TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

Plans for the Implementation of Merchant Card Reporting Could Result in Burden for Taxpayers and Problems for the Internal Revenue Service

 

 

July 26, 2011

 

Reference Number:  2011-40-065

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

Phone Number   |  202-622-6500

Email Address   |  TIGTACommunications@tigta.treas.gov

Web Site           |  http://www.tigta.gov

 

HIGHLIGHTS

 

Plans FOR THE Implementation OF Merchant Card Reporting COULD RESULT IN BURDEN FOR TAXPAYERS AND Problems for THE INTERNAL REVENUE SERVICE

 

Highlights

Final Report issued on July 26, 2011

Highlights of Reference Number:  2011-40-065 to the Internal Revenue Service Deputy Commissioner for Services and Enforcement.

IMPACT ON TAXPAYERS

The merchant card reporting section of the Housing and Economic Recovery Act of 2008 was designed to assist the Internal Revenue Service (IRS) in matching income from sales paid with credit or debit cards to income claimed on a tax return.  This is an effort to reduce the Tax Gap.

WHY TIGTA DID THE AUDIT

This review was initiated to determine whether the IRS has a complete and detailed plan in place to control and schedule the implementation of the merchant card reporting law as intended by Congress.  The new law will add millions of additional information reporting documents to the IRS computer systems.

WHAT TIGTA FOUND

The new law requires payment settlement entities to report merchant card and third-party payments to the IRS on Merchant Card and Third Party Network Payments (Form 1099-K).

One of the stated goals of merchant card reporting is to assist the IRS in matching income from sales to income reported on tax returns.  TIGTA found that the IRS’s redesigning of Tax Year 2011 income tax forms may not facilitate a direct match between sales reported on Forms 1099-K and amounts reported on tax returns.  Based on our finding, the IRS immediately made adjustments to one tax form and is reviewing the other affected forms to make similar improvements.

The law requires payment settlement entities to withhold a percentage of gross receipts (backup withholding) on those merchants who do not ultimately provide a valid Taxpayer Identification Number and name that match IRS records.  Because of the increased volume of Forms 1099-K resulting from merchant card reporting requirements, there is a risk that mismatches might not be resolved before backup withholding becomes mandatory.  The IRS’s risk assessment and implementation plan did not contain adequate details regarding these risks as well as appropriate contingencies.  TIGTA also found that the risk assessment and implementation plan prepared by the IRS lacked other details. 

Finally, the IRS did not properly account for funds appropriated for merchant card reporting during the project’s initial stages.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the IRS monitor the amounts reported for merchant card and third-party payments to ensure there is no confusion about where to enter the amounts, the risk assessment and implementation plan adequately address mismatching names and Taxpayer Identification Numbers, sufficient detail is added to future risk assessments to address the full scope of the project, and future implementation plans indicate the full scope of the project and expected due dates.  TIGTA also recommended that the IRS ensure financial reporting is added to the risk assessment and implementation plan so costs and schedules are tracked and reported timely, and costs are accumulated when resources are first used.

In their response to the report, IRS officials agreed with the recommendations and are planning appropriate corrective actions.

 

July 26, 2011

 

 

MEMORANDUM FOR Deputy Commissioner for Services and Enforcement

 

FROM:                            Michael R. Phillips /s/ Michael R. Phillips

                                         Deputy Inspector General for Audit

 

SUBJECT:                    Final Audit Report – Plans for the Implementation of Merchant Card Reporting Could Result in Burden for Taxpayers and Problems for the Internal Revenue Service (Audit # 201040028)

 

This report presents the results of our review to determine whether the Internal Revenue Service has a complete and detailed plan in place to control and schedule the implementation of the merchant card reporting law as intended by Congress.  This audit is included in our Fiscal Year 2011 Annual Audit Plan and addresses the major management challenge facing the Internal Revenue Service of Implementing Health Care and Other Tax Law Changes.

Management’s complete response to the draft report is included in Appendix IV.

Copies of this report are also being sent to the Internal Revenue Service managers affected by the report recommendations.  Please contact me at (202) 622-6510 if you have questions or Michael E. McKenney, Assistant Inspector General for Audit (Returns Processing and Account Services), at (202) 622-5916.

 

 

Table of Contents

 

Background

Results of Review

A Multidimensional Team Is Planning the Implementation

Further Changes to Tax Forms May Be Required to Facilitate Matching Merchant Card Receipts With Amounts Reported on Tax Returns

Recommendation 1:

Steps Were Taken to Reduce Mismatches of Taxpayer Identification Numbers and Names on Information Documents, but the Risk of Backup Withholding Caused by Mismatched Documents Still Exists

Recommendation 2:

Additional Details in the Risk Assessment and Implementation Plan Could Increase the Chance of Successful Implementation

Recommendation 3:

Recommendation 4:

Financial Reporting Was Not Addressed When Expenditures Began to Be Incurred

Recommendation 5:

Appendices

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Management’s Response to the Draft Report

 

 

Abbreviations

 

 

 

Background

 

