Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Automated Trust Fund Recovery (ATFR)

 

Privacy Impact Assessment - Automated Trust Fund Recovery (ATFR) Application

Release: ATFR-AO 2006008 and ATFR-CC 2006002

Version: ATFR-AO 1.0 and ATFR-CC 3.1.01

ATFR System Overview

The Automated Trust Fund Recovery (ATFR) program is a National Standard Application (NSA) that was created to standardize several versions of the application.  ATFR computes trust fund amounts to aid collections in making assessments on taxpayers who are officers in companies owing Trust Fund taxes. If a business has failed to collect or pay these taxes (e.g., Federal Insurance Contribution Act (FICA) and Withholding) or has failed to pay collected excise taxes, the unpaid liability is assessed by ATFR against the responsible person(s).

The application design divides the application into two programs - the Area Office (AO) and the Compliance Center (CC).

The AO component performs a process known as a proposal for assessment. The ATFR database receives case information weekly from two IRS systems, Integrated Collection System (ICS) and Integrated Data Retrieval System (IDRS). This case information identifies company records with a status of un-filed tax returns, or tax returns filed with a balance due. Specifically, ICS identifies the corporate Tax Identification Numbers (TINs) for all flagged cases and IDRS provides entity and module information for each case.  The AO component will use an internal process to calculate the amount of funds due including any associated Trust Fund Recovery Penalties (TFRP).

The CC component performs the actual assessment of paid funds and cross-referencing of payments. A preliminary automatic assessment is performed by CC to ensure that all received funds correspond with the proposed assessment (calculated by the AO component). If the case matches the assessment exactly (i.e. a case is completely paid within 60 days and there is no outstanding balance), a CC user does not need to review the case. If there is a discrepancy, the case is flagged and is required to be reviewed manually by a CC user (i.e. bankruptcy cases or user based errors such as IDRS is unavailable). The CC component will cross-reference any activities performed on an account (i.e. bounced check, partial payment, etc.). This function is necessary when a single payment is associated with several entities. The CC component will cross-reference the amount of the payment with each responsible entity to determine the appropriate credit to each entity, and transmit this data back to IDRS to update the IDRS records.

Automated Trust Fund Recovery Application issues identified in the previous Privacy Memo: There were no privacy issues identified in the previous Privacy Memo.

Automated Trust Fund Recovery Application new functionality for Release.

ATFR is currently in production and does not have new functionalities set for release. :

Data in the System
  1. Generally describe the information to be used in the system in each of the following categories: Taxpayer, Employee, and Other.

    The application design divides the application into two programs - the Area Office (AO) and the Compliance Center (CC).

    Taxpayer: The ATFR application contains the following taxpayer information:

    AO Program/CCProgram

    • Company records with a status of un-filed tax returns
    • Tax returns filed with a balance due
    • Outstanding payment amount
    • Corporate TINs (i.e., EIN, Social Security Number (SSN)) for flagged cases
    • Company name and name(s) of responsible company Officers
    • Module information for each case
    • Address, age and position within their company
    • Taxpayers that are fully or partially responsible to the assessment. (When a company does not respond to the assessments against it, the owners of the compay or other responsible individuals are held personally accountable.)
    • Amounts each taxpayer is responsible for paying or have paid toward the assessment
    • Financial account information
    • Status of unfiled cases

    Employee: During an employee’s term as an ATFR user, ATFR collects the following authenticating information about the employees for the AO program from Desktop Integration (DI).

    AO Program

    • Username
    • RO employee number
    • SEID

    CC Program

    • SEID
    • Password

    Other: None


  2. What are the sources of the information in the system?

    ATFR stores and processes a subset of taxpayer information that is obtained from ICS, IDRS and transcript files from MF.

    ICS – The ATFR database receives a File Transfer Protocol (FTP) weekly from ICS. This file contains corporate TIN numbers for cases that have been flagged within the ICS system. A chron is set up to retrieve this information. (A chron is a necessary timed process done automatically by some chronological time.)

    IDRS - IDRS provides entity and module information for each case, known as Account Information Summary Download (AISDL). A Monitor Run process runs weekly on the database server and accesses IDRS for updated data. IDRS also accepts updates to IDRS records after payments are cross-referenced by the ATFR-CC component. (Legacy Access Protocol (LAP) Services from DI allows access to IDRS data. Additionally, the server must be registered in DI.)

    MF – MasterFile is a data repository of tax system records, located in Martinsburg. The ATFR database receives a FTP of Transcript files (Business and Individual Master Files).

