Privacy Impact Assessment – Employee Plan and Exempt Organizations Returns Inventory Control System (ERICS)
PIA Approval Date: 03/28/08
Requested Operational Date: ERICS has been operational since October 1997
ERICS System Overview
ERICS is an inventory control system that houses the databases containing the examination inventory of three business units within TE/GE including Employee Plans (EP), Exempt Organization (EO), and Government Entities (GE). Specifically, the ERICS application houses the database tables for two sub-applications used by TE/GE employees. These applications consist of the Employee Plans Inventory Control System (EPIC) and the Exempt Organizations Inventory Control System (EOIC). EPIC is an inventory control system containing employee plans examination cases and EOIC is an inventory control system containing exempt organizations examination cases. Return data from the Returns Inventory and Classification System (RICS) is uploaded when cases are opened for exam. Inventory that was not selected from RICS is added manually. ERICS provides automated Forms 895 for statute control determining which returns require forms to be issued, offers screens for queries, updating or adding case inventory information. ERICS allows for on-line, real time reports of group inventory. It provides a statistically valid sample selection of returns closed for quality review.
System of Records Number(s):
Treasury/IRS 50.222--Tax Exempt/Government Entities (TE/GE) Case Management Records
Treasury/IRS 34.037—IRS Audit Trail & Security Records System
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer - For each case that is controlled in the system, taxpayer data fields include:
B. Employee - For each agent assigned to a group on the system, the Employee information includes:
C. Audit Trail - Employee login is made using a unique login and password, through Infoconnect session. This contains employee SEID.
D. Other- None.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS- ERICS uploads return data from the RICS system. RICS System provides the following taxpayer data elements:
B. Taxpayer- All taxpayer data elements including Name, TIN, MFT code, plan number, tax period, status code, and zip code are obtained from the RICS system.
C. Employee- All of the employee information comes from the IRS Discovery Directory. If the data is not found on the Discovery Directory, then the employee or their manager are contacted directly via phone. The employee data elements include:
D. Other Federal Agencies – No data elements are obtained from other Federal Agencies.
E. State and Local Agencies – No data elements are obtained from State and Local Agencies.
F. Other third party sources – No data elements are obtained from Other Third Party Sources.
3. Is each data item required for the business purpose of the system? Explain.
Yes. The Taxpayer and Employee data fields are used to track exam case inventories in real time by group and agent. Taxpayer data fields provide tools for tracking cases within the group by age, return types, plan numbers, and geographical location. User screens are provided that can generate listings of cases by agent by age and/or project code, transmittal forms when physically transferring cases to another IRS office, entries to close cases or open new cases on the system. Employee data fields can further divide the case tracking above by agent name and/or grade and the agent’s Post-of-Duty (POD), thus allowing more detailed inventory tracking reports. The data items are necessary for managing TEGE’s examination inventory.
4. How will each data item be verified for accuracy, timeliness, and completeness?
The data which enters the ERICS application from RICS has been validated during data entry into the Master File (data in RICS is an extract of data in the Master File).
The data in ERICS database which comes from direct manual entry into the application is validated by program logic in the ERICS application.
Additionally, data in ERICS database is periodically verified by Inventory Validation Listing (IVL). This is done by the group manager.
5. Is there another source for the data? Explain how that source is or is not used.
No. There is not another source for the data.
6. Generally, how will data be retrieved by the user?
The following are some of the management reports that this system will provide – aging report, inventory validation, statute log, Form 3210, and agent listing. The Form 3210 will be produced by the system to move the closed/transferred inventory out of the group. Screens within ERICS can be used to query and run reports. Users logging into the system will be taken directly to a menu displaying either input/querying screens for entering, changing inventory data, extracting specific case data or generating 3210 case transmittal forms; or report screens that consist of set summary reports. In the input screens, the user enters data into one or more of the Taxpayer fields in order to pull up a particular case record. The user then can enter or change data within that record. In the various report screens, the user is prompted to enter certain criteria (such as for example, month/year, group/area, etc.) to produce the desired inventory summary report, then is directed to a screen that executes the production of the report.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes. The System has the ability to query work by most any data element. For example, case work can be queried by TIN, or reports can be generated by employee using the unique ID within their group.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
| Role |
Permissions
|
| Users |
ERICS users are TE/GE employees from various EP, EO or GO entities who enter Returns Information in the application - Classification specialist, analyst, and clerical staff. Users have read/write access to the data. |
| Developers |
The ERICS Developers are responsible for the development and support of the ERICS application. Developers have access to the data. |
| Application Administrators |
Application administrators are end user support staff. They are part of TOPS business unit within TEGE (TEGE operation program support)). They act as the first layer of troubleshooting support. ITAMS trouble tickets usually are routed to Application administrators first. Application administrators have read access to the data. |
| Application Support |
Application Support Staff are MITS EOPs employees who have administrative rights within the application. The support staff’s job includes assisting end users, monitoring how the system is used, determining each user’s permissions, setting up new users, and maintaining local files. The Application Support Staff serves as a liaison between end-users and MITS. Application Support staff has read access to the data. |
| Other |
Upon request, information has been provided to TIGTA. |
9. How is access to the data by a user determined and by whom?
To get access to the ERICS system user has to complete Online 5081. The individual’s manager would be required to approve the 5081 request. Once the OL5081 is processed, the administrator creates a user id and password allowing the user to access the system. The amount of access each user has depends upon permissions and roles established in the OL5081 request. Depending on the user and the role assigned to the user, the menu provides different system capabilities. A user’s access to the data terminates when it is no longer required. Criteria, procedures, controls, and responsibilities regarding access are documented in the Information Systems Security Rules on Form 5081.
No contractors currently have access to the ERICS application.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
ERICS uploads return data from the RICS system.
Cases are selected for TEQMS from ERICS system.
When a group is transitioned from ERICS to TREES, on a one time basis only TREES receives all the information from this system, including all data fields previously uploaded from RICS, and any/all data fields entered through user input. This includes all data elements mentioned in Question 1 above.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
| System |
C&A |
PIA |
| RICS |
ATO (May 15 2006) |
May 1, 2006 |
| TREES |
ATO (May 25 2007) |
Feb 06, 2006 |
| TEQMS |
|
April 12, 2006 |
12. Will other agencies provide, receive, or share data in any form with this system?
Upon request, ERICS has shared data with TIGTA.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
ERICS keeps “closed” records in the active tables for three years. On or around October 1st each year, a script is run that moves any records that meet that criterion to an archived table. This archived table is never archived. So the data never leaves the ERICS database, it is just offline and unavailable for the ERICS users. No IRM was used to determine the three years period. This decision was made by the BU.
The database administrators check the system daily for new TEGE uses passwords added to the SUN server password file. The same process also lets the administrators know of the users that have been removed. Three years after an agent leaves the group, his/her account is archived. Agent records cannot be archived after 3 years. Agent records can only be deleted after there are no cases with their agent number on them. Once this is true the agent record is deleted not archived. This may or may not happen three years after an agent has left the group or service.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15.
No. ERICS will not use technology in a new way.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
Yes. Data is used to locate the individual to contact the taxpayer to audit a return. Auditing a return is a normal business process and the purpose of the ERICS application.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
Yes. However, ERICS doesn’t provide any functionality to use the data to monitor the individual or group by a certain criteria. Data access privileges granted to users also restricts the ability to target profile or otherwise monitor an individual/group.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain.
No. Use of they system cannot allow IRS to treat taxpayers, employees or others differently.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Not applicable. ERICS does not make any kind of negative determinations.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
ERICS is not web-based.
| 