Section 3091 of the Housing and Economic Recovery Act of 2008[1] added Section 6050W to Title 26 of the United States Code (hereafter referred to as merchant card reporting), which requires payment settlement entities[2] to report payments made to merchants in settlement of payment card[3] transactions.  The reports of total gross receipts paid to each merchant are to be sent to the Internal Revenue Service (IRS) by February 28 (March 31 if filing electronically) of each year, with the first reporting due in Calendar Year 2012.  This reporting is expected to assist the IRS in matching income from sales to income reported on tax returns in an effort to reduce the Tax Gap.[4]  The law also requires payment settlement entities to withhold a percentage of gross receipts (backup withholding) on those merchants who do not ultimately provide a valid Taxpayer Identification Number (TIN) and name that matches to IRS records.  If the payment settlement entities do not withhold the percentage amount when required, they are then held responsible for the amount due.  The law is effective for tax returns with calendar years beginning after December 31, 2010.  The backup withholding of 28 percent is applicable to amounts paid after December 31, 2011.  Third-party network businesses[5] are required to report only if for the calendar year:  1) the aggregate reportable payment transactions exceed $20,000, and 2) the aggregate number of these transactions exceeds 200. 

The House Committee on Small Business held a hearing on June 12, 2008, on the proposed reporting requirement that later became part of Public Law 110-289.  Interested parties submitted testimony and expressed opinions on the effect the proposed legislation would have on small businesses and payment settlement entities.  Some had serious concerns about privacy and data security.  Others believed the negligible effect this legislation would have on the Tax Gap would not justify the significant burden placed on small businesses.  One payment settlement entity voiced concerns about the cost of compliance and the backup withholding.  After the legislation became law on July 30, 2008, the IRS issued proposed regulations on November 23, 2009, and requested comments by January 25, 2010, for a subsequent public hearing.  The hearing was held on March 15, 2010.  The IRS issued final regulations on August 16, 2010, and later issued a draft form to be used for the reporting.

The reporting requirements of Section 6050W are not entirely new to the IRS.  The IRS routinely uses information documents to verify income items on individual income tax returns and has done so for many years.

The Department of the Treasury estimated this new law would result in the additional collection of almost $10 billion over 10 years.  A letter dated April 3, 2007, was presented to the Committee on Ways and Means, Subcommittee on Oversight, which commented on the various estimates of additional income this law was to generate.  The letter stated that, “The uncertainty over the benefits of this reporting requirement is most evident in the Federal budget proposals from FY [Fiscal Year] 2007 and FY 2008.  In the FY 2007 report, the Treasury estimated that the reporting requirement would help generate $9 million in 2007, $92 million during the years 2007–2011, and $225 million during the years 2007–2016.  In contrast, the FY 2008 report stated that the reporting requirement would help generate $113 million in 2008, $3.3 billion during the years 2008–2012, and $10.8 billion during the years 2008–2017.  Both the FY 2007 and FY 2008 reports are based on data gathered from the 2001 tax year, and there is no explanation for how the proposed revenue estimate jumped astronomically from 2007 to 2008.”[6]  While the Department of the Treasury made its own estimate of the benefits of this law, the IRS currently does not have a completed estimate of how much it expects to collect.

This review was performed at the IRS National Headquarters in Washington, D.C., with the IRS Small Business/Self-Employed Division taking the role of liaison and forwarding requests to the proper offices throughout the IRS.  The audit was conducted during the period January 2010 through January 2011.  We initiated this review prior to all phases of the implementation being completed.  We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.  Detailed information on our audit objective, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

 

Results of Review

 

A Multidimensional Team Is Planning the Implementation

The IRS has a multidimensional team to plan and implement merchant card reporting.  The team consists of executive level management, project management, and program office liaisons to interact with the various functions of the IRS affected by this law.

Team meetings are held at least monthly to discuss progress, issues, and solutions that have developed and additional schedule items.  A list of working assumptions was put together early in the process, a high-level risk management plan addressing three separate laws was put together and has been updated, and an action plan has been developed.  A list of the forms that need to be revised and the new data lines that need to be put into IRS computer systems for the new reporting requirement have been initiated.  The IRS is implementing merchant card reporting and taking subsequent actions necessary to make use of the data and implement other newly passed laws that have similar reporting requirements.  Overall, the IRS has the structure in place to implement this legislative provision.  However, we do have some concerns.

Further Changes to Tax Forms May Be Required to Facilitate Matching Merchant Card Receipts With Amounts Reported on Tax Returns

The new law requires payment settlement entities to report merchant card and third-party network payments to the IRS on Merchant Card and Third Party Network Payments (Form 1099-K).  Based on our review of the regulations issued by the IRS, the payments reported on Form 1099-K may include cash back.  For example, when a customer makes a purchase, pays for the purchase with a debit or credit card, and requests cash back from the merchant, the entire amount of the transaction, including the cash back, would be included on Form 1099-K as a merchant card purchase.  However, the amount of cash back received by the customer is not income to the merchant.

The IRS is in the process of redesigning the Tax Year 2011 income tax forms and the corresponding instructions to accommodate the reporting of these merchant card and third-party payments.  One of the stated goals of the merchant card reporting legislation is to assist the IRS in matching income from sales to income reported on tax returns to reduce the Tax Gap.  In our opinion, this matching will only be efficient and effective if reporting documents and tax returns are designed to facilitate a direct match between the two sources.

We are concerned the proposed redesign of some tax forms will not facilitate such a match.  The forms involved include the following:

·         U.S. Return of Partnership Income (Form 1065).

