TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

Increased Automated Controls Could Further Improve Accountability Over Manual Refunds

 

 

 

September 14, 2009

 

Reference Number:  2009-40-131

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

Phone Number   |  202-622-6500

Email Address   |  inquiries@tigta.treas.gov

Web Site           |  http://www.tigta.gov

 

September 14, 2009

 

 

MEMORANDUM FOR COMMISSIONER, WAGE AND INVESTMENT DIVISION

 

FROM:                            Michael R. Phillips /s/ Michael R. Phillips

                                         Deputy Inspector General for Audit

 

SUBJECT:                    Final Audit Report – Increased Automated Controls Could Further Improve Accountability Over Manual Refunds (Audit # 200840033)

 

This report presents the results of our review to determine if controls over manual refunds are effective in minimizing the risk of issuing erroneous refunds.  The audit scope included both individual and business manual refunds issued during Calendar Years 2005, 2006, and 2007.  This audit was initiated at the request of the Commissioner, Wage and Investment Division.

Impact on the Taxpayer

During Calendar Year 2007, the Internal Revenue Service (IRS) issued approximately 184,000 manual refunds totaling over $1.5 billion to individual taxpayers and approximately 70,000 manual refunds totaling almost $32 billion to business taxpayers.  Our review identified that electronic data files supporting manual refund transactions were inaccurate, incomplete, and not always maintained by the IRS.  As a result, neither the IRS nor its oversight organizations are able to perform systemic analyses to identify erroneous manual refunds.  Given the large dollar amounts involved with manual refunds, this could result in a significant loss of Federal Government revenues.

Synopsis

A manual refund is a refund that is not generated through normal Master File[1] computer processing.  Manual refunds can be issued within 2 to 3 business days, compared to the 6 to 16 business days for the issuance of a Master File computer-generated refund based on the filing of a tax return.  There are two ways IRS employees can initiate a manual refund:  1) via the Integrated Data Retrieval System (IDRS),[2] or 2) a manual refund posting voucher (non-IDRS).[3]

The current process to request and approve manual refunds is paper driven.  Increased automated controls are needed to improve accountability.

IRS management acknowledges that the manual refund process presents a higher risk because these refunds are not handled through its normal systemic process.  The majority of the process to request and approve the billions in manual refunds is a paper-driven manual process.

Our review identified that controls have been implemented in an effort to minimize the risk of issuing erroneous manual refunds.  These controls include:

·        Ensuring no employee can systemically input and authorize a manual refund payment.

·        Requiring the completion of a request form.

·        Requiring an Approving Official (front-line manager) to review manual refund request packages and approve via signature the legitimacy of the manual refund transaction.

Nonetheless, increased automated controls could further improve the accountability and efficiency over manual refunds.  Our review identified that electronic data files supporting manual refund transactions were inaccurate, incomplete, and not always maintained by the IRS.  Furthermore, the managerial approval of manual refunds is a manual, resource-intensive process.  Current processes enable IRS employees to electronically request manual refunds, electronically confirm the accuracy of information, and electronically confirm and generate the issuance of the refund.  Yet the most significant control in the process, managerial approval, is not recorded electronically.  Although a prepared request form is required to initiate a manual refund, and is the only document which provides proof of managerial approval, we were not always able to obtain the request form and related documentation. 

The manager is the Approving Official responsible for reviewing the manual refund to ensure the validity of the transaction.  This is confirmed via a manual signing of the request form.  However, because the managerial approval is only notated on the request form, and not the electronic record, it reduces management’s ability to identify potentially fraudulent manual refunds because of the volume of transactions.

Recommendations

To improve accountability over manual refunds, we recommended that the IRS ensure the identification number of the manual refund Requestor is not overridden on the IDRS electronic data file.  For non-IDRS manual refund transactions, the IRS should ensure the Requestor’s employee identification number is captured in electronic data files.  Also, the IRS should establish a standardized computer record that includes key information on non‑IDRS manual refunds and establish a process to regularly obtain the electronic data file for use in monitoring the program.  To increase accountability, the IRS should develop a process to provide for a systemic managerial approval.  In the interim, the IRS should capture the identification number of the Approving Official in the IDRS and Secure Payment System electronic data files.

Response

IRS management agreed with all of our recommendations and is taking actions to address the recommendations.  The IRS agreed to direct employees not to overlay the Requestor’s IDRS number with a generic number.  The IRS also plans to submit a Unified Work Request to include an employee identification number for the originator and approving official for all manual refunds with the Transaction Code 840 refund record (contingent on funding availability).  The information will be retained in an IRS electronic file.  The IRS also indicated the audit trail information provided by the Unified Work Request will impact the remaining two recommendations.

The IRS provided comments regarding the missing manual refund request packages.  The IRS stated the Government Accountability Office (GAO) and the IRS Chief Financial Officer tested internal controls, including requesting manual refund documents during the financial statement audit, and that no problems were identified with the process.  Due to concern about the file retrieval problem we experienced, campus audit coordinators ordered the missing documents again.  According to the IRS, in 12 business days they were able to account for the documents.  IRS management also commented that steps were being taken to return Files operations to IRS from a contractor during the audit period, and that the backlogs during this period contributed to delays.  Management’s complete response to the draft report is included as Appendix VII.

