TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

Most Taxpayers Whose Identities Have Been Stolen to Commit Refund Fraud Do Not Receive Quality Customer Service

 

 

 

May 3, 2012

 

Reference Number:  2012-40-050

 

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

Phone Number  /  202-622-6500

E-mail Address /  TIGTACommunications@tigta.treas.gov

Website           /  http://www.tigta.gov

 

 

HIGHLIGHTS

 

MOST TAXPAYERS WHOSE IDENTITIES HAVE BEEN STOLEN TO COMMIT REFUND FRAUD DO NOT RECEIVE QUALITY CUSTOMER SERVICE

 

Highlights

Final Report issued on May 3, 2012

Highlights of Reference Number:  2012-40-050 to the Internal Revenue Service Deputy Commissioner for Operations Support.

IMPACT ON TAXPAYERS

The Federal Trade Commission reported that identity theft was the number one complaint in Calendar Year 2011, and government documents/benefits fraud was the most common form of reported identity theft.  As of December 31, 2011, the IRS’s Incident Tracking Statistics Report showed that 641,052 taxpayers have been affected by identity theft in Calendar Year 2011.  The IRS is not effectively providing assistance to victims of identity theft, and current processes are not adequate to communicate identity theft procedures to taxpayers, resulting in increased burden for victims of identity theft.

WHY TIGTA DID THE AUDIT

This audit was initiated because the number of identity theft cases in the IRS has grown significantly over the last few years, overwhelming IRS resources and burdening taxpayers.  Taxpayers testifying before Congress stated that they had to talk to multiple IRS employees and were provided conflicting instructions.

WHAT TIGTA FOUND

Identity theft cases are not worked timely and can take more than a year to resolve.  Communications between the IRS and victims are limited and confusing, and victims are asked multiple times to substantiate their identity.

When taxpayers call the IRS to advise it that their electronic tax return was rejected because it appears another individual has already filed a tax return using their identity, the IRS instructs them to mail in a paper tax return with the Form 14039, Identity Theft Affidavit, attaching supporting identity documents.  However, the IRS has been processing these tax returns using standard processing procedures. 

Identity theft guidelines and procedures are dispersed among 38 different Internal Revenue Manual sections.  These guidelines are inconsistent and conflicting, and not all functions have guidelines on handling identity theft issues. 

The IRS uses little of the data from the identity theft cases to identify any trends, etc., that could be used to detect or prevent future refund fraud.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the IRS:  1) establish accountability for the Identity Theft Program; 2) implement a process to ensure that IRS notices and correspondence are not sent to the address listed on the identity thief’s tax return; 3) conduct an analysis of the letters sent to taxpayers regarding identity theft; 4) ensure taxpayers are notified when the IRS has received their identifying documents; 5) create a specialized unit in the Accounts Management function to exclusively work identity theft cases; 6) ensure all quality review systems used by IRS functions and offices working identity theft cases are revised to select a representative sample of identity theft cases; 7) revise procedures for the Correspondence Imaging System screening process; and 8) ensure programming is adjusted so that identity theft issues can be tracked and analyzed for trends and patterns.  

The IRS agreed with all our recommendations.  It has established a governance structure to oversee the enterprise‑wide identity theft initiatives and plans to expand its identity theft indicator codes identifying claims of identity theft.  It plans to review its suite of identity theft letters and to update its guidance instructing employees to notify taxpayers acknowledging receipt of documentation.  The IRS currently has specialized units in the Accounts Management function working only identity theft cases.  Finally, the IRS plans to create a specific quality review for identity theft cases and is currently evaluating options for enhancing its ability to track and analyze the fraudulent identity theft information removed from a taxpayer account.

 

May 3, 2012

 

 

MEMORANDUM FOR DEPUTY COMMISSIONER FOR OPERATIONS SUPPORT

 

FROM:                       Michael R. Phillips /s/ Michael R. Phillips

                                  Deputy Inspector General for Audit

 

SUBJECT:                  Final Audit Report – Most Taxpayers Whose Identities Have Been Stolen to Commit Refund Fraud Do Not Receive Quality Customer Service (Audit # 201140042)

 

This report presents the results of our review to evaluate whether the Internal Revenue Service is effectively providing assistance to victims of identity theft.  This audit is included in our Fiscal Year[1] 2012 Annual Audit Plan and addresses the major management challenges of Taxpayer Protection and Rights, Fraudulent Claims and Improper Payments, Tax Compliance Initiatives, and Providing Quality Taxpayer Service Operations.

Management’s complete response to the draft report is included as Appendix VIII.

Copies of this report are also being sent to the Internal Revenue Service managers affected by the report recommendations.  Please contact me at (202) 622-6510 if you have questions or Michael E. McKenney, Assistant Inspector General for Audit (Returns Processing and Account Services), at (202) 622-5916.

 

 

Table of Contents

 

Background

Results of Review

The Internal Revenue Service Is Not Effectively Providing Assistance to Victims Who Have Had Their Identities Stolen to Commit Tax Refund Fraud

Recommendation 1:

Recommendations 2 through 4:

Recommendations 5 through 7:

Data From Identity Theft Cases Are Not Being Used to Prevent Refund Fraud

Recommendation 8:

Appendices

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measure

Appendix V – Identity Theft Indicators

Appendix VI – Number of Identity Theft Incidents and Taxpayers Affected in Calendar Year 2011

Appendix VII – Assistor Job Titles and Duties

Appendix VIII – Management’s Response to the Draft Report

 

 

Abbreviations

 

IPSU

Identity Protection Specialized Unit

IRS

Internal Revenue Service

IRSN

IRS Number

ITAAG

Identity Theft Assessment and Action Group

PGLD

Privacy, Governmental Liaison, and Disclosure

TIGTA

Treasury Inspector General for Tax Administration

 

 

Background

 

Identity theft was the number one consumer complaint for Calendar Year 2011 

Government documents/benefits fraud was the most common form of reported identity theft.

The Federal Trade Commission reported that identity theft was the number one complaint in Calendar Year 2011.  Government documents/benefits fraud was the most common form of reported identity theft.

Identity theft affects the Internal Revenue Service (IRS) and tax administration two ways—with fraudulent tax returns and misreporting of income.  Both can potentially harm taxpayers who are victims of the identity theft.  Figure 1 provides an illustrative description of both refund fraud and employment-related fraud.

Figure 1:  Description of Refund and Employment Refund Fraud

 

Identify Theft

Refund Fraud

Employment-Related Fraud

The identity thief steals a taxpayer’s Personally Identifiable Information.  Personally Identifiable Information includes an individual’s:

The identify thief uses the information to file a fraudulent tax return – reporting fictitious wages and withholdings – and obtains a tax refund.

The identity thief uses the information to obtain employment.  The income is reported to the IRS.

·        Name and Address.

·        Telephone Number.

·        Social Security Number.

·        Bank Account Number. Date of Birth.

·        Biometrics (eye color, height, etc.).

·        The taxpayer attempts to file his or her tax return, but the IS rejects it because it is a duplicate filing with the same Social Security Number.  The taxpayer’s refund is delayed while the IRS determines who is legitimate.

·        When the IRS completes its income matching for the tax year, it sends the taxpayer an underreporter notice, stating the income and payment information it has does not match what the taxpayer reported on his or her tax return.

Source:  TIGTA analysis of the identity theft process as it affects the IRS and taxpayers.

Employment-related identity theft can affect taxpayers when the IRS attempts to take enforcement actions for allegedly unreported income.  Refund fraud adversely affects innocent taxpayers’ ability to file their tax returns and timely receive the tax refunds they are due, often imposing significant financial and emotional hardship on victims.

Identify theft is a crime.

Resources from the Government

ID thieves steal your good name, bilk billions of dollars from the economy, and strain law enforcement resources.

  • Combating Identity: Theft A Strategic Plan

Final recommendations released April 23, 2007. Strategic Plan (PDF) Volume II:  Supplemental Information (PDF)

 

Webcast of Press Conference

 

  • The President’s Identify Theft Task Force Report

 Steps taken to implement Strategic Plan released October 21, 2008. Report (PDF)

  • Taking Action

Learn what government agencies are doing about ID Theft.

  • About the President’s Identify Theft Task Force

Task Force history and member list.

www.idtheft.gov

In July 2005, the Treasury Inspector General for Tax Administration (TIGTA) reported and the IRS agreed that it needed a corporate strategy to address the growing challenge of identity theft.[3]  The IRS stated that it had developed an Enterprise Identity Theft Strategy.  However, in March 2008, the TIGTA reported that the IRS has not placed sufficient emphasis on employment-related and tax fraud identity theft strategies.[4]  The IRS lacked the comprehensive data needed to determine the impact of identity theft on tax administration.  It was recommended that the IRS develop and implement a strategy to address employment-related and tax fraud identity theft that includes coordinating with other Federal agencies such as the Federal Trade Commission and Social Security Administration to evaluate and investigate identity theft allegations related to tax administration.  Another recommendation focused on improvements in the use of identity theft closing codes in the IRS compliance functions.

Since Calendar Year 2009, the number of tax-related identity theft incidents (primarily refund fraud or employment related) reported by the IRS has increased. 

The IRS developed and implemented identity theft indicator codes to centrally mark and track identity theft incidents.  Each indicator is input on affected taxpayers’ accounts using Transaction Code 971 with any of six different action codes.[5]  The IRS currently uses these identity theft indicators to gather IRS-wide identity theft data for reporting taxpayers affected and identity theft incidents.  For example, the IRS inputs Transaction Code 971 with the following action codes:

·       Action Code 501 – used when the taxpayer reported the identity theft.  It is input after the IRS confirms a taxpayer is a victim of identity theft and resolves the case. 

·       Action Code 506 – used when the IRS identifies and confirms a taxpayer who is an identity theft victim.

