TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

Vendors Had Millions of Dollars of Federal Tax Debt

 

 

 

September 25, 2013

 

Reference Number:  2013-10-116

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

Redaction Legend:

1 = Tax Return/Return Information

 

 

Phone Number  /  202-622-6500

E-mail Address /  TIGTACommunications@tigta.treas.gov

Website           /  http://www.treasury.gov/tigta

 

 

 

HIGHLIGHTS

Vendors had Millions of Dollars of Federal Tax Debt

Highlights

Final Report issued on
September 25, 2013

Highlights of Reference Number:  2013-10-116 to the Internal Revenue Service Deputy Commissioner for Operations Support.

IMPACT ON TAXPAYERS

Federal law prohibits covered agencies from using Fiscal Year 2012 appropriated funds to enter into a contract or certain transactions with an entity that has an unpaid Federal tax liability unless the suspension and debarment official has considered suspending or debarring the corporation and determines that further action to protect the interests of the Government is not required.  TIGTA found that IRS contract and nonprocurement vendors had millions of dollars of unpaid Federal taxes.  When the IRS conducts business with vendors that do not comply with Federal tax laws, it conveys a contradictory message in relation to its mission to ensure compliance with the tax laws.

WHY TIGTA DID THE AUDIT

The overall objective of this review was to determine whether the IRS had adequate controls over the integrity and validity of vendors receiving payments from the IRS.  TIGTA’s review focused on vendor tax compliance, suspension, and debarment and on controls over the Vendor Master File.

WHAT TIGTA FOUND

The vast majority of vendors that conduct business with the IRS meet their Federal tax obligations.  However, TIGTA found that 1,168 (7 percent) IRS vendors had a combined $589 million of Federal tax debt, of which $587 million associated with 1,118 vendors was not part of a current payment plan as of July 2, 2012.  ********************************1************************************************************* ************************************************1******************************************************************************************************1*********************************************************.  

TIGTA previously recommended that the IRS establish procedures requiring an annual tax check for all IRS contractors.  The IRS disagreed with this recommendation and did not implement it.  TIGTA continues to believe that the IRS should establish procedures requiring periodic (annual) tax compliance checks for all contractors.  Because TIGTA has already recommended expanded tax checks for IRS contractors, no additional recommendations regarding IRS vendor tax compliance are being made at this time.

The IRS had controls in place to prevent suspended and debarred vendors from receiving IRS contracts.  These controls generally appeared effective.  However, TIGTA found that the IRS improperly awarded four new contracts or exercised additional option years on existing contracts, valued at $2.6 million, to three vendors that were excluded (suspended) from doing business with the Federal Government.  

Further, the overall control environment over the IRS Vendor Master File could be improved.  There was insufficient oversight and a lack of monitoring over vendor file operation and maintenance. 

WHAT TIGTA RECOMMENDED

TIGTA recommended that the IRS determine why its searches did not identify the suspended vendors within the Excluded Parties List System.  In addition, TIGTA made several recommendations to improve controls over IRS Vendor Master File maintenance and operation.

In their response, IRS management agreed with all of our recommendations and plans to take corrective actions.

 

 

September 25, 2013

 

 

MEMORANDUM FOR DEPUTY COMMISSIONER FOR OPERATIONS SUPPORT

 

FROM:                       Michael E. McKenney /s/ Michael E. McKenney

Acting Deputy Inspector General for Audit

 

SUBJECT:                  Final Audit Report – Vendors Had Millions of Dollars of Federal Tax Debt (Audit # 201210028)

 

This report presents the results of our review to determine whether the Internal Revenue Service (IRS) had adequate controls over the integrity and validity of the vendors receiving payments from the IRS.  This review was conducted as part of the Treasury Inspector General for Tax Administration’s Fiscal Year 2013 Annual Audit Plan and addresses the major management challenge of Fraudulent Claims and Improper Payments.

Management’s complete response to the draft report is included as Appendix V.

Copies of this report are also being sent to the IRS managers affected by the report recommendations.  If you have any questions, please contact me or Gregory D. Kutz, Assistant Inspector General for Audit (Management Services and Exempt Organizations).