Office of Audit Comment

As we reported, we were unable to obtain 336 manual refund case files.  In our attempt to retrieve these documents, we followed IRS procedures.  Management does not specify the process that it used to retrieve these files.  In discussions subsequent to our fieldwork, management advised us that it uses a special retrieval process to obtain these documents.  To obtain these documents, IRS management suggested that we should have provided a listing of case files to sample to the IRS for retrieval.  However, because of the nature of the risks associated with manual refunds, we wanted to reduce the potential for manipulation of the case files and would not have used such a process.  We requested the case files using the IDRS, which is the process specified in the IRS’ own internal procedures and is the process used by IRS employees requesting case files.  The IRS’ subsequent retrieval of the case files was by a special process outside of the process IRS employees would follow.  We remain concerned that, using its normal procedures, a significant number of case files were not received.

Copies of this report are also being sent to the IRS managers affected by the report recommendations.  Please contact me at (202) 622-6510 if you have questions or Michael E. McKenney, Assistant Inspector General for Audit (Returns Processing and Account Services), at (202) 622-5916.

 

Table of Contents

 

Background

Results of Review

Electronic Data Files Supporting Manual Refund Transactions Were Inaccurate, Incomplete, and Not Always Maintained

Recommendations 1 and 2:

Recommendations 3 and 4:

Recording Managerial Approval Electronically Could Increase Accountability

Recommendation 5:

Appendices

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Relationship and Location Tests

Appendix V – Examples of Manual Refund Request Forms

Appendix VI – Comparison by Type of Manual Refund Request – Calendar Years 2005 Through 2007

Appendix VII – Management’s Response to the Draft Report

 

 

Abbreviations

 

FMS

Financial Management Service

IDRS

Integrated Data Retrieval System

IRS

Internal Revenue Service

TIGTA

Treasury Inspector General for Tax Administration

 

 

Background

 

A manual refund is a refund that is not generated through normal Master File[4] computer processing.  During Calendar Year 2007, the Internal Revenue Service (IRS) issued approximately 184,000 manual refunds totaling over $1.5 billion to individual taxpayers and approximately 70,000 manual refunds totaling almost $32 billion to business taxpayers.  Figure 1 provides a comparison of individual and business taxpayers receiving manual refunds during Calendar Years 2005 through 2007.

Figure 1 – Individual and Business Taxpayers Receiving Manual Refunds
Calendar Years 2005 Through 2007

 

Calendar Year

2005

2006

2007

Individual Taxpayers

177,768

191,323

183,764

Manual Refund Dollar Amount

$1,313,639,918

$1,607,039,598

$1,516,216,443

Business Taxpayers

62,703

69,228

69,729

Manual Refund Dollar Amount

$26,356,360,765

$30,819,398,979

$31,859,403,659

Source:  Treasury Inspector General for Tax Administration (TIGTA) analysis of IRS manual refund data.

Manual refunds can be issued within 2 to 3 business days, compared to the 6 to 16 business days for the issuance of a Master File computer-generated refund based on the filing of a tax return.  Manual refunds can be issued to any person and to any address.  The name and address do not have to match the name and address on the taxpayer account from which the manual refund was generated.  Most IRS functions (e.g., Accounts Management, Compliance, and the Taxpayer Advocate Service) can request the issuance of a manual refund.

Common reasons manual refunds are issued are to:

·        Save the Federal Government interest.

·        Help taxpayers who are experiencing a hardship.

·        Prevent offsets[5] during processing of injured spouse claims. 

·        Enable special processing of refunds over $1 million or under $1. 

·        Provide refunds to claimants on deceased taxpayer accounts.

There are two ways IRS employees can initiate a manual refund:  1) via the Integrated Data Retrieval System (IDRS),[6] or 2) a manual refund posting voucher (non-IDRS).[7]

Manual refunds requested via the IDRS:

A total of 729,684 manual refunds totaling almost $19 billion were requested via the IDRS for Calendar Years 2005 through 2007.

·        The Requestor prepares a Request for IDRS Generated Refund (Form 5792).[8]  Information from the request form is entered into the IDRS computer system by the IDRS Input Employee,[9] and required supporting documentation (e.g., forms related to claims for injured spouse, carryback losses, death certificates, etc.) is attached to the Form 5792.  The manual refund request package is then forwarded for approval to the Approving Official (front-line business unit manager). 

·        The Approving Official reviews the manual refund request package to ensure the validity of the transaction and confirms this by signing the Form 5792.  The Approving Official then sends the manual refund request package to the Manual Refund Unit for processing. 

·        An employee in the Manual Refund Unit visually matches the Approving Official’s signature on Form 5792 to a book of approval signatures.  If the approval signature is accepted as being a match, the employee (the IDRS Verifying Employee) then rekeys information from the Form 5792 into the IDRS to confirm the accuracy of the information input by the Requestor.  If the information agrees, the transaction is forwarded systemically to the FMS[10] Secure Payment System.[11]  The manual refund request package is then forwarded to a Certifying Officer.

