TREASURY INSPECTOR GENERAL
FOR TAX ADMINISTRATION
Electronic Signature Initiatives Could Be Better Defined and Evaluated
Reference No. 2001-20-043
The significant growth of telecommunication networks and the increasing availability and use of computers provide the infrastructure for the Government to permit individuals the option to submit information or transactions electronically. On July 22, 1998, the President signed the Internal Revenue Service (IRS) Restructuring and Reform Act of 1998 (RRA 98) into law, which illustrated the Congressí intent to promote electronic filing by stipulating that the goal of the IRS should be to have at least 80 percent of all such returns filed electronically by 2007. The overall objective of this audit was to evaluate the security and administration of the IRSí alternative signature initiatives using Personal Identification Numbers (PIN) to increase the volume of electronically filed tax returns.
The efforts of the Office of Electronic Tax Administration (ETA) to implement alternatives to handwritten signatures have contributed to the significant increase in electronically filed individual tax returns. The IRSí involvement in electronic filing began in 1986 with the transmission of 25,000 individual returns from a few tax return preparers. As of September 24, 2000, the IRS had electronically received approximately 35 million (28 percent) of the 126 million individual returns filed, which represented an increase of over 20 percent from the prior year. The number of returns that were signed with a PIN increased over 75 percent to 12 million in 2000 from 6.8 million in 1999.
In the effort to increase the number of electronically filed returns and make the electronic filing process paperless, the IRS:
However, the IRS has not finalized requirements defining the minimum acceptable controls for the use of PINs as alternative signatures for electronically filed returns. Since the electronic filing program has expanded to include more complex returns with a higher risk for abuse (e.g., returns with business schedules that have more potential for unreported income or unsubstantiated deductions), it is important that the IRS define the acceptable PIN requirements for use in legal actions involving fraudulent returns.
In addition, the ETA Office lacks detailed cost benefit analyses for the operational alternative signature initiatives and comprehensive assessments of program performance. Therefore, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.
The Internal Revenue Service Has Not Finalized Requirements for the Use of Personal Identification Numbers as Alternative Signatures
The ETA Office was responsible for articulating an IRS authentication policy to include the use of PINs and the level of authentication needed for various types of transactions. However, the ETA Office has not finalized requirements for the use of PINs as alternative signatures for electronically filed returns. Therefore, the authentication controls in the signature alternatives varied from stringent controls where PINs were issued by the IRS and matched to IRS records during tax return processing to lesser controls where PINs were selected by the taxpayers and not verified during processing.
A contractor has developed a draft authentication security policy and implementation guide for the IRS. Although the stated purpose of the authentication security policy is to "establish the minimum requirements for authentication to be used when accessing information systems" and does not specifically address the signing of tax returns, the authentication elements contained in the draft document would improve the effectiveness of controls over PINs as alternative signatures.
The Internal Revenue Service Lacks Detailed Cost Benefit Analyses and Program Evaluation Results for the Alternative Signature Initiatives
In a memorandum issued on March 24, 1997, the Chief Taxpayer Service stated that the ETA Office was responsible for the IRSí authentication program, which included developing comprehensive risk and cost benefit analyses for each approved alternative signature initiative. An IRS task force recently evaluated each of the initiatives for litigation and implementation risk. However, the ETA Office did not prepare detailed cost benefit analyses for the operational alternative signature initiatives and, except for the 1040 and 941TeleFile initiatives, did not prepare comprehensive assessments of program performance. As a result, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.
Summary of Recommendations
To improve the security and administration of the IRSí alternative signature initiatives, we recommend that the Commissioner, Wage and Investment Division, finalize IRS requirements for the use of PINs as alternative signatures for electronically filed returns based on evolving guidance and the draft IRS authentication security policy and implementation guide and ensure that all operational alternative signature initiatives comply with the requirements. In addition, the Commissioner should prepare detailed program evaluations for operational PIN alternative signature initiatives and conduct comprehensive cost benefit analyses for future initiatives.
Managementís Response: IRS management responded that they would finalize signature authentication requirements, incorporate them into the Internal Revenue Manual or other appropriate document, and review operational alternative signature initiatives for compliance. However, IRS management did not agree with our recommendation to improve the program evaluation process. IRS management believes that existing program evaluation measures and cost-related documents are sufficient in detail to evaluate the program, identify areas for improvement, and select the most feasible approach.
Office of Audit Comment: We continue to believe that improvements are needed to ensure that the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are readily available. Although management indicated that program evaluations were done for each alternative, we were unable to obtain documentation of the evaluations for several of the alternatives, and management did not disagree with our conclusions when we met to discuss the proposed draft report in October 2000. In addition, we believe that a comprehensive cost benefit analysis should be required for each individual initiative since each signature initiative has different operations and maintenance costs.