    1. What IRS files and databases are used?

      ICS, IDRS, and MF.


    2. What Federal Agencies are providing data for use in the system?

      No Federal Agencies are providing data for use in ATFR.


    3. What State and Local Agencies are providing data for use in the system?

      No State or Local Agencies are providing data for use in ATFR.


    4. From what other third party sources will data be collected?

      No third party sources provide data to ATFR.


    5. What information will be collected from the taxpayer/employee?

      Taxpayer: No information is directly collected from the taxpayer; all information used by ATFR is received from ICS, IDRS and MF.

      The AO component will use an internal process to calculate the amount of funds due including any associated Trust Fund Recovery Penalties (TFRP). Once the responsible person(s) is/are identified, a form and letter (2751 and 1153) are sent to the responsible person(s) describing the proposed TFRP assessment. The responsible party may be Not Liable, Liable but Uncollectible (Nonasserted), or Fully/Partially Responsible.

      • If the responsible party is Not Liable, no action is taken. If the responsible party is Liable but Uncollectible, the RO will complete a Nonassertion Recommendation of Uncollectible TFRP (9327) and a Recommendation for TFRP Assessment (4183) and submit to Manager for approval.
      • If the responsible party is Fully/Partially responsible, the responsible party can sign the form (2751) to indicate agreement with the proposed assessment, waiving the 60-day appeals period. If the responsible party signs the form (2751), the RO will complete a Request for TFRP Assessment (2749) and transmit to the ATFR-CC component immediately or when received within 60 days, and send a letter (1155) to the responsible party acknowledging that the case will proceed to assessment. A Control Point Monitoring (CPM) user quality control process is performed prior to submission of a proposed assessment to the CC component.
      • If the responsible party protests the assessment, they write a letter and send it to the RO. The RO will send the protested proposal to Appeals and further decisions will be made by Appeals, and the RO will send a letter (1154) to the responsible party informing them that a protest was received and is being sent to Appeals for consideration.

    Employee: The data elements collected from the employee for authenticating purposes are: AO Program authentication is handled by DI.

    AO Program
    • Username
    • RO employee number
    • SEID

    CC Program

    • SEID
    • Password

    1. How will the data collected from sources other than IRS records and the taxpayers be verified for accuracy?

      This question is non-applicable because ATFR does not collect data from other sources other than IRS databases.


    2. How will data be checked for completeness?

      Checks for accuracy, completeness, and validity of information are accomplished by the application and guided by the business requirements. There are many screens on which these system accuracy, completeness, and validity checks are being performed.

      Information input consists of pre-defined drop-down lists and user required input. The pre-defined drop-down lists are implemented for all fields that lend themselves to prepared data. For manual input, the data is checked for valid syntax (e.g., character set, length, numerical range, acceptable values) and will be validated to ensure that inputs match specified definitions for format and content.

    3. Is the data current? How do you know?

      Yes. Information is uploaded to IDRS as needed and ATFR receives information from IDRS.

  4. Are the data elements described in detail and documented? If yes, what is the name of the document?

    The data elements are described in detail in the Trust Fund Recovery (TFR).
Access to the Data

  1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

    The ATFR user interface is physically separated from the ATFR database server. The application (ATFR-AO and ATFR-CC) and the database reside on separate servers. In addition, ATFR application users do not have direct access to the data in the ATFR database.

    Currently, there are approximately 5,000 ATFR-AO users and 50 ATFR-CC users. All ATFR users are internal IRS employees.

    The ATFR-AO component has the following users:

    • Revenue Officer (RO) - An RO has full access at the Area Office level on ATFR. An RO can work on the case assigned to him/her on ATFR and then submit the case for manager approval. The RO does not have access at any other level. An RO can view another RO’s case; however, the RO cannot make changes to a case that is not assigned to him/her. An audit trail is activated when an RO views another RO’s case.
    • Group Manager - At the Area Office level, a Group Manager can view only the RO's screen and has functional manager approval for 9327, 4183, and determinations. At the Manager level, a Group Manager receives the full working manager inventory screen. At the Address level, a Group Manager receives the full working address screen. At the User Profile level, a Group Manager receives the full working user profile screen. At the Inventory Control (CTRL) level, a Group Manager has limited access. At the Addcase level, a Group Manager has full access, where the program downloads data from IDRS and establishes a case on ATFR.
    • Acting Manager - At the Area Office level, an Acting Manager can get the RO screen, if a case is owned by the acting RO. If the case is not owned by the acting RO, the manager gets a view-only screen. The Acting Manager also receives Manager Approvals if a case would have gone to the manager for whom he/she is acting. At the Manager level, an Acting Manager receives the full working manager inventory screen. At the Address level, an Acting Manager receives the full working address screen. At the User Profile level, an Acting Manager receives the full working user profile screen. At the Inventory CTRL level, an Acting Manager has limited access. At the Addcase level, an Acting Manager has full access, where the program downloads data from IDRS and establishes a case on ATFR.
    • Revenue Officer (RO) Aide - At the Area Office level, and RO Aide has full access on ATFR. An RO Aide can work on the case assigned to him/her on ATFR and then submit the case for manager approval. At the Addcase level, an RO Aide has full access, where the program downloads data from IDRS and establishes a case on ATFR.
    • Secretary - At the Area Office, a Secretary can only view a case. At the Addcase level, a Secretary has full access, where the program downloads data from IDRS and establishes a case on ATFR.
    • National Office(NO)/Region - The NO/Region can only view a case, manager inventory screen, address screen, user profile screen, and inventory control screen.
    • Collection Automation Coordinator (CAC) - The CAC can only view a case, the manager inventory screen, and the inventory control screen. The CAC receives a full working address screen and user profile screen.
    • Control Point Monitoring (CPM) - At the Area Office, the CPM receives the inventory of cases for his/her district where Form 2749 is generated. The CPM reviews the cases and then forwards the cases on to the SPC/CSC for assessment. The CPM can only view the manager inventory screen, address screen, user profile screen, and inventory control screen.

    The ATFR-CC component has the following users:

    • Tax Examiner (TE) – The TE assesses the cases, which are not automatically assessed. The TE can research/process/reject a case, add/delete a transaction, update assessment type, and view reports. The TE has access to the Employee Inventory and Employee Activity reports.
    • Manager – The Manager is responsible for managing the employees within the unit they are assigned. The Manager can research/assign a case, create/delete a user, update a user profile, set user permissions, and view reports. The Manager has access to the Assessment Statute Expiration Date (ASED), Transferred Employee, Manual Assessment, and Unassigned Inventory reports. (The Manager can also designate and revoke an Acting Manager to temporarily inherit the responsibilities of that Manager.)
    • System Manager – The System Manager is responsible for assigning the managers to a unit in the Ogden Service Center. The System Manager has access to every unit within that service center. The System Manager can assign/research/ process/reject a case, add/delete a transaction, establish/delete an organization, create/assign/delete a manager, update a user profile, and view reports. The System Manager has access to the ASED report and Transferred Employee reports.

      Others:
    • Developers/Contractors- do not have access to production system.
    • Database Administrator (DBA) - DAs perform maintenance, backup and updates on the data in the database.
    • System Administrators (SAs) - SAs do not have access to the production system.


  2. How is access to the data by a user determined?

    Access to ATFR is authorized through the OL5081 process. Access to ATFR-AO is granted through creating a user profile for DI, IDRS, and ATFR. Therefore, access to ATFR-AO requires the user to file two OL5081s. Access to ATFR-CC is granted through creating a user profile for ATFR and requires the user to file one OL5081.

    At the application level, ATFR enforces assigned authorizations through role based access. The user roles within the ATFR-AO and ATFR-CC components are created based on a managed hierarchy. This allows for each user role to be monitored by a more supervisory role.

    The use of “superuser” privileges is limited to System Administrators and Database Administrators and all actions are audited. A “superuser” account has “root” access to the operating system, affording access to all system administration and security functions.

    1. Are criteria, procedures, controls, and responsibilities regarding access documented?

      • Users are forbidden to access, research, or change any account, file, record, or application that is not required to perform official duties.
      • Users are restricted to accessing, researching or changing only accounts, files, records or applications required to perform their official duties.
      • Users are restricted from accessing their individual/spouse account, accounts of relatives, friends, neighbors, or any account in which the user has a personal or financial interest. Users are restricted from accessing the accounts of a famous or public person unless given authorization.
      • If asked to access an account or other sensitive or private information, users are required to verify that the request is authorized and valid. Users will be held accountable if they access an unauthorized account.
      • Users are required to protect passwords from disclosure and to refuse acceptance of passwords that are not delivered in a sealed envelope. Users are required to log/sign off anytime they leave the computer or terminal.
      • Users are required to retrieve all hard copy printouts in a timely manner, ensure magnetic media is secured based on the sensitivity of the information contained, and practice proper labeling procedures. Users are instructed not to disclose or discuss any IRS-related information with unauthorized individuals.
      • Users are instructed to protect IRS employee internal work telephone numbers from disclosure.
      • All vendors are to be escorted and monitored.