·       Action Code 522 – used when the IRS receives a taxpayer’s identifying documentation.[6]

Although the IRS acknowledges that it does not know the number of identity theft open or closed cases, Figure 1 shows the number of taxpayers the IRS reported as affected by identity theft and the number of incidents since Calendar Year 2009.[7]

Figure 2:  Identity Theft Incidents
Calendar Years 2009–2011

Calendar

Action
Code 501

Action
Code 506

Totals

Year

Taxpayers

Incidents[8]

Taxpayers

Incidents

Taxpayers

Incidents

2009

60,048

90,542

194,031

365,911

254,079

456,453

2010

69,142

101,828

201,376

338,753

270,518

440,581

2011

87,322

110,750

553,730

1,014,884

641,052

1,125,634

Source:  IRS Identity Protection Incident Tracking Statistics Reports.

Additionally, the IRS reported that 176,353 taxpayers (222,752 incidences) had Transaction Code 971 with Action Code 522 input to their accounts in Calendar Year 2011.[9]

Not all of these taxpayers filed tax returns or had filing requirements.  Some individuals do not have taxable income and therefore do not have a filing requirement.

The Privacy, Governmental Liaison, and Disclosure Office

In Fiscal Year[10] 2007, the IRS established the Privacy, Information Protection, and Data Security Office, which in Fiscal Year 2011 was renamed the office of Privacy, Governmental Liaison, and Disclosure (PGLD).  One of the PGLD’s four functions is the Privacy and Information Protection function, which oversees the Identity Protection Program. 

The Identity Protection Program provides oversight and coordination of identity theft at the IRS.  The Identity Protection Program office works closely with the Identity Protection Specialized Unit (IPSU) located in the IRS’s Wage and Investment Division.

Identity Protection Specialized Unit

As part of the IRS’s strategy to reduce taxpayer burden caused by identity theft, the IPSU opened October 1, 2008, dedicated to resolving tax issues incurred by identity theft victims.  The intent of this unit is to enable victims to have their questions answered and issues resolved quickly and effectively.  Victim assistors handle taxpayer inquiries from multiple sources, including a dedicated identity theft telephone line.  Victims can call a dedicated toll-free number, (800) 908‑4490, Monday through Friday, 7:00 a.m. to 7:00 p.m. local time.  The unit was formed to reduce taxpayer burden by providing individualized assistance, including:

In addition, the unit assists taxpayers who have already had their tax accounts affected by identity theft but have not yet had their issues resolved.  The unit refers taxpayers to the IRS area that is working the identity theft issue and also collaborates with that area to monitor the case through resolution.

This audit was performed in the Wage and Investment Division Customer Account Services function in the Fresno, California; Atlanta, Georgia; Andover, Massachusetts; and Philadelphia, Pennsylvania, campuses[11] and in the Operations Support Division in the PGLD office in Washington, D.C., during the period June 2011 through January 2012.  We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.  Detailed information on our audit objective, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

 

Results of Review

 

The Internal Revenue Service Is Not Effectively Providing Assistance to Victims Who Have Had Their Identities Stolen to Commit Tax Refund Fraud

Refund fraud victimizes innocent taxpayers by impeding their ability to file tax returns and receive tax refunds.  Our testing included:

·       A review of a judgmental sample[12] of 17 unique taxpayer cases classified as identity theft.

·       Data analysis of approximately 1.1 million identity theft cases.

·       Interviews with and surveys of more than 200 IRS employees involved in different aspects of identity theft.

·       Reviews of identity theft guidelines and processes.

Identity theft cases are not worked timely.  Communications between identity theft victims and the IRS were limited and confusing, and victims were asked multiple times to substantiate their identity.

These taxpayers would potentially benefit from improved customer service based on one or more of the recommendations contained in this report.  We calculated the taxpayers affected annually using the PGLD Identity Protection Incident Tracking Statistics Reports as of December 31, 2011, which showed 167,619 affected taxpayers during that period.[13]  The annual total was extended for five years, for a total of 838,095 taxpayers expected to be burdened without the recommended corrective actions.

Due to privacy and disclosure laws, examples of specific identity theft cases cannot be provided.  However, the following timeline illustrates a composite of the 17 case reviews.

 

 

February
2009

 

The identity thief files a fraudulent tax return and obtains a tax refund.  Subsequently, the lawful taxpayer attempts to electronically file his tax return, for which he is due a tax refund.  He receives an IRS rejection notice stating that his Social Security Number cannot be used more than once on the tax return or on another tax return.

The taxpayer calls the IRS toll-free telephone line and explains the situation to the customer service assistor.  The assistor, after authenticating the taxpayer, researches his tax account and determines a tax return has already been filed using that name and Social Security Number.  The assistor advises the taxpayer to file a paper tax return, attaching a Form 14039, Identity Theft Affidavit, or a police report and a valid government-issued document such as a copy of a Social Security card, passport, or driver’s license to the tax return, and mail it to the IRS.

The IRS receives the paper tax return in one of its processing sites and a technician enters the data into the IRS’s computer system.[14]  It is not processed.  A technician determines it is a duplicate tax return and inputs the appropriate transaction code.  The duplicate return case is received in the Duplicate function, where an assistor identifies this as a possible identity theft case.  The assistor requests the paper tax return.  The case is set aside in a queue to be ultimately worked after April 15, when the filing season[15] has ended.[16]

April

The taxpayer calls the IRS toll-free line again and asks when he will receive his tax refund.  The assistor researches the taxpayer’s account, determines a duplicate tax return has been filed, and advises the taxpayer that there will be processing delays and he may receive correspondence requesting additional information.  The assistor also advises the taxpayer to visit the IRS’s website at IRS.gov for additional information and links related to identity theft.

July

The taxpayer’s tax return is worked in the Duplicate function and determined to be an identity theft case.  The duplicative tax return is transferred to another unit to an assistor whose responsibilities also include answering IRS toll-free telephone calls.  The case is scanned into a management information system and queued.

September

The assistor begins working the case, orders copies of original tax returns, and sends letters to the alleged identity thief and the taxpayer to attempt to determine who the legitimate taxpayer is.  The legitimate taxpayer responds, confirming that he did not file the first tax return the IRS received.

October

The taxpayer calls the IPSU and asks when he should expect his tax refund.  The assistor researches the case and advises him his case is being worked.  The customer service representative sends a referral to the assistor working the case.

November

The assistor determines which is the legitimate taxpayer, requests adjustments to the taxpayer’s account, and sends a letter to the identity thief providing him or her with a temporary tax identity number and a letter to the legitimate taxpayer advising him he has been a victim of identity theft and his account has been flagged.

December

The legitimate taxpayer receives the letter from the IRS and calls the IPSU to inquire when he will receive his tax refund.  The assistor advises him that it has been scheduled.

January

The adjustments post to the legitimate taxpayer’s account and the refund is released.  He receives another letter advising him he has been a victim of identity theft and his account has been flagged.  A tax account for the person who committed the identity theft is also established.[17]

Identity theft cases can be more complex and can present considerable challenges throughout the resolution process.  For instance, it can be difficult to determine who is the legitimate taxpayer or if the case is actually a case of identity theft.  Taxpayers sometimes transpose digits in Social Security Numbers, but do not respond to the IRS when it requests information to resolve the case.  As a result, the IRS may not be able to determine who the legitimate taxpayer is.  Additionally, the Social Security Administration can inadvertently issue two taxpayers the same Social Security Number.

In other instances, taxpayers attempt to claim they have been a victim of identity theft when the IRS examines their tax returns and questions credits, deductions, and/or expenses.  For example, a taxpayer initially filed a tax return and received a tax refund.  However, after the IRS examines the tax return, the taxpayer claims not to have filed it, stating he or she has been a victim of identity theft and therefore is not liable for any taxes owed as a result of the examination.

The growth of identity theft presents considerable challenges to tax administration.  Although the IRS has an identity theft strategy and has established several programs and key initiatives over the past few years, it has not been able to keep pace with the rapidly growing inventories of identity theft cases.  Identity theft case processing is decentralized throughout the IRS, with limited coordination and oversight.  Standard IRS processes and resource constraints have hindered timely and effective case resolution.

In August 2011, the IRS completed an assessment of the current state of its Identity Theft Program and is planning changes to improve the Program

In April 2011, the IRS decided to contract with an outside contractor and conduct an enterprise‑wide assessment of the Identity Theft Program.  The goal was to assess the current state of the IRS’s Identity Theft Program and develop a plan to address the growing identity theft inventory, to include developing metrics for identity theft cases and tools to reduce taxpayer burden and increase processing efficiencies.  The Identity Theft Assessment and Action Group (ITAAG) first met in June 2011. 

The Future State Report provides high-level recommendations and a strategic approach for the overall future state operating model of the IRS’s Identity Theft Program.

The ITAAG also presented its IRS Identity Theft Program Future State Report,[18] which provides its vision for the future state of the Identity Theft Program and supporting recommendations to obtain that vision. 

The IRS Identity Theft Program will provide clear, seamless, and timely service to legitimate taxpayers while barring fraudulent filers from gaining access to refunds and information.

Many of the recommendations have already begun to be implemented.  The Identity Theft Program will remain decentralized, but with dedicated identity theft employees in each business function.  Every IRS division will make identity theft cases a higher priority in their work.  The IRS is implementing new procedures and processes intended to resolve cases faster and minimize the disruption to innocent taxpayers.  It is also planning to create a way to timely and accurately track and report on the status of all identity theft cases. 

The ITAAG’s assessment was comprehensive and identified many of the same issues and concerns identified during this review.  Its recommendations are far reaching and designed to improve the current state of the Identity Theft Program.  However, the recommendations do not address all concerns identified in this audit and may not be sufficient to significantly reduce the burden identity theft has on tax administration and taxpayers who have had their identities stolen to commit refund fraud.

Identity theft cases can take more than a year to resolve

A review of a judgmental sample of 17 unique taxpayer cases classified as identity theft and originating in five functions showed:

The IRS does not have standard criteria for how long it takes to work identity theft cases.  Each function and office that works identity theft cases sets its own criteria. 