·         U.S. Corporation Income Tax Return (Form 1120). 

·         U.S. Income Tax Return for an S Corporation (Form 1120S).

·         Profit or Loss From Business (Schedule C – U.S. Individual Income Tax Return (Form 1040)).

Figure 1 shows the new Form 1099-K.  Figure 2 describes how income on Schedule C is currently calculated.  Figure 3 describes the IRS’s planned redesign of Schedule C at the time of our review. 

Figure 1:  Proposed Form for Merchant Card and Third-Party Network Payments

Figure 1 was removed due to its size.  To see Figure 1, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Figure 2:  Lines 1–5 From 2010 Schedule C

Source:  Profit or Loss From Business Schedule C (2010).

 

Figure 3:  Income Lines From Redesigned 2011 Schedule C

Source:  Redesigned Schedule C (2011) provided by the IRS.

Form 1065, Form 1120, and Form 1120S are similarly designed.  As designed at the time of our review, taxpayers and tax preparers were to be told in the instructions to include “cash back” on line 2, “returns and allowances.”[8] 

Returns and allowances has long been defined as a contra revenue account that reports:  1) merchandise returned by a customer and 2) allowances granted to a customer for prompt payment or because the seller shipped improper or defective merchandise.  We are concerned that rather than including cash back in returns and allowances, taxpayers and preparers will either neglect to reduce their gross profits by the amount of cash back provided to their customers or they will report their merchant card and third-party payments on line 1a net of the cash back amounts. 

The Treasury Inspector General for Tax Administration presented another option for the IRS to consider, which would include specific line items on the tax returns for both merchant card sales and cash back amounts, as described in Figure 4.

Figure 4:  Additional Option for Redesigned 2011 Schedule C

Source:  Treasury Inspector General for Tax Administration Redesigned Schedule C (2011).

The IRS took immediate corrective action to address our concerns regarding Schedule C (see footnote 7) and is looking at the other forms affected (Schedules E and F (Form 1040) and Forms 1065, 1120, and 1120S) to make similar improvements to the forms and schedules and their corresponding instructions.

Misreporting cash back may result in a mismatch when the IRS compares gross receipts from merchant card payments as reported on the tax return with amounts on Form 1099-K.  These mismatched amounts may cause the IRS to contact the taxpayer for an explanation, increasing the burden on both the taxpayer and the IRS.

Recommendation

Recommendation 1:  The Commissioner, Small Business/Self-Employed Division, should ensure that changes similar to those drafted for Schedule C are made to Schedules E and F (Form 1040) and Forms 1065, 1120, and 1120S to confirm that there is no confusion about where to enter cash back on the income tax return to arrive at taxable income and that the amounts entered on the tax return can be matched with amounts on Form 1099-K.  The IRS should monitor the ‘merchant card and third-party network payments’ amounts that taxpayers enter on their income tax return to ensure that taxpayers and preparers understand how to properly report gross receipts and cash back amounts.  If warranted, the income tax returns should be changed to include a specific line for cash back.

Management’s Response:  IRS management has revised Schedule C (Form 1040) and will revise Forms 1065, 1120, and 1120S to inform taxpayers where to enter cash back on the return.  Since cash back transactions for Schedules E and F (Form 1040) filers are infrequent, the IRS will include the information in the instructions for these forms.

IRS management will monitor the amounts reported for merchant card and third-party payments and communicate to taxpayers and practitioners challenges identified in the filing of the new Form 1099-K.

Steps Were Taken to Reduce Mismatches of Taxpayer Identification Numbers and Names on Information Documents, but the Risk of Backup Withholding Caused by Mismatched Documents Still Exists

In discussions with Treasury Inspector General for Tax Administration auditors, the IRS indicated it intends to validate the TINs and names of taxpayers shown on Forms 1099-K as the documents are received.  However, as of the date of our review, the IRS’s risk assessment and implementation plan did not contain adequate details regarding the risks associated with any inability to perform these validations and the resulting initiation of backup withholding, as well as appropriate contingencies.

The IRS does provide access to a system called the E-Services On-Line TIN Matching Program that can be used to verify the merchant name and TIN in advance of filing Forms 1099-K.  This should help resolve issues before they occur.  In addition, the IRS has a system in place to validate the TINs on the information documents when they are filed with the IRS.  This validation takes place in May of each year and at other times throughout the year.

The IRS initially estimated 125 million Forms 1099-K would be issued for merchant card reporting.  That estimate was recently reduced to approximately 54 million.  Based on the IRS’s historical information regarding the prefiling rate of unmatched TINs and names on information documents, resolving the mismatches may take significant resources for the IRS, payment settlement entities, and taxpayers.

The IRS’s computed prefiling rate of mismatched records from its E-Services On-Line TIN Matching Program for 4 fiscal years is included in Figure 5.

Figure 5:  Prefiling TIN Mismatch Rate

Source:  IRS Electronic Products and Services Support Office.

Historically, most mismatched TINs are resolved.  The IRS reported that for 4 years (Tax Years 2006–2009), an average of only 1.78 percent of information documents received and processed through TIN validation had name and TIN mismatches.  In addition, backup withholding requirements do not take effect until Calendar Year 2012 providing more time to resolve mismatches.  However, as discussed above, millions more information documents are expected to be filed.  If mismatches are not resolved, merchants and payment settlement entities will be burdened with backup withholding requirements.

