data Engine (CADE) account data by establishing the capability to process on-line transactions.  This strategy includes the merging, modernizing, and retiring of two current Tier B applications: Desktop Integration (DI) and Correspondence Imaging System (CIS).  Additionally, new notice services capabilities were identified to support notice issuance directly from the CADE database to enhance taxpayer services.

The AMS strategic program will:
> provide a common view of data regardless of location (i.e. CPE, CADE),
> provide a “virtual case folder” which will automatically bring together structured and unstructured data in a common user interface,
> provide an enterprise enabled workflow capability across operating divisions, and
> enhance the Service’s notices processing and notice management

The AMS strategic program will also enable CADE to support and manage taxpayer accounts that require resolution of issues, using IRS owned EA compliant technologies, and building Services that reflect a  Service Based Architecture that can be leveraged.

System of Records Number(s):
 
Treasury/IRS 24.030 CADE Individual Master File
Treasury/IRS 24.046 CADE Business Master File
Treasury/IRS 00.001 Correspondence Files
Treasury/IRS 34.037 IRS Audit Trail and Security Records System

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer:
Data elements will come from the IRS Individual Master File (IMF) through Corporate Files On-Line (CFOL), the Integrated Data Retrieval System (IDRS), and the Customer Accounts Data Engine (CADE).  The IMF will provide authoritative data and IDRS will provide pending transactions. Account History data will be built on the current Desktop Integration (DI) History tables.  Unstructured data such as images will be built on the current Correspondence Imaging System (CIS) content management repository.

B. IRS Employee:
> IRS Customer Service Representatives (CSR) will have authority to access accounts in the AMS Systems for account review and processing.  These employees will complete Form 5081, Information System User Registration/Change Request.  Their authorization profile will include their User Identification, role designation and Standard Employee Identifier (SEID).

C. Audit Trail Information:
> A permanent, online audit trail will be maintained on every case access by a user, including user ID, time of access, taxpayer’s TIN, time on the account, and counts of various transactions performed during the account access.
> A permanent, online audit trail will be maintained on every update of table-based parameters and reference tables (including the user table), including user ID, time of activity, type of table updated, and details of the update.
> The audit trails will be reviewed and validated using reports.

E. Other:  None

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS:  All data elements are from IMF or CADE: these elements include:
> Taxpayer Name(s) and Address
> Primary and Secondary TIN and TIN Type
> Type of Tax, e.g. 1040
> Filing Status
> Balance Due Amount(s)
> Social Security number
> Business Operating Division (BOD) indicator
> If there is a delinquent return associated with a balance due account: type of return; tax period; selection code; last period filed; credit balance information

B. Taxpayer: Levy sources, e.g., IRS will not use unverified sources of levy.

C. Employee:  Data elements as provided on the employees’ Form 5081 (described in Question 1.B)  Read only data from the IRS Discovery Directory is also displayed.

D. Other Federal Agencies:  None
E. State and Local Agencies:   None
F. Other Third party Sources:   None

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  The AMS System will receive account data elements from the IRS Authoritative Data Source (ADS) in order to resolve issues.
Customer Service Representatives (CSR) must have the data elements in order to manage taxpayer accounts.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Taxpayer data will be current as of the latest submitted returns and taxpayer correspondence.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

Taxpayer information will generally be retrieved by name, address, or Taxpayer Identification Number (TIN).

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes.  IRS retrieves individual taxpayer accounts by the Social Security Number (SSN) they use to file their federal income tax returns.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Access will be strictly enforced on approved security roles based on job responsibilities and need to know.  Specific roles will be assigned to groups of users who will be granted access based on the roles need to know.

The primary users will be Wage & Investment (W&I) users.  Secondary users are from Small Business/Self-Employed (SB/SE), Taxpayer Advocate, and Appeals.  Access to the data is determined by the manager based on a user’s position and need-to-know.  Each user will have a profile that will define what sets of data and what actions on that data they can access.  If a user does not have permission to the data, the system will not access or display the information.  If a user does not have permission to perform a specific action, that action would not be displayed to the user as an option.  Production System Administrators and Database Administrators, because of their duties, have access to the database.  Developers should not have access to production data.

