200120043fr2

Electronic Signature Initiatives Could Be Better Defined and Evaluated

February 2001

Reference Number: 2001-20-043

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

February 12, 2001

MEMORANDUM FOR COMMISSIONER, WAGE AND INVESTMENT DIVISION

FROM: Pamela J. Gardiner /s/ Pamela J. Gardiner

Deputy Inspector General for Audit

SUBJECT: Final Audit Report - Electronic Signature Initiatives Could Be Better Defined and Evaluated

This report presents the results of our review of the Internal Revenue Service’s (IRS) implementation of alternative signature initiatives using Personal Identification Numbers to increase the volume of electronically filed tax returns. In summary, the efforts of the IRS’ Office of Electronic Tax Administration to implement alternatives to handwritten signatures have contributed to a significant increase in electronically filed individual tax returns. However, the issuance of requirements for the use of alternative signatures and an improved program evaluation process are needed.

IRS management responded to the recommendations presented in the report and is taking corrective actions to finalize the requirements for the use of alternative signatures. However, IRS management did not agree with our recommendation to improve the program evaluation process. IRS management believes that existing program evaluation measures and cost-related documents are sufficient in detail to evaluate the program, identify areas for improvement, and select the most feasible approach. However, we continue to believe that improvements are needed to ensure that the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are readily available.

Management’s comments have been incorporated into the report where appropriate, and the full text of their response is included as an appendix. In addition, Office of Audit comments on IRS management’s response have been included in the report.

Copies of this report are also being sent to the IRS managers who are affected by the report recommendations. Please contact me at (202) 622-6510 if you have questions, or your staff may call Scott E. Wilson, Associate Inspector General for Audit (Information Systems Programs), at (202) 622-8510.

Table of Contents

The Internal Revenue Service Has Not Finalized Requirements for the Use of Personal Identification Numbers as Alternative Signatures

The Internal Revenue Service Lacks Detailed Cost Benefit Analyses and Program Evaluation Results for the Alternative Signature Initiatives

Conclusion

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Overview of the Alternative Signature Initiatives

Appendix V – Evaluation of the Alternative Signature Controls

Appendix VI – Management’s Response to the Draft Report

Executive Summary

The significant growth of telecommunication networks and the increasing availability and use of computers provide the infrastructure for the Government to permit individuals the option to submit information or transactions electronically. On July 22, 1998, the President signed the Internal Revenue Service (IRS) Restructuring and Reform Act of 1998 (RRA 98) into law, which illustrated the Congress’ intent to promote electronic filing by stipulating that the goal of the IRS should be to have at least 80 percent of all such returns filed electronically by 2007. The overall objective of this audit was to evaluate the security and administration of the IRS’ alternative signature initiatives using Personal Identification Numbers (PIN) to increase the volume of electronically filed tax returns.

Results

The efforts of the Office of Electronic Tax Administration (ETA) to implement alternatives to handwritten signatures have contributed to the significant increase in electronically filed individual tax returns. The IRS’ involvement in electronic filing began in 1986 with the transmission of 25,000 individual returns from a few tax return preparers. As of September 24, 2000, the IRS had electronically received approximately 35 million (28 percent) of the 126 million individual returns filed, which represented an increase of over 20 percent from the prior year.The number of returns that were signed with a PIN increased over 75 percent to 12 million in 2000 from 6.8 million in 1999.

In the effort to increase the number of electronically filed returns and make the electronic filing process paperless, the IRS:

Implemented electronic signatures in accordance with the RRA 98.
Considered implementation and litigation risks in adopting signature alternatives.
Coordinated with the Business Systems Modernization Office (BSMO) regarding current alternative signature initiatives and long-range plans.

However, the IRS has not finalized requirements defining the minimum acceptable controls for the use of PINs as alternative signatures for electronically filed returns. Since the electronic filing program has expanded to include more complex returns with a higher risk for abuse (e.g., returns with business schedules that have more potential for unreported income or unsubstantiated deductions), it is important that the IRS define the acceptable PIN requirements for use in legal actions involving fraudulent returns.

In addition, the ETA Office lacks detailed cost benefit analyses for the operational alternative signature initiatives and comprehensive assessments of program performance. Therefore, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.