Recommendation

Recommendation 2:  The Commissioner, Small Business/Self-Employed Division, should ensure the risk assessment and implementation plan adequately address the issue of mismatched TINs and names and the initiation of backup withholding.

Management’s Response:   IRS management agreed with this recommendation.  TIN Matching is an existing service offered to certain Form 1099 filers.  The IRS submitted a Unified Work Request to add the Form 1099-K to the TIN Matching System.  To date, the number of mismatches identified has been minimal and should not cause a burden of backup withholding on taxpayers and filers.  The IRS is updating On-Line TIN Matching Program (Publication 2108A).

In addition, the IRS has performed an impact assessment regarding Form 1099-K on backup withholding.  Integration of backup withholding requirements into the existing backup withholding program has commenced to ensure timely implementation of the provision for 2012.

Additional Details in the Risk Assessment and Implementation Plan Could Increase the Chance of Successful Implementation

The IRS has developed a framework to identify certain risks and steps needed to implement the intent of the merchant card reporting legislation.  However, as of the date of our review, we found some significant issues were not adequately documented in the IRS’s plans.  We believe additional steps will facilitate a more successful and timely implementation.  The IRS has combined three different pieces of legislation into a single program known as the Information Reporting and Document Matching (IRDM) program.  The implementation of the merchant card reporting legislation is included in the IRDM program.  The IRDM program is intended to allow the IRS to develop a system that will encompass more than one activity.  With the magnitude of implementing three different pieces of legislation into one program, it is important that all significant risks and implementation steps be considered and documented.

The risk assessment did not address several significant risks

To successfully deliver a project of this magnitude, managers must thoroughly analyze and quantify risk before and during the project, as well as develop effective response strategies to deliver projects that meet the demands of stakeholders such as Congress and taxpayers.  Risk in this case is defined as an uncertainty that can have a negative effect on meeting project objectives.  Risk assessments need to address the potential for delay, disruption, or rework and address contingency plans as needed.  In addition, a complete risk assessment should estimate the likelihood that a risk may occur.

The risk assessment should help identify specific risks and controls necessary to reduce or eliminate the risks.  As of April 2010, the risk assessment prepared for the IRDM program for the three laws consists of:

1. Dependency on Projects and Organizations.[9]
2. Final Proposed Forms.
3. Organizational Readiness.
4. Modernization and Information Technology Services (MITS) Delivery of Targeted Functionality.

Specific risks associated with the implementation of merchant card reporting were not documented in this risk assessment.  The MITS organization, responsible for computer programs, prepared a Solution Concept document in February 2009 specific to merchant card reporting which contained some elements of a risk assessment, but this was for the MITS organization’s work only and indicates that not all affected interfaces were identified.  It was also based on the initial concept of a single field added to Miscellaneous Income (Form 1099-MISC).  The new Form 1099-K has added 12 additional fields for monthly totals.

Some of the risks specific to merchant card reporting that we believe should have been identified early and documented include:

·         Programming may not be completed in order to use the data.

As discussed previously, the Tax Year 2011 income tax forms have not been redesigned and published to make use of the Form 1099-K information that will be sent to taxpayers and the IRS beginning in Calendar Year 2012.  Programming must be completed to make use of the new income tax form designs and data fields before the system programming can be done to compare the tax return data to Form 1099-K data in IRS information document files.  All of the programming must be tested prior to being put into a production mode to handle the data.

·         Capacity of IRS systems may not be adequate to match TINs and names when the new documents are first received at the IRS requiring correspondence with the sender on any mismatches.

The July 2010 executive briefing for the IRDM program indicated that some of the systems are at capacity before all of the new information documents begin arriving.  The IRS indicates it has ordered the equipment necessary to implement this law.  The Affordable Care Act^[10] has recently added additional information reporting requirements which may significantly increase this risk.

·         Sensitive taxpayer data could be at risk of disclosure.

IRS guidance requires that every system with Personally Identifiable Information[11] have a Privacy Impact Assessment;[12] however, there is no mention of security reviews in the risk assessment.  Discussions with IRS personnel indicated that existing systems with security in place were going to be used, but a new system is scheduled to be built based on an existing one.  MITS did some risk assessments based on existing systems and plans to do the security testing on the new system.  The IRS stated that it follows detailed steps as required by law to ensure the security of sensitive taxpayer data.  However, we believe that because of the significant risk associated with transmitting and storing large amounts of sensitive data, the effect if the data are compromised, and the fact that the IRS has been criticized in the past for security weaknesses, the IRS should have specifically addressed this issue in its risk assessment to ensure all necessary steps were taken and contingency plans were developed as necessary.

The Government Accountability Office (GAO) issued a report^[13] in March 2009 that states, “Security weaknesses continue to affect IRS’s modernization environment.  As GAO recently reported, IRS continues to have weaknesses in its information security controls.  In addition, the Treasury Inspector General for Tax Administration reported that two tax administration systems were deployed with known security vulnerabilities relating to the protection of sensitive data, system access, monitoring of system access, and disaster recovery.”