·        The Certifying Officer reviews the package and certifies the transaction on the Secure Payment System, which results in the refund being issued.

·        The Form 5792, along with any original supporting documentation, is sent to Files Management for storage and retention.

Manual refunds requested via manual refund posting voucher (non-IDRS):

A total of 24,831 manual refunds totaling $74.5 billion were requested via a manual refund posting voucher (non-IDRS) for Calendar Years 2005 through 2007.

·        The Requestor prepares a Manual Refund Posting Voucher (Form 3753),[12] attaches required supporting documentation, and forwards the manual refund request package for approval to an Approving Official (front-line business unit manager).

·        The Approving Official reviews the manual refund request package to ensure the validity of the transaction and confirms this by signing the Form 3753.  The Approving Official then sends
the manual refund request package to the Manual Refund Unit for processing. 

·        An employee in the Manual Refund Unit visually matches the Approving Official’s signature on the Form 3753 to a book of approval signatures.  If the approval signature is accepted as being a match, the manual refund request package is then forwarded to a Data Entry Operator. 

·        The Data Entry Operator enters information directly into the Secure Payment System, bypassing the IDRS.  The manual refund package is then forwarded to a Certifying Officer. 

·        The Certifying Officer reviews the request and certifies the transaction on the Secure Payment System, which results in the refund being issued. 

·        The Form 3753 and supporting documentation are sent to be recorded via a journal entry into IRS computers (this needs to be done because the refund was not initiated through the IDRS).  The Form 3753 and supporting documentation are then returned to the Manual Refund Unit.  A copy of the Form 3753 and supporting documentation are to be retained for 18 months after the end of the processing year.  The original Form 3753 and supporting documentation are retained in the Manual Refund Unit or sent to Files Management for storage and retention.

Figure 2 provides a high-level overview of the request, approval, and refund issuance process.

Figure 2 – Employee Roles in Processing Manual Refunds

Figure 2 was removed due to its size.  To see Figure 2, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Manual refunds present a high risk of fraud

IRS management acknowledges that the manual refund process presents a higher risk because these refunds are not processed through its normal systemic process (i.e., refunds issued based on the filing and processing of tax returns).  The majority of the process to request and approve the billions of dollars in manual refunds is based on a paper-driven manual process.  As such, the risk for potential issuance of fraudulent refunds is increased.

An example from another government agency illustrates the risk involved in manual refund payments.  An employee of the District of Columbia government embezzled more than $48 million over a 20-year period.  The employee generated fraudulent property tax refund requests.  Some documentation supporting the requests appeared to be valid and legitimate.  Other supporting documentation was either absent or so disorganized that records could not be located or did not make sense.  The employee perpetrating the fraud benefited from the lack of effective automated controls.  Approving managers trusted this employee and did not perform adequate reviews of the refund requests. 

This audit was conducted at the request of the Commissioner, Wage and Investment Division.  This review was performed in coordination with FMS staff in Washington, D.C.; at the IRS National Headquarters in Washington, D.C.; at the Fresno Submission Processing Campus in Fresno, California;[13] and with other IRS submission processing campuses through contact with the IRS liaison during the period May 2008 through April 2009.  We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.  Detailed information on our audit objective, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

 

Results of Review

 

Controls have been implemented in an effort to minimize the risk of issuing erroneous manual refunds.  These controls include:

·        Ensuring no employee can systemically input and authorize payment on the same manual refund.

·        Requiring the completion of either Form 5792 or Form 3753.

·        Requiring an Approving Official (front-line manager) to review manual refund request packages and approve, via signature, the legitimacy of the manual refund transaction.

·        Capturing some key transactional information in an electronic audit trail[14] and other data files. 

The current process to request and approve manual refunds is paper driven.  Increased automated controls are needed to improve accountability.

However, increased automated controls could further improve accountability and efficiency over manual refunds.  Our review identified that electronic data files were either incomplete or contained inaccurate information; others were not always maintained by the IRS.  Furthermore, the managerial approval of manual refunds is only notated on the request form and not the electronic record.  Although a prepared request form is required to initiate a manual refund, and is the only document which provides proof of managerial approval, we were not always able to obtain the request form and related documentation.

Adequate information should be captured in electronic data files[15] to enable IRS management and its external oversight organizations to perform computer analyses in an attempt to identify potentially erroneous manual refunds.  The conditions cited above reduce management’s ability to identify potentially fraudulent or erroneous manual refunds because of the lack of access to adequate reliable information and the volume of transactions.  Given the dollar amounts involved with manual refunds, this could result in a significant loss of Federal Government revenues.