A substantial volume of identity theft cases involving refund fraud and duplicate filing issues are worked in the Accounts Management function.[20]  The Accounts Management function stated that it takes from 45 to 365 days for assistors to work an identity theft case, depending on the category code (source of the case).  However, these time frames are merely indicators of when a case is considered over age, have not been used to establish a baseline against which to measure quality, and are not based on historical data.

The ITAAG estimated that Accounts Management function assistors only spend an average of 1.3 hours actually working an identity theft case.  The additional time is spent while the assistor waits for taxpayer responses or other documents needed to work the case (e.g., copies of tax returns or account transcripts), works the telephones or other cases, or waits for adjustments to be made on the cases.  Assistors working the cases do not make the adjustments; the requests for adjustments are sent to other IRS employees.

Identity theft cases have not been prioritized during the standard filing process

When taxpayers call the IRS to advise it that their electronic tax return was rejected because it appears another individual has already filed a tax return using their identity, the IRS instructs them to mail in a paper tax return with the Identity Theft Affidavit attaching supporting identity documents.  However, the IRS has been processing these tax returns using standard processing procedures.  After the tax returns are determined to be duplicates, they are queued with other types of cases to be worked.  This can add three to five months to the time a taxpayer must wait to have his or her identity theft case resolved.

The IRS plans to update tax return processing procedures by June 2012 to include a special processing code to recognize identity theft documentation provided with a paper-filed tax return.  The tax return will then be forwarded to the Accounts Management function to be assigned to an assistor, rather than continuing through the standard duplicate tax return procedures.

Resources have not been sufficient to work identity theft cases dealing with refund fraud

When 61 assistors who work identity theft cases were asked if they also answer the telephone, 53 (87 percent) responded yes.

32 of those (60 percent) stated that they worked the toll-free line exclusively during the 2011 Filing Season and did not work identity theft cases.

Identity theft has grown significantly, but resources have not kept pace.  Assistors in the Accounts Management function also work other types of cases and respond to taxpayers’ calls to the IRS’s various toll-free telephone lines.[21]  The IRS has a limited number of resources and must allocate those resources between answering toll-free telephone lines and working correspondence and adjustments to taxpayer accounts.

During the filing season when call demand is usually at its highest, more resources are shifted to the telephones to answer calls, and correspondence and adjustment inventory processing is placed on hold until call demand subsides.  Taxpayer demand for telephone services has grown.  During the 2011 Filing Season, the IRS received 80 million attempts to call the toll-free telephone lines, up from 54 million (48 percent) during the 2007 Filing Season.

Correspondence inventory (which includes identity theft cases) has also increased.  As shown in Figure 3, the volume of identity theft cases worked in the Accounts Management function has grown more than 300 percent since Fiscal Year 2010.

Figure 3:  Identity Theft Cases in the
Accounts Management Function
for Fiscal Years 2010 and 2011

 

Fiscal Year 2010

Fiscal Year 2011

Change From Fiscal Year 20102011

Beginning Inventory

13,528

39,005

188%

Receipts

222,827

434,393

95%

Closures

197,350

304,558

54%

Ending Inventory

39,005

168,840

333%

Source:  Accounts Management function management information reports.

The optimal inventory level of cases assigned to each assistor is 100 to 125 cases, but assistors have had inventory exceeding 300 cases.  The excessive inventory levels results in lapses in casework.

The IRS acknowledges that resources are not sufficient to process the current volume of identity theft cases and that without additional resources it is unlikely the upward trend in inventory levels will be reversed.  The ITAAG identified an inventory of more than 228,000 identity theft cases that have been carried over from Fiscal Year 2010 to 2011 and estimated that it will require 287 staff years to resolve these cases.[22]  This inventory does not include cases that were currently in the Duplicate Filing inventory.  As of August 11, 2011, there were more than 500,000 cases in the Duplicate Filing inventory.  Assistors stated that over half of their cases are identity theft cases.  The IRS stated that it estimates that about 22 percent of the cases are identity theft cases.

Effects of untimely case resolution

Taxpayers affected by identity theft who are expecting a tax refund will experience delays in receiving their refunds.  Most taxpayers receive tax refunds and generally can expect to receive them within a few weeks of filing their tax returns.  Taxpayers are also burdened when they have to make multiple contacts with the IRS trying to either resolve or determine the status of their cases. 

In addition, taxpayers could be further burdened if the address on the tax return filed by the identity thief is used by the IRS instead of the address of the legitimate taxpayer.  Many taxpayers do not notify the IRS when they move, but just use their new/current address when they file their tax returns.  When the IRS processes a tax return with an address different from the one it has on its systems for the taxpayer, it systemically updates the taxpayer’s account with the new address.  It does not notify the taxpayer that his or her account has been changed with the new address.

While the IRS resolves the identity theft case, the identity thief’s address is the address on the taxpayer’s record.  Any IRS correspondence or notices unrelated to the identity theft case will be sent to the most recent address on record.  The legitimate taxpayer (the identity theft victim) will be unaware the IRS is trying to contact him or her.

This situation can also create disclosure issues.  For example, if the legitimate taxpayer’s prior year tax return has been selected for examination, the examination notice will be sent to the address of record—the address the identity thief used on the fraudulent tax return.  The identity theft victim is now at risk at having his or her personal and tax information disclosed to an unauthorized third party (whoever resides at that address).

Identity theft indicators are to be placed on a taxpayer’s account when the IRS receives substantiation from the taxpayer that he or she has been a victim of identity theft.  However, the indicators do not prevent systemic notices or correspondence from being issued.

Identity theft cases are not always resolved effectively

Results of surveys showed that 114 of 178 (64 percent) assistors expressed concerns about identity theft guidelines, commenting that the guidelines:

·        Are unclear, conflicting, confusing, unorganized, or difficult to find. 

·        Do not address all situations and need specific examples.

·        Should be condensed.[23]

Case reviews show that identity theft cases were not appropriately classified and identity theft indicators were not always input correctly or timely.  Taxpayers were asked numerous times to prove their identities, although they had previously followed IRS instructions and sent in an Identity Theft Affidavit and copies of identification.  Multiple closing letters were sent to victims at different times, possibly confusing the victims. 

Guidance is dispersed throughout the IRS’s Internal Revenue Manual and has been inconsistent and confusing

Identity theft guidelines and procedures are dispersed among 38 different Internal Revenue Manual sections.  These guidelines and procedures are not arranged for efficient access and are inconsistent and conflicting.  Additionally, not all functions have written guidelines on how to handle identity theft issues. 

The ITAAG reported that it has analyzed the identity theft processes and procedures of 28 functions and identified 50 gaps that have been addressed or elevated for remediation.  For example, the ITAAG determined that current guidance regarding the input of Action Code 501 and 522 is unclear, which causes employees to mark accounts improperly.[24]  Functions also lack efficient processes and communication regarding working cases referred from other functions.

Assistors are not receiving sufficient training to work and resolve identity theft cases

Survey results of 178 assistors showed that almost half of the assistors believe training is not sufficient to provide effective customer service.  In two offices, insufficient training was the leading issue frustrating assistors.  In another office, 29 (48 percent) of 61 assistors indicated that their identity theft training was not sufficient; eight (13 percent) had received no identity theft training. 

Training is inconsistent or nonexistent.  Instructors develop local training based on the Internal Revenue Manual and other documents that they decide to incorporate into their training package.  For example, training material at one office showed training guidelines deviated from the Internal Revenue Manual with respect to the critical timing of the identity theft marker Action Code 501.

When auditors asked assistors questions about identity theft indicators:

·       18 (69 percent) of 26 assistors could not provide a correct answer on when to input Action Code 501.

·       14 (67 percent) of 21 assistors did not know the correct use of Action Code 522. 

·       35 (57 percent) of the 61 assistors could not provide the proper definitions needed to correctly categorize the types of identity theft cases. 

Communications with victims of identity theft is inconsistent and confusing

·       The IRS does not advise taxpayers when it has received their documents substantiating their identity and opened their case.  When taxpayers do not hear from the IRS, they may call again to determine if the IRS has the requested documents and/or if they need to resend them.  In cases reviewed, it appeared that taxpayers sent the documents more than once because they did not hear from the IRS that it received them.

·       Taxpayers are not provided realistic time frames for how long it will take to resolve their cases.  It can take over a year to resolve a taxpayer’s account.  However, when taxpayers contact the IRS to report that a tax return has already been filed using their Social Security Number, assistors are instructed to just advise taxpayers that there will be processing delays while the situation is resolved and they may receive correspondence requesting additional information.  If a time frame is provided, the time frame is usually 90 days, which has not been realistic.  Assistors we surveyed expressed frustration with the time frames they are to use when advising taxpayers on how long it will take to resolve their cases.

·       Taxpayers may be requested to provide documents substantiating their identities more than once.

·       Letters sent to taxpayers are repetitive and contain errors.  Assistors use the Correspondex system to generate letters to taxpayer.[25]  Case reviews showed letters reflecting incorrect tax years, incorrect IRS telephone numbers, typographical errors, and repetitive paragraphs.

·       The IRS sends taxpayers two different letters advising them that their identity theft case is resolved.  Assistors working an identity theft case send a letter to a taxpayer when they have completed actions taken on the case.  A second letter is systemically generated two to 12 weeks later advising the taxpayer again that their case has been resolved.  Neither letter advises when the taxpayer should expect to receive his or her tax refund.

·       Taxpayers often do not speak directly with the assistors who are working their identity theft cases.  They call the IPSU to discuss the status of their case.  However, IPSU assistors do not resolve identity theft cases and have limited information about a taxpayer’s identity theft case.  Taxpayers testifying before Congress stated that they had to talk to multiple IRS employees and were provided conflicting instructions.

·       The IRS’s current structure has provided limited oversight to ensure that identity theft cases are timely and effectively worked.