The IRS indicated it plans an education program for the payers after the regulations are finalized, but these plans are not included in the implementation plan or risk assessment.  When asked about security information being included in the education program, the IRS responded that most of the payers that will be submitting the forms are already dealing with the IRS and know about security and how to use the IRS systems.  The IRS has no information at this time about the characteristics of all the payment settlement entities that will be involved with this new requirement.  Since Personally Identifiable Information will be maintained by the payment settlement entities under the regulations, including information about security of taxpayer information in the educational materials would help these entities meet the requirements of regulations.

·         Payment settlement entities and merchants will require significant education.  In addition, new forms and instructions must be developed.  Failure to deliver these timely could significantly affect the timeliness of the implementation of merchant card reporting and businesses ability to meet the initial due date for reporting.  Internal due dates are already being delayed; however, the impact of this delay is not known at this time.  Subsequent to our review period, the IRS reported that it had completed a critical path analysis, and none of the slippage should affect timely delivery of the project.

The IRS is currently updating its risk assessment monthly and relying on its internal procedures to handle issues after they develop.  Without a timely, complete risk assessment, unforeseen circumstances could result in failure to implement the law as intended by Congress.

Recommendation

Recommendation 3:  The Commissioner, Small Business/Self-Employed Division, should ensure the IRS adds sufficient detail to this and future risk assessments to address the full scope of the project.

Management’s Response:  IRS management agreed with this recommendation.  The program has a well documented risk assessment process that has been implemented to include identification of risk mitigation and impact analysis.  The risk assessment process ensures that all risks and mitigation strategies are documented and approved by governance.

Detailed Work Breakdown Structures have been developed that cover the full scope of the program.  In addition, risks covering the full scope of the program as well as risks specific to the implementation of merchant card reporting were documented and monitored on the governance risk matrix.

Tax Year 2011 income tax forms have new lines to facilitate matching for the Form 1099-K.  The IRDM program’s implementation plans include specific merchant card legislation requirements that support line-to-line matching as well as testing of data at various phases.

The IRDM program follows the IRS Enterprise Life Cycle.  Cybersecurity’s concurrence is required for each Enterprise Life Cycle milestone exit.  Cybersecurity performs a Security Controls Assessment prior to the IRDM program beginning operation.  The Federal Information Security Management Act[14] security controls are required to be in place to ensure the protection of sensitive data.  These controls are tested and any risks are identified along with mitigations prior to system production.

The implementation plan for merchant card reporting is too general to be an effective management tool 

One of the basic purposes of an implementation plan is to help management track, monitor, and evaluate the progress of a project or plan.  The plan helps identify possible problems in advance, as they arise, because alternative solutions have already been considered.  A plan document containing the major milestones and a schedule for the implementation is necessary in order to know if the project is on schedule and on budget.  In the GAO report referred to earlier, the GAO reported on the IRS’s use of conditional milestones (whereby projects are allowed to continue with outstanding issues needing to be addressed) which were not supported by documented procedures and could potentially be used to mask cost and schedule overruns.  The GAO recommended that the IRS have plans with specific time periods and develop quantitative measures to meet project scope expectations.

The IRDM program implementation plan for merchant card reporting was not specific enough.  Although all major milestones should have been planned and scheduled at the beginning of the project, some key milestones were not documented in the plan available at the time of our review.  For example, there was no mention of validating the merchants’ TINs when the Form 1099-K information document is originally received from the payment settlement entity.  The IRS indicated it intends to validate the TINs as the documents are received.  However, there is no indication in the plan of what will happen when names and TINs do not match data on IRS records.  There is a requirement for backup withholding on the Form 1099-K if the merchant’s TIN is not correct, yet there is no indication in the plan of how this will be handled or if it was a consideration.

The IRS relies heavily on its computer systems to process tax returns and collect taxes.  Yet the plan does not consider the security of the computer systems being planned and changed or the new data being received.  The MITS organization responsible for the actual program development said that it will do a system security check even though this was not scheduled in the plan.  The IRS continues to add details to its plan.  In light of issues related to system security previously reported by the GAO,[15] we expected the IRS to have more detail of the security considerations in its plan.

Even though all items in the law have been addressed, we do not believe the IRS made plans in sufficient detail for merchant card reporting to be implemented in an efficient manner and with all major steps documented.  A fully documented plan could assist the IRS in future planning and cost estimating as well as ensuring all important risks were considered and dealt with.  Subsequent to our review, the IRS reported to the Treasury Inspector General for Tax Administration that it had added significant detail to its overall plan and strategy.

Recommendation

Recommendation 4:  The Commissioner, Small Business/Self-Employed Division, should ensure the IRS adds sufficient detail to this and future implementation plans to indicate the full scope of the project and expected or estimated due dates.

Management’s Response:  IRS management agreed with this recommendation.  Detailed Work Breakdown Structures have been developed that cover the full scope of the program, including expected production delivery dates.

Financial Reporting Was Not Addressed When Expenditures Began to Be Incurred

Financial reporting needs to be considered and planned at the start of a project to properly track costs.

In order to successfully manage a project, management needs financial and tracking reports on a regular basis to know if the project is on schedule and within budget.  In June 2010, the Office of Management and Budget issued a memorandum to the heads of executive departments and agencies informing them that in order to lower cost and improve government performance, the Federal Chief Information Officer was beginning a review of the highest risk Information Technology projects across the Federal Government.  “Agencies will be required to present improvement plans to the Chief Information Officer for projects that are behind schedule or over budget.  Where serious problems are identified and cannot be corrected, further actions should be taken, including potential adjustments to FY 2012 agency budgets. … The Director of the Office of Management and Budget is directing executive departments and agencies to refrain from awarding new task orders or contracts for financial system modernization projects.” 