Electronic Data Files Supporting Manual Refund Transactions Were Inaccurate, Incomplete, and Not Always Maintained

The IRS has implemented some controls, such as separation of duties, over the manual refund process that ensure the same individual cannot systemically both request and approve a manual refund.  However, the IRS does not consistently capture and retain key information relative to manual refund transactions in its electronic data files.  Additionally, although prepared request forms are required to initiate a manual refund, we were not always able to obtain the request forms and related documentation.  The inaccurate, incomplete, and unretained electronic data files indicate that IRS management does not have the necessary information and has not included the use of electronic data files in its process to monitor the effectiveness of internal controls in reducing the risk of issuing erroneous manual refunds.  Standards for Internal Control in the Federal Government[16] require that information be recorded and communicated to management and others within the entity who need it and in a form and within a period that enables them to carry out their internal controls and other responsibilities.  If improvements are not made, both the IRS and its oversight organizations will be unable to effectively assess a multibillion dollar high-risk process.

Systemic controls provide for adequate separation of duties

Both the IDRS and the non-IDRS processes systemically prevent the same employee from inputting and forwarding a request for payment for the same manual refund:

·        The IDRS does not allow the same employee to both input a manual refund request and forward a request for payment for the same manual refund.  We observed that the IDRS Input Employee is systemically prevented from also acting as the IDRS Verifying Employee for IDRS-generated refunds.  In addition, audit trail data of IDRS command codes used to input and approve payment are kept by the IRS and contain information on who input the transaction, what taxpayer account was accessed, and when the action occurred.  Our analysis of the IDRS audit trails confirmed that no employee acted as both the IDRS Input Employee and the IDRS Verifying Employee for the same manual refund.     

·        For the non-IDRS requests, the Secure Payment System prevents the same employee from inputting and approving payment for the same manual refund.  Representatives from the FMS confirmed that Secure Payment System systemic controls prevent the same person from having Data Entry Operator access (ability to input a manual refund request) and Certifying Officer access (ability to approve the issuance of a manual refund) for the same manual refund transaction.  The FMS has implemented access and password security controls over the system.  Our analysis of transactional information we obtained from the FMS verified that none of the manual refund records were input and approved by the same employee.

Electronic data files capture certain manual refund transactional information, but improvements are needed to increase accuracy and completeness

Both the IRS and the FMS are capturing certain transactional information relating to manual refunds issued via the IDRS and non-IDRS (directly through the Secure Payment System) methods.  For IDRS requests, the audit trail file captures the identity of the employees who input and approve payment for IDRS manual refunds.  For most IDRS transactions, the employee number for the employee who requested the manual refund, although not captured on the audit trail file, is input to the IDRS along with other information on the Form 5792.  For non-IDRS requests, the FMS Secure Payment System data file includes the identities of the IRS employees who input the manual refund transactions, along with the IRS employees who certified the refunds for payment.

However, electronic data files did not always accurately reflect the IRS employee initiating a manual refund.  Specifically, we identified that:

·        Invalid Requestor employee numbers[17] for thousands of IDRS manual refund transactions have been recorded in the IDRS.

·        The Requestor identity for non-IDRS transactions is never recorded in an electronic data file.

Our review identified over 58,000 manual refund transactions for which the electronic data files did not accurately identify the Requestor.  Specifically, from 2005 through 2007:

Over 58,000 manual refund transactions did not have accurate Requestor information on the electronic record.

·        Over 33,000 manual refund transactions initiated via the IDRS had an invalid employee identification number for the Requestor.  The IRS sometimes overlaid the employee number with a non-employee number to generate a single listing of manual refund posting activity from the requesting unit.  Instead of the Requestor’s employee number being used as the employee needing to monitor the account, a unit employee number is used to help ensure at least one employee in the unit monitors the account.  The purpose is to facilitate oversight and address a known internal control weakness that allowed erroneous refunds to be issued.[18]  Nevertheless, omitting the Requestor identity from the electronic records has reduced the ability to trace transactions to requesting employees and to detect suspicious employee activity.

·        Almost 25,000 non-IDRS manual refund requests did not have the Requestor identity captured in an electronic data file.  This results from non-IDRS manual refund requests being input directly to the Secure Payment System by a Manual Refund Unit Data Entry Operator, rather than by the requesting employee.  Again, omitting the Requestor identity from the electronic records has reduced the ability to trace transactions to requesting employees and to detect suspicious employee activity.  Adding to this concern, all manual refunds of $10 million and over must be requested via a non-IDRS manual refund request.

The lack of data to identify the Requestor of the manual refund reduced our ability to identify potentially fraudulent manual refund transactions because we were unable to perform data analysis (see Appendix IV) to determine if a relationship exists between the recipient of the manual refund and the Requestor.  See Figure 3 for a summary of the manual refunds for which the electronic data file did not accurately reflect the Requestor initiating the refund.

Figure 3 – Manual Refunds for Which Electronic Data
Did Not Accurately Reflect the Requestor Initiating the Refund

 

Calendar Year

2005

2006

2007

IDRS refunds with invalid employee number

573

13,863

19,272

$867,764

$25,056,087

$42,363,542

Non-IDRS refunds for
$10 million or more

508

540

623

$19,278,461,025

$23,200,977,589

$22,512,915,253

Non-IDRS refunds for less than $10 million

7,293

7,235

8,632

$2,780,225,593

$3,125,151,411

$3,646,794,375

Totals

8,374

21,638

28,527

$22,059,554,382

$26,351,185,087

$26,202,073,170

Source:  TIGTA analysis of IRS manual refund data.