Identity theft case processing is highly decentralized and coordination and oversight has been limited.  The different systems used by the various functions have prevented accurate tracking and reporting of identity theft workloads and their affect on tax administration.  Because there is no effective way to track and report on identity theft, the IRS has also not been able to determine the quality of customer service provided.

Case processing is dispersed among 16 IRS functions and offices.  Yet the PGLD office within the Operations Support Organization is responsible for driving identity theft policy and processes across the IRS.  It implements new identity protection measures and works closely with the IPSU, but does not: 

The PGLD office oversees the Identity Theft Program but does not work identity theft cases and has no authority over the functions that work and resolve identity theft cases.

·       Oversee the functions and offices that work and resolve identity theft cases.

·       Periodically review the offices and functions or their processes to ensure that policy and procedures are being followed.

The PGLD office’s inability to track and monitor identity theft cases has also hindered its effectiveness.  Offices and functions may be reluctant to share negative data, and the PGLD office cannot pull reports to determine if cases are being timely resolved in all the offices and functions involved in identity theft case processing.  PGLD office officials noted that obtaining accurate and comprehensive statistical data from the functions when no line authority exists has been problematic.

IRS-wide identity theft reports have not been accurate or complete

Identity theft data are captured on 22 different systems throughout the IRS.  These systems are not integrated and data must be manually compiled, hindering the IRS’s capability of producing accurate and reliable identity theft reports. 

·       Not all identity theft cases are counted.

o   Identity theft incidents reported on Forms 3949A, Information Referral, are often not considered when tracking identity theft.  In some instances, taxpayers report identity theft on Forms 3949A and mail them to the IRS Fresno, California, campus.  The Fresno campus office should forward the Forms 3949A to the appropriate office(s).  Tests showed these cases were not all worked and/or considered identity theft cases.

o   Not all identity theft cases are counted because employees are not consistently inputting identity theft indicators on taxpayer accounts. 

·       Not all cases counted are actually identity theft cases.  Cases other than identity theft are reported as identity theft cases when identity theft indicators are input and are not removed after the IRS determines identity theft has not occurred.  From a judgmental sample of 17 unique taxpayer cases, five (29 percent) were not identity theft, but identity theft indicators had not been removed from the accounts. 

As of June 2011, the PGLD office estimated the number of unmarked accounts that should have identity theft indicators in the range of 240,000 to 280,000 cases.

On December 23, 2011, the IRS implemented interim procedures requiring the identity theft indicators be reversed once a case is determined not to be identity theft.  Most indicators are not input to the account until all actions on the case have been taken.  However, Action Code 522 is to be input when the identity theft documentation has been received from the taxpayer. 

The IRS acknowledges that it does not know the exact number of identity theft incidences or the number of taxpayers affected by identity theft.  It also has not been able to quantify the amount of improper payments resulting from identity theft.

Complete identity theft workload data have not been available

Reports on the volume of open identity theft cases, i.e., cases in process, are nonexistent or inaccurate.

There are no reports that capture the total number of identity theft cases open and closed and the status of the open cases.

·       Not all functions and offices have identifiers to track identity theft cases. 

·       Functions and offices working identity theft cases do not accurately track the amount of revenue lost or protected.

·       There are no reports to track the total number of employees working identity theft cases or the amount of time it takes the employees to work and resolve the cases.

·       Cases may be counted more than once. 

The ITAAG determined that it was not possible to identify the overall volume and type of identity cases related to each specific business unit.  It is working with each business unit to identify the current open inventory and the staff needed in each individual specialized unit to work identity theft cases.

Sufficient data have not been collected to properly monitor the quality of assistance provided

The IRS does not administer customer satisfaction surveys to identity theft victims, and the quality review systems used by different IRS functions do not select a sufficient number of identity theft cases to measure the quality of customer service provided to taxpayers who have been affected by identity theft. 

Customer satisfaction surveys are used to develop performance measures that balance customer needs with IRS operational needs.  Taxpayers who receive specific kinds of services from the IRS are asked to rate the service.  Quality reviews of IRS products and services are part of an integrated service-wide system of balanced performance measures that includes Customer Satisfaction, Employee Satisfaction, and Business Results.  

Both customer satisfaction surveys and the National Review Quality System use statistical sampling to gather information on various IRS product lines—generally interactions between IRS employees and taxpayers involving either the telephone or casework.  However, neither focus on identity theft cases and neither include a sufficient number of identity theft cases to measure customer satisfaction or quality. 

ITAAG recommendations address many but not all of the challenges identity theft presents to tax administration and taxpayers

Many of the problems impeding the timely and effective resolution of identity theft cases are caused by the growth of identity theft and the decentralization of the Identity Theft Program throughout the IRS.  The ITAAG addressed many of the problems with the following recommendations:

·       Reorganize to have an Identity Theft Program Specialized Group within each of the business units and/or functions where dedicated employees work the identity theft portion of the case.  

o   Implement a Specialized Group and develop and/or revise processes within each function for referring, receiving, working, monitoring, and closing/adjusting identity theft cases.

o   Develop a training course for employees interacting with identity theft victims and working identity theft cases.

o   Update procedures in various sections of the Internal Revenue Manual. 

·       Strengthen roles and responsibilities of the PGLD office to include, for example:

o   Program reviews of functions and periodic review of Internal Revenue Manual sections to verify consistency and identify breakdowns in processes.

o   Establishing an Identity Theft Executive Steering Committee to provide governance related to identity theft IRS-wide.

o   Tracking and reporting.  This is to be facilitated by the development of a centralized repository to store and retrieve identity theft documentation efficiently.

·       Begin collecting IRS-wide identity theft data to assist in tracking and reporting the affect identity theft has on tax administration.

The IRS reports that it has already begun revising the guidelines and providing training for employees who interact with identity theft victims and work identity theft cases.  It also has determined how many more resources (staffing) are needed by each of the Specialized Groups to work identity theft cases and plans to have them in place by August 2012.  It has established an Identity Theft Steering Committee and has begun developing mechanisms to collect data regarding taxpayer satisfaction and quality reviews.  Finally, in Fiscal Year 2012, the IRS plans to begin collecting IRS-wide identity theft data to be used to oversee the Identity Theft Program and report to stakeholders. 

Additionally, the ITAAG recommended that the IRS revise its current Strategic Plan to include identity theft and provide specific goals and objectives to address issues related to identity theft.  However, there is no one office or one executive accountable for achieving those goals and objectives.  The PGLD office’s role is being strengthened to include governance, oversight, and coordination.  However, identity theft cases will still be dispersed to various IRS business units and functions, each with their own priorities, goals, and objectives.

The above recommendations and planned actions are extensive.  TIGTA will be conducting an audit in Fiscal Year 2013 to evaluate the corrective actions the IRS has taken to improve its Identity Theft Program. 

The IRS needs to reassess how identity theft cases in the Accounts Management function are worked

Although the IRS has far-reaching plans that, when implemented, should improve the Identity Theft Program, it needs to assess the process it currently uses to work cases of victims who cannot file their tax returns because an identity thief has used their stolen identities to file fraudulent tax returns and receive tax refunds.  These cases interfere with the victim’s ability to file tax returns and receive tax refunds.  If cases are not worked effectively, the taxpayer’s tax return is affected in subsequent years and identity thieves are able to continue to defraud the Government.

Cases involving individual duplicate tax returns are worked by the Accounts Management function.  The Internal Revenue Manual states:

The Accounts Management function is responsible for taxpayer relations by answering tax law/account inquiries and adjusting tax accounts.  In addition, it is responsible for providing taxpayers with information on the status of their returns/refunds and for resolving the majority of issues and questions to settle their accounts.  

IRS employees who work in the Accounts Management function are assistors referred to as customer service representatives.  They are trained to communicate with taxpayers and to be knowledgeable of tax law and related IRS operational procedures.  The duties of an assistor are varied.  Many hours are spent working the telephones responding to taxpayer requests as well as working paper cases.  Paper cases include both incoming taxpayer correspondence and internally generated cases—from working changes of taxpayer addresses to making adjustments to taxpayer accounts. 

Accounts Management function assistors are not examiners and are not trained to conduct examinations 

However, identity theft cases, like examination cases, can be complex and present considerable challenges, requiring skills and tools beyond those of assistors.  For example, it may be difficult to determine which taxpayer is the legitimate taxpayer or if the case is actually a case of identity theft.  Cases can be complex, involving multiple years and tax situations.

Case reviews showed that assistors did not conduct in-depth research to identify the legitimate taxpayer.  For example, there were no indications in the case notes that the assistor researched the addresses, filing and employment histories, etc., on the apparent identity thief or taxpayer.  Auditors could not determine the resolution of a number of cases or why the cases were still open.  In most cases, auditors had to reconstruct the cases to determine if all actions had been appropriately taken to resolve them.

Case histories did not include information on the issues of the case (facts gathered) or the actions taken or the conclusions drawn to resolve the case.  Limited case histories prevent anyone, including the assistor assigned to a case, from understanding the taxpayer’s situation and what actions have been taken on a case or still need to be taken to resolve the case.  This increases the need to spend additional time when assistors are pulled away to work other assignments.  This also hinders quality reviewers from determining if the case was resolved timely and appropriately.

Examiners are required to prepare workpapers to:

The Correspondence Imaging System was implemented as an inventory control system, not to track taxpayer correspondence cases or to manage and control complex identity theft cases

·       It does not capture the time the assistor takes to actually work the case; it only tracks the time a case is open on the system.

·       One taxpayer may have multiple identity theft cases open on the Correspondence Imaging System.  When documents are scanned into the system and a case is already open for a taxpayer, the documents should be linked to the open case.  However, this does not always happen in practice.  Instead a new case is opened and assigned to a different assistor, making it difficult (1) for the IRS to track a taxpayer’s cases, (2) to determine how long a case took to be resolved, and (3) to determine how many identity theft cases are actually in process.

Identity theft cases require a considerable number of documents, for example, copies of tax returns or tax account transcripts, the Identity Theft Affidavit, and copies of identifying documents.  This increases the risk that a separate case will be opened. 

