HEARING BEFORE THE
COMMITTEE ON FINANCE
April 12, 2007
Michael R. Phillips
Deputy Inspector General for Audit
Treasury Inspector General
for Tax Administration
STATEMENT OF
MICHAEL R. PHILLIPS
DEPUTY INSPECTOR GENERAL
FOR AUDIT
TREASURY INSPECTOR GENERAL
FOR TAX ADMINISTRATION
before the
COMMITTEE
ON FINANCE
“Filing Your Taxes: An Ounce of Prevention is Worth a Pound of
Cure”
April 12, 2007
Chairman
Baucus, Ranking Member Grassley, and Members of the Committee, I thank you for
the opportunity to testify today. I am
Michael R. Phillips, Deputy Inspector General for Audit at the Treasury
Inspector General for Tax Administration.
My comments today focus on the 2007 Filing Season, identity theft, tax
fraud and tax practitioners. Each of these
areas presents significant challenges for the Internal Revenue Service (IRS).
2007 Filing Season
The
2007 Filing Season appears to be progressing without major problems. As of March 24, 2007, the IRS reported that it
had received more than 73.7 million individual tax returns. Of those returns, more than 53.0 million (72.0
percent) were filed electronically. The
number of electronically filed tax returns is 5.6 percent higher than at the
same time last year. The IRS has issued more
than 62.9 million refunds for a total of $152.8 billion.
While
the IRS has seen a growth in the number of electronically filed tax returns so
far this filing season, the number of
Free File returns is down slightly. As
of
March 24, 2007, the IRS received approximately 2.8 million tax returns through
the Free File Program, compared to approximately 2.9 million returns at the
same time last year.
The
Free File Program provides taxpayers with access to free online tax preparation
and e-filing services made possible through a partnership agreement between the
IRS and the tax software industry. The IRS Restructuring and Reform Act of 1998 (RRA 98)[1] required the IRS to work with private industry to increase
electronic filing. In response to this
requirement, in 2003 the Department of the Treasury (Treasury), the Office of Management
and Budget, and the IRS launched the Free File Program featuring private-sector
partners that allow qualifying taxpayers to prepare and file their tax returns
online for free. The Treasury, the Office
of Management and Budget, and the IRS made this possible through a
public-private partnership with a consortium of tax software companies, the
Free File Alliance, LLC (
The RRA 98
established a goal for the IRS to have 80 percent of Federal tax and
information returns filed electronically by 2007. Recognizing that the IRS will not meet this
goal, the IRS Oversight Board recommended an extension of the goal to 2012. The IRS Oversight Board has consistently
stated that the 80 percent e-file goal has been a major contributing factor to
the growth of electronic filing. Based
on existing trends through 2006, it is indeed unlikely that a sufficient number
of taxpayers will shift to e-file in 2007 to overcome the IRS’ shortfall. Nevertheless, because the goal has had such a
positive effect, the IRS Oversight Board recommended that Congress extend it to
2012 and expand its scope. According to
IRS Oversight Board Chairman Paul B. Jones, “While it is clear that the IRS will not achieve the ambitious 80
percent goal this year, we do not view this as a failure. Rather, the IRS and its private sector
partners have achieved continuous and significant progress in all parts of
electronic tax administration very much in keeping with RRA 98’s intent.”
Providing Quality Customer Service
While
the IRS continues to face longstanding challenges, it deserves recognition for
making progress in an area that will always be a challenge: providing quality customer service to the
American taxpayer. Quality customer
service is the first component of Commissioner Everson’s principle for the IRS:
Service
+ Enforcement = Compliance. Over
the past few years, TIGTA audits have shown that the IRS has improved customer
assistance in its face-to-face, toll-free telephone, tax return processing, and
electronic services, including the IRS public Internet site (www.IRS.gov).[2]
IRS.gov
IRS.gov continues to be one of the most visited Web sites in the world, especially during filing seasons. As of March 24, 2007, the IRS reported more than 97 million visits to its IRS.gov Web site. Additionally, the IRS now provides practitioners with online tools to provide better service to their customers such as electronic account resolution, transcript delivery, and disclosure authorization.
Toll-Free Operations
As of March 24, 2007, the
IRS’ assistor level of service was 83.6
percent, which is a decrease of less than 1 percent compared to the same week
last year.[3] However, the cumulative filing
season assistor level of service is currently 2.5 percent higher than the IRS’
planned assistor level of service of 81.1 percent. The IRS
answered 10.3 million calls compared to 10.5 million at this time last
year. The IRS also completed
14.4 million automated calls; a decrease of 5.7 percent from last year’s 15.3
million. It appears that automation
demand is materializing slightly later than last year.
Taxpayer
Assistance Centers
Taxpayer Assistance
Centers (TAC) are walk-in sites where taxpayers can receive answers to both
account and tax law questions, as well as receive assistance in preparing their
returns. TIGTA is currently in the
process of making anonymous visits to TACs to determine if taxpayers are receiving
quality service, including correct answers to their questions. As of March 24, 2007, there was approximately
the same number of walk-in contacts as there was for the same period last year.
Volunteer Income Tax Assistance
(VITA) Program
The
Volunteer Income Tax Assistance (VITA) Program plays an increasingly important
role in the IRS’ efforts to improve taxpayer service and facilitate
participation in the tax system. The
VITA Program provides no-cost Federal tax return preparation and electronic
filing to underserved taxpayer segments, including low income, elderly,
disabled, and taxpayers with limited proficiency in English. These taxpayers are frequently involved in
complex family situations that make it difficult to correctly understand and
apply tax law.
For
Filing Season 2007, TIGTA is including the American Association of Retired Persons-sponsored
Tax Counseling for the Elderly sites in its testing of VITA sites. TIGTA plans to visit 39 VITA sites to
determine if taxpayers received quality service, including the accurate
preparation of their individual income tax returns. TIGTA developed scenarios designed to present
volunteers with a wide range of tax law topics that taxpayers may need
assistance with when preparing their tax returns. These scenarios included the characteristics
(e.g., income level, credits claimed, etc.) of tax returns typically prepared
by the VITA Program volunteers based on an analysis of the Tax Year 2005 VITA‑prepared
tax returns.
