The significant growth of telecommunication networks and the increasing availability and use of computers provide the infrastructure for the Government to permit individuals the option to submit information or transactions electronically. On July 22, 1998, the President signed the Internal Revenue Service (IRS) Restructuring and Reform Act of 1998 (RRA 98) into law, which illustrated the Congress’ intent to promote electronic filing by stipulating that the goal of the IRS should be to have at least 80 percent of all such returns filed electronically by 2007. The overall objective of this audit was to evaluate the security and administration of the IRS’ alternative signature initiatives using Personal Identification Numbers (PIN) to increase the volume of electronically filed tax returns.

The efforts of the Office of Electronic Tax Administration (ETA) to implement alternatives to handwritten signatures have contributed to the significant increase in electronically filed individual tax returns. The IRS’ involvement in electronic filing began in 1986 with the transmission of 25,000 individual returns from a few tax return preparers. As of September 24, 2000, the IRS had electronically received approximately 35 million (28 percent) of the 126 million individual returns filed, which represented an increase of over 20 percent from the prior year. The number of returns that were signed with a PIN increased over 75 percent to 12 million in 2000 from 6.8 million in 1999.

In the effort to increase the number of electronically filed returns and make the electronic filing process paperless, the IRS:

• Implemented electronic signatures in accordance with the RRA 98.
• Considered implementation and litigation risks in adopting signature alternatives.
• Coordinated with the Business Systems Modernization Office (BSMO) regarding current alternative signature initiatives and long-range plans.

However, the IRS has not finalized requirements defining the minimum acceptable controls for the use of PINs as alternative signatures for electronically filed returns. Since the electronic filing program has expanded to include more complex returns with a higher risk for abuse (e.g., returns with business schedules that have more potential for unreported income or unsubstantiated deductions), it is important that the IRS define the acceptable PIN requirements for use in legal actions involving fraudulent returns.

In addition, the ETA Office lacks detailed cost benefit analyses for the operational alternative signature initiatives and comprehensive assessments of program performance. Therefore, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.

The ETA Office was responsible for articulating an IRS authentication policy to include the use of PINs and the level of authentication needed for various types of transactions. However, the ETA Office has not finalized requirements for the use of PINs as alternative signatures for electronically filed returns. Therefore, the authentication controls in the signature alternatives varied from stringent controls where PINs were issued by the IRS and matched to IRS records during tax return processing to lesser controls where PINs were selected by the taxpayers and not verified during processing.

A contractor has developed a draft authentication security policy and implementation guide for the IRS. Although the stated purpose of the authentication security policy is to "establish the minimum requirements for authentication to be used when accessing information systems" and does not specifically address the signing of tax returns, the authentication elements contained in the draft document would improve the effectiveness of controls over PINs as alternative signatures.

In a memorandum issued on March 24, 1997, the Chief Taxpayer Service stated that the ETA Office was responsible for the IRS’ authentication program, which included developing comprehensive risk and cost benefit analyses for each approved alternative signature initiative. An IRS task force recently evaluated each of the initiatives for litigation and implementation risk. However, the ETA Office did not prepare detailed cost benefit analyses for the operational alternative signature initiatives and, except for the 1040 and 941TeleFile initiatives, did not prepare comprehensive assessments of program performance. As a result, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.

To improve the security and administration of the IRS’ alternative signature initiatives, we recommend that the Commissioner, Wage and Investment Division, finalize IRS requirements for the use of PINs as alternative signatures for electronically filed returns based on evolving guidance and the draft IRS authentication security policy and implementation guide and ensure that all operational alternative signature initiatives comply with the requirements. In addition, the Commissioner should prepare detailed program evaluations for operational PIN alternative signature initiatives and conduct comprehensive cost benefit analyses for future initiatives.

Management’s Response: IRS management responded that they would finalize signature authentication requirements, incorporate them into the Internal Revenue Manual or other appropriate document, and review operational alternative signature initiatives for compliance. However, IRS management did not agree with our recommendation to improve the program evaluation process. IRS management believes that existing program evaluation measures and cost-related documents are sufficient in detail to evaluate the program, identify areas for improvement, and select the most feasible approach.

Office of Audit Comment: We continue to believe that improvements are needed to ensure that the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are readily available. Although management indicated that program evaluations were done for each alternative, we were unable to obtain documentation of the evaluations for several of the alternatives, and management did not disagree with our conclusions when we met to discuss the proposed draft report in October 2000. In addition, we believe that a comprehensive cost benefit analysis should be required for each individual initiative since each signature initiative has different operations and maintenance costs.