The Internal Revenue Service Has Not Finalized Requirements for the Use of Personal Identification Numbers as Alternative Signatures

The ETA Office was responsible for articulating an IRS authentication policy to include the use of PINs and the level of authentication needed for various types of transactions. However, the ETA Office has not finalized requirements for the use of PINs as alternative signatures for electronically filed returns. Therefore, the authentication controls in the signature alternatives varied from stringent controls where PINs were issued by the IRS and matched to IRS records during tax return processing to lesser controls where PINs were selected by the taxpayers and not verified during processing.

A contractor has developed a draft authentication security policy and implementation guide for the IRS. Although the stated purpose of the authentication security policy is to "establish the minimum requirements for authentication to be used when accessing information systems" and does not specifically address the signing of tax returns, the authentication elements contained in the draft document would improve the effectiveness of controls over PINs as alternative signatures.

The Internal Revenue Service Lacks Detailed Cost Benefit Analyses and Program Evaluation Results for the Alternative Signature Initiatives

In a memorandum issued on March 24, 1997, the Chief Taxpayer Service stated that the ETA Office was responsible for the IRS’ authentication program, which included developing comprehensive risk and cost benefit analyses for each approved alternative signature initiative. An IRS task force recently evaluated each of the initiatives for litigation and implementation risk. However, the ETA Office did not prepare detailed cost benefit analyses for the operational alternative signature initiatives and, except for the 1040 and 941TeleFile initiatives, did not prepare comprehensive assessments of program performance. As a result, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.

Summary of Recommendations

To improve the security and administration of the IRS’ alternative signature initiatives, we recommend that the Commissioner, Wage and Investment Division, finalize IRS requirements for the use of PINs as alternative signatures for electronically filed returns based on evolving guidance and the draft IRS authentication security policy and implementation guide and ensure that all operational alternative signature initiatives comply with the requirements. In addition, the Commissioner should prepare detailed program evaluations for operational PIN alternative signature initiatives and conduct comprehensive cost benefit analyses for future initiatives.

Management’s Response: IRS management responded that they would finalize signature authentication requirements, incorporate them into the Internal Revenue Manual or other appropriate document, and review operational alternative signature initiatives for compliance. However, IRS management did not agree with our recommendation to improve the program evaluation process. IRS management believes that existing program evaluation measures and cost-related documents are sufficient in detail to evaluate the program, identify areas for improvement, and select the most feasible approach.

Office of Audit Comment: We continue to believe that improvements are needed to ensure that the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are readily available. Although management indicated that program evaluations were done for each alternative, we were unable to obtain documentation of the evaluations for several of the alternatives, and management did not disagree with our conclusions when we met to discuss the proposed draft report in October 2000. In addition, we believe that a comprehensive cost benefit analysis should be required for each individual initiative since each signature initiative has different operations and maintenance costs.

Objective and Scope

The overall objective of the audit was to evaluate the security and administration of the Internal Revenue Service’s (IRS) alternative signature initiatives using Personal Identification Numbers (PIN) to increase the volume of electronically filed tax returns. To accomplish our objective, we determined whether:

The initiatives complied with existing Government and IRS security policies and requirements.
Risk assessments, cost benefit analyses, and program evaluation results were prepared.

We also evaluated the coordination between the Office of Electronic Tax Administration (ETA) and the Business Systems Modernization Office (BSMO). The scope of the audit included discussing alternative signature initiatives with key IRS officials and reviewing available documentation.

The review was conducted as part of the legal requirement of the Treasury Inspector General for Tax Administration (TIGTA) to evaluate the adequacy and security of IRS technology. The audit was conducted between May and October 2000 in the Office of the Commissioner, Wage and Investment Division, in New Carrollton, Maryland. The audit was performed in accordance with Government Auditing Standards.

Details of our audit objective, scope, and methodology are presented in Appendix I. Major contributors to this report are listed in Appendix II.

Background

The significant growth of telecommunication networks and the increasing availability and use of computers provide the infrastructure for the Government to permit individuals the option to submit information or transactions electronically. On July 22, 1998, the President signed the IRS Restructuring and Reform Act of 1998 (RRA 98) into law, which illustrated the Congress’ intent to promote electronic filing by stipulating that the goal of the IRS should be to have at least 80 percent of all such returns filed electronically by 2007. To increase the number of electronically filed returns, the ETA Office has implemented PINs as an alternative to handwritten signatures for individual tax returns and business tax returns filed using any of the three electronic filing options:

e-Filing – Returns are transmitted through a third party, such as a tax practitioner.
TeleFile – Taxpayers transmit their returns directly to the IRS over telephone lines using a touch-tone telephone.
On-Line Filing – Taxpayers transmit their returns through an on-line intermediary using a personal computer.