Assistors’ training can be revised to include procedures on how to better work identity theft cases and document case histories.  This will ensure cases are worked appropriately.  It will also allow quality reviewers to effectively review identity theft cases worked by Accounts Management function assistors. 

Screening procedures can also be improved to ensure research is completed on a document before scanning it into the Correspondence Imaging System.  Employees do not always screen documents appropriately to determine if they belong to an open case or if a new case should be opened.  This results in multiple cases opened for one taxpayer or one taxpayer’s case or cases being assigned to more than one assistor.

The IRS has dedicated 400 additional employees to the Accounts Management function to work identity theft cases.  However, because of limited resources and the high taxpayer demand for telephone assistance, the IRS plans to continue to have assistors who work identity theft cases also work the telephones on Mondays (and any Tuesday following a Monday holiday). 

This presents a considerable challenge in overcoming the backlog of identity theft cases.  Additionally, if controls the IRS plans to implement in the future do not decrease identity theft incidences and identity thieves continue to prevent taxpayers from filing their tax returns, inventory could remain significant.

The IPSU does not resolve identity cases more quickly or effectively 

Survey results showed that 73 (60 percent) of 121 assistors could not provide callers with the accurate dates on when their identity cases would be resolved.  Not being able to provide callers with clear time frames was a source of significant frustration for the assistors, along with unclear, conflicting information

The IPSU does not resolve identity theft cases.  Instead it monitors victims’ accounts.  It has attempted to coordinate with the 16 different functions to ensure identity theft cases are being effectively worked.  IPSU assistors take telephone calls from taxpayers reporting identity theft or inquiring about their identity theft cases.

To determine the status of an identity theft case, IPSU assistors generally do not contact assistors working the cases to determine the statuses of cases, but instead research the status of cases on IRS systems.  However, the histories of cases are limited, and IPSU assistors cannot determine when the caseworkers will have the time to work or resolve the cases. 

IPSU assistors could issue Form 14103, Identity Theft Assistance Request, to other IRS functions to treat the case as a priority, but generally there is no follow-up to ensure this priority designation is followed, and when assistors need additional time to work the case, the time is automatically extended.  Additionally, the IPSU does not have procedures for what to do if the functions do not respond to an Identity Theft Assistance Request.

The IRS formed the IPSU to reduce taxpayer burden by providing individualized assistance, including a single customer service representative to work with each identity theft victim to answer questions and resolve his or her issues.  In reality, this is not how the IPSU has been working.

The IRS should reassess the role of the IPSU since it is not meeting its original purpose of providing taxpayers with a single assistor to work with each identity theft victim to answer questions and resolve his or her issues.  The new Identity Theft Program needs to ensure that each identity theft victim is provided a contact number for the IRS employee who is working his or her case and who can answer questions and resolve issues. 

Recommendations

Recommendation 1:  The IRS Commissioner should establish accountability for the Identity Theft Program by ensuring all expectations, goals, and objectives for employees, functions, and offices involved are updated to include the Identity Theft Program.

Management’s Response:  IRS management agreed that with the significant increase in identity theft cases in the IRS over the past few years, it is important that the IRS set common goals and expectations for the offices and employees working these cases.  The ITAAG also recognized this need, and the PGLD Office of Identity Protection has incorporated it into the Identity Theft Future State Plan.  Based on this recommendation, the IRS established a governance structure consisting of an Executive Steering Committee and an Advisory Council comprised of operating division senior executives.  This two-tier governance process oversees the implementation of enterprise-wide identity theft initiatives within the IRS organizations, collaborates on identity theft issues or concerns, and assesses overall program delivery.

Concurrently, the IRS anticipates that the IRS’s strategic plan for 20142018 will include and emphasize identity theft-related content.  Once the overall IRS plan is completed and distributed, IRS operating divisions and functions will use it to build their individual plans around the objectives contained in the IRS’s plan.  It is expected that these objectives will then be used to develop individual office work plans as well as commitments for executives, managers, and management officials, thus establishing accountability for the Identity Theft Program from the Commissioner to individual employees responsible for carrying out the Program’s goals.

The Deputy Commissioner for Operations Support should:

Recommendation 2:  Implement a process to ensure that while an identity theft case is being resolved, IRS notices and correspondence are not sent to the address listed on the identity thief’s tax return.  

Management’s Response:  IRS management agreed with this recommendation and is exploring options in this area.  In January 2012, the IRS expanded its identity theft indicator codes that annotate when there is a claim of identity theft.  The IRS developed tracking indicators to mark taxpayer accounts when the identity theft incident is initially alleged or suspected and will explore leveraging this new indicator to suspend certain correspondence.  The IRS is currently establishing specialized groups to process all identity theft cases within each operating division.  Once these groups are established, the IRS will conduct a study to determine the feasibility of expanding notice suspension or suppression to all functions that work identity theft cases.

Recommendation 3:  Conduct an analysis of the letters sent to taxpayers regarding identity theft, including Correspondex letters, to ensure the letters are still relevant, provide sufficient information, and are consistent, clear, and complete.

Management’s Response:  IRS management agreed with this recommendation.  The IRS will review its existing suite of identity theft letters to determine if the information contained therein is accurate and applicable to the taxpayer’s identity theft circumstance.  The IRS will leverage technology to move towards automation to reduce manual processing of identity theft victim notification letters and improve the content and clarity of the notifications to improve communications with taxpayers affected by identity theft.  The IRS has already taken steps in this direction.  In Fiscal Year 2011, the IRS modified and reformatted one of its victim notification letters, making it more user-friendly and in plain language.

Recommendation 4:  Ensure taxpayers are notified when the IRS has received their identifying documents and/or it has opened their identity theft cases.  The notification should provide victims with contact information and a clear understanding of the time frame and process to resolve their cases.

Management’s Response:  IRS management agreed with this recommendation.  The IRS is updating its Internal Revenue Manual to instruct employees to notify taxpayers and acknowledge receipt of their documentation.  The actual implementation dates will vary since in some business units a systemic process will be developed.  As each business function handling identity theft cases develops a plan to establish a specialized group to process all identity theft cases, the IRS will conduct a study to determine the feasibility of developing new processes for taxpayer notification, to include resolution time frames.

Recommendation 5:  Until controls are in place to prevent identity thieves from filing tax returns using others’ identities, create a specialized unit in the Accounts Management function to exclusively work identity theft cases.  These assistors should be provided additional training to include the importance of documenting case actions and histories on the Correspondence Imaging System. 

Management’s Response:  IRS management agreed with the recommendation.  The Accounts Management function currently has specialized units working only identity theft cases throughout the year, except for providing minimal phone assistance during the peak filing season.  Additionally, the Accounts Management function is currently reviewing Correspondence Imaging System case notes for consistency and will provide updated guidance upon completion. 

Recommendation 6:  Ensure all quality review systems used by IRS functions and offices working identity theft cases are revised to select a representative sample of identity theft cases for quality review.  This will allow the IRS to track the quality of the cases and measure its progress in timely and effectively resolving identity theft cases.

Management’s Response:  IRS management agreed with the recommendation.  The IRS previously developed and implemented a suite of key performance measures to assist in determining the effectiveness and efficiency of the Identity Theft Program.  The IRS will create a specific quality review dedicated to identity theft cases.  The IRS is currently working with the Centralized Quality Review System to identify necessary steps to develop a Specialized Product Review Group for identity theft.  The quality review metrics will enable the IRS to develop enhanced performance measures and evaluate the overall quality of identity theft casework.

In Fiscal Year 2012, the IRS began processes to enhance the quality of identity theft casework.  The IRS developed a reporting process to capture and consolidate IRS‑wide identity theft data that tracks and identifies inventory workload.  The IRS will perform compliance reviews of identity theft cases to determine if case actions adhere to policy guidelines.

Recommendation 7:  Revise procedures for the screening process for the Correspondence Imaging System used to control Accounts Management function identity theft cases to ensure accounts are researched before correspondence and documents are scanned into the system.  This will reduce the number of multiple open cases for one taxpayer and improve inventory tracking and will also help limit the number of cases assistors are required to review.

Management’s Response:  IRS management agreed with the need to decrease multiple open cases.  The Accounts Management function is piloting processes associated with research products requiring an upload to the Correspondence Imaging System.  Specifically targeted are the additional requests for returns and transcripts that are often associated with multiple controls.  The IRS anticipates that the processes tested during the pilot will reduce the number of multiple controls.  Additionally, as the identity theft process continues to evolve, case resolution time frames will decrease, leading to a reduction in the number of multiple cases.

Data From Identity Theft Cases Are Not Being Used to Prevent Refund Fraud

The IRS uses little of the data from the identity theft cases worked in the Accounts Management function to identify any commonalities, trends, etc., that could be used to detect or prevent future refund fraud.  This includes, for example:

·       How the tax return was filed—by electronic filing or on paper, using a preparer or software package.

·       The preparer’s name and Preparer Tax Identification Number if prepared by a preparer.

·       The address on the tax return.

·       Income information from applicable Forms W-2, Wage and Income Statement.

·       The amount of the tax refund, whether it was issued, and how it was issued—by paper check, debit card, or direct deposit.

·       The account or debit card number used to issue the tax refund.

A key aspect of the IRS’s redirection of its Identity Theft Program is stepping up outreach to and educating taxpayers so they can prevent and resolve tax-related identity theft issues quickly.  The ITAAG report also recommends developing widespread outreach programs directed at enhancing taxpayer awareness of identity theft tactics, preventative measures, and resolution options.  However, the current systems do not capture the data needed to support these efforts.

After resolving the identity theft case, the information from the identity thief’s tax return is deleted from the legitimate taxpayer’s account and moved to a temporary account.  A special account is created for the identity thief using a temporary IRS Number (IRSN).  However, the account is not flagged as an identity theft account, and IRSNs are used for other purposes.  Therefore, the IRS is unable to determine which accounts were created because of identity theft.