As of March 30, 2007, TIGTA has had 33 tax
returns prepared with a 48 percent accuracy rate, compared to the 39 percent
accuracy rate reported for the 2006 Filing Season. TIGTA’s
observations are that volunteers did not always use the tools and information
available when preparing returns. TIGTA
will report its final results in August 2007.
See Figure 1 for comparisons of VITA Program activities for the 2006 and
2007 Filing Seasons through March 24, 2007.
Figure 1 Year-to-Date Comparisons of the Returns
Prepared
During the 2006 and 2007 Filing Seasons
Through March 24, 2007
|
2006 Actual |
2007 Actual |
% Change |
Volunteer Return Preparation |
1.5 |
1.7 |
12.3% |
|
|
|
|
Volunteer E-File (percent) |
91.2% |
92.2% |
1.1% |
Source:
IRS 2007 Filing Season Weekly Reports.
TIGTA is also conducting limited tests to
determine if VITA sites are in compliance with privacy and security guidelines for
the protection of taxpayer information. TIGTA’s
results as of March 30, 2007, show:
For
Fiscal Year 2008, the IRS is requesting an additional $5 million and 46 Full
Time Equivalent[4] to
expand the VITA Program. According to the
IRS, this will help “expand the IRS’
volunteer return preparation, outreach and education, and asset building
services to low-income, elderly, Limited English Proficient, and disabled
taxpayers.”
Telephone Excise Tax Refunds
The
telephone excise tax refund is the most wide-reaching refund in the history of
the IRS. It is a one-time refund that
the IRS estimated would affect between 151 million and 189 million people,
including many without a filing requirement.
The IRS developed a process to refund these monies on a timely basis and
made the refund request process relatively easy for most taxpayers. At the same time, the IRS wanted to minimize
refunds in excess of taxes collected and discourage overstated refund requests.
To
minimize the number of overstated refund requests and the administrative burden
on individual taxpayers, the IRS decided to offer individuals standard refund
amounts. Use of the standard amounts should
significantly reduce taxpayer burden since no records are needed to support
taxpayers’ requests. Individuals do not
have to assemble 41 months of telephone bills to determine their refund amounts. Requesting the standard amounts requires the
completion of only one additional line on the tax return.
However,
taxpayers are not required to request the standard amounts. If taxpayers do not choose to claim the
standard amounts, they must file Form 8913, Credit for Federal Telephone Excise
Tax Paid, with their U.S. Individual Income Tax Return (Form 1040 series). Taxpayers must attach Forms 8913 to their Forms
1040 to support any claims for more than the standard amount.
The
standard amounts developed by the IRS have proved to be very effective. Through the week ending March 24, 2007, IRS
records indicate that 99.6 percent of telephone excise tax refund claims filed
was for standard amounts. However,
through this same time period, just over 30 percent of the individual tax
returns filed contained no claim for a telephone excise tax refund, which
indicates that many taxpayers may not be aware of their opportunity to claim
this refund. TIGTA will be monitoring
the steps the IRS takes to address this issue.[5]
Processing
Claims
TIGTA
has raised the following concerns to the IRS regarding the processing of
returns claiming telephone excise tax refunds for non-standard amounts:
When
TIGTA reported these issues, the IRS took immediate steps to address the
problems.
Compliance
Efforts
The
IRS also developed a compliance strategy to address egregious claims. The strategy includes identifying tax returns
with claims for telephone excise tax refunds exceeding certain dollar
thresholds and freezing the telephone excise tax portion of the refunds
associated with those returns until the claims could be audited.
TIGTA
has also raised concerns with the IRS’ implementation of its compliance
strategy related to these claims. In TIGTA’s
opinion, the dollar threshold used to identify potentially egregious claims is
again set too high. TIGTA first raised this
concern to the IRS on February 16, 2007.
TIGTA analyzed over 23,000 claims that requested telephone excise tax
refunds for amounts considered to be highly questionable but that did not meet
the IRS’ criteria for further review. The
analysis revealed the following:
The
IRS set its threshold high because its examination resources are limited and
because it believes that examinations of returns claiming the Earned Income
Credit (EITC) [7] and
other discretionary examinations will result in higher assessment rates than
examinations of the telephone excise tax refund claims. However, other factors may need to be considered. For example:
Taking into consideration the
preceding factors, TIGTA recommended that the IRS re-examine all options at its
disposal to address significantly more inappropriate telephone excise tax
refund claims, including offering taxpayers the opportunity to self-correct
their returns, postponing some examination work, and having non-examination
employees work (or partially work) some of the simpler cases.
The IRS responded to TIGTA’s
concerns, stating that it does not plan to make adjustments to the threshold
amounts. The IRS’ written response did
not address TIGTA’s recommendation to allow taxpayers to self-correct their
returns; however, during discussions IRS officials stated that they had no
plans to issue notices to taxpayers and allow them to self-correct their errors
because IRS officials believe: such
notices would be ineffective; the IRS has limited resources to work the
responses; and there would be many “no response” cases for them to work.
Given the opportunity, many
taxpayers overclaiming the telephone excise tax refund based on a
misunderstanding of the instructions for Form 8913 may voluntarily self-correct
the error. However, the time for IRS to
develop a process and notice to facilitate this is limited and may actually be
past.
TIGTA
has also shared concerns about paid preparers and the telephone excise tax
refund with the IRS. As of March 24,
2007, a paid preparer had filed over 1,300 other returns with telephone excise
tax refund claims exceeding the standard amounts. Only 8 of this preparer’s claims have
exceeded the IRS’ tolerance. TIGTA
referred this preparer to the IRS’ Criminal Investigation function. The IRS requested information from TIGTA
regarding on other questionable preparers that may be avoiding IRS
scrutiny. TIGTA provided the requested
information to the IRS on other preparers.
Among them:
Notice Trends
Many
taxpayers who are 65 years or older (seniors), taxpayers who have claimed the
EITC, and taxpayers who have computed self-employment tax have received
repetitive math error notices (i.e., the taxpayers had received a notice
addressing the same issue in the prior year).
Taxpayers who receive repetitive notices may not understand or are
repeatedly overlooking specific instructions provided by the IRS. These taxpayers may also not understand an
area of tax law. Additionally, the
current filing information available to these taxpayers, including notices, may
be inadequate. Notices should not only
inform taxpayers of their errors but should also educate them on the issues,
and be a means to ensure that the errors do not occur in the future. Unclear or inadequate tax information and
notices create an additional burden on taxpayers and often result in additional
work and expense for the IRS.