The IRS has a document for budget management of the IRDM program that is dated February 26, 2010.  The document indicates there is a project code that will allow the verification and control of IRDM program costs reported at the project level.  After repeated requests for financial or tracking reports showing the expenditures and due dates of items for this project, the IRS has supplied some documentation to show that financial reporting is in place or has been considered in the IRDM program overall plan.

Approximately $8 million was allocated to merchant card reporting work from the IRS’s FY 2008 budget.  The IRS could not provide an accounting of how these funds were used.  The FY 2009 budget included $23 million to implement a number of legislative proposals, which included merchant card reporting but did not specify how much was for this law.  The FY 2011 Congressional Budget Submission specifically requests $2.1 million and 19 new employees for the matching of the merchant payment card data to tax returns.

The MITS organization has indicated that it has allocated $22.5 million for the IRDM program for FY 2010, yet provided no explanation of the item due dates or scheduled delivery and did not specify the amount for merchant card reporting.

The Small Business/Self-Employed Division indicated that the implementation costs for merchant card reporting had been absorbed in normal operating costs from its passage through the latter part of Calendar Year 2010 because the expenditures were small.  It now has begun utilizing the programs in place to identify implementation expenditures and review the related reports on a regular basis.  These expenditures are identified by codes issued by the Chief Financial Officer.  Since it was absorbing the costs, there were no examples of its financial reports at the time of our review.  The MITS organization provided us with a copy of the online information that it had available for viewing its allocations and expenditures in total.

If the IRS does not accumulate costs when it first begins expending resources on a project, as in when preparing the risk assessment, it will not have good historical information on which to base future estimates of cost and times to accomplish tasks.

Recommendation

Recommendation 5:  The Commissioner, Small Business/Self-Employed Division, should ensure that financial reporting is added to the risk assessment and implementation plan to help ensure the costs and schedules are tracked and reported timely.  Accumulation of costs should begin when resources are first used on the project, as in preparing the risk assessment.

Management’s Response:  IRS management agreed that financial reporting should be tracked and monitored.  IRDM program costs are being tracked and monitored through an Exhibit 300.  The monthly IRDM program reporting includes monitoring of developed spending plans using Earned Value Management, where costs and schedules, including explanations for variances, are reported and assessed.  In addition, through the Earned Value Management reporting, the program reports monthly on all accomplishments and risks to schedules and costs. 

The Small Business/Self-Employed Division has established written guidance for individuals to charge costs when performing work in support of the IRDM program.  The Internal Order Code Document Matching Tax Gap Initiative was established to capture these costs.  Reports are available in the Integrated Financial System, which allows tracking of labor and nonlabor costs.  These reports are generated and monitored on a biweekly basis.

 

Appendix I

 

Detailed Objective, Scope, and Methodology

 

Our overall objective was to determine whether the IRS has a complete and detailed plan in place to control and schedule the implementation of the merchant card reporting law as intended by Congress.  This involves new data (gross sales from Merchant Card and Third Party Network Payments (Form 1099-K)) being received for individual and business units,[16] using the new data to check against tax return items reported, collecting additional taxes as necessary, and tracking the costs of this multibusiness unit program.  We obtained the information for this audit by interviewing the IRS teams responsible for the plan and accessing IRS information on various IRS internal web sites.  To achieve this overall objective, we:

I.                   Determined if the IRS has a plan to implement merchant card reporting.

A.    Obtained and analyzed the IRS-prepared risk management plan to ensure:

1.      The IRS has addressed all major risks.

2.      The steps have been designed to address each major risk.

B.     Analyzed high-level and detailed implementation schedules.

C.     Reviewed the IRS’s implementation plan to ensure it addresses all of the issues in the law.

D.    Reviewed any regulations regarding the new law to determine if the IRS has written the regulations in accordance with the intent of Congress, based on any hearings and committee reports.

E.     Interviewed Legislative Analysis, Tracking, and Implementation Services personnel and reviewed steps taken or still being considered to implement the law.

II.                Determined if the implementation plan has addressed security issues.

A.    Discussed with IRS personnel any security controls in place to ensure the IRS has the capacity and systems to receive and secure all of the new data.

B.     Discussed with IRS personnel the controls the IRS has requested to be in place for businesses that are involved with collecting and then sending the new data to the IRS.

III.             Determined how the IRS plans to make use of the new data.

A.    Discussed with IRS personnel how the new data will be received and validated and how error records will be handled.

B.     Discussed with IRS personnel plans to establish the new Business Master File[17] underreporting database and procedures.

C.     Discussed with IRS personnel how this new information will be incorporated and used in the Individual Master File[18] underreporting process that is currently in place.

D.    Discussed with IRS personnel how and when the backup withholding will post to the Master Files.[19]

E.     Verified if various divisions within the IRS have different plans (i.e., the Tax Exempt and Government Entities Division and the Large Business and International Division).  We also determined if all the divisions make use of an automated underreporter type of process.