If the IRS could identify IRSN accounts as identity theft accounts, that would allow it to use the information from the tax return to identify patterns and trends among perpetrators of identity theft.  This would assist the IRS in establishing accurate data with respect to revenue lost due to identity theft and in better understanding the “look” of potential identity theft cases.  This information would aid in development of other treatments and approaches to identity theft tax fraud.

Recommendation

Recommendation 8:  The Deputy Commissioner for Operations Support should ensure programming for IRSN processing is adjusted so that IRSNs related to identity theft and associated account data can be tracked and analyzed for trends and patterns.

Management’s Response:  IRS management agreed with the recommendation.  The ITAAG also recommended that the IRS develop a mechanism to pull metrics from IRSNs.  This would enable the IRS to identify account attributes, as well as give them a better estimate of the revenue loss, though not a complete picture. 

The IRS is currently evaluating options for enhancing its ability to track and analyze the fraudulent identity theft information removed from a taxpayer account; however, IRSN enhancement is only one of the options being considered.  The IRS is assessing the viability of these options using factors including impact to the operating divisions and statutory requirements.  Until a universal tracking mechanism can be developed, the IRS is working to develop processes within the specialized groups to collect lost revenue data regarding identity theft using available data and metrics.

Appendix I

 

Detailed Objective, Scope, and Methodology

 

Our overall objective was to evaluate whether the IRS is effectively providing assistance to victims of identity theft.  To accomplish our objective, we:

I.                 Assessed whether the IRS maintains timely and complete identity theft case workload data.

A.    Evaluated how the IRS identifies, categorizes, and tracks identity theft cases.

B.    Determined whether the process the IRS follows for tracking identity theft ensures that all functions and offices that control and work identity theft cases are considered in overall inventory tracking.

II.               Determined reporting requirements related to identity theft.

A.    Obtained and reviewed IRS reports concerning identity theft for the last three years.

B.    Determined how the IRS uses available data to oversee the Identity Theft Program.

III.             Assessed whether the IRS timely and effectively resolves identity theft cases.

A.    Reviewed a judgmental sample of 17 open and closed identity theft cases from a population of 1.36 million.  To select the sample, we identified the taxpayer accounts with Action Codes[27] 501 and 506 and judgmentally selected cases from the Examination and Accounts Management functions.  A judgmental sample was selected because we did not plan to project our sample to the population.

B.    Reviewed the cases to determine if they were timely and effectively resolved.

IV.            Based on the case review results, related any deficiencies with possible training voids in either the quality or completeness of training provided.

A.    Assessed the IRS’s process to ensure complete training is provided to all employees who handle identity theft cases, including those employees who worked the cases in our case review samples.

B.    Reviewed any training surveys and interviewed randomly selected employees to assess whether they believe there is a need for improvements in identity theft training.

V.              Evaluated the IRS’s oversight process for ensuring that identity theft cases are timely and effectively worked.  We identified the performance measures of the Identity Theft Program and how the IRS is using the measures to improve the program.

VI.            Assessed the processes for ensuring that IRS communications with taxpayers provides consistent, accurate guidance on how to report and resolve identity theft and presents the least burden to taxpayers and tax administration.

VII.          Determined whether the IRS is effectively reducing identity theft that affects tax administration to reduce fraudulent tax returns, improve customer service, and reduce taxpayer burden.

VIII.        Determined whether the IRS Identity Theft Program is organizationally configured within IRS operations so that the IRS’s ability to meet program objectives and goals is best ensured.

IX.            Identified any potential or planned changes (e.g., legislative and organizational) that may better position the IRS to assist taxpayers who may have been victims of identity theft.

Internal controls methodology

Internal controls relate to management’s plans, methods, and procedures used to meet their mission, goals, and objectives.  Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations.  They include the systems for measuring, reporting, and monitoring program performance.  We determined the following internal controls were relevant to our audit objective:  the IRS’s internal guidelines used by the functions that process identity theft cases and the management information systems used to control identity theft cases.  We evaluated controls by interviewing management and reviewing policies and procedures.  We also selected and reviewed a judgmental sample of 17 cases.

 

Appendix II

 

Major Contributors to This Report

 

Michael E. McKenney, Assistant Inspector General for Audit (Returns Processing and Account Services)

Augusta R. Cook, Director

Lena Dietles, Audit Manager

Robert Howes, Lead Auditor

Jerry Douglas, Senior Auditor

Tracy Harper, Senior Auditor

Patricia Jackson, Senior Auditor

Kathy Coote, Auditor

Nelva Usher, Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Services and Enforcement  SE

Chief, Criminal Investigation  SE:CI

Chief Financial Officer  OS:CFO

Chief Technology Officer  OS:CTO

Deputy Commissioner, Wage and Investment Division  SE:W

Director, Privacy, Governmental Liaison and Disclosure  OS:P

Director, Compliance, Wage and Investment Division  SE:W:CP

Director, Customer Account Services, Wage and Investment Division  SE:W:CAS

Director, Customer Assistance, Relationships and Education, Wage and Investment Division  SE:W:CAR

Director, Privacy and Information Protection  OS:P:PIP

Director, Strategy and Finance, Wage and Investment Division  SE:W:S

Senior Operations Adviser, Wage and Investment Division  SE:W:S

Director, Accounts Management, Wage and Investment Division  SE:W:CAS:AM

Director, Field Assistance, Wage and Investment Division  SE:W:CAR:FA

Director, Joint Operation Center, Wage and Investment Division  SE:W:CAS:JOC

Chief, Program Evaluation and Improvement, Wage and Investment Division  SE:W:S:PEI

Director, Stakeholder Partnership, Education, and Communication, Wage and Investment Division  SE:W:CAR:SPEC 

Director, Submission Processing, Wage and Investment Division  SE:W:CAS:SP 

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control  OS:CFO:CPIC:IC

Audit Liaison:  Chief, Program Evaluation and Improvement, Wage and Investment Division  SE:W:S:PEI

 

Appendix IV

 

Outcome Measure

 

This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration.  This benefit will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

·          Taxpayer Burden – Potential; 167,619 taxpayers, projected to 838,095 taxpayers over five years (see page 5).

Methodology Used to Measure the Reported Benefit:

The outcome was determined based on the number of taxpayers affected by identity theft in Calendar Year 2011.  These taxpayers would potentially benefit (i.e., from improved customer service) based on one or more of the recommendations contained in this report.  We calculated the taxpayers affected annually based on the PGLD Identity Protection Incident Tracking Statistics Reports as of December 31, 2011.  The annual total was extended for five years, for a total of 838,095 taxpayers expected to be burdened without the recommended corrective actions.

The 167,619 potential taxpayers burdened were calculated using the IRS’s Identity Protection Incident Tracking Statistics Reports reflecting Transaction Code 971, Action Codes 501 and 506.  The IRS determined that 473,433 of the 641,052 taxpayers reflected in the reports as taxpayers affected were not burdened.  These taxpayer accounts may be subject to a fraud scheme and/or the taxpayers may not have a tax return filing requirement.  These taxpayers are not included in the calculation of the 167,619 taxpayers burdened.  In addition, the taxpayers reflecting a Transaction Code 971, Action Code 522, may be duplicated in Transaction Code 971, Action Codes 501 and 506, and thus Action Code 522 counts were not included separately in the volume of taxpayers burdened. 

 

Appendix V

 

Identity Theft Indicators

 

The IRS developed and implemented identity theft indicator codes to centrally mark and track identity theft incidents.  Each indicator is input on affected taxpayers’ accounts using Transaction Code 971 with six different action codes.[28]  The PGLD office currently uses these identity theft indicators to gather IRS-wide identity theft data for reporting taxpayers affected and identity theft incidents.  One indicator, Action Code 522, is input to the taxpayer’s account while the case is open.  The remaining indicators are to be input only after all actions have been taken on an identity theft case. 

Action Code

Description

501

The taxpayer identifies himself or herself as a victim of identity theft.  For example, the taxpayer receives an IRS notice of underreported income.

504

The taxpayer identifies himself or herself as a victim of identity theft.  For example, the taxpayer loses his or her wallet.

505

The IRS identifies a taxpayer whose Personally Identifiable Information was lost or disclosed because of an IRS data loss incident.  For example, the IRS loses a paper case file that contains the taxpayer’s Personally Identifiable Information.

506

The IRS identifies and confirms a taxpayer who is an identity theft victim.  For example, the IRS identifies the taxpayer from a tax refund scheme.

522

This indicator is input by the IRS when the identity theft documentation has been received from the taxpayer.  Action Code 522 was not implemented until Calendar Year 2010.

524

This indicator identifies a locked tax account because the taxpayer does not have a current filing requirement, does not qualify for a refund of withholding or other credits, and does not expect to qualify in the near future.

Source:  IRS Internal Revenue Manual.

 

Appendix VI

 

Number of Identity Theft Incidents and
Taxpayers Affected in Calendar Year 2011 [29]

IRS Function or Office

Number of Taxpayers Affected

Number of Incidents

Appeals Office:  Attempts to resolve tax controversies, without litigation.

68

80

Automated Collection System Program:  Contacts taxpayers by telephone to collect and resolve delinquent tax cases.

811

1,355

Automated Substitute for Return Program:  Enforces filing compliance on taxpayers who have not filed individual income tax returns but owe a significant income tax liability.

3,105

6,721

Accounts Management Function:  Provides assistance to individual taxpayers with tax and account-related inquiries via telephone, correspondence, and e-mail and works to resolve cases of duplicate tax returns. 

69,745

83,043

Accounts Management/Taxpayer Assurance Function:  Utilizes the Electronic Fraud Detection System to screen and verify the accuracy of wages and withholding reported on paper and electronically filed tax returns. 

545,074

967,945

Automated Underreporter Function:  Matches income reported by third parties to income reported on individual tax returns.

42,695

49,146

Compliance Service Collections Operations:  Contacts taxpayers by correspondence to collect and resolve delinquent tax cases.