Details of the alternative signature initiatives for each of the electronic filing options are contained in Appendix IV.

Results

The efforts of the ETA Office to implement alternatives to handwritten signatures have contributed to the significant increase in electronically filed individual tax returns. The IRS’ involvement in electronic filing began in 1986 with the transmission of 25,000 individual returns from a few tax return preparers. As of September 24, 2000, the IRS had electronically received approximately 35 million (28 percent) of the 126 million individual returns filed, which represented an increase of over 20 percent from the prior year.The number of returns that were signed with a PIN increased over 75 percent to 12 million in 2000 from 6.8 million in 1999. The Office of Management and Budget (OMB) has recognized the IRS as an agency pioneering the use of PINs as an electronic signature.

In the effort to increase the number of electronically filed returns and make the electronic filing process paperless, the IRS:

Implemented electronic signatures in accordance with the RRA 98.
Considered implementation and litigation risks in adopting signature alternatives.
Coordinated with the BSMO regarding current alternative signature initiatives and long-range plans.

However, the ETA Office has not finalized requirements defining the minimum acceptable controls for the use of PINs as alternative signatures for electronically filed returns. Therefore, the authentication controls in the signature alternatives varied from stringent controls where PINs were issued by the IRS and matched to IRS records during tax return processing to lesser controls where PINs were selected by the taxpayers and not verified during processing. Since the electronic filing program has expanded to include more complex returns with a higher risk for abuse (e.g., returns with business schedules that have more potential for unreported income or unsubstantiated deductions), it is important that the IRS define the acceptable PIN requirements for use in legal actions involving fraudulent returns.

In addition, the ETA Office did not prepare detailed cost benefit analyses for the operational alternative signature initiatives and, except for the 1040 and 941TeleFile initiatives, did not prepare comprehensive assessments of program performance. Therefore, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.

The Internal Revenue Service Has Not Finalized Requirements for the Use of Personal Identification Numbers as Alternative Signatures

The ability to implement a trusted alternative signature while not placing an unreasonable burden on taxpayers presents a significant challenge. In a memorandum issued on March 24, 1997, the Chief Taxpayer Service stated that the ETA Office was responsible for articulating an IRS authentication policy to include the use of PINs and the level of authentication needed for various types of transactions. However, the ETA Office has not finalized requirements for the use of PINs as alternative signatures for electronically filed returns. Therefore, the authentication controls in the signature alternatives varied from stringent controls where PINs were issued by the IRS and matched to IRS records during tax return processing to lesser controls where PINs were selected by the taxpayers and not verified during processing.

The recent and rapid growth of technology has contributed to the lack of specific requirements that agencies must comply with regarding the implementation of electronic signatures. For example, the Department of the Treasury Security Manual section on electronic signature security has not been developed.

However, guidance has been issued by other agencies on the use of PINs as electronic signatures, which the IRS should consider when developing the requirements for using PINs to minimize the likelihood of repudiation (i.e., an argument by the person that he/she did not sign the return with the electronic signature). For example, on May 2, 2000, the OMB issued the following guidance on the acceptance of PINs as an electronic signature:

The PIN should be a shared secret between the user and the system.
The system should check the PIN against a database to ensure its correctness and authenticate the user.
The individual should be advised of the requirement to maintain the secrecy of the PIN.
Procedures should be issued for the PIN detailing the terms and conditions.

The user should be advised that entering the PIN will carry the same significance as a handwritten signature.

A contractor has also developed a draft authentication security policy and implementation guide for the IRS. Although the stated purpose of the authentication security policy is to "establish the minimum requirements for authentication to be used when accessing information systems" and does not specifically address the signing of tax returns, the ETA Office explained that the documents would be used to develop the policy for electronic signatures. The authentication elements contained in the draft document would improve the effectiveness of controls over PINs as alternative signatures.

Methods to authenticate the taxpayer varied among the PIN initiatives

An electronic signature is commonly defined as a method of signing an electronic message that:

Identifies and authenticates a particular person as the source of the electronic message.
Indicates such person’s approval of the information contained in the electronic message.