F.      Reviewed the plan for making use of the new data.

1.      Reviewed the instructions for making the gross payment card and third-party network sales dollars provided by the payment settlement entities (the ultimate organization or entity responsible for making final payments to merchants and reporting annually to the IRS on payment card and third-party network transactions) match the business gross income as reported on a tax return.  Items included were:

a.       Cash back amounts.

b.      Electronic checks.

c.       Pay Pal-type sales.

d.      Cell phone-type payments.

2.      Reviewed the IRS’s plans, if any, for ensuring the data received from the merchant providers are accurate.

3.      Reviewed the training programs being established for IRS employees learning how to make use of the new data.

G.    Reviewed any documentation for writing and testing the logic on how the IRS will use the new data.

H.    Analyzed the plans to purchase and schedule any necessary additional resources in order to make use of the new data.

I.       Analyzed the schedule for using the additional resources in order to make use of the new data.

IV.             Determined if the IRS can justify the numbers and income provided to Congress by the Department of the Treasury.

A.    Analyzed the supporting documentation used by the Department of the Treasury.

B.     Discussed with IRS personnel if the figures provided by the Department of the Treasury are valid and, if not, obtained the IRS’s figures along with supporting documentation.

V.                Determined if the financial tracking system is in place for this project.

A.    Verified that specific accounting codes were assigned for tracking costs on this project.

B.     Held discussions with the IRS Chief Financial Officer’s office to determine if reports on the costs and budgets for this project will be issued on a scheduled basis.

C.     Verified there are controls in place to control/report cost overruns, who will be receiving these reports, and what will be done to address any problems.

Internal controls methodology

Internal controls relate to management’s plans, methods, and procedures used to meet their mission, goals, and objectives.  Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations.  They include the systems for measuring, reporting, and monitoring program performance.  We determined the following internal controls were relevant to our audit objective:  Chief Technology Officer, Small Business/Self-Employed Division, and Wage and Investment Division policies, procedures, and practices for processing selected work streams in campus[20] operations.  We evaluated these controls by interviewing management and reviewing applicable manuals.

 

Appendix II

 

Major Contributors to This Report

 

Michael E. McKenney, Assistant Inspector General for Audit (Returns Processing and Account Services)

Kyle R. Andersen, Director

Richard J. Calderon, Audit Manager

Roy E. Thompson, Audit Manager

Glory Jampetero, Lead Auditor

W. George Burleigh, Senior Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Commissioner, Small Business/Self-Employed Division  SE:S

Commissioner, Wage and Investment Division  SE:W

Deputy Commissioner, Small Business/Self-Employed Division  SE:S

Deputy Commissioner, Wage and Investment Division  SE:W

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control  OS:CFO:CPIC:IC

Chief Technology Officer  OS:CTO

Audit Liaisons: 

Chief, Program Evaluation and Improvement  CL

Director, Communications, Liaison, and Disclosure  SE:S:CLD

Chief, Program Evaluation and Improvement, Wage and Investment Division  SE:W:S:PRA:PEI

 

Appendix IV

 

Management’s Response to the Draft Report

 

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON, D.C. 20224

 

                            Commissioner

Small Business/Self-Employed Division

 

 

JUNE, 8 2011

 

 

MEMORANDUM FOR MICHAEL R. PHILLIPS

     DEPUTY INSPECTOR GENERAL FOR AUDIT

 

FROM:                             Faris R. Fink /s/ Faris R. Fink

     Commissioner, Small Business/Self-Employed Division

 

SUBJECT:                       Draft Audit Report - Plans for the Implementation of Merchant Card Reporting Could Result in Burden for Taxpayers and Problems for the Internal Revenue Service (Audit # 201040028)

 

We have reviewed your draft report, "Plans for the Implementation of Merchant Card Reporting Could Result in Burden for Taxpayers and Problems for the Internal Revenue Service." While we disagree with the characterization that implementation plans could result in burdens for taxpayers and problems for the Internal Revenue Service, we agree with the recommendations in the report and are taking steps accordingly.

 

The implementation of merchant card legislation should help to reduce the Tax Gap. As the reporting of merchant card payments is a new requirement, we will monitor the reporting for merchant card and third-party payments in our efforts to simplify this new reporting requirement. We plan to communicate our findings from the monitoring to taxpayers and practitioners. We also recognize the importance of obtaining meaningful feedback from the public and, whenever possible, will enhance forms and instructions to ensure accurate reporting.

 

Consistent with TIGTA's recommendations, we have taken actions to improve our implementation plans and the identification of key risks and corresponding contingencies. We will continue to ensure sufficient details are added to future risk assessments and future implementation plans include the full scope of the project and incorporate expected due dates.

 

Finally, appropriate financial controls have been put in place. We are now following Earned Value Management (EVM) principles for the tracking and monitoring of funding, including the monitoring of risks associated with financials. Attached is a detailed response outlining our corrective actions.

 

If you have any questions, please contact me, or a member of your staff may contact Samuel F. Perdue, Director, Information Reporting and Document Matching at (336) 269-0757.