1,245

3,026

Correspondence Examination Function:  Conducts audits of individual tax returns by mail.

577

606

Criminal Investigation:  Investigates questionable refunds and fraudulent refund schemes.

3,471

3,522

Field Assistance Office:  Provides face-to-face assistance to taxpayers at 401 walk-in offices called Taxpayer Assistance Centers.

2,423

3,099

Field Collection Function:  Collects delinquent taxes and tax returns through the fair and equitable application of tax law.

161

353

Field Examination Function:  Conducts face-to-face audits of tax returns.

43

55

Submission Processing FunctionProcesses tax returns. 

1,467

1,600

Taxpayer Advocate Service:  Assists taxpayers who are experiencing economic harm or seeking help in resolving tax problems that have not been resolved through normal channels.

449

518

OtherIdentity theft which cannot be identified as related to any existing Tax Administration Source types.

4,565

4,565

Total

641,052*

1,125,634

Source:  IRS Identity Protection Incident Tracking Statistics Report.

*An individual taxpayer account may have more than one Action Code 501 and/or 506 incident present.  These codes may have been entered for different tax years and tax administration sources and may have been input by different IRS offices and functions.  Therefore, aggregating or summing the data provided in the Number of Taxpayers Affected column will not yield an accurate total.

 

Appendix VII

 

Assistor Job Titles and Duties

 

Assistors, referred to as IRS customer service representatives, include (but are not limited to) the following named positions:

 

Contact Representative.

Tax Examiner.

 

Individual Taxpayer Advisory Specialist.

Tax Law Specialist.

 

Office Collection Representative.

Tax Specialist.

 

Senior Taxpayer Advisory Specialist.

Tax Technician.

 

Tax Account Representative.

Taxpayer Service Representative.

 

 

 

 

The duties of an assistor include, but are not limited to:

o   Adjusting tax return accounts.

o   Answering tax law questions.

o   Assisting taxpayers directly or by transferring to the appropriate application.

o   Preparing original and substitute returns.

o   Proposing additional assessments.

o   Securing delinquent returns.

o   Resolving delinquent accounts.

o   Responding to correspondence.

o   Providing functional support (i.e., other duties as assigned).

 

Taxpayer inquiries include telephone calls, correspondence, and personal contacts about:

o   Accounts.

o   Notices and letters.

o   Payments.

o   Refunds.

o   Requests for forms, publications, and public use documents.

o   Requests for Installment Agreements and Direct Debit Agreements.

o   Requests for Payroll Deduction Authorizations.

o   Requests for tax account adjustments.

o   Requests for transcripts of accounts and account information.

o   Tax law.

o   Requests for addresses to mail returns, payments, and/or correspondence.

 

Appendix VIII

 

Management’s Response to the Draft Report

 

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON, DC 20224

 

 

 PRIVACY, GOVERNMENTAL

LIAISON AND DISCLOSURE

 

 

April 18, 2012

 

 

MEMORANDUM FOR DEPUTY INSPECTOR GENERAL FOR AUDIT

 

FROM:                            Rebecca Chiaramida /s/ Rebecca Chiaramida

    Director, Privacy, Governmental Liaison and Disclosure

 

SUBJECT:                       Draft Audit Report - Most Taxpayers Whose Identities Have Been Stolen to Commit Refund Fraud Do Not Receive Quality Customer Service (Audit# 201140042)

 

Thank you for the opportunity to respond to the above referenced draft audit report.  As mentioned in the report, identity theft is one of the fastest growing crimes in the United States.  Over the past few years, the IRS has seen a significant increase in refund fraud schemes in general and schemes involving identity theft in particular.  To address this growing problem, we developed a comprehensive identity theft strategy that is focused on both fraud prevention and victim assistance.  In doing so, we are working to ensure future instances of such crimes are minimized and the tax filing issues of innocent victims are resolved quickly and in a courteous manner.

 

The IRS is committed to improving its approaches to preventing fraudulent refund claims.  To that end, we strive to process returns in such a way that potentially false returns are screened out at the earliest possible stage.  Specifically, we developed and implemented new identity theft screening filters to improve our ability to spot false returns before they are processed and before a refund is issued.  We've also expanded our work on several fraud filters which catch not only identity but other fraud and we've accelerated the availability of information returns in order to identify mismatches earlier, further enhancing our ability to spot fraudulent tax returns before they are processed.  In addition to fraud prevention, another key component of our efforts to combat identity theft involves providing victim assistance.  We are working to speed up case resolution, provide more training for our employees who assist victims, and step up outreach to and education of taxpayers so they can prevent and resolve tax-related identity theft issues quickly.  We realize the importance of resolving victims' cases quickly and efficiently so those who are owed refunds can receive them as soon as possible.

 

The IRS has taken a number of steps toward faster resolution of identity theft cases so that honest taxpayers will receive their refunds sooner.  For example:

 

·           increasing resources devoted to both prevention and assistance, more than doubling our staffing in FY 2012 with plans to dedicate additional resources following the filing season;

·           updating and broadening the scope of our training for telephone assistors and other IRS employees who interact with taxpayers and/or work identity theft cases;

·           establishing specialized units in operating divisions with responsibility for working identity theft cases;

·           implementing new procedures and streamlining existing processes, and

·           improving the way we track and report on the status of all identity theft cases

 

In addition to helping identity theft victims resolve problems with their IRS accounts, IRS worked proactively to help ensure these taxpayers do not encounter delays in processing their future returns.  In January 2012, we expanded a pilot program for Identity Protection Personal Identification Numbers (IP PIN). The IP PIN is a unique identifier that establishes a particular taxpayer as the rightful filer of the return and helps avoid delays in their tax return processing.

 

The IRS has also increased outreach initiatives to provide taxpayers with the information they need to prevent tax-related identity theft and, when identity theft does occur, to resolve issues as quickly and efficiently as possible.  We have implemented a far-reaching communications effort through traditional and social media in both English and Spanish.  This effort includes creating a special section on IRS.gov dedicated to identity theft and continually updating our information with emerging trends in identity theft and fraud schemes, phishing sites and prevention strategies.  Additionally, we issued a number of news releases and tax tips throughout filing season to help taxpayers, and we have produced new identity theft awareness videos for the IRS YouTube channel.  We plan to continue this communication effort through the rest of the filing season and beyond.

 

Identity theft and the harm it inflicts on innocent taxpayers is a problem we take very seriously.  While the IRS cannot stop all identity theft, we have made improvements to be better prepared in both fraud prevention and victim assistance.  Identity theft has been designated as a priority in 2012 and every division within the IRS is making identity theft cases a higher priority in their work.  We will continue to review our processes and policies to ensure that we are doing everything possible to minimize the incidence of identity theft and to help those who find themselves victimized by it.  If you have any questions, please contact me at (202) 622-2988 or a member of your staff may contact Tracey Showman, Director, Privacy and Information Protection at (202) 622-8387.

 

Attachment

 

Attachment

 

RECOMMENDATION 1The IRS Commissioner should establish accountability for the Identity Theft Program by ensuring all expectations, goals, and objectives for employees, functions, and offices involved are updated to include the Identity Theft Program.

 

CORRECTIVE ACTIONWe agree that with the significant increase in identity theft cases in the IRS over the past few years it is important that the IRS set common goals and expectations for the offices and employees working these cases.  The Identity Theft Assessment and Action Group also recognized this need and Privacy, Governmental Liaison and Disclosure's Office of Identity

Protection has incorporated it into its Identity Theft Future State Plan.1  Based on this recommendation, we established a governance structure consisting of an Executive Steering Committee and an Advisory Council, comprised of operating division senior executives.  This two-tier governance process oversees the implementation of enterprise-wide identity theft initiatives within IRS organizations, collaborates on identity theft issues or concerns, and assesses overall program delivery.

 

Concurrently, we anticipate that the IRS strategic plan for 2014-2018 will include and emphasize identity theft-related content.  Once the overall IRS plan is completed and distributed, IRS operating divisions and functions will use it to build their individual plans around the objectives contained in the IRS's plan.  It is expected that these objectives will then be used to develop individual office work plans as well as commitments for executives, managers, and management officials thus establishing accountability for the Identity Theft Program from the Commissioner to individual employees responsible for carrying out the program's goals.

 

IMPLEMENTATION DATEImplemented

 

RESPONSIBLE OFFICIAL:  N/A

 

CORRECTIVE ACTION MONITORING PLANN/A

 

1 Office of Privacy, Governmental Liaison and Disclosure Identity Theft Program Future State, Objective 5.4 Review the Overall IRS Strategic Plan and Take Action to Include Identity Theft.

 

RECOMMENDATION 2Implement a process to ensure that while an identity theft case is being resolved, IRS notices and correspondence are not sent to the address listed on the identity thief's tax return.

 

CORRECTIVE ACTIONThe IRS agrees with this recommendation and is exploring options in this area.  In January 2012, the IRS expanded its identity theft indicator codes that annotate when there is a claim of identity theft.  We developed tracking indicators to mark taxpayer accounts when the identity theft incident is initially alleged or suspected.  IRS will explore leveraging this new indicator to suspend certain correspondence.  The IRS is currently establishing specialized groups to process all identity theft cases within each operating division.  Once these groups are established, we will conduct a study to determine the feasibility of expanding notice suspension or suppression to all functions that work identity theft cases.

 

IMPLEMENTATION DATESeptember 15, 2013

 

RESPONSIBLE OFFICIALDirector, Privacy, Governmental Liaison and Disclosure

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

RECOMMENDATION 3: Conduct an analysis of the letters sent to taxpayers regarding identity theft, including Correspondex letters, to ensure the letters are still relevant, provide sufficient information, and are consistent, clear, and complete.

 

CORRECTIVE ACTIONThe IRS agrees with this recommendation.  IRS will review its existing suite of identity theft letters to determine if the information contained therein is accurate and applicable to the taxpayer's identity theft circumstance.  We will leverage technology to move towards automation to reduce manual processing of identity theft victim notification letters and improve the content and clarity of the notifications to improve communications with taxpayers impacted by identity theft.  We have already taken steps in this direction.  In 2011, we modified and re-formatted one of our victim notification letters making it more user-friendly and in plain language.

