Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

Automated Under Reporter Inventory Strategy Database (AUR-ISD)

 

Automated Under Reporter Inventory Strategy Database (AUR-ISD)

Purpose of the System:  An Automated Under Reporter (AUR) is defined as a case where the income information associated with a tax return is less than what is reported by third parties (e.g., banks, employers).  The AUR-ISD Case Scoring and Selection Tool is used to select approximately 30% of the AUR inventory, for a given tax year.  The goal of this selection operation is to obtain those cases that satisfy the objectives established by the business unit.  Approximately 16 million tax submissions annually are tagged as AUR cases.

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A. Taxpayer:
Taxpayer data available in the system:
Social Security Number (SSN)
Secondary SSN
Underreported information (Wages)
Zip code

B. Employee: None

C.  Audit Trail Information that AUR-ISD tracks are as follows: 
Program Execution (Any actions the user can use on the tool - read, view, print, edit.
Time stamp
User ID

D. Other:
Preparer Telephone number
Preparer ID
Preparer Employer Identification Number (EIN)

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS:  The AUR-ISD data source is inherited.  All of the data is coming from another source, AUR-ISD does not seek additional information from tax payers or modify the data. The 100 data elements that make up the flat files that are used as the AUR-ISD information data source are extracted from the Individual Master File (IMF) and Information Return Master File (IRMF) data sources. IMF and IRMF are two of the main frame databases that all taxpayer info is sent.

The data inherited from IRS systems includes: 
IMF- Underreported information (Wages)
IRMF – Tax return information as previously mentioned in question 1A of this PIA.

B. Taxpayer:  None

C. Employee: None

D. Other Federal Agencies: None

E. State and Local Agencies: None

F. Other third party sources: None


3. Is each data item required for the business purpose of the system?  Explain.
Yes.  Each data item is needed to support the inventory selection purposes of the system.

4. How will each data item be verified for accuracy, timeliness, and completeness?
The IMF and the IRMF are responsible for data integrity checks for data provided to the AUR-ISD.  The data generated within AUR-ISD is also checked for syntax errors.  The tools focus is on the query and selection of the inherited data.  The select and non-select rules are checked by the tool.

5. Is there another source for the data?  Explain how that source is or is not used.
No.  The only source of data is from the Under Reporter Correlation Group (URCG), it is the entity that develops the data used by AUR-ISD The URCG pulls data from the IMF and the IRMF.

6. Generally, how will data be retrieved by the user?
Access to AUR-ISD is through the IRS Intranet only.  Once a user is authenticated he may import data, score cases (using an internal algorithm), build specific business rules to query the data for selection, change case profiles from an unselected status to a selected status, query data into standard report formats, and export data to specified folders.  Yes

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes.  Data is retrievable by SSN or any of the data elements in the system.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
There are eight persons with authorized access to the AUR-ISD application tool.  Four of those users are developers.  There are only two primary business unit users of the system: W&I and SB/SE.  A W&I and a SB/SE representative access this tool on a daily basis only during a two week period twice a year during January and August.  Two other users have access but only serve in a backup capacity.  All users have administrative access to the AUR-ISD tool, however in order to facilitate the concept of least privilege and separation of duties only one user, other than the developers, has access to the server to include administrative database control.
The following is a table of user roles and permissions of the system:
Role Permissions
DB Admin-Assign permissions
AUR user-Basic admin level access to the tool.  Have full read, write and edit.  No delete permissions. Contractors act as AUR users (as developers). Once their contract is complete the developers (contractors) will be removed from the system.

9. How is access to the data by a user determined and by whom?
 IRS personnel can obtain access to AUR-ISD by completing and submitting an Online Form 5081 (OL5081) request.  The OL5081 was developed to identify, authorize, and register IRS information system users, communicate the Information Systems Security Rules to information system users, and obtain a signed (electronically) statement from each user that he/she has read and understands the rules and their consequences.  For complete details of the OL5081 process refer to the implementation language in Section 5.2.2 Technical Controls, AC-2: Account Management.  Upon successful completion of the process a user has an IRS system account but can only access AUR-ISD if they are designated as an authorized user of the system.There are no separate administrator accounts.  The two system users require full access and administrative rights to the system.  The business owner of the AUR Selection Tool establishes permissions for granting access. 
Once permissions are granted users are authenticated by IRS active directory services. Contractors developing the tool do currently have “Staff like access”.  Background checks have been performed and they have access to the tool.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.
Yes.  There is information coming from IMF and IRMF and then the URCG group develops the necessary flat file.   IMF gathers underreported information such as records of tax liability and accounting information pertaining to the income tax for one tax period. IRMF gathers return data reported on tax returns.
Both IMF and IRMF data are combined in a file which gathers information on cases sent to the AUR-ISD tool via Electronic File Transfer Utility (EFTU).  EFTU is the secure mechanism by which all files are sent and received.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
IMF -
PIA completed 9/1/2003, expired on 9/1/2006
C&A  completed 8/20/2004, expires 8/20/2007

IRMF -
PIA completed 6/8/2006, expires 6/8/2009
C&A completed 8/20/2004, expires 8/20/2007

12.  Will other agencies provide, receive, or share data in any form with this system?
No. 
Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?
What are the “sensitivity” labels assigned?  It’s all taxpayer data isn’t it?
All reports are labelled according to sensitivity and are tightly controlled by the user.  The reports are destroyed when no longer needed.  
For systems that store or process taxpayer information, audit trail archival logs are retained for six (6) years, unless otherwise specified by a formal Records Retention Schedule developed in accordance with IRM 15.1, Records Management.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.
No.  AUR-ISD will not use technology in a new way.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.
Yes.  Any taxpayer that under reports on their taxes is entered into the system.  AUR-ISD is then used to select the cases to be worked in the AUR program.  This process can be used to identify those taxpayers in accordance with the business purpose of the system.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. AUR-ISD does not provide the capability to monitor individuals or groups.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.
The capability to select taxpayers does exist.    However, the purpose of the system is to be an inventory analysis tool used to improve the AUR workload and does not deny, or grant any rights.   AUR-ISD does not utilize this capability to make any negative determinations. 

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
Since negative determinations are not processed by the system, due process procedures are not applicable.   Due process is afforded to all taypayers if their case is selected for review before final determinations are made, but that happens within another system.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
No.  AUR-ISD is a web intranet tool with limited access.  It does not use any cookies or tracking devices.


 
 


Page Last Reviewed or Updated: September 28, 2007