 

Attachment

Attachment

 

RECOMMENDATION 1:

The Commissioner, Small Business/Self-Employed Division, should ensure that changes similar to those drafted for Schedule C are made to Schedules E and F (Form 1040), and Forms 1065, 1120, and 1120S to confirm that there is no confusion about where to enter cash back on the income tax return to arrive at taxable income, and that the amounts entered on the tax return can be matched with amounts on Form 1099-K. The IRS should monitor the 'merchant card and third-party network payments' amounts that taxpayers enter on their income tax returns to ensure that taxpayers and preparers understand how to properly report gross receipts and cash back amounts. If warranted, the income tax returns should be changed to include a specific line for cash back.

 

CORRECTIVE ACTION(S):

1. Media and Publications agrees with Part 1 of this recommendation. We have revised Schedule C (Form 1040) and will revise Forms 1065, 1120, and 1120S to inform taxpayers where to enter cash back on the return. Since cash back transactions for Schedules E and F (Form 1040) filers are infrequent, we will include the information in the instructions for these forms.
2. We will monitor the amounts reported for merchant card and third-party payments and communicate to taxpayers and practitioners challenges identified in the filing of the new Form 1099-K.

 

IMPLEMENTATION DATE(S):

1. March 15, 2012
2. June 15, 2012

 

RESPONSIBLE OFFICIAL(S):

1. Director, Tax Forms and Publications, Wage and Investment Division
2. Director, Information Reporting and Document Matching, Small Business/Self Employed Division

 

RECOMMENDATION 2:

The Commissioner, Small Business/Self-Employed Division, should ensure the risk assessment and implementation plan adequately address the issue of mismatched TINs and names and the initiation of backup withholding.

 

CORRECTIVE ACTION:

We agree with this recommendation. Taxpayer Identification Number (TIN) Matching is an existing service offered to certain 1099 filers. We submitted a Unified Work Request to add the Form 1099-K to the TIN Matching System. To date, the number of mismatches identified has been minimal and should not cause a burden of backup withholding on taxpayers and filers. We are updating Publication 2108A, On-Line Taxpayer Identification Number (TIN) Matching Program.

 

In addition, we have performed an impact assessment regarding Form 1099-K on backup withholding. Integration of backup withholding requirements into the existing backup withholding program has commenced to ensure timely implementation of the provisions for 2012.

 

IMPLEMENTATION DATE:

Completed

 

RESPONSIBLE OFFICIAL:

Director, Information Reporting and Document Matching

 

RECOMMENDATION 3:

The Commissioner, Small Business/Self-Employed Division, should ensure the IRS adds sufficient detail to this and future risk assessments to address the full scope of the project.

 

CORRECTIVE ACTION:

We agree with this recommendation. The program has a well documented risk assessment process that has been implemented to include identification of risk mitigation and impact analysis. The risk assessment process ensures that all risks and mitigation strategies are documented and approved by governance.

 

Detailed Work Breakdown Structures (WBS) have been developed that cover the full scope of the program. In addition, risks covering the full scope of the program as well as risks specific to the implementation of merchant card reporting were documented and monitored on the governance risk matrix.

 

Tax Year 2011 income tax forms have new lines to facilitate matching for the Form 1099-K. Information Reporting and Document Matching's (IRDM) implementation plans include specific merchant card legislation requirements that support line-to-line matching as well as testing of data at various phases.

 

IRDM follows the IRS Enterprise Life Cycle (ELC). Cybersecurity's concurrence is required for each ELC milestone exit. Cybersecurity performs a Security Controls Assessment prior to IRDM beginning operation. The Federal Information Security Management Act (FISMA) security controls are required to be in place to ensure the protection of sensitive data. These controls are tested and any risks are identified along with mitigations prior to system production.

 

IMPLEMENTATION DATE:

Completed

 

RESPONSIBLE OFFICIAL:

Director, Information Reporting and Document Matching

 

RECOMMENDATION 4:

The Commissioner, Small Business/Self-Employed Division, should ensure the IRS adds sufficient detail to this and future implementation plans to indicate the full scope of the project and expected or estimated due dates.

 

CORRECTIVE ACTION:

We agree with this recommendation. Detailed Work Breakdown Structures have been developed that cover the full scope of the program, including expected production delivery dates.

 

IMPLEMENTATION DATE:

Completed

 

RESPONSIBLE OFFICIAL:

Director, Information Reporting and Document Matching

 

RECOMMENDATION 5:

The Commissioner, Small Business/Self-Employed Division, should ensure the financial reporting is added to the risk assessment and implementation plan to help ensure the costs and schedules are tracked and reported timely. Accumulation of costs should begin when resources are first used on the project, as in preparing the risk assessment.

 

CORRECTIVE ACTION:

We agree that financial reporting should be tracked and monitored. IRDM costs are being tracked and monitored through an Exhibit 300. The monthly IRDM reporting includes monitoring of developed spending plans using EVM where costs and schedules, including explanations for variances, are reported and assessed. In addition, through the Earned Value Management (EVM) reporting, the program reports monthly on all accomplishments and risks to schedules and costs.

 

SB/SE has established written guidance for individuals to charge costs when performing work in support of the IRDM program. The Internal Order Code Document Matching Tax Gap Initiative (DMTGI) was established to capture these costs. Reports are available in the Integrated Financial System, which allows tracking of labor and non-labor costs. These reports are generated and monitored on a bi-weekly basis.

 

IMPLEMENTATION DATE:

Completed

 

RESPONSIBLE OFFICIAL:

Director, Information Reporting and Document Matching