Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Interim Revenue Accounting Control System

 

Privacy Impact Assessment - Interim Revenue Accounting Control System (IRACS)

I.  Data in the System

1. Generally describe the information to be used in the system in each of the following categories:

* Taxpayer:  No individual taxpayer data is contained in this system. All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.  All data files are stripped of taxpayer data.

* Employee:  Every IRACS user has a unique USERID that will allow them access to the system as long as it is paired with the correct password.  This information is stored in an encrypted access control file on the IRACS system.  It is used for auditing purposes when a user has logged on or off of the system (time and date) and to track journal entries that a specific user made.  This is the only employee information on the system.

* Other:   IRACS is an IRS Accounting Branch’s system that is used for tracking and reporting tax revenue information.  The purpose of the Accounting Branch is to control, record, and report financial transactions representing revenue collected and refunded by the federal government on a daily basis.  The accounting operation maintains general ledgers and subsidiary accounts that reflect the IRS’s accountability for Master File and Non-Master File tax revenue assessed and, subsequently, collected by both district offices and Service Centers.  In addition, the accounting function maintains records of assessments, collections, accounts receivable, refunds, over-assessments, and other elements of revenue accounting affecting this accountability.  This information, however, has no connection with any individual or group.  The data that resides on the IRACS system is financial and indicates monetary amounts.  The IRACS system keeps track of the amount of money and not the individual or group from where it came.  One transaction on the IRACS system would contain a transaction number and an amount.  The amount could consist of one sum from an individual or group or a sum from one hundred individuals or groups.  There is no way to track an amount to a specific individual or group.

2. What are the sources of the information in the system?
Most of the information comes in on paper (deposit tickets, debit vouchers, reports).  Some information is from other IRS programming projects and some from the Department of Treasury, Financial Management Service.

a. What IRS files and databases are used?
No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.  However, information retrieved from the following files and databases below are stripped of personal identifiers and sent in aggregate form to IRACS.

* Subsidiary Accounting Files – Treasury/IRS
* Unidentified Remittance File –Treasury/IRS
* Automated Non-Master File (ANMF) –Treasury/IRS
* Individual Master File (IMF), Taxpayer Services – Treasury/IRS
* Business Master File (BMF), Taxpayer Services –Treasury/IRS
* Debtor Master File (DMF) – Treasury/IRS
* Acquired Property records –Treasury/IRS
* Offer in Compromise (OIC) File – Treasury/IRS
* Record 21, Record of Seizure and Sale of Real Property – Treasury/IRS
* Dishonored Checks (DCF)
* Direct Deposit Installment Agreement (DDIA)
* Electronic Federal Tax Payment System (EFTPS)
* Federal Agency Tax Payment System (FEDTAX)
* Federal Tax Deposits (FTD)
* Financial Management Service Cashlink (CASHLINK)
* General Mainline Framework (GMF)
* Government On-Line Accounting Links System (GOALS)
* Generalized Unpostable Framework (GUF)
* Integrated Data Retrieval System (IDRS)
* Lockbox Deposit/Department of Justice Lockbox (LOCKBOX)
* Remittance Processing System (RPS/ISRP)
* Service Center Control File (SCCF)
* Service Center Recognition Image Processing System (SCRIPS)
* State Income Tax Levy Offset Program (SITLIP)
* Excess Collections (XSF)

b. What Federal Agencies are providing data for use in the system?
The Financial Management Service (FMS) for summary level balancing and reconciliation purposes for refund schedules – schedule numbers and amounts through FMS’ Government On Line Accounting Link System (GOALS) and deposit ticket – number, Agency Location Code and dollar amount through financial Management Service’s CA$HLINK System.  There is no individual taxpayer data contained in or received from this Federal agency.  There is no other data received by IRACS from any other Federal agency.

c. What State and Local Agencies are providing data for use in the system?
Data that is transferred to IRACS is data that is transferred in summary format from the databases referenced above (2.a.).  IRACS does not receive any State or local agency data.

d. From what other third party sources will data be collected?
None.  No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.

e. What information will be collected from the taxpayer/employee?
No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.