 

The IRS did not maintain Secure Payment System transactional files and the format of data captured was not consistent, which reduces the ability to perform data analysis

The IRS does not retain Secure Payment System electronic data files from the FMS (these are the files that capture information relating to non-IDRS manual refunds).  IRS management noted that the paper trail is adequate for historic purposes and that the FMS retains the non-IDRS manual refund file information.  However, discussions with FMS personnel identified that it would be difficult for the IRS to access historic Secure Payment System files because they are stored in archives that are not readily accessible to the FMS as part of routine operations.  It took the FMS almost 2 months to provide us our requested Secure Payment System data output.

In addition, the Secure Payment System file with non-IDRS transactions we obtained from the FMS was difficult to work with due to the different formats used in the description fields where taxpayer information (e.g., who the refund was issued to, type of tax return, or tax period) is located.  For example:

·        The type of tax return was not consistently identified.  Either a code or a form number could be used to indicate to what tax return the refund related (e.g., Master File Tax Code 30 or Form 1040).

·        The tax year was not consistently documented.  The tax year could be indicated by a format with 4 or 6 digits for the month and year (e.g., 0612 or 200612 to indicate December 2006).

·        The location (starting character number) of this information varied within the field.

Examples of actual descriptions include:

·     200512 F 1040 IRS FRESNO

·     RMT*TN*F1040 TY9912*03/79.26*04/3.65

·     F1040  TY9412

·     30 200512 82

Consequently, even if the IRS was to retain copies of the data, analysis would be very difficult.  While the meaning could usually be determined by a visual examination of the field contents, it was extremely difficult to extract by a computer program.  By developing a standardized description format, the IRS would be able to conduct computerized analyses of these manual refunds. 

Request forms are required to be prepared, but some were missing

The IRS was unable to provide us with 336 (39 percent) of the 851 manual refund request packages we requested.  Specifically, IRS procedures require either a Form 5792 or Form 3753 to be prepared by an employee requesting a manual refund.  The IRS noted that the request forms and attachments are the key support for manual refund transactions.  The request forms are the only source of information that can be used to identify the Approving Official who approved the request information.

Standards for Internal Control in the Federal Government state that transaction documentation, whether paper or electronic, should be readily available for examination and all documentation and records should be properly managed and maintained.  The unavailability of both paper and electronic records increases the risk that fraud could occur and remain undetected. 

Transactions having certain characteristics have been referred to the Office of Investigations

Because the Requestor of the manual refund could not be identified from the data file, we were unable to perform tests (see Appendix IV) to determine if a relationship exists between the recipient of a manual refund and the Requestor.  However, based on our risk assessment, we have identified individual and business manual refund transactions that we consider to have characteristics that increase the potential that the refund could have been inappropriately issued.  We have referred these transactions to our Office of Investigations.  These manual refund transactions include refunds to taxpayers or addresses that are different from the owner of the tax account.  We will continue to work jointly with our Office of Investigations to identify IRS employees that may have inappropriately issued a manual refund.

Recommendations

The Commissioner, Wage and Investment Division, should:

Recommendation 1:  Ensure the Requestor’s employee identification number is not overridden on the IDRS electronic data file.

Management’s Response:  IRS management agreed with this recommendation.  The Internal Revenue Manual 21.4.4 has been revised to require that a separate control be established in the IDRS for monitoring all manual refunds.  An interim procedural update will direct employees not to overlay the Requestor’s IDRS number with a generic number when initiating IDRS manual refunds.

Recommendation 2:  Ensure the Requestor’s employee identification number is captured in electronic data files for non-IDRS manual refunds.

Management’s Response:  IRS management agreed with this recommendation.  A Unified Work Request will be submitted by October 1, 2009, to include the Standard Employee Identification number of the Requestor and Approving Official for all manual refunds.  This information will be included in the Transaction Code 840 refund record that displays on the Master File and Non-Master File.  Form 3753 and Form 5792 will be updated to capture the Requestor’s and Approving Official’s Standard Employee Identification number.  Implementation is contingent upon Modernization and Information Technology Services funding. 

Recommendation 3:  Establish a process to regularly obtain the electronic data file that includes key information relative to those non-IDRS manual refunds for use in monitoring the manual refund program.

Management’s Response:  IRS management agreed with this recommendation.  The Unified Work Request that the IRS is submitting for corrective action to Recommendation 2 (to update the Transaction Code 840 refund record for manual refunds) will give the IRS the required information that can be maintained as an electronic file.  This file will be supported by Modernization and Information Technology Services and available on request.  

Recommendation 4:  Establish input procedures for non-IDRS manual refund requests entered into the Secure Payment System to include a standardized computer record.  The standardized record format with key information will allow for easy data analysis.