Public Key Infrastructure (PKI) technology, through the use of digital signatures and encryption, is widely considered the future solution to concerns over the authenticity, integrity, and confidentiality of electronic transactions. The IRS also considers the use of digital signatures as a long-term solution; therefore, all the current alternative signature initiatives incorporate the use of a PIN as the filer’s signature. While PINs do not provide electronic authentication to the same degree as PKI, they permit the IRS to move away from the traditional "pen-to-paper" signatures.

During the 2000 Filing Season, the IRS allowed both individual and business filers to use PINs as an alternative signature to sign their tax returns for each of the three electronic filing options. However, the methods to authenticate the taxpayer varied among the PIN initiatives and some did not include several of the OMB suggested requirements (see Appendices IV and V). The variances include:

Two of the six PIN alternative signature initiatives required a separate enrollment process.
The PINs for 2 initiatives consisted of 10 digits compared to 5-digit PINs for the other initiatives.
The IRS verified the PIN to authenticate the filer in five of the six initiatives.
The IRS issued PINs for only four of the initiatives. The PIN for the fifth initiative consisted of the first five letters of the filer’s last name and the PIN for the sixth initiative was created by the filer.
The IRS advised the taxpayer of the requirement to maintain secrecy of the PIN and issued revenue procedures detailing the terms and conditions for using the PIN for two initiatives.

Planned methods to authenticate taxpayers in the new Self-Select PIN initiative will increase the difficulty of proving who filed the tax return

To attain the goals established by the RRA 98, the Commissioner issued a memorandum on January 3, 2000, emphasizing the need to eliminate the taxpayer signature document on electronically filed tax returns, since it posed an unnecessary taxpayer burden, and suggesting other actions that should be taken to expand electronic filing. On April 10, 2000, an IRS task force recommended self-selected PINs as a near-term solution and digital signatures as a long-term solution to improving the controls over electronic signatures.

Beginning in 2001, the IRS will implement a new alternative signature initiative called the Self-Select PIN. Instead of being issued PINs, taxpayers will create their own 5-digit PIN that will be used as a signature when filing their electronic tax returns. Since the PIN is self-selected, it will not be verified during processing. The IRS will attempt to improve the identification of the tax return filers by requiring them to provide their adjusted gross income and total tax figures from the prior year’s tax return as shared secrets.

Since shared secret information is available to persons other than the taxpayer, it may be difficult to assure that the taxpayer submitted the information. For example, at a June 21, 2000, Internal Revenue Service Advisory Council (IRSAC) meeting with the IRS, an IRSAC member pointed out that return information is shared with mortgage companies, tax return preparers, and many others. An unscrupulous employee of these companies or the IRS could access this information and use it to file multiple fraudulent returns. In addition, the IRS has in the past sometimes provided tax account information over the telephone without properly authenticating the identity of the caller, which would allow an individual access to the shared secret information for use in filing fraudulent returns (see TIGTA audit report, The Internal Revenue Service Needs to Improve Telephone Authentication Practices to Better Prevent Unauthorized Tax Account Disclosures [Reference Number 2000-10-026, dated February 2000]).

Management advised us that the validity checks (e.g., matching taxpayer names and Social Security Numbers, Employer Identification Numbers, etc.) on the electronic tax returns were more stringent than those on paper returns, which would improve the assurance that the IRS received a valid tax return. While validity checks are conducted on electronic tax returns before the returns are accepted by IRS, many of the same validity checks are performed on paper returns during service center processing before the tax returns are posted to the IRS Masterfile. Therefore, the validity checks for electronic returns are similar to those for paper returns, provide little additional assurance that the return is valid, and may not prevent repudiation of the electronic signature by the taxpayer.

In addition, the IRS intends to allow tax practitioners to sign electronic tax returns for the taxpayers by entering the taxpayer’s self-selected PIN into the computer for them. Taxpayers electing this option would provide to the tax practitioner a handwritten signature on an e-file signature authorization form.

The signature authorization methodology was developed in response to an IRS survey where some practitioners indicated that the initial 1040 e-File PIN initiative was more of a barrier to electronic filing since it required the taxpayers to be present to enter their PINs into the tax practitioner’s computer. The tax practitioners stated that it was easier to mail a document to the taxpayer to obtain his/her handwritten signature than it was to have taxpayers come to their office to enter the PIN into their computer.

While allowing the tax practitioner to input the PIN for the taxpayer may be easier for the practitioner and taxpayer, this process does not ensure the secrecy of the PIN as recommended by PIN guidelines. In addition, the requirement to obtain a handwritten signature on a paper document prevents the IRS from moving to an entirely paperless electronic filing process, which was one of the original goals of the new filing initiative.