IRS:  IRS Employees assigned as users, and their front line managers will have access to the AMS System data according to their job requirements (roles and responsibilities).Access will be restricted to only that data needed to perform their assigned duties.  All IRS rules and regulations against browsing and unauthorized access will be reemphasized and monitored.  Procedures will be in place to deter and detect browsing and unauthorized access.

9. How is access to the data by a user determined and by whom? 

Access to data will be based on approved security rules determined by individual roles and responsibilities and will be restricted to a “need to know”.  Users will follow established IRS procedures for access using Form 5081, Information System User Registration/Change Request.

> Employees will only have access to accounts assigned to them and accounts necessary to perform their official duties.  Managers will only have access to accounts assigned to their employees and accounts necessary to perform their official duties.
> Appropriate contractor employees must successfully pass Personnel Screening and Investigation, (PS&I) appropriate to their need and be trained on IRS security and privacy policies and procedures, including the consequences for violations.
> Logons and user profiles will be used to ensure the integrity of the AMS System and the AMS Program.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Yes. The IRS ADS, i.e. Individual Master File (IMF) and the integrated Data Retrieval System (IDRS) will provide the data and update and store transaction records.  Additionally, AMS will provide and/or receive data from Automated Collection System (ACS), Taxpayer Advocate Management Information System (TAMIS), Innocent Spouse (IS),  Automated Trust Fund Recovery (ATFR), Automated Offers In Compromise (AOIC), ELITE (Centralized Inventory Distribution System Replacement), and Correspondence Expert System (CES).  Automated Non Master File (ANMF), Automated Under Reporter (AUR) (data accessed for display).

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Yes. IDRS was certified in July 2004 and IMF was certified on September10, 2003: PIAs are necessary to received certification.  All IRS systems accessed have approved Security Certifications and PIAs.

12.  Will other agencies provide, receive, or share data in any form with this system?

Yes, the Treasury Inspector General for Tax Administration (TIGTA) which provides independence oversight of IRS activities and administration of the internal revenue laws.

There are currently no plans for other agencies to provide or receive or share data with the AMS System.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?

The IRS will own and control the data in the AMS System and will follow the current laws and regulations for record management, retention and disposal as described in IRM 1.15.2.1 through 1.115.2.31 Generally the code identifying taxpayer that threaten or assault IRS employees may only be removed after 5 years.  At the end of the retention period the structured data will be removed from the database via a scheduled maintenance task.  At the end of the retention period the unstructured data, such as images, will be removed from the document management repository via a scheduled maintenance task.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15. 

Yes.  From the Tier 3 desktop computing platform perspective, AMS will be a common operating environment (COE) compliant application using technology available on COE platforms.  From the Tier 2 server level perspective, AMS will utilize new Enterprise Architecture compliant COTS products such as WebMethods’ EAI Broker to serve as a bridge between legacy and modernized systems and processes and to transform and aggregate data between those systems and documents which will provide document management and workflow capabilities.  Both products will be leveraged by other IRS systems currently under development.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

No.  The AMS System will not be used for the purpose of locating individuals or taxpayers.  Employee information maintained does identify the employee’s work group so that managerial duties such as case reviews can be performed by the managers.  Employee information maintained does identify the employee’s location so that reports can be generated by site and systemically generated forms and letters will contain the correct return address.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

The AMS System allows for MIS reporting, security administration, and browsing detection.  The AMS System will assist in monitoring the CSRs and the accounts assigned to them.  At the AMS Program level, analysts will “monitor” for quality control purposes and adherence to IRS requirements.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No.  The purpose of the AMS System is to deliver improved customer support and functionality.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

Due process provisions are part of policy and procedures in the Accounts Management Process.  AMS training will emphasize that all taxpayers are entitled to due process and all CSR will have specific procedures for these situations.

Taxpayer may also seek assistance from the Taxpayer Advocate Service (TAS).

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The AMS System will be Web-based.  The AMS System will not use persistent cookies; it will use a session cookie that only exists for the duration of the session.
 


Page Last Reviewed or Updated: November 28, 2006