Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

AIMS Computer Information System (A-CIS)

 


AIMS Computer Information System (A-CIS)

Purpose of the System:  (Audit Information Management System) AIMS – Computer Information System (A-CIS) provides Management Information Systems (MIS) data and tax return case examination inventory information to IRS employees to analyze examination results and case inventory levels. It utilizes the Closed AIMS, Open AIMS, Non-Examined AIMS and Summary Examination Time Transmission System (SETTS) data files retrieved from Exam Management Information Systems in the National Office. All AIMS data is retrieved from the Audit Information Management System Reference (AIMSR) application and all SETTS data is retrieved from the Examination Returns Control System (ERCS) application. This application handles direct taxpayer information (IRC 6103) concerning returns under examination in campus, field, and office exam. Data is processed and added to Microsoft (MS) SQL Server then distributed in MS Access databases to 600+ users in Large and Mid-Sized Business (LMSB), Small Business/Self-Employed (SB/SE), and Wage and Investment (W&I) (from Analysts, to Territory Managers in LMSB).  Users of the A-CIS application utilize MS Access client applications to connect to either the Access databases or SQL server to provide unlimited Ad Hoc report generation and query capability.

1. Describe the information (data elements and fields) available in the system in the following categories:

Taxpayer
Employee
Audit Trail Information (including employee log-in info)
Other (Describe) Data Elements available on the system include:

Taxpayer:
Taxpayer identification number (TIN)
Name
Claim amount
Tax owed/Tax refunded amount
Amount of tax credit adjustment
Adjustment amount
A two digit code that identifies the tax form number
Zip code
State
Total positive income

Employee:
AIMS Assignee Code (AAC) (A twelve-digit code used for the management structure so that returns and time applied to returns can be applied to the correct location (Business Operating Division, Area Director, Field Operations Director (LMSB), Territory Manager, Group number) for management information reports.) 

Audit: No auditing occurs at the A-CIS system level.  A-CIS defers to the MITS-17 General Support System (GSS) for its auditing functionality which is performed at the infrastructure level.  The MITS-17 audit and monitoring procedure is found in section 5.4 of Appendix AA of the MITS-17 System Security Plan (SSP).  This procedure is documented as follows: 
For the Enterprise Application Support Servers, ISA group 8 is responsible for collecting the audit logs generated by the servers.  The Mission Assurance office ensures the Enterprise Application Support Servers application audit tools create, maintain, and protect a trail of actions produced by users and administrators that trace security-relevant events to an individual, ensuring accountability.  These tools are part of the operating system and log auditing events for telecommunication and other components.  ISA Group 8 auditing captures user workstation and log on/off activities.  It also logs system administrator and security administrator activities.  The audit logs capture critical event information (type of event, source of event, time and date of event, user accountable for event) that is useful for identifying system intrusion detection and system forensics should an attack occur.  Logs are regularly reviewed.  The logs are stored in a flat file in the application directory of a Unix server.

Other: There are no other personally identifiable data elements available in the system.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

IRS
Taxpayer
Employee
Other Federal Agencies (List agency)
State and Local Agencies (List agency)
Other third party sources (Describe)
 
A. IRS:
AIMS:
TIN
Taxpayer name
Claim amount
Tax owed/Tax refunded amount
Adjustment Amount
Zip code
State
Total positive income
AIMS Assignee Code

ERCS:
Employee ID
AIMS Assignee Code
MACS:
TIN
Total positive income

B. Taxpayer:  The taxpayer does not directly provide information to A-CIS.
C. Employee: The employee does not directly provide information to A-CIS.
D. Other Federal Agencies: Other federal agencies do not directly provide information to A-CIS.
E. State and Local Agencies: State and Local Agencies do not directly provide information to A-CIS.
F. Other Third Party Sources: No Third Party Sources provide information to A-CIS.

3. Is each data item required for the business purpose of the system?  Explain.
Yes, A-CIS provides MIS data and inventory information to IRS employees to analyze examination inventory levels and examination results. 

4. How will each data item be verified for accuracy, timeliness, and completeness?
The data is not verified for accuracy, timeliness, or completeness by A-CIS.  The data is validated on the AIMS system from which it is extracted. If an error exists in the data received from the AIMS or SETTS data, the A-CIS developer sends an email to the AIMS and SETTS personnel for research and resolution. Upon resolution, the A-CIS developer then notifies the end user. 
Discretionary checks of the data are performed by the A-CIS Database Administrator (DBA) and personnel from the Examination Management Information section. 

5. Is there another source for the data?  Explain how that source is or is not used.
No. There is no other source for this data than what has been stated previously in this document.

6. Generally, how will data be retrieved by the user?
End users download the MS Access database(s) that they have permissions to browse or they work off the server directly.  Users either use Access front-end or they go in through Excel or Access directly (i.e., MS Access backend).  Retrieval procedures consist of the standard query methods used in database applications.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?  Yes.  Data is retrievable using any data elements in the system, to include personal identifiers such as TIN and taxpayer name. 