 

IMPLEMENTATION DATEOctober 15, 2012

 

RESPONSIBLE OFFICIALDirector, Privacy, Governmental Liaison and Disclosure

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

RECOMMENDATION 4Ensure taxpayers are notified when the IRS has received their identifying documents and/or it has opened their identity theft cases.  The notification should provide victims with contact information and a clear understanding of the timeframe and process to resolve their cases.

 

CORRECTIVE ACTIONThe IRS agrees with this recommendation.  We are updating our Internal Revenue Manual 10.5.3 procedures to instruct employees to notify the taxpayer and acknowledge receipt of their documentation.  The actual implementation dates will vary since in some business units a systemic process will be developed to notify taxpayers.  As each business function handling identity theft cases develops a plan to establish a specialized group to process all identity theft cases, we will conduct a study to determine the feasibility of developing new processes for taxpayer notification, to include resolution timeframes.

 

IMPLEMENTATION DATESeptember 15, 2013

 

RESPONSIBLE OFFICIALSDirector, Privacy, Governmental Liaison and Disclosure

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

RECOMMENDATION 5Until controls are in place to prevent identity thieves from filing tax returns using others' identities, create a specialized unit in the Accounts Management function to exclusively work identity theft cases.  These assistors should be provided additional training to include the importance of documenting case actions and histories on the Correspondence Imaging System.

 

CORRECTIVE ACTIONThe IRS agrees with this recommendation.  The Accounts Management function currently has specialized units working only identity theft cases throughout the year, except for providing minimal phone assistance during the peak filing season.  Additionally, Accounts Management is currently reviewing Correspondence Imaging System (CIS) case notes for consistency and will provide updated guidance upon completion.

 

IMPLEMENTATION DATE: March 15, 2013

 

RESPONSIBLE OFFICIALSDirector, Accounts Management, Wage and Investment Division

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

RECOMMENDATION 6Ensure all quality review systems used by IRS functions and offices working identity theft cases are revised to select a representative sample of identity theft cases for quality review.  This will allow the IRS to track the quality of the cases and measure its progress in timely and effectively resolving identity theft cases.

 

CORRECTIVE ACTIONThe IRS agrees that its quality review system should incorporate a representative sample of identity theft cases.  The IRS previously developed and implemented a suite of key performance measures to assist in determining the effectiveness and efficiency of the Identity Theft Program.  We will create a specific quality review dedicated to identity theft cases.  We are currently working with Centralized Quality Review System to identify necessary steps to develop a Specialized Product Review Group for identity theft.  The quality review metrics will enable IRS to develop enhanced performance measures and evaluate the overall quality of identity theft casework.

 

In 2012, we began processes to enhance the quality of identity theft casework.  We developed a reporting process that captures and consolidates Servicewide identity theft data that tracks and identifies inventory workload.  We will perform compliance reviews of identity theft cases to determine if case actions adhere to policy guidelines.

 

IMPLEMENTATION DATEJuly 15, 2013

 

RESPONSIBLE OFFICIALS: Director, Privacy, Governmental Liaison and Disclosure

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

RECOMMENDATION 7Revise procedures for the screening process for the Correspondence Imaging System used to control Accounts Management function identity theft cases to ensure accounts are researched before correspondence and documents are scanned into the system.  This will reduce the number of multiple open cases for one taxpayer and improve inventory tracking and will also help limit the number of cases assistors are required to review.

 

CORRECTIVE ACTIONThe IRS agrees with the need to decrease multiple open cases.  Accounts Management is piloting processes associated with research products requiring an upload to CIS.  Specifically targeted are the additional requests for returns and transcripts that are often associated with multiple controls.  We anticipate that the processes tested during the pilot will reduce the number of multiple controls.  Additionally, as the identity theft process continues to evolve, case resolution timeframes will decrease, leading to a natural reduction in the number of multiple cases.

 

IMPLEMENTATION DATEOctober 15, 2012

 

RESPONSIBLE OFFICIALSDirector, Accounts Management, Wage and Investment Division

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

RECOMMENDATION 8The Commissioner, Operations Support, should ensure programming for IRSN processing is adjusted so that IRSNs related to identity theft and associated account data can be tracked and analyzed for trends and patterns.

 

CORRECTIVE ACTIONThe IRS agrees that IRS Numbers (IRSN) created because of identity theft should be readily identifiable for account attribute analysis.  The Identity Theft Assessment and Action Group also recommended that IRS develop a mechanism to pull metrics from IRSNs.  This would enable IRS to identify account attributes, as well as give us a better estimate of the revenue loss though not a complete picture.

 

We are currently evaluating options for enhancing our ability to track and analyze the fraudulent identity theft information removed from a taxpayer's account; however, IRSN enhancement is only one of the options being considered.  We are assessing the viability of these options using several factors, including impact to the operating divisions and statutory requirements.  Until a universal tracking mechanism can be developed, we are working to develop processes within the specialized groups to collect lost revenue data regarding identity theft using available data and metrics.

 

IMPLEMENTATION DATEJanuary 15, 2013

 

RESPONSIBLE OFFICIALS: Director, Privacy, Governmental Liaison and Disclosure

 

CORRECTIVE ACTION MONITORING PLANEstablish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.



[1] A 12-consecutive-month period ending on the last day of any month, except December.  The Federal Government’s Fiscal Year begins on October 1 and ends on September 30.

[2] Federal Trade Commission, Consumer Sentinel Network Data Book (March 2011).

[3] TIGTA, Ref. No. 2005-40-106, A Corporate Strategy Is Key to Addressing the Growing Challenge of Identity Theft (July 2005).

[4] TIGTA, Ref. No. 2008-40-086, Outreach Has Improved, but More Action Is Needed to Effectively Address Employment-Related and Tax Fraud Identity Theft (March 25, 2008). 

[5] The IRS uses transaction codes to identify a transaction being processed and to maintain a history of actions posted to a taxpayer’s account on the IRS’s main computer system.  Action codes are used with certain transaction codes to place indicators on taxpayers’ accounts.  

[6] See Appendix V for a list of identity theft indicators with their descriptions.

[7] See Appendix VI for a list of identity theft incidents by IRS function or office and the number of taxpayers affected.

[8] The number of incidents of identity theft is higher than the number of taxpayers because a taxpayer can have more than one incident of identity theft.

[9] The taxpayers with accounts reflecting a Transaction Code 971, Action Code 522, may be duplicated in accounts reflecting Transaction Code 971, Action Codes 501 and 506; therefore, Action Code 522 counts were not included in calculating the total volume of incidents and taxpayers affected.

[10] A 12-consecutive-month period ending on the last day of any month, except December.  The Federal Government’s fiscal year begins on October 1 and ends on September 30.

[11] Campuses are the data processing arm of the IRS.  They process paper and electronic submissions, correct errors, and forward data to the Computing Centers for analysis and posting to taxpayer accounts.

[12] A judgmental sample is a nonstatistical sample, the results of which cannot be used to project to the population.

[13] The 167,619 potential taxpayers burdened were calculated using the IRS’s Identity Protection Incident Tracking Statistics Reports reflecting Transaction Code 971, Action Codes 501 and 506.  The IRS determined that 473,433 of the 641,052 taxpayers reflected in the reports as taxpayers affected were not burdened.  These taxpayer accounts may be subject to a fraud scheme and/or the taxpayers may not have a tax return filing requirement.  These taxpayers are not included in the calculation of the 167,619 taxpayers burdened.  In addition, the taxpayers reflecting a Transaction Code 971, Action Code 522, may be duplicated in Transaction Code 971, Action Codes 501 and 506, and thus Action Code 522 counts were not included separately in the volume of taxpayers burdened.  These figures also do not include the Accounts Management Taxpayer Assurance taxpayers affected.

[14] The paper tax return with all attachments is sent to the Files unit, which is a repository where paper tax returns and related documents are stored.

[15] The filing season is the period from January to April 15 when most individual taxpayers file their tax returns.

[16] There are no procedures requiring that a tax return be set aside until the filing season is over.  Cases are to be worked when resources become available.

[17] Even though a tax return is fraudulent, the IRS retains a record of the tax return by creating a tax account under a tax identification number that the IRS creates.  The identity thief’s tax return is subsequently posted to this account.

[18] IRS, IRS Identity Theft Program Future State Report (August 11, 2011).

[19] Some taxpayers had multiple cases open involving more than one tax year.

[20] The Accounts Management function in the Wage and Investment Division provides assistance to individual taxpayers with tax and account-related inquiries via telephone, correspondence, and e-mail.

[21] See Appendix VII for assistor job titles and duties.

[22] One staff year is approximately 2,080 hours.

[23] Three different but similar surveys of 178 assistors in five IRS offices involved in working identity theft issues were conducted.  The survey results include interviews with assistors and one formal survey conducted by the IRS.  Not all assistors were asked the same questions and not all assistors responded to all questions.

[24] See Appendix V for a list of identity theft indicators with their descriptions.

[25] The Correspondex System provides over 400 letters to fit specific situations, one of which is identity theft.  The letters give IRS assistors the flexibility to choose from up to 73 selective paragraphs and create numerous “fill-ins” to communicate information to taxpayers. 

[26] A four-digit code that denotes the type or source of an adjustment or correspondence case.

[27] The IRS uses transaction codes to identify a transaction being processed and to maintain a history of actions posted to a taxpayer’s account on the IRS’s main computer system.  Action codes are used with certain transaction codes to place indicators on taxpayers’ accounts.  

[28] The IRS uses transaction codes to identify a transaction being processed and to maintain a history of actions posted to a taxpayer’s account on the IRS’s main computer system.  Action codes are used with certain transaction codes to place indicators on taxpayers’ accounts.  

[29] As of November 26, 2011.