  3. Will users have access to all data on the system or will the user's access be restricted? Explain.

    Access to ATFR is role-based access and controlled through the application. All access to the system is given to users on at least privilege basis.

  4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?

    The ATFR application allows the manager to profile employee’s system activities by their job function within ATFR. ATFR user activates are logged in both the ATFR-AO and ATFR-CC components. The ATFR-AO History Table logs the Date Added (date), Login ID (user id), and History Text (description of the activity). The ATFR-CC History Table logs the Corporate TIN, Creation Date (date case was created), Date, Time, User Code (user id), Status Code (significant event that occurred), Description (description of event), and Transcript Date. These logs are reviewed by the corresponding Managers for approval, as necessary.

    1. Do other systems share data or have access to data in this system? If yes, explain.

      ICS, IDRS, and MF provide data to ATFR. No other systems have access to data in ATFR. The ATFR application interacts with IDRS, and only receives data from ICS and MF.


    2. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?

      The Commissioner, SB/SE Collection, and Risk Based Collection are responsible for the access of ATFR data using the IDRS application and protecting the privacy rights of the taxpayers and IRS employees who have access to the system.

    1. Will other agencies share data or have access to data in this system (International, Federal, State, Local, & Other)?

      No. There are no International, Federal, State, or Local agencies that will share data or have access to data in ATFR.

    2. How will the data be used by the agency?
      N/A
    3. Who is responsible for assuring proper use of the data?
      N/A
    4. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?
      N/A

Attributes of the Data

  1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

    ATFR is designed to manage unpaid trust fund taxes from companies and officers. The use of the data in the system is both relevant and necessary to collect outstanding taxes owed by companies or their officers. When taxes are not collected from the company, ATFR then identifies which individual in the company is liable for the unpaid assessment.

    1. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

      Taxpayer: Yes. ATFR creates new data when it extracts the following information from IDRS and populates the database.

      • Individual responsible for paying trust fund taxes
      • Individual’s personal information (i.e., TIN, company name, taxpayer name, address, phone number.)
      • How much money the debtor has paid
      • How much money is still owed

      Employee: N/A


    2. Will the new data be placed in the individual’s record (taxpayer or employee)?

      Taxpayer: Yes. The new data of the taxpayer will be placed in the taxpayer’s record within IDRS.

      Employee: N/A

    3. Can the system make determinations about taxpayers or employees that would not be possible without the new data?

      Taxpayer: No. ATFR does not make determinations. The system is only an automation of a manual process. In the automated environment, without the new data, ATFR would not be able to determine if the total assessment has been paid and therefore, resolved the case.

      Employee: No.

    4. How will the data be verified for relevance and accuracy?

      The new data will be verified for relevancy and accuracy based upon information retrieved from ICS, IDRS and MF. The validity checks that are completed for data input in IDRS are processed in the MF. ATFR is dependent on MF and IDRS data for accuracy.

    1. If the data is being consolidated, what controls are in place to protect the data and prevent unauthorized access? Explain.

      The information is received from ICS, IDRS, and MF. To ensure that only ATFR users can view or modify data in the system, the consolidated data is protected from unauthorized access through UserIDs, passwords and audit trails.

    2. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

      No. Only data in the system is consolidated, not processes.

  4. How will the data be retrieved? Can it be retrieved by personal identifier? If yes, explain.

    Yes. Data is retrieved by TIN (i.e., EIN, SSN) or RO employee number.

  5. What are the potential effects on the due process rights of taxpayers and employees of:

    1. Consolidation and linkage of files and systems;

      Taxpayer: There are no potential effects on the due process rights of taxpayers. ATFR automates a manual process. IRS adheres to Internal Revenue Manual (IRM) Part 5.

      Employee: There are no potential effects on the due process rights of taxpayers and employees.

    2. Derivation of data;

      Taxpayer: ATFR derives data from the ICS, IDRS and MF. The original source of the data is derived from forms and documents prepared and submitted by the taxpayer.

      Employee: N/A

    3. Accelerated information processing and decision making;

      Taxpayer: Since the data is automated, companies and responsible individuals receive notification of trust funds due in timely manner, as well as IRM Part 5 referencing the following processes: Quicks, Prompts and Jeapordies.

      Employee: N/A

    4. Use of new technologies;

      ATFR does not use technology to change due process in a new way.

How are the effects to be mitigated?

There are no effects to be mitigated.

Maintenance of Administrative Controls

    1. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.

      ATFR does not affect the equitable treatment of taxpayers and employees. The IRS has established the operational guidelines for the handling of taxpayer information. All potential TFRP cases will be downloaded and worked to their conclusion/disposition.

      User access will be authenticated and audited. Role-based security will ensure equitable treatment of taxpayers and employees. A role defines the set of system resources and access permissions to these resources that a user needs in order to do their job. A Security Administrator defines which users have a given role and assign or restrict system resources based on that role.

      Disclosure of returns and return information may be made only as provided by (1) Title 26 United States Code (U.S.C.) section 3406, and (2) Title 26 U.S.C. section 6103.

      All other existing policies, practices, and procedures (e.g., Unauthorized Access (UNAX)) continue to be enforced.

    2. If the system is operated in more than one site, how will consistent use of the system be maintained at all sites?

      The application is in production at the ECC in Memphis, Tennessee.

    3. Explain any possibility of disparate treatment of individuals or groups.

      The AO component will use an internal process to calculate the amount of funds due including any associated TFRP. Once the responsible person(s) is/are identified, a form and letter (2751 and 1153) are sent to the responsible person(s) describing the proposed TFRP assessment. The responsible party may be Not Liable, Liable but Uncollectible (Nonasserted), or Fully/Partially Responsible.

      • If the responsible party is Not Liable, no action is taken. If the responsible party is Liable but Uncollectible, the RO will complete a Nonassertion Recommendation of Uncollectible TFRP (9327) and a Recommendation for TFRP Assessment (4183) and submit to Manager for approval.

      • If the responsible party is Fully/Partially responsible, the responsible party can sign the form (2751) to indicate agreement with the proposed assessment, waiving the 60-day appeals period. If the responsible party signs the form (2751), the RO will complete a Request for TFRP Assessment (2749) and transmit to the ATFR-CC component immediately or when received within 60 days, and send a letter (1155) to the responsible party acknowledging that the case will proceed to assessment. A CPM user quality control process is performed prior to submission of a proposed assessment to the CC component.

      • If the responsible party protests, then the RO will send the protested proposal to Appeals and further decisions will be made by Appeals, and the RO will send a letter (1154) to the responsible party informing them that a protest was received and is being sent to Appeals for consideration.

    1. What are the retention periods of data in this system?

      Audit records are archived and retained for a minimum period of six years in accordance with IRM 10.8.1.

      For systems that store or process taxpayer information, audit trail archival logs are retained for six (6) years, unless otherwise specified by a formal Records Retention Schedule developed in accordance with IRM 1.15.35, Records Management.

    2. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?

      All data is kept online, and there are no plans to eliminate the data. Procedures are documented in the IRM Part 5 Collections, regarding Collections Statute Expiration Date (CSED).

    3. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

      Corporate information is entered into IDRS, the data is refreshed from IDRS and ATFR pulls that information from IDRS.

    1. Is the system using technologies in ways that the IRS has not previously employed (e.g. Caller-ID)?

      No. ATFR is not using technologies in ways that the IRS has not previously employed.

    2. How does the use of this technology affect taxpayer/employee privacy?

      N/A

    1. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.

      Yes. ATFR provides the capability to identify what companies or individuals in the company have not paid their trust fund taxes to the IRS. ATFR employees send out forms and letters notifying the company or individuals of their delinquency in paying their trust fund assessment.

      Cases are tracked to determine if companies and individuals have paid their trust fund taxes and whether there has been an address change.

    2. Will this system provide the capability to identify, locate, and monitor groups of people? If yes, explain.

      Yes. ATFR provides the capability to identify groups of taxpayers who owe trust fund taxes. See answer above for further details.

    3. What controls will be used to prevent unauthorized monitoring?

      Access to the audit trails are restricted on a-need-to-know basis. Access outside an employee’s inventory is logged in the Case History.

    1. Under which Systems of Record Notice (SORN) does the system operate? Provide number and name.

      Treas/IRS 26.013 Trust Fund Recovery Cases
      Treas/IRS 34.037, theIRS Audit Trail and Security Records System.

    2. If the system is being modified, will the SORN require amendment or revision? Explain.

      Yes. ATFR-AO 4th Generation Legacy( 4GL) interface was replaced with a web-based interface.
 


Page Last Reviewed or Updated: November 30, 2007