Management’s Response:  IRS management agreed with the need for an audit trail and computer records.  Although the IRS will not be changing the Secure Payment System, the Unified Work Request to update the Transaction Code 840 refund record for manual refunds will allow the Master File to store an electronic audit trail for easy data analysis.  Implementation is contingent upon Modernization and Information Technology Services funding.  

Recording Managerial Approval Electronically Could Increase Accountability

The managerial approval process is manual, vulnerable to circumvention, and difficult to evaluate because of the volume of transactions.

The managerial approval process is a manual, resource‑intensive process.  Current processes enable IRS employees to electronically request manual refunds, electronically confirm the accuracy of information, and electronically confirm and generate the issuance of the refund.  Yet the most significant control in the process, managerial approval, is not recorded electronically.  The manager is the Approving Official responsible for reviewing the manual refund to ensure the validity of the transaction.  This is confirmed via the manager’s written signature on the manual refund request form.  However, the volume of manual refund transactions, combined with the fact that managerial approval is only notated on the paper request form (and not the electronic record), reduces management’s ability to identify potentially fraudulent manual refunds.

Each time a new Approving Official is added or there is a change to the status of an Approving Official, new signature sheets need to be obtained and maintained in the signature verification log (or removed from the log).  Additionally, current signature sheets should be updated at least annually.  Manual Refund Units are located at seven IRS campuses, and each campus maintains its own book of applicable managers’ signatures.  As of June 2008, there were a total of almost 2,200 Approving Official signature sheets throughout the 7 IRS campuses.  This paper process presents the risk that someone can circumvent the approval control by forging a manager’s signature.

The IRS already uses automated authentication processes.  Both the IDRS and the Non-IDRS manual refund request methods include automated processes that record the individuals who input (the IDRS Input Employee or the Data Entry Operator) and approve payment (the Certifying Officer) on manual refunds.  This process also includes programming that prevents issuance if the data does not match for the two commands that are used.  These commands are captured in the audit trail data along with dozens of other types of system access commands.  However, although the review and approval by a manager is the key control to ensure the legitimacy of a manual refund request, no electronic process has been established to systemically capture the Approving Official on the electronic record of the transaction.

One way to capture Approving Official identity for manual refunds requested via the IDRS would be to have an additional command added to the IDRS for an Approving Official entry, similar to the two commands that already exist for input by the IDRS Input Employee and payment approval by the IDRS Verifying Employee.  This would allow for the Approving Official identity to be included in the audit trail files automatically for the existing system.  Including this information in electronic files could enable the IRS and its external oversight organizations to efficiently review the data to ensure management is approving each transaction.  Establishing such a process to replace the current paper signature approval process would increase the efficiency of the approval process and help minimize the potential of a manager’s signature being forged.

IRS management believes that the preparation of the manual refund request form, along with the Approving Official’s signature, provides an adequate audit trail supporting the initiation and approval of a manual refund.  IRS management stated that the current manual system is adequate, such changes would not be a high priority, and programming changes required for an electronic approval would be too expensive.  However, they did not provide information to show that such a programming change would be a significant expense.

The IRS has recently begun to scan and store manual refund documentation from the Centralized Insolvency Unit in Philadelphia to make this information accessible to all submission processing centers.  This process is newly developed; however, if the IRS is successful in scanning and storing this information and the process is cost-effective and more efficient, then this process could be expanded to include all manual refund request forms.

Recommendation

The Commissioner, Wage and Investment Division, should:

Recommendation 5:  Develop a process to provide for a systemic managerial approval to increase accountability.  In the interim, the IRS should capture the identification number of the Approving Official in the IDRS and Secure Payment System electronic data files.

Management’s Response:  With regard to this recommendation, implementation of Recommendation 2 will result in the IDRS capturing the identification number of the Approving Official.  The IRS does not own or control the Secure Payment System and cannot change the files in this FMS system.  The proposed changes to the IDRS will provide the necessary electronic audit trail.

 

Appendix I

 

Detailed Objective, Scope, and Methodology

 

The overall audit objective of this review was to determine if controls over manual refunds are effective in minimizing the risk of issuing erroneous refunds.  Our audit scope included both individual and business manual refunds of $400 or more issued during Calendar Years 2005, 2006, and 2007.  To determine if the controls over manual refunds are effective we:

I.                    Researched prior manual refund issues and previously reported control breakdowns.

A.     Requested information from the TIGTA Office of Investigations relating to manual refund investigations.[19] 

B.     Obtained and reviewed audit report findings reported by the Government Accountability Office. 

C.     Reviewed Internal Revenue Manual guidelines to identify procedures followed for initiating, approving, and issuing manual refunds.