 

 

Table of Contents

 

Background

Results of Review

Vendor Integrity Controls Could Be Improved

Recommendation 1:

Improved Controls Over Vendor Master File Operations and Maintenance Are Needed

Recommendations 2 through 4:

Appendices

Appendix I – Detailed Objective, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measures

Appendix V – Management’s Response to the Draft Report

 

 

Abbreviations

 

CCR

CFO

Central Contractor Registration

Chief Financial Officer

EPLS

Excluded Parties List System

FAR

Federal Acquisition Regulation

FISCAM

Federal Information System Controls Audit Manual

GAO

Government Accountability Office

IFS

Integrated Financial System

IPS

Integrated Procurement System

IRS

Internal Revenue Service

TIGTA

Treasury Inspector General for Tax Administration

TIN

Taxpayer Identification Number

VMF

Vendor Master File

WebIPS

Web-Integrated Procurement System

 

 

 

 

Background

 

Prior to Fiscal Year 2012, Federal law did not explicitly address a prohibition against the awarding of contracts to entities solely because they owed Federal taxes.[1]  The Consolidated Appropriations Act of 2012[2] prohibited covered agencies from using Fiscal Year 2012 appropriated funds to enter into a contract with an entity that has an unpaid Federal tax liability[3]  or Federal felony conviction unless the suspension and debarment official has considered suspending or debarring the corporation and determines that further action to protect the interests of the Government is not required.  The Department of the Treasury and Internal Revenue Service (IRS) guidance also requires its contracting officers to complete checks for tax indebtedness as part of determination of contractor responsibility prior to contract award.  However, the IRS does not continuously monitor the tax compliance of the contractors after award.  In addition, the IRS does not make a specific, independent determination if nonprocurement vendors have adequate financial resources and a satisfactory record of integrity and business ethics or unpaid tax debts, and, therefore, the IRS does not complete tax compliance checks on any nonprocurement [4] vendors.  Prior Treasury Inspector General for Tax Administration (TIGTA) audits found that IRS contracting employees awarded contracts without completing required tax checks and financial capability surveys, and the IRS did not have an effective process to ensure that contracting officers’ determinations of present responsibility are adequately documented.[5]

According to the Federal Acquisition Regulation (FAR),[6] a responsible prospective contractor is a contractor that meets certain specific criteria, including having adequate financial resources and a satisfactory record of integrity and business ethics.  The FAR[7] also requires prospective contractors to be “otherwise qualified and eligible”—which includes other provisions of law specifying when contractors are disqualified, ineligible, or excluded from receiving contract awards. 

Before awarding contracts or making purchases, contracting officers and other agency officials are required to determine that a bidder is registered in the Central Contractor Registration (CCR) database, an online representations and certifications system, and the Excluded Parties List System (EPLS), an online database managed by the General Services Administration that identifies those parties excluded from receiving Federal contracts, certain subcontracts, and certain types of Federal financial and nonfinancial assistance and benefits.[8]  Because the CCR database is primarily a self-certification system with limited independent verification, registration in the CCR does not guarantee vendor integrity.  A party (an individual or business entity) can be excluded for a variety of reasons, including serious failure to perform to the terms of a contract or conviction of or indictment for a criminal or civil offense.  Such an exclusion can be for a temporary period pending completion of an investigation or legal proceeding (referred to as a suspension) or for up to three years once the Government has completed the investigation or legal proceeding (referred to as a debarment).  Generally, excluded parties may complete their performance on preexisting contracts.  However, agencies are required to check the EPLS prior to making any modifications that add new work or extend the period of performance on an existing contract.  Vendors listed in the EPLS are not qualified for contract changes of this nature unless a waiver is granted by the head of the agency.

The Government Accountability Office (GAO) and the TIGTA have reported that thousands of contractors abuse[9] the Federal tax system.[10]  Legislation currently pending before Congress would prohibit an agency from awarding a contract or grant in excess of the simplified acquisition dollar threshold ($150,000) unless the prospective contractor or grantee certifies in writing that it has no seriously delinquent tax debts.[11]  While the FAR[12] requires contractors to certify to the Government that they are not delinquent on their taxes, the Contracting and Tax Accountability Act of 2013 would codify that regulation and intends to provide agencies with a means to verify a contractor’s certification.

In 1997, Congress amended the tax code[13] and authorized the IRS to levy specified Federal Government payments through the Federal Payment Levy Program.  The Federal Payment Levy Program is an automated process that issues tax levies to collect delinquent Federal taxes through the Financial Management Service from Social Security, Federal agency salaries, retirement, and contract awards.  The IRS implemented the Federal Payment Levy Program in Fiscal Year 2000.  When contracting officers properly complete checks to identify tax indebtedness as part of the determination of contractor responsibility prior to contract award and notify the IRS Collections function of any incidences of contractor tax debt, the Federal Payment Levy process can be applied where appropriate.

The IRS maintains a file of all unpaid assessments.  These unpaid assessments are legally enforceable claims against taxpayers and consist of taxes, penalties, and interest that have not been collected