Recommendations

The Commissioner, Wage and Investment Division, should:

Finalize IRS requirements for the use of PINs as alternative signatures for electronically filed returns based on evolving guidance and the draft IRS authentication security policy and implementation guide.
Ensure that all operational alternative signature initiatives comply with the requirements.

Management’s Response: The Commissioner, Wage and Investment Division, agreed to finalize signature authentication requirements, which would include elements from the draft Authentication Security Policy for the IRS, the IRS Authentication Policy and Implementation Guidelines, and the OMB guidance. The requirements would also be incorporated into the Internal Revenue Manual or other appropriate document. In addition, the IRS will review operational alternative signature initiatives for compliance with final signature authentication requirements.

The Internal Revenue Service Lacks Detailed Cost Benefit Analyses and Program Evaluation Results for the Alternative Signature Initiatives

However, the ETA Office did not consistently follow these guidelines. For example, management did not prepare detailed cost benefit analyses for the operational alternative signature initiatives and, except for the 1040 and 941TeleFile initiatives, did not prepare comprehensive assessments of program performance. As a result, the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are not readily available.

Recommendation

The Commissioner, Wage and Investment Division, should prepare detailed program evaluations for operational PIN alternative signature initiatives, similar to the ones completed for the TeleFile initiatives, and conduct comprehensive cost benefit analyses for future initiatives.

Management’s Response: The Commissioner, Wage and Investment Division, did not agree with this finding and recommendation. IRS management believes that existing program evaluation measures and cost-related documents are sufficient in detail to evaluate the program, identify areas for improvement, and select the most feasible approach. IRS management also stated the memorandum issued on March 24, 1997, by the Chief Taxpayer Service required a comprehensive cost benefit analysis for each approved alternative method of signature (e.g., PIN) rather than each individual initiative.

Office of Audit Comment: We continue to believe that improvements are needed to ensure that the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by taxpayers are readily available. Although management indicated program evaluations were done for each alternative, we were unable to obtain documentation of the evaluations for several of the alternatives, and management did not disagree with our conclusions when we met to discuss the proposed draft report in October 2000. Specifically, we were unable to obtain documentation during the audit substantiating that a comparison of actual performance to planned results was completed for the 1040 e-File and 1040 On-Line initiatives. We were also unable to identify any documented performance measures for the 941 e-File and 941 On-Line initiatives. Without documented program evaluations, the benefits of one signature alternative over another cannot be determined.

Although IRS management stated in their response that a comprehensive cost benefit analysis was required for each approved alternative signature method, rather than for each individual initiative, we do not believe this interpretation addresses the real issue. Each signature initiative has different operations and maintenance costs (e.g., hardware and software maintenance, facilities, telecommunications, and labor) so the costs would vary between initiatives. For example, an initiative where the IRS generates and mails PINs to taxpayers and validates the PINs when used by taxpayers will obviously have different costs than an initiative where the taxpayer selects a PIN that is not recorded or used by the IRS. In addition, the General Accounting Office has previously reported that the IRS has not fully assessed the costs and benefits associated with the alternative filing methods.

Conclusion

The efforts of the ETA Office to implement alternatives to handwritten signatures have contributed to the significant increase in electronically filed individual tax returns. Our recommendations focus on establishing minimum requirements for the PIN initiatives to minimize the likelihood of repudiation by the taxpayer. Since the electronic filing program has expanded to include more complex returns with a higher risk for abuse (e.g., returns with business schedules that have more potential for unreported income or unsubstantiated deductions), it is important that the IRS define the acceptable PIN requirements for use in legal actions involving fraudulent returns. The IRS could also improve its ability to accurately determine the cost effectiveness of decisions to expand or terminate specific alternative signature initiatives and the anticipated effect on the number of electronic returns filed by preparing detailed cost benefit analyses and program evaluation results for the alternative signature initiatives.

Appendix I

Detailed Objective, Scope, and Methodology

The overall objective of this audit was to evaluate the security and administration of the Internal Revenue Service’s (IRS) alternative signature initiatives using Personal Identification Numbers (PIN) to increase the volume of electronically filed tax returns. To accomplish the objective, we:

Evaluated the process for administering each of the IRS alternative signature initiatives using PINs to determine whether they complied with existing Government and IRS policies and security requirements.