II.                 Analyzed electronic manual refund data files (Individual and Business Master File[20] and Manual Refund IDRS[21] Processing files) from the TIGTA Data Center Warehouse to identify potential fraud cases.  We relied on data validity and reliability checks routinely done by the Data Center Warehouse staff for these files.  Our analysis included:

A.     Identifying employees who initiated and approved a manual refund for Calendar Years 2005 through 2007.

1.      Obtaining refund transaction files for both individual and business manual refunds. 

2.      Querying electronic files to identify employees initiating and approving a manual refund.

3.      Reviewing supporting paper manual refund packages for selected transactions of interest to determine if any evidence of fraud, wrongdoing, or other suspicious transactions should be referred to the TIGTA Office of Investigations.  

III.               Analyzed IDRS security profiles to identify IRS employees who have the ability to initiate and approve manual refunds.  These files were obtained from the TIGTA Data Center Warehouse.  Reliability was assessed with respect to cases reviewed, and no errors came to our attention during the review.  In addition, we reviewed security controls over FMS‑issued manual refunds. 

A.     Obtained IDRS security profiles for all IRS employees.

B.     Identified IRS employees having command codes to both initiate and approve a manual refund and determined whether any of those employees improperly initiated and approved a manual refund.

C.     Contacted the FMS[22] to obtain a listing of all IRS employees having Secure Payment System[23] access.

D.     Analyzed the security profile data to determine if IRS employees had the ability to input and certify payment of manual refunds.

IV.              Analyzed audit trail data files obtained from the TIGTA Data Center Warehouse to identify indications of IRS employees that may have fraudulently obtained manual refunds.  We relied on the data validity and reliability checks routinely done by the TIGTA Data Center Warehouse staff for these files.  Specific tests included:

A.     Obtained audit trail files containing IRS employee accesses to accounts from which manual refunds were issued during Calendar Years 2005 through 2007.

B.     Analyzed audit trail data files to determine if IRS employees have initiated and approved a manual refund for the same taxpayer.

C.     Analyzed audit trail data files to determine if IRS employees initiated and approved manual refunds to identify potential indications of fraud.

1.      Identified manual refunds issued to an IRS employee.

2.      Identified manual refunds that were mailed to addresses near the initiating or approving IRS employees’ addresses.

 

Appendix II

 

Major Contributors to This Report

 

Michael E. McKenney, Assistant Inspector General for Audit (Returns Processing and Account Services)

Russell Martin, Director

Richard J. Calderon, Audit Manager

Mary Jankowski, Lead Auditor

Sharon A. Buford, Senior Auditor

Kenneth L. Carlson, Senior Auditor

Karen C. Fulte, Senior Auditor

Glory Jampetero, Senior Auditor

John Mansfield, Senior Auditor

Steven Stephens, Senior Auditor

Jennie Choo, Auditor

Jane Lee, Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Operations Support  OS

Deputy Commissioner for Services and Enforcement  SE

Commissioner, Large and Mid-Size Business Division  SE:LM

Commissioner, Small Business/Self-Employed Division  SE:S

Commissioner, Tax Exempt and Government Entities Division  SE:T

Deputy Commissioner, Large and Mid-Size Business Division  SE:LM

Deputy Commissioner, Small Business/Self-Employed Division  SE:S

Deputy Commissioner, Tax Exempt and Government Entities Division  SE:T

Deputy Commissioner, Wage and Investment Division  SE:W

Chief, Appeals  AP

Chief Technology Officer  OS:CTO

Director, Communications and Liaison, Tax Exempt and Government Entities Division  SE:T:CL

Director, Communications, Liaison, and Disclosure, Small Business/Self-Employed Division  SE:S:CLD

Director, Customer Account Services, Wage and Investment Division  SE:W:CAS

Director, Examination, Small Business/Self-Employed Division  SE:S:E

Director, Exempt Organizations, Tax Exempt and Government Entities Division  SE:T:EO

Director, Field Specialists, Large and Mid-Size Business Division  SE:LM:FS

Director, Communication and Liaison, Large and Mid-Size Business Division  SE:LM:M:CL

Chief, Program Evaluation and Improvement  SE:W:S:PRA:PEI

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control  OS:CFO:CPIC:IC

Audit Liaisons:

Commissioner, Large and Mid-Size Business Division  SE:LM:CL

Commissioner, Small Business/Self-Employed Division  SE:COM

Commissioner, Tax Exempt and Government Entities Division  SE:T:CL

            Chief, Program Evaluation and Improvement  SE:W:S:PRA:PEI

Chief, Appeals  AP:TP:SS

 

Appendix IV

 

Relationship and Location Tests

 

  1. High volume of manual refund requests with same initiating employee and same forwarding employee combination. 

2.      Manual refunds issued to taxpayers with an IRS employee relationship to the Requestor.

3.      Large dollar manual refunds issued by employees less than 2 weeks before or after an employee separates from the IRS.