Information from employees for assigning USERID for access to IRACS will be provided when the employee fills out the Form 5081 “Automated Information System (AIS) User Registration/Change Request”.  The Program Office or Functional Security Coordinator will hold this form in a secure location.  The only information on the system will be the USERID.

3. a.   How will data collected from sources other than IRS records and the taxpayer be verified for accuracy?
Each external data file from other IRS databases input to IRACS contains control records at the end that are used to verify record counts and total amounts.  IRACS Accounting functions in all production sites perform balancing/reconciling routines to ensure that all data posted to the IRACS database is accurate.

b. How will data be checked for completeness?
See 3. a.

c. Is the data current? How do you know?
Various methods incorporated into the IRACS software as well as manual general ledger balancing routines are used to confirm that all data received from other IRS databases is current; creation date, cycle, etc. which is received or disbursed during the current accounting month.  Duplicate checks of data received from other IRS databases are also performed to keep data from posting twice.

4. Are the data elements described in detail and documented?  If yes, what is the name of the document?
See IRACS Computer Program Book (CPB) for format of input and output files.  The database is documented in the IRACS Model which is in the IRS COOL:GEN Central Encyclopedia.

II.  Access to the Data

1. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Other)?
Access to the database in the XXXXX XXXXXX XXXX XXX is controlled by Resource Access Control Facility (RACF).  The Accounting Branch personnel assigned to IRACS can only research the data for their Service Center (SC).  SAs do not have database access.  Developers do not have database access to production unless special 12 hour access is granted by DCC security at the request of the Chief, Revenue Accounting Systems Section IS:S:CP:I:XQ.  DCC has procedures.

2. How is access to the data by a user determined?  Are criteria, procedures, controls, and responsibilities regarding access documented?
There are two user groups for the end users.  There is one for normal access to post data and to research and one for the IRACS DataBase Administrator (DBA) to allow special permissions.  The IRACS System Administrator Guide has the criteria, procedures, etc. for access.  Each user is required to fill out a Form 5081 in order to be given access to the IRACS system.

3. Will users have access to all data on the system or will the user’s access be restricted?  Explain.
End users are restricted to only the data assigned to their Service Center.  This is controlled by RACF at the DCC.

4. What controls are in place to prevent the misuse (e.g. browsing) of data by those having access?
The IRACS security features include unique USERIDs and passwords for all 3 tiers of the IRACS configuration.  Profiles are established for level of access depending on individual job assignment and functional responsibility.  End users can only see the data assigned to their Service Center.  Audit trails are in place for the mainframe and fileserver, and capture the following data:  USERID, password, date, time of access, time of logoff, what was accessed.

5. a. Do other systems share data or have access to data in this system?  If yes, explain.
There are no other systems that have access to the IRACS system or that share the data within the IRACS system.

b. Who will be responsible for protecting the privacy rights of the taxpayers and employees affected by the interface?
No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.  The only employee information in the database is the USERID of the individual who posted each transaction.

6. a. Will other agencies share data or have access to data in this system (International, Federal, State, Local, Other)?
Data is not shared.

b. How will the data be used by the agency?
Data is not shared.

c. Who is responsible for assuring proper use of the data?
Data is not shared.

d. How will the system ensure that agencies only get the information they are entitled to under IRC 6103?
Data is not shared.

III.  Attributes of the Data

1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?
The Interim Revenue Accounting Control System (IRACS) houses the lawful, complete and only means the Internal Revenue Service has for controlling, recording and reporting all financial activities of the Service’s tax processing systems.  This financial activity contains summary data of all transactions related to collections, assessment, disbursements, accounts receivable and work in process.

2. a. Will the system derive new data or create previously unavailable data about an individual through aggregation from the information collected?