Annually, the IRS sends over 100 million
notices to taxpayers; the IRS estimates this costs more than $400 million.[9] Over 7 million of these notices are math
error notices, which inform taxpayers that changes were made to their tax
returns as a result of mathematical or clerical errors. The notices explain the nature of the changes
and include account statements showing how the changes affect the returns. Overall, the vast majority of taxpayers
receiving these notices do not repeat their errors in subsequent years. Further, very few business taxpayers receive
repeat math error notices. The notices
with a higher repeat rate are those sent to individual taxpayers and are
related to a few areas of tax law. Five
notices accounted for 40 percent of all repetitive math error notices issued to
individual taxpayers, despite being only 13 percent of the total number issued.
TIGTA recommended that the IRS modify the
math error notices that have been sent repeatedly to taxpayers, to provide a
clearer and more informative explanation of the errors taxpayers are
making. In addition, TIGTA recommended
that the IRS make changes to the forms and instructions associated with the
provisions that have resulted in issuance of an inordinate number of repetitive
notices. Finally, the IRS should
continue to build on the research and analysis already performed to develop the
most effective ways to simplify tax preparation for senior taxpayers.[10]
Customer Account Data Engine
The
Customer Account Data Engine (CADE) project will provide the foundation for
managing taxpayer accounts to achieve the IRS’ modernization vision. The CADE consists of databases and related
applications that will replace the IRS’ existing Master File processing
systems, which are the IRS’ official repository of taxpayer information.
Congress
authorized $54 million in Fiscal Year (FY) 2005 and $60 million in
FY 2006 for the CADE. Additionally, the
IRS requested $85 million in FY 2007 for the CADE, but this amount has been
reduced to about $58 million. Through FY
2007, CADE project release costs total about $233.9 million. The IRS initiated the CADE project in
September 1999 and began delivering releases in August 2004.
During
Calendar Year (CY) 2006, the CADE posted over 7.3 million tax returns and
generated more than $3.4 billon in refunds.
This is a significant increase over the
1.4 million tax returns posted in CY 2005 that generated refunds totaling more
than $427 million. The CADE is now in
the process of completing delivery of Release 2.2. Release 2.2 will process 2007 Filing Season tax
law revisions (Tax Year 2006) and additional tax forms.[11]
On
February 27, 2007, the IRS and the PRIME[12]
contractor put Release 2.2 into production, but because computer reports on the
number of returns received did not match the number of returns posted, the CADE
was turned off and tax returns were sent back to the current IRS processing
system. The IRS reports that a major
portion of Release 2.2 was successfully put into production on March 6, 2007, (seven
weeks late). On the first day, it posted
over 571,000 tax returns of which 566,332 contained refunds. Because of the late start into production, the
IRS goal of using the CADE to process 33 million tax returns will not be met. According to IRS officials, the latest
estimate is that the IRS will complete the deployment of Release 2.2 by the end
of April 2007, and it will post between 16 million to 19 million returns during
the 2007 Filing Season.
Electronic Fraud Detection System
The Electronic Fraud Detection System (EFDS) is the
primary information system used to support the Criminal Investigation
Division’s Questionable Refund Program, which is a nationwide program
established in January 1997 to detect and stop fraudulent and fictitious claims
for refunds on income tax returns. Last
year, the EFDS was not operational because the IRS and its contractors were
unable to launch a Web-based version of the EFDS application (Web EFDS),
resulting in an estimated $318.3 million in fraudulent refunds being issued as
of May 19, 2006.[13]
On April 19, 2006, all system development
activities for the Web EFDS were stopped, and all efforts were focused on
restoring the client-server EFDS for use on January 16, 2007. The restoration effort required the
contractors to prepare the EFDS and the related databases for 2007 by starting
with the 2005 EFDS and updating it with the 2006 and 2007 tax law changes.
In October 2006, TIGTA initiated an audit to
determine whether the IRS was adequately monitoring the contractor’s
development efforts in 2006 to ensure that a system was delivered in time for
the 2007 Filing Season. TIGTA found that the IRS improved controls over the EFDS restoration
activities, including executive governance and project management. As a result, project risks were being
identified and mitigation actions were being taken to ensure that the EFDS was
implemented and fraudulent refunds stopped during 2007.[14]
On January 16, 2007, the IRS and its
contractors put the EFDS into production.
The IRS reported that the telephone excise tax refund, split refund, and
extender legislation requirements were implemented as scheduled on January 29,
2007. The IRS also reported that the
EFDS continues to operate without critical problems.
Identity Theft
Identity
theft is a growing national problem, but the percentage of identity theft cases
affecting tax administration is still relatively small. Out of the 246,035 identity theft complaints
reported to the Federal Trade Commission in 2006, approximately
20 percent (49,699 complaints) have had some impact on tax administration. The remaining identity theft complaints were
related to credit card fraud, telephone and utilities fraud, bank fraud,
Government benefits fraud, and other forms of fraud. While the overall number of taxpayers
affected by identity theft related to tax administration is small, it can be
very frustrating and time consuming for each victim to resolve his or her
situation with the IRS.
There
are two primary types of identity thefts that relate to tax
administration. The first type involves
an individual using another person’s name and Social Security number to file a
fraudulent tax return in order to steal a tax refund. The second type involves using another
person’s Social Security number to obtain employment.
According
to the identity theft complaints that the Federal Trade Commission received
during 2002‑2006,[15]
the number of fraudulent tax returns filed as a result of an identity theft has
steadily increased from 3,075 to 15,254 (396 percent increase). The number of complaints on employment-related
identity theft fraud more than doubled from 15,049 to 34,445 (129 percent) during
the same time period.
In
July 2005, TIGTA reported[16]
that the IRS lacked a corporate strategy to adequately address identity theft
issues. In response to some of TIGTA’s recommendations,
the IRS agreed to develop: (1) updated
agency-wide communication tools to be used to educate and assist taxpayers with
information about identity theft; (2) agency-wide standards to ensure that the
information taxpayers were asked to provide to substantiate identity theft claims
is consistent throughout the IRS; (3) specific closing codes for cases
involving identity theft that would allow the IRS to track and monitor the
effect of identity theft on tax administration; and (4) processes to
proactively identify instances of identity theft.