4.      Manual refunds issued to address near address of requesting employee, such as a neighbor or relative.

5.      Manual refunds requested by same requesting employee to same taxpayer in different years.

  1. Manual refunds initiated and approved by the same employee for Calendar Years 2005 through 2007.

 

Appendix V

 

Examples of Manual Refund Request Forms

 

Form 5792

 

The Form was removed due to its size.  To see the Form, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

 

 

Form 3753

 

The Form was removed due to its size.  To see the Form, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

 

Appendix VI

 

Comparison by Type of Manual Refund Request Calendar Years 2005 Through 2007

 

Individual Taxpayers

Calendar Year

2005

2006

2007

IDRS

171,839

185,686

178,045

Manual Refund Dollar Amount

$      898,113,002

$      938,161,114

$   1,036,229,311

Manual Posting
(Non-IDRS)

5,929

5,637

5,719

Manual Refund Dollar Amount

$      415,526,916

$      668,878,484

$      479,987,132

 

 

 

 

Business Taxpayers

Calendar Year

2005

2006

2007

IDRS

60,831

67,090

66,193

Manual Refund Dollar Amount

$   4,713,201,063

$   5,162,148,463

$   6,179,681,163

Manual Posting
(Non-IDRS)

1,872

2,138

3,536

Manual Refund Dollar Amount

$ 21,643,159,702

$ 25,657,250,516

$ 25,679,722,496

Source:  TIGTA analysis of IRS manual refund data.

 

Appendix VII

 

Management’s Response to the Draft Report

 

The response was removed due to its size.  To see the response, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.



[1] The IRS database that stores various types of taxpayer account information.  This database includes individual, business, and employee plans and exempt organizations data.

[2] IRS computer system capable of retrieving or updating stored information; it works in conjunction with a taxpayer’s account records.

[3] A manual refund initiated via the non-IDRS process is used when manual refunds are over $10 million, are to be paid via direct deposit, or are for hardship cases.  A table with counts and dollar amounts by manual refund request type can be found in Appendix VI.

[4] The IRS database that stores various types of taxpayer account information.  This database includes individual, business, and employee plans and exempt organizations data.

[5] Internal Revenue Code Section 6402 (a), (c), (d), and (e) requires a taxpayer’s overpayment to be applied to any outstanding Federal tax, non-tax child support, Federal agency non-tax debt, or State income tax obligation prior to crediting the overpayment to a future tax or making a refund.  This application of a tax overpayment is called a refund offset.  Refunds offset to child support, Federal agency non-tax debts, and State income tax obligations are handled by the Financial Management Service (FMS) through the Treasury Offset Program.  This occurs after a refund is certified by the IRS for payment by the FMS, but before the refund check is issued or the direct deposit is transferred to the taxpayer’s bank account.

[6] IRS computer system capable of retrieving or updating stored information; it works in conjunction with a taxpayer’s account records.

[7] A manual refund initiated via the non-IDRS process is used when manual refunds are over $10 million, are to be paid via direct deposit, or are for hardship cases.  A table with counts and dollar amounts by manual refund request type can be found in Appendix VI.

[8] See Appendix V for an example of a Form 5792.

[9] The Input Employee may be the actual Requestor or another employee, such as a clerk.  The Input Employee information, along with other systemic information, is captured in an electronic file.

[10] The FMS provides centralized payment, collection, and reporting services for Federal Government agencies.

[11] The Secure Payment System is an application that allows Government agencies to create payment schedules in a secure fashion.

[12] See Appendix V for an example of a Form 3753.

[13] Campuses are the data processing arm of the IRS.  The campuses process paper and electronic submissions, correct errors, and forward data to the Computing Centers for analysis and posting to taxpayer accounts.

[14] Electronic audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications.  Audit trails help managers maintain individual accountability.  By advising users that they are personally accountable for their actions, which are tracked by an audit trail that logs user activities, managers can help promote proper user behavior.  Users are less likely to attempt to circumvent security policy if they know that their actions will be recorded in an audit trail.  Although audit trails are essential to auditors, they are also important to agencies in their day-to-day operation of a system.  Audit trails provide agencies with information necessary to reconcile accounts, research document history, and query the data stored in the system.

[15] Electronic data files capture transactional data from the IDRS or other application programs.

[16] Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, dated November 1999).

[17] The IDRS employee number is a unique number that identifies each employee on the IDRS.

[18] Government Accountability Office reviews have found that the IRS has not provided sufficient monitoring of manual refund transaction postings.  Refund Requestors are required to monitor taxpayer accounts for which they have requested a manual refund until the manual refund transactions have posted.  In some cases, this monitoring process was not successful, and duplicate refunds were issued to taxpayers because both a manual refund and a computer-generated refund were issued, resulting in erroneous duplicate refunds to taxpayers.  See Management Report:  Improvements Needed in IRS’ Internal Controls (GAO-07-689R, dated May 11, 2007) and Management Report:  Improvements Needed in IRS’ Internal Controls (GAO-05-247R, dated April 27, 2005).

[19] There were no proven cases of employee manual refund thefts.

[20] The IRS database that stores various types of taxpayer account information.  This database includes individual, business, and employee plans and exempt organizations data.

[21] IRS computer system capable of retrieving or updating stored information; it works in conjunction with a taxpayer’s account records.

[22] The FMS provides centralized payment, collection, and reporting services for Federal Government agencies.

[23] The Secure Payment System is an application that allows Government agencies to create payment schedules in a secure fashion.