No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.

b. Will the new data be placed in the individual’s record (taxpayer or employee)?There is no individual information within the system except employee USERIDs.

c. Can the system make determinations about taxpayers or employees that would not be possible without the new data?
There is no individual information within the system except employee USERIDs.

d. How will the new data be verified for relevance and accuracy?
There is no individual information within the system except employee USERIDs.

3. a. If data is being consolidated, what controls are in place to protect the data from unauthorized access or use?
Data is not consolidated.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  No further consolidation of data is made in IRACS.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.

b. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access?  Explain.
Data is not consolidated.  See 3.a. above.

4. How will the data be retrieved?  Can it be retrieved by personal identifier?  If yes, explain.
Data can be retrieved by journal number and/or by accounting transaction types (i.e., Deposit, Disbursement, Refund, etc.)  Data cannot be retrieved by personal identifiers because there are no personal identifiers.

What are the potential effects on the due process rights of taxpayers and employees of:

a. consolidation and linkage of files and systems;
There is no consolidation and linkage of files and systems.

b. derivation of data;
There is no derivation of data.

c. accelerated information processing and decision making;
There is no accelerated information processing and decision making.

d. use of new technologies;
No new technologies have been used within this system.

How are the effects to be mitigated?  Not Applicable.

IV.  Maintenance of Administrative Controls

1. a. Explain how the system and its use will ensure equitable treatment of taxpayers and employees.
No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.  The only employee information is the USERID, which is only used to track the origin of the accounting transaction.

b. If the system is operated in more than one site, how will consistent use of the system and data be maintained in all sites?

XXXXXXXXXXXX XXXXXXX XXXXXXX).  The Service Centers input data to the database XXXXXX.  They all have to use the system the same way per the system configuration.

c. Explain any possibility of disparate treatment of individuals or groups.

No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.  The only employee information is the USERID.  There is no possibility of disparate treatment of individuals or groups.

2. a. What are the retention periods of data in this system?

Accounting transactions are kept for 5 years after the transaction is considered closed.

b. What are the procedures for eliminating the data at the end of the retention period?  Where are the procedures documented?

The data will be removed from the system.  A Request for Information Services (RIS) has been submitted to accomplish this by June 2001.

c. While the data is retained in the system, what are the requirements for determining if the data is still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

While the data is considered “active”, it falls into all the balancing controls built into the IRACS system.  Once it is considered “closed”, it cannot be modified and is only used for research.

3. a. Is the system using technologies in ways that the IRS has not previously employed (e.g., Caller-ID)?  No.

b. How does the use of this technology affect taxpayer/employee privacy?
Not Applicable.

4. a. Will this system provide the capability to identify, locate, and monitor individuals?  If yes, explain.

No individual taxpayer data is contained in this system.  All data files are received in aggregate form (summary data) from other IRS databases and are classified by tax class activity.  All summary data received by IRACS are prepared by other than IRACS system managers and are transferred to IRACS.

b. Will this system provide the capability to identify, locate, and monitor groups of people?  If yes, explain.

No, it can only be used to identify the USERID of the individual that input each accounting transaction.

c. What controls will be used to prevent unauthorized monitoring?

The IRACS security features include unique USERIDs and passwords for all 3 tiers of the IRACS configuration.  Profiles are established for level of access depending on individual job assignment and functional responsibility.  End users con only see the data assigned to their Service Center.  Audit trails are in place for the mainframe and fileserver, and capture the following data:  USERID, password, date, time of access, time of logoff, what was accessed.

5. a. Under which Systems of Record notice (SOR) does the system operate?  Provide number and name.

IRACS is not a Privacy Act System of Record and does not contain information that can be retrieved by personal identifier, other than audit trail.

b. If the system is being modified, will the SOR require amendment or revision? Explain.
See 5.a. above.
 


Page Last Reviewed or Updated: April 27, 2006