Reviewed Government and IRS policies and requirements over the security and administration of alternative signatures to determine the following:

Types of acceptable alternatives to written signatures.
Generation and content requirements for PINs as an alternative signature.
Issuance and maintenance guidelines for PINs.
Taxpayer identification and authentication guidelines.

Identified current IRS alternative signature initiatives using PINs and the process for administering and securing each of the PIN alternative signatures by comparing the following:

The application process to obtain a PIN.
The PIN generation process, including PIN format and content.
The procedures for issuing and maintaining PINs.
The process for identifying and authenticating the taxpayer.
The process of signing the return and payment document using the PIN.

Compared each of the PIN alternative signatures against existing policies and security requirements identified in audit test I.A. to determine whether the PINs were properly administered and adequately protected.

Assessed the effectiveness and efficiency of the alternative signature initiatives and the potential burden to taxpayers.

Determined whether management is evaluating program effectiveness by measuring the extent to which each of the PIN alternative signature initiatives achieves its expected results and determined whether this information is used as a basis for future decisions.
Identified the actual and potential volume of returns received over the last
5 years for each of the alternative signatures using PINs to determine the level of growth in returns filed and to evaluate the acceptance of each initiative by taxpayers.
Compared the staff, equipment, and facilities required for administering each of the PIN alternative signature initiatives to determine whether resources could be more efficiently used by implementing a universal PIN.
Determined the potential burden to taxpayers with the current use of PINs as an alternative signature by identifying the following:

Scenarios involving taxpayers having multiple PINs based on their return filing requirements.
The different methods of identifying and authenticating the taxpayers.
The various enrollment procedures and requirements to obtain PINs.

Determined whether Office of Electronic Tax Administration (ETA) management effectively communicated and coordinated with the Business Systems Modernization Office (BSMO) regarding current alternative signature initiatives and long-range plans to expand the use of PINs.

Interviewed ETA Office and BSMO management to determine the following:

How the information on the current alternative signature initiatives and long-range plans are communicated to the BSMO.
How the BSMO uses the information to coordinate interdependent modernization efforts (i.e., security or other infrastructure releases that alternative signature initiatives will depend on, etc.).
How the information on the status and milestones for modernization efforts affecting the alternative signature initiatives are communicated to ETA Office management.

Identified and reviewed documentation on the alternative signature initiatives exchanged between BSMO and ETA Office management to determine the quality and timeliness of the information.

Determined whether the IRS developed procedures for the acceptance of signatures in digital or other electronic form as required by the IRS Restructuring and Reform Act of 1998 (RRA 98).

Appendix II

Major Contributors to This Report

Scott E. Wilson, Associate Inspector General for Audit (Information Systems Programs)

Gary Hinkle, Director

Danny Verneuille, Audit Manager

Van Warmke, Senior Auditor

Olivia Jasper, Auditor

Kim McManis, Auditor

Niurka Thomas, Auditor

Appendix III

Report Distribution List

Commissioner N:C

Director, Electronic Tax Administration W:E

Associate Commissioner for Business Systems Modernization B

Director, Legislative Affairs CL:LA

Director, Office of Program Evaluation and Risk Analysis N:ADC:R:O

Chief Counsel CC

National Taxpayer Advocate TA

Office of Management Controls N:CFO:F:M

Audit Liaison:

Director, Electronic Tax Administration W:E

Appendix IV

Overview of the Alternative Signature Initiatives

The Internal Revenue Service’s (IRS) Office of Electronic Tax Administration (ETA) has implemented Personal Identification Numbers (PIN) as an alternative to handwritten signatures for individual tax returns and business tax returns filed by any of the three electronic filing options:

e-Filing – Returns are transmitted through a third party, such as a tax practitioner.
TeleFile – Taxpayers transmit their returns directly to the IRS over telephone lines using a touch-tone telephone.
On-Line Filing – Taxpayers transmit their returns through an on-line intermediary using a personal computer.

Alternative Signature Initiatives for Individual Tax Returns

For individual filers, the IRS currently employs three alternative signature initiatives permitting PINs as signatures for electronically filed tax returns.

1040 e-File - Eligible taxpayers were required to use tax practitioners selected by the ETA Office. Taxpayers were allowed to create their own 5-digit numeric PIN to sign their returns. However, IRS guidelines still required a handwritten signature on an authentication worksheet that was printed and retained by the tax practitioner.