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
The system administrator/database administrator is the only user that changes data housed on the SQL Server.  User Roles determine what access each user has.  MS Access client applications connect to either the Access databases or SQL server (using tools in SQL or Access) to provide unlimited Ad Hoc report generation and query capability.  If the database is downloaded, the users can modify the database(s) on their workstation.  Users who have access to these directories may not add or delete files from the directories.  The Access databases are broken down by the level of users.  For SB/SE Field Exam data, there is an Access database with all SB/SE Area data and individual databases for each area (currently there are 7 Areas in SB/SE Field Exam).  LMSB data is broken down into individual territories so that there are approximately 95 levels in LMSB.   These Access databases are distributed through a directory structured by MITS.  Users are placed in local groups by a MITS System Administrator via the Online 5081 process.  Before the MITS System Administrator receives the list of users, etc. via the Online 5081 process, the form 5081 is approved at various levels in SB/SE and the Business Operating Division (BOD) of the employee requesting access to the data.
Access to the SQL Server is limited to users who have been granted National level access i.e. all of SBSE data, all LMSB, or all Campus data.  These users are added to SQL Roles (Analyst Role) which provides “SELECT” access to the data tables. SQL Server users may not alter data or system files.  The system administrator adds these users.  See table below for specific permissions for each user category.
Role Permissions
System Administrator Read, Write, Delete, Add User
End-user /Analyst Online Database: Read
Database Downloaded to Workstation: Read, Modify, Print, Save

9. How is access to the data by a user determined and by whom?
A-CIS relies on the GSS common controls associated with the IRS Enterprise Active Directory domain structure to uniquely identify and verify the identity of each user.  An OL5081 is required of IRS users requesting access to A-CIS and must be signed by an immediate manager and SB/SE Exam managers.  Once forms are approved they are submitted to the MITS system administrator and application administrator, who adds the new user’s account into the system. The OL5081 process ensures that the user identifier is issued to the intended party and that user identifiers are archived.
A-CIS also relies on GSS common controls to enforce the disabling of user accounts that have been inactive for 45 and 90 days. According to the GSS common controls, User accounts that are inactive for a period of 45 days are disabled. User accounts that are inactive for a period of 90 days are deemed expired accounts and are removed from the application.
For access to A-CIS, users must first successfully authenticate to their respective campus domain GSS infrastructure utilizing their IRS account provided trough the Online 5081 process. Once successfully authenticated to the campus domain, A-CIS users are transparently given the proper permissions, through domain group policy, to access the A-CIS application databases to run queries and generate reports. Authorized A-CIS users are uniquely identified and placed in domain groups by a MITS System Administrator via the Online 5081 process.  Before the MITS System Administrator receives the list of users via the Online 5081 process, the form 5081 is approved at various levels in SB/SE and the BOD of the employee requesting access to the data. To access the A-CIS backend server SQL database, application developers must submit and have an approved Online 5081. MITS personnel are responsible for adding the approved users to the proper A-CIS SQL SA groups.
There are no contractors on A-CIS.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.
There are no direct interconnections from A-CIS to other applications.  AIMS and SETTS data is copied to the A-CIS windows server via file system transfer from a desktop computer in National Office by personnel on the AIMS staff.  All AIMS data is retrieved from the Audit Information Management System Reference (AIMSR) application.  The specific data type copied from ERCS is SETTS.  These data files received by the A-CIS application are the support for AAR (AIMS Related Report) and ARP (AIMS Related Processing).                      A-CIS also receives IRTF data from the MACS (Midwest Automated Compliance System) Development Center in St. Paul, Minnesota via password protected files copied to a CD or  DVD. 

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
AIMSR (AIMS is a component of AIMSR)
PIA: 4/26/2006
C&A:  AIMSR is not yet certified
ERCS (SETTS is a component of ERCS)
PIA: 4/19/1999
C&A:  4/12/2005
MACS (IRTF is a component of MACS)
PIA: 12/20/1999
C&A: 8/15/2004

12.  Will other agencies provide, receive, or share data in any form with this system?
A-CIS must provide information to the U.S. Treasury Inspector General for Tax Administration (TIGTA) if requested.   This information, however, is not provided directly by A-CIS, but rather by a user or system administrator who would query for the information and then provide it directly to TIGTA.  Otherwise, A-CIS does not have any interconnections outside the IRS boundary.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?
Records are destroyed in accordance with IRM 1.15.23 Examination #6 (Records Control Schedule for Tax Administration, Administrative Records).  This portion of the IRM states that the following types of records will be destroyed after five years.
Monthly, Quarterly, Annual, and Other Periodic Management Information Reports. Includes computer generated reports produced from the Master File and other Management Information Systems of the Service to measure field accomplishments in returns and staff time, additional taxes and penalties proposed, and effected and related material. (Job No. N1-58-88-2, Item 6)
Record copy Microfiche form listings and reports produced at the Detroit Computing Center.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.
No. This system does not use technology in a new way. 

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.
Yes. A-CIS can be used to identify an entity (an individual or a business). A-CIS is sometimes used for inventory information (open or closed) so this information is needed

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. A-CIS will not be used to monitor individuals or groups. 

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.
No. A-CIS will not be used to allow IRS to treat taxpayers, employees, or others, differently.
All users will be required to follow National Office documents, including the IRM, directives, and memoranda.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
A-CIS does not make any negative determinations.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
No. This system is not web based and therefore uses no cookies of any type.
 


Page Last Reviewed or Updated: September 28, 2007