In
response to TIGTA’s report, the IRS established the Identity Theft Program
Office in October 2005 to provide centralized development of policy and
procedural guidance within tax administration and to implement an agency-wide
strategy composed of three components: outreach,
prevention and victim assistance. The
Office was established in the Wage and Investment Division to facilitate cross-functional
coordination.
During
the past two years, the Identity Theft Program Office has predominantly focused
on outreach and education efforts. For
example, the Office created the Identity Theft Webpage on IRS.gov and prepared various
publications and a DVD on identity theft.
In addition, the Office has drafted a memorandum for IRS employees,
standardizing the following documentation requirements for taxpayers to
substantiate identity theft:
Although
TIGTA recommended in its 2005 report that the IRS standardize the requirements
for taxpayers to support their identity theft claims, as of April 2007, the
memorandum that the IRS created to disseminate this information to its
employees is still under review and has not yet been issued.
The
IRS currently does not have a uniform process in every function for identifying
cases closed as a result of identity theft.
In response to TIGTA’s recommendation, the IRS agreed to refine certain coding
to identify some identity theft case closures.
For example, starting with Tax Year 2003, the IRS began using unique
codes in one of its databases for identity theft case closures that resulted in
no change in the tax liability (thus indicating that the actual taxpayer did
not underreport; rather the underreporting came as a result of another person
using the number for employment). However,
the special codes are not readily identifiable as identity theft closures to
most IRS employees. The IRS is currently
in the process of establishing a universal identity theft code. This coding will allow anyone looking at an
account on the Master File to see if a taxpayer has previously reported to the
IRS that his or her identity had been stolen.
Given
the limited identity theft case tracking information currently available, the
IRS, in TIGTA’s opinion, still lacks the comprehensive data needed to determine
the impact that identity theft has on tax administration. More importantly, the IRS is unable to
identify specific identity theft trends or take proactive steps to identify these
cases in order to reduce the burden on taxpayers.
TIGTA
is currently reviewing the IRS’ identity theft efforts. During TIGTA’s on-going review, the Identity
Theft Program Office has stated that the IRS does not use the Federal Trade
Commission’s Identity Theft Clearinghouse database because all information is
self‑reported by the taxpayer without any form of data validation, and a
majority of the identity theft complaints are for consumer fraud (i.e. stolen
credit cards) rather than tax administration.
According to an October 20, 2006, IRS briefing document, leveraging the
identity theft information gathered from agencies such as the Federal Trade
Commission to better identify taxpayers who have been victims of identify theft
was rated as one of the lowest scoring strategies.
The
IRS has not performed analyses to identify employers who consistently report
wages for employees using stolen Social Security numbers. The IRS’ actions are therefore largely
re-active in assisting victims of identity theft after they contact the IRS as
a result of notice or enforcement action.
The Identity Theft Program Office does not track the number of identity
theft referrals to the Criminal Investigation function. However, the Criminal Investigation function
only investigates identity theft issues in conjunction with other criminal
offenses.
The
problem of using a stolen Social Security Number for employment is compounded
by the limited actions that employers may take.
The Social Security Administration’s Web site directs employers not to
use the Social Security Number Verification Service “to take punitive actions against an employee whose name and Social
Security Number do not match Social Security’s records.” The Web site also states:
The
IRS is in the process of moving the Identity Theft Program Office from the Wage
and Investment Division to the Mission Assurance and Security Services (Mission
Assurance) organization. According to
the December 21, 2006, Memorandum of Understanding between Mission Assurance
and the Wage and Investment Division, “…Identity
Theft will be incorporated as part of enterprise information protection and
will not be managed as a stand alone program office.” In fact, none of the Identity Theft Program
staff are moving to Mission Assurance.
Mission Assurance “may facilitate
but will not direct activities determined to be tax administration or
individual taxpayer assistance in nature.”
Mission Assurance’s specific role will be further refined as the
organization engages with the business divisions.[17]
The
impact of the Identity Theft Program Office reorganization is unclear. However, TIGTA believes that in the
short-term the IRS’ assistance to individual taxpayers victimized by identity
theft will not improve from this realignment.
TIGTA
is also currently conducting an audit to determine
the progress the IRS has made in ensuring the privacy and security of
personally identifiable information. The
assessment will be based on prior audits of significant privacy-related issues
that TIGTA reported during the past four fiscal years.
The
IRS processes over 130 million tax returns and processes personally
identifiable information on approximately 240 computer systems. Almost all of its employees and contractors
have access to at least some of this information, making the protection of the
data a significant challenge. The
sensitivity of the data also makes IRS computer systems an attractive target for
hackers and others who could use the information for identity theft.
The
IRS has taken several actions to protect personally identifiable information in
its possession and to make the IRS a more security conscious organization.
·
The
IRS has established a Security Service and Privacy Executive Steering Committee
to serve as the primary governance body for all matters relating to security
and privacy issues in the IRS.
·
Communications
from the IRS Commissioner have set the tone to create a strong security
environment by advising IRS managers that employees need to be reminded of
their responsibilities to safeguard personally identifiable information and by
dispelling the perception that security is solely the responsibility of the
Mission Assurance and Security Services organization.
·
The
importance of protecting personally identifiable information will be emphasized
in a video scheduled for distribution to IRS employees in the third quarter of
Fiscal Year 2007. The video will include
statements by the IRS Commissioner and the Treasury Inspector General for Tax
Administration.
·
The
IRS has made significant improvements in its certification and accreditation[18]
process. For Fiscal Year 2006, the IRS
reported its computer systems had a certification and accreditation rate of 95
percent, which is an improvement over Fiscal Year 2005 when only 35 percent of
the systems were certified and accredited.
·
The
IRS has made steady progress in recent years in complying with the requirements
of the Federal Information Security Management Act of 2002. During 2006, the IRS reassessed the security
risks of its computer systems, and TIGTA is confident that the inventory is
substantially complete and the risk categorizations of the computer systems are
accurate.
·
The
IRS satisfied a major requirement of the Consolidated Appropriations Act of
2005[19]
by appointing a Chief Privacy Officer to assume responsibility for privacy and
data protection policies. The Chief
Privacy Officer completed a comprehensive assessment of the IRS’ privacy and
data protection procedures and made recommendations to strengthen the controls.
However,
TIGTA’s reviews during the past four fiscal years identified persistent
computer security weaknesses that continue to jeopardize the security of personally
identifiable information. IRS managers
and employees are not complying with established security procedures. Furthermore, IRS executive management is not
holding managers and employees accountable for carrying out their
responsibilities and for ensuring that managers and employees are aware of the security
risks associated with their positions. The
following are some of the security issues that TIGTA identified during the last
four fiscal years.
·
Employees
were not encrypting personally identifiable information on their laptop
computers and other electronic media.
·
Employees
did not properly report incidents of lost or stolen computers and personally
identifiable information.
·
The
Office of Privacy and Information Protection did not take steps to ensure that
the privacy of sensitive data was evaluated for all computer systems processing
personally identifiable information.
·
Managers
were not consistently reviewing audit trail information to identify
unauthorized accesses to taxpayer accounts.
·
Managers
and employees were susceptible to social engineering techniques.
·
Employees
were not following the email use policy.
·
The
IRS and its contractors were not integrating security controls into modernized
computer systems.
In
addition, the foundation of computer security within an organization starts
with strong policies and procedures that dictate what employees can and cannot
do while performing their jobs. The IRS’
policies do not explicitly identify rules that govern physical removal of and
remote access to personally identifiable information. The lack of a detailed organizational policy increases
the likelihood that employees are unaware of risks and are not adequately
protecting personally identifiable information.
Fraud and Noncompliance
The IRS estimates that fraudulent refund
claims exceed $500 million a year.
Congress has held hearings urging the IRS to devote additional resources
to improve its detection of fraudulent refunds, particularly claims filed by prisoners. At the same time, the National Taxpayer Advocate
(Advocate) reported that actions taken by the IRS adversely affected taxpayers’
rights.
The Criminal Investigation function reported that, as of December 1, 2005, it identified 132,945 fraudulent refund returns claiming $515.5 million in refunds during Processing Year 2005.[20] In contrast, through September 29, 2006, the Criminal Investigation function identified only 44,788 fraudulent returns claiming $232.3 million in refunds during Processing Year 2006. The dramatic decrease occurred because the redesigned EFDS Web-based application was not implemented due to a lack of adequate oversight and monitoring of the project, as TIGTA previously reported.[21]
Questionable Refund Program and Prisoner
Fraud
TIGTA has repeatedly
reported over the last seven years that additional controls and procedures were
necessary to identify instances of potential fraud.[22] TIGTA concluded in a recent
draft report that changes during Processing Year 2006 had a detrimental impact
on identifying fraudulent returns and will have an undeterminable affect on Processing
Year 2007. [23] TIGTA is continuing its efforts,
through a separate review, to evaluate the new procedures and the validity of
the scoring methodology used by the Criminal Investigation function to identify
potentially fraudulent returns and compiling demographic profiles of taxpayers
to determine the effectiveness of the IRS’ screening process.[24]
In April 2005, the
Due to the failures of the EFDS in Processing
Year 2006, the Criminal Investigation function was unable to identify prisoner
returns through data mining techniques.
Instead, the Criminal Investigation function used various criteria to
freeze prisoner refunds for tax returns on which the identifying information on
the returns matched prisoner information for the Federal, State, and local
prisons.
As a result, only 4,235 prisoner returns
claiming about $19 million in refunds were identified as fraudulent in Processing
Year 2006 and only $11.5 million in refunds were stopped. In contrast, during Processing Year 2004,
18,159 prisoner returns claiming $68.2 million in fraudulent refunds were
identified and 14,033 refunds totaling
$53.5 million were stopped. This shows
the potential magnitude of the IRS’ lost ability to detect and stop fraudulent
prisoner refunds during Processing Year 2006.
TIGTA remains concerned about how fraudulent prisoner returns are
identified. The Criminal Investigation
function requested programming changes to the EFDS for Processing Year 2007 that
effectively eliminated a certain category of prisoner refunds from the
screening process, believing prisoners in this category were less likely to
commit fraud.
TIGTA is pleased to note that an
amendment to H.R. 1677 was approved by the U.S. House of Representatives on March
28, 2007. The amendment would revise Internal
Revenue Code § 6103 to temporarily allow the IRS to share prisoners’ tax
information with the Federal Bureau of Prisons to prevent Federal tax fraud
schemes originating from prisons. While
this is an important step to combat refund fraud by prisoners, TIGTA is
concerned that the amendment is limited only to disclosures to the Federal
Bureau of Prisons. Analysis during TIGTA’s
previous audits determined that about 85 percent of fraudulent prisoner returns
were filed by inmates in State prisons. TIGTA
recommends that Congress and the Department of the Treasury consider including
disclosure to State prisons as well.
Identity theft is a growing problem with
refund fraud. Of the 44,788 refunds
verified as fraudulent during Processing Year 2006 through September 29, 2006,
the Criminal Investigation function indicated 7,957 (17.8 percent) involved
identity theft. The Advocate’s 2005
Report to the Congress took exception to the Criminal Investigation function’s
policy of automatically freezing the current and future years’ refunds of
identity theft victims. The Advocate
expressed concern that this policy is overly broad and causes significant and
continuing inconvenience. The Advocate’s
report indicated a need for an IRS-wide system that identifies which taxpayers are
the victims of identity theft. In
response to the Advocate’s concern, the IRS no longer freezes accounts
involving identity theft for subsequent years.
TIGTA recently reported that the greatest
problem associated with identity theft cases was the Criminal Investigation
function’s inability to identify identity theft victims whose tax accounts are frozen
in future years and to timely determine if the taxpayers are again the victims
of identity theft. In TIGTA’s opinion,
the policy to not freeze the subsequent years’ accounts will not significantly
reduce taxpayer inquiries and could result in additional lost revenue and
significant taxpayer burden.
If the Criminal Investigation function
properly identifies identity theft freezes, notifies the taxpayers of the
freezes, and timely resolves the freezes, the IRS will be providing a valuable
service to the taxpayer while at the same time protecting Federal revenue.
Noncash
Charitable Contributions
In
recent years, the legitimacy of the values placed on some noncash donations has
been questioned by the IRS and Congress.
As a result, Congress passed legislation adding additional reporting
requirements to substantiate the value of some of these donations. Individual taxpayers are required to file a
Noncash Charitable Contributions (Form 8283) if their charitable deductions
claimed for noncash contributions exceed $500.
The amount of substantiation to be provided with the Form increases as
the value of the deduction increases.
We found that the IRS revised tax forms and publications and provided training and information to employees to facilitate implementation of the new requirements for claiming noncash charitable contributions. However, taxpayers and tax practitioners still need to be better educated concerning requirements for claiming charitable contributions. Also, additional procedures need to be established to identify noncompliance with charitable contribution requirements during returns processing. Better education of taxpayers and preparers and additional returns processing procedures will enable the IRS to address potential noncompliance, as Congress intended in its legislation. TIGTA estimated that 101,236 taxpayers could have claimed unsubstantiated noncash contributions totaling approximately $1.8 billion for the period January 15 through September 21, 2006.[26]
TIGTA recommended that IRS officials coordinate to develop a comprehensive outreach plan on the reporting requirements for noncash charitable contributions for the affected taxpayers and tax practitioners, and develop procedures to correspond with taxpayers to obtain missing Forms 8283 and supporting documentation.
In their
response to the report, IRS officials agreed with the first recommendation to
supplement their outreach plans and partially agreed with the second
recommendation. The IRS plans to
continue to correspond with taxpayers who claim noncash charitable
contributions over a specific threshold dollar amount and whose Forms 8283 are
missing. In addition, the IRS agreed to
use a specific indicator to identify for Examination returns claiming noncash
contributions over the same threshold dollar amount but with no attached Forms
8283.
However, TIGTA believes that the IRS’ dollar
threshold for corresponding with taxpayers or examining returns with missing
information is still too high and that few instances of unsubstantiated
deductions will be addressed by the IRS’ actions. Taking action only when the deduction exceeds
this threshold and only when the Form 8283 is missing (rather than incomplete)
is not in keeping with Congress’ intent when passing legislation related to
this issue.
Tax Practitioners
Tax practitioners play a critical role in
the Federal tax system. Many taxpayers
depend on tax practitioners to prepare returns, advise them on tax-related
matters, and represent them before the IRS to resolve tax issues.
Office of Professional Responsibility
The IRS Office of Professional
Responsibility has an oversight role to ensure licensed tax practitioners
(attorneys, certified public accountants (CPA), enrolled agents, enrolled
actuaries, and appraisers) who practice before the IRS adhere to standards of
conduct and professionalism.[27]
This includes the responsibility for investigating allegations of
misconduct by licensed tax practitioners who represent taxpayers in matters
before the IRS.
In
performing its oversight role, the Office of Professional Responsibility relies
heavily on referrals involving tax practitioner misconduct from several sources
including IRS employees, taxpayers, tax practitioners, law enforcement
agencies, and State licensing authorities.[28] Depending on information provided and the
results of the Office’s investigation, the Office of Professional
Responsibility can apply disciplinary actions including a private reprimand,
censure (public reprimand), suspension, or disbarment. A tax practitioner may consent to the
proposed disciplinary action, or the case can be sent for an administrative
hearing.
When
the Office of Professional Responsibility takes a disciplinary action against a
tax practitioner, it maintains the action on its case management system. The Office also records the information on
its Intranet Web site and informs the public through Internal Revenue
Bulletins. If the disciplinary action
involves an enrolled agent, the Office will also update its enrolled agent
database.[29] Furthermore, if the disciplinary action
suspends or revokes the practitioner’s eligibility to practice before the IRS,
the Office will notify the appropriate IRS unit to update the Centralized
Authorization File.[30] The Centralized Authorization File is the
computer system used by IRS employees to determine the scope of authority
granted by the taxpayers, direct copies of tax notices and correspondence to
taxpayer representatives, and obtain contact information to communicate with
taxpayer representatives. There are
approximately 1.4 million representatives on the Centralized Authorization File
with an estimated 407,000 of these listed as licensed tax practitioners.
Recently,
the IRS has placed a greater emphasis on the oversight of tax
practitioners. In its Fiscal Year
2005-2009 Strategic Plan, the IRS included a number of strategies to ensure
attorneys, accountants, and other tax practitioners adhere to professional
standards and follow the law. These
strategies include outreach and education to tax practitioners and IRS
operating divisions related to the standards of conduct, the IRS role in
enforcing the standards, and the use of disciplinary actions when
appropriate. To help ensure adequate
resources are devoted to provide this oversight, the IRS substantially
increased the budget and staffing of the Office of Professional Responsibility. In Fiscal Year 2002, the Office had a budget
of $1.8 million and a staff of 15. By
Fiscal Year 2005, the Office had a budget of $5 million and a staff of 56. During this time, the number of disciplinary
actions by the Office also increased, primarily because of expedited
suspensions, which are generally used by the Office in response to action
already taken by Federal or State Government agencies to convict or disbar a
tax practitioner or to revoke a practitioner’s license.
One area in which the IRS has focused its
enforcement is on tax practitioners who promote abusive tax avoidance transactions such as abusive tax
shelters. This emphasis is in response to a
growing problem with the promotion and use of abusive tax shelters. A
number of IRS divisions and functions have taken a coordinated approach in
addressing this problem. Furthermore,
Treasury guidelines were revised to impose stricter standards on
individuals and firms that provide advice related to transactions intended to
shelter income from taxation. The new
rules strengthen the standards to help ensure practitioners analyze and address
carefully whether a particular transaction has a legitimate business reason and
is not solely for tax benefits. In
addition, monetary penalties can be imposed on promoters of abusive tax
shelters in addition to any suspension, disbarment, or censure of a
practitioner.[31]
Notwithstanding
the increases in enforcement activity, there are still a significant number of
tax practitioners whose conduct appears to warrant disciplinary action by the
IRS but who have not been identified by the Office of Professional
Responsibility. TIGTA’s audit of the Office
of Professional Responsibility in 2006 determined that the IRS needs to improve
its ability to identify such practitioners so it can take appropriate
disciplinary actions.[32] Some tax practitioners who have been
convicted of tax-related crimes or whose licenses have been suspended or
revoked by State authorities were not suspended from practice before the IRS.
In
addition, the IRS did not have an adequate method to notify the Office of
Professional Responsibility of tax practitioners who were not compliant with
their own tax obligations. In a
statistical sample of 750 of the approximately 407,000 licensed tax
practitioners, there were 34 (4.5 percent) who were not compliant with their
individual tax obligations. These 34
practitioners had a total of 81 tax periods with balances due of $826,709 and
34 tax periods for which required tax returns had not been filed.[33] Based on the sample, TIGTA estimated there
were approximately 22,500 licensed tax practitioners who were not compliant
with their tax obligations but who had not been identified for referral to the Office
of Professional Responsibility.
TIGTA
previously reviewed the Office of Professional Responsibility in 2001 (the Office
of Professional Responsibility was then known as the Office of the Director of
Practice) and reported problems with the lack of information needed to assess
or manage the resources used for the disciplinary proceedings program.[34] TIGTA reported that the case management
system was not used effectively to monitor program activities and resources and
that case information was not always updated or accurate. During the 2006 review, TIGTA found the Office
had not implemented some of the recommendations from the 2001 audit. Consequently, the problems reported in 2001
still existed. The Office still
did not have information needed to effectively
monitor program activities and resources, and the case management system still
contained unreliable information.
In
addition to recommending that the IRS implement recommendations from TIGTA’s
2001 audit report, TIGTA recommended that the Director, Office of Professional
Responsibility, work with other law enforcement agencies, including the
Department of Justice, to improve the referral process and develop a process to
obtain relevant information on State disciplinary actions by coordinating with
State licensing authorities such as State bar associations and boards of
accountancy. TIGTA also recommend that
the Director work with other IRS functions to develop
a method of uniquely identifying representatives on the Centralized
Authorization File and use the information to
notify the Office of Professional Responsibility when representatives are not
compliant with their individual tax obligations. The IRS agreed with TIGTA’s
recommendations.
Electronic Return
Originators
E-file
Providers, including Electronic Return Originators, originate the electronic
submission of income tax returns to the IRS.
E-file Providers electronically submit income tax returns that are
either prepared by them or collected from a taxpayer. As of November 17, 2006 there were 164,958
active e-file Providers.
The
primary means the IRS uses to regulate e-file Providers are the application
screening process and the monitoring program.
E-file Providers must meet age and citizenship requirements, pass a
criminal background check or have a professional certification,[35] and pass tax compliance verifications. The monitoring program is designed to ensure
e-file Providers are in compliance with e-file
regulations.
In
Fiscal Year 2004, TIGTA assessed the IRS’ regulation of Electronic Return
Originators and reported it authorized individuals to participate in the e‑file Program without ensuring
they met all required screening checks.[36] For the limited number of individuals that
were subjected to a criminal background check, procedures did not ensure the
results from the criminal background check were properly analyzed before making
a decision regarding acceptance in the program.
In addition, the monitoring program did not include requirements to
perform periodic criminal background checks or to analyze and use the results
of the percentage of an Electronic Return Originator’s rejected returns[37]
as an indicator of noncompliance.
In
response, the IRS agreed to: (1) validate
both the Social Security Number and date of birth during the e-file application process; (2) ensure criminal
background checks are obtained electronically; (3) request the Federal Bureau
of Investigation perform a background check using name and other available
information on unprocessable fingerprint cards; (4) ensure individuals who
provide professional certifications are in current standing; and (5) use e-file
reject rates for selecting monitoring visits.
The IRS did not agree to periodic criminal
background checks of e-file
Providers stating checks are done initially.
TIGTA
is currently conducting an audit to follow up on these actions and to determine
whether the IRS’ screening and monitoring of e‑file Providers is
effective. TIGTA plans to report the
results in August 2007.
Conclusions
While
the 2007 Filing Season appears to be progressing without major problems, TIGTA
is concerned that changes in the Free File Agreement and the elimination of
Telefile Program in 2005 may be contributing to a significant slowing of the
growth in electronic filing this year. The IRS discontinued the Telefile program for individual
taxpayers in August 2005. The TeleFile
Program allowed taxpayers with the simplest tax returns[38]
to file their returns by telephone.
This slowed growth comes at a time when the IRS is still far from reaching Congress’ goal of 80 percent electronic filing by 2007. Slower growth in electronic filing will defer the efficiency gains for the IRS that result from electronic filing.
Additionally, TIGTA is
concerned about the IRS’ telephone excise tax refund program. While the IRS took corrective actions to
address concerns about processing thresholds, the IRS declined to re-examine
all options at its disposal to address significantly more inappropriate
telephone excise tax refund claims, including offering taxpayers the
opportunity to self-correct their returns, the postponement of some examination
work, and the working (or partial working) of some of the simpler cases by non-examination
employees.
Furthermore, TIGTA is
concerned about the growth in tax fraud and identity theft. These concerns are heightened during the
filing season. Identity theft for tax
fraud purposes is trending up and the IRS needs to ensure it effectively addresses
this growth. While the IRS has begun to
address the problem of identity theft, there is still much that needs to be done.
I
hope my discussion of some of the 2007 Filing Season and identity theft issues
will assist you with your oversight of the IRS.
Mr. Chairman and Members of the Committee, thank you for the opportunity
to share my views.
[1] Pub. L. No. 105-206, 112 Stat. 685 (codified as amended in scattered sections of 2 U.S.C., 5 U.S.C. app., 16 U.S.C., 19 U.S.C., 22 U.S.C., 23 U.S.C., 26 U.S.C., 31 U.S.C., 38 U.S.C., and 49 U.S.C.).
[2] Taxpayer Service Is Improving, but Challenges Continue in Meeting Expectations (TIGTA Reference Number 2006-40-052, dated February 2006).
[3] Assistor level of service is the primary measure of providing service to taxpayers. It is the relative success rate of taxpayers who call for services on the IRS’ toll-free telephone lines.
[4] A measure of labor hours in which 1 FTE is equal to 8 hours
multiplied by the number of compensable days in a particular fiscal year. For FY 2005, 1 FTE was equal to 2,088 hours.
[5]
Telephone Excise Tax Refund (TIGTA Audit
Number 200630036).
[6] Various schedules may be attached to a tax return, if needed. Schedule C is for reporting Profit or Loss From Business; Schedule E is for Supplemental Income and Loss; and Schedule F is for Profit or Loss From Farming.
[7] The Earned Income Tax Credit (EITC) is a refundable credit
designed to help move low-income taxpayers above the poverty level.
[8] While Examinations of High-Income Taxpayers Have Increased, the Impact on Compliance May Be Limited (TIGTA Reference Number 2006-30-105, dated July 25, 2006)
[9] Based on a 2001 IRS estimate.
[10] Draft Report Opportunities Exist to Help Seniors and Many Other Taxpayers That
Repeatedly Make Mistakes on Their Individual Income Tax Returns (TIGTA
Audit Number 200630004, dated
March 20, 2007).
[11]
Customer Account Data Engine (TIGTA Audit
Number 200620012).
[12]
The PRIME
contractor is the Computer Sciences Corporation, which heads an alliance of
leading technology companies brought together to assist with the IRS’ efforts
to modernize its computer systems and related information technology.
[13] The Electronic Fraud Detection System Redesign Failure Resulted in Fraudulent Returns and Refunds Not Being Identified (TIGTA Reference Number 2006-20-108, dated August 9, 2006).
[14] Draft Report Sufficient Emphasis Was Not Placed on Resolving Security Vulnerabilities When Restoring the Electronic Fraud Detection System (TIGTA Audit Number 200720028, date April 3, 2007).
[15]
FTC
Identity Theft Victim Complaint Data Figures and Trends January 1 - December
31, 2002; FTC National and State Trends in Fraud & Identity Theft January –
December 2003, dated January 22, 2004; and FTC Consumer Fraud and Identity
Theft Complaint Data January – December 2006, dated February 2007.
[16] A Corporate Strategy Is Key to Addressing
the Growing Challenge of Identity Theft (TIGTA Reference Number
2005-40-106, dated July 2005).
[17] Memorandum of
Understanding, dated December 21, 2006, Mission Assurance and Security Services
and Wage and Investment, Identity Theft Program Transition.
[18]
Security
certification is a comprehensive assessment of the management, operational, and
technical security controls in an information system, made in support of an
accreditation, to determine the extent to which the controls are implemented
correctly and operating as intended.
Accreditation is the official management decision given by the owner of
the information system to authorize the operation of the system and to
explicitly accept the risks.
[19] Pub. L. No. 108-447, 118 Stat. 2809.
[20] The year in
which taxpayers file their returns with the IRS. For example, most Tax Year 2004 returns were
filed in Processing Year 2005.
[21] The Electronic
Fraud Detection System Redesign Failure Resulted in Fraudulent Returns and
Refunds Not Being Identified (TIGTA Reference
Number 2006-20-108, dated August 9, 2006).
[22]
Audit reports previously issued: The Internal Revenue
Service Can Improve the Effectiveness of
Questionable Refund
Detection Team Activities (Reference Number
2000-40-018, dated December 1999);
Revised Questionable
Refund Program Procedures Were Not Consistently Implemented (Reference
Number 2001-40-025, dated January 2001); Improvements Are Needed
in the Monitoring of Criminal
Investigation Controls
Placed on Taxpayers’ Accounts When Refund Fraud Is Suspected (Reference
Number 2003-10-094, dated March 2003); and The Internal Revenue
Service Needs to Do More to Stop the
Millions of Dollars in
Fraudulent Refunds Paid to Prisoners (Reference
Number 2005-10-164, dated
September 2005).
[23] Draft Report Actions Have Been Taken to Address
Deficiencies in the Questionable Refund Program; However, Many Concerns Remain,
With Millions of Dollars at Risk (TIGTA Audit Number 200610003).
[24] Questionable Refund Program Phase II (TIGTA
Audit Number 200710024).
[25] The Internal Revenue Service Needs to Do More to Stop the
Millions of Dollars in Fraudulent Refunds Paid to Prisoners
(TIGTA Reference Number 2005-10-164, dated September 2005).
[26] The Internal Revenue Service Needs to Improve Procedures to Identify Noncompliance With the Reporting Requirements for Noncash Charitable Contributions (TIGTA Reference Number 2007-30-049, dated March 5, 2007).
[27] The Office of Professional Responsibility was established in January
2003 to replace what was formerly the Office of the Director of Practice.
[28] A referral
can be sent to the Office of Professional Responsibility using a Report of
Suspected Practitioner Misconduct (Form 8484) or a written statement. In addition, the IRS public Web site,
IRS.gov, has a link for tax professionals and taxpayers to submit referrals.
[29] The Enrolled Practitioner Program System is used to record and monitor
individuals granted enrolled agent status by the IRS.
[30] Taxpayers can authorize individuals to represent them on tax returns or other tax-related issues by submitting a Power of Attorney and Declaration of Representative (Form 2848) to the IRS that is recorded on the Centralized Authorization File.
[31] American Jobs Creation Act of 2004, Pub. L. No. 108–357, 118 Stat. 1418 (2004) and Treasury Department Circular No. 230 (new regulations in effect June 20, 2005).
[32] The Office of Professional Responsibility Can Do More to Effectively
Identify and Act Against Incompetent and Disreputable Tax Practitioners
(TIGTA Reference Number
2006-10-066, dated March 2006).
[33] A tax period
is a measure of time for which a tax return is required to be filed.
[34] Improved Case Monitoring and Taxpayer
Awareness Activities Can Enhance the Effectiveness of the Tax Practitioner
Disciplinary Proceedings Program (TIGTA Reference Number 2001-10-027, dated
January 2001).
[35] A fingerprint
card is not required if the applicant has a professional certification. For applicants that do submit fingerprint
cards, only one in four is sent for a Federal Bureau of Investigation criminal
background check.
[36] Improvements Are Needed in the Screening and Monitoring of E-File Providers to Protect Against Filing Fraud (TIGTA Reference Number 2004-40-013, dated November 2003).
[37] When an e-filed return is transmitted to the IRS, it is run through a series of validity and error checks. These checks look for such things as names and Social Security Numbers that match IRS records, math errors, and other common errors. If errors are found, the return is rejected back to the originator to fix the error and resubmit the return. The percentage of returns transmitted versus returns rejected is known as the “reject rate.”
[38] Forms 1040EZ.