1040 TeleFile - Taxpayers were allowed to file simple tax returns with the IRS 7 days a week, 24 hours a day using a touch-tone telephone. The IRS mailed eligible TeleFile participants a special tax package containing a one-time use PIN, called a Customer Service Number, to sign the return.

1040 On-Line - Eligible taxpayers were mailed a postcard containing a one-time use e-File Customer Number to sign their returns. This initiative included taxpayers who had prepared their tax returns in the previous filing season using a computer.

As shown in Table 1, the number of individual tax returns signed with an alternative signature increased substantially from 6.8 million in 1999 to nearly 12 million in 2000. The 1040 e-File initiative received the most returns and experienced the largest growth. The 1040 On-Line initiative return volumes also increased, while the 1040 TeleFile initiative actually experienced a decrease in volume for the second consecutive year.

Table 1: Growth of Individual Tax Returns Using Alternative Signatures

Electronic Filing Option	1999	2000	Percent of Change: 1999 - 2000
1040 e-File	499,606	5,420,294	985%
1040 TeleFile	5,664,496	5,161,333	-9%
1040 On-Line	660,209	1,414,430	114%
Total	6,824,311	11,996,057	76%

Note: The tax return volumes for 1999 include total receipts for the1999 Filing Season, January 1 through October 15, 1999, while the tax return volumes for 2000 represent total receipts for the period January 1 through September 24, 2000.

Source: IRS Service Center Processing and Production Reports.

Alternative Signature Initiatives for Business Tax Returns

For business filers, the IRS currently employs three alternative signature initiatives permitting PINs as signatures for electronically filed tax returns.

941 e-File - Any business or reporting agent filing 10 or more Form 941 returns was allowed to electronically transmit returns directly to the IRS via dial-up telephone lines. Participants were required to submit a Letter of Application (LOA) to participate and receive approval from the IRS. Upon approval, reporting agents were issued a user identification/password and PIN that was used to sign all returns filed.

941 TeleFile - Small businesses were allowed to file Form 941 returns using a touch-tone telephone. The IRS mailed eligible businesses a special Form 941 tax package containing the business name, address, and Employer Identification Number, which was used in conjunction with total third quarter deposits to authenticate the filer. The filer’s Social Security Number and a PIN consisting of the first five letters of the filer’s last name were used to sign the return.

941 On-Line - Business filers were allowed to use off-the-shelf tax preparation software to file Form 941 returns through third party transmitters. Participants were required to submit an LOA to the IRS through a third party transmitter. Upon approval, business filers were assigned and mailed a PIN for use as an electronic return signature. The 941 On-Line filing initiative was rolled out nationwide on April 1, 2000, and the IRS had received 64 returns as of May 14, 2000.

As shown in Table 2, the number of business tax returns signed with an alternative signature increased from 1.9 million in tax year 1998 to approximately 2.2 million in 1999. The 941 e-File initiative experienced a 24 percent growth, while the volume for the 941TeleFile initiative decreased. As previously stated, the 941 On-Line filing initiative was not rolled out nationwide until April 1, 2000.

Table 2: Growth of Business Tax Returns Using Alternative Signatures

Electronic Filing Option	1998	1999	Percent of Change: 1998 - 1999
941 e-File	1,024,153	1,272,811	24%
941 TeleFile	920,222	887,488	-4%
941 On-Line	Not Applicable	Not Applicable	Not Applicable
Total	1,944,375	2,160,299	11%

Note: Business Returns are filed quarterly. To effectively measure annual growth, full calendar year receipts for 1998 and 1999 were compared.

Source: IRS Service Center Processing and Production Reports.

Appendix V

Evaluation of the Alternative Signature Controls

Office of Management and Budget (OMB) Guidance for Electronic Signatures Using a Personal Identification Number (PIN)	941 e-File	941 On-Line	1040 TeleFile	1040 On-Line	941 TeleFile	1040 e-File
Taxpayer advised of the requirement to maintain secrecy of the PIN.	√	√
Revenue Procedures issued detailing the terms and conditions for using the PIN.	√	√
PIN is a shared secret between the user and the system.	√	√	√	√
PIN is verified by the system against a database to ensure its correctness and authenticate the user.	√	√	√	√	√
Taxpayer is advised that a PIN signature is equivalent to a handwritten signature.	√	√	√	√	√	√

Appendix VI

Management’s Response to the Draft Report

The response was removed due to its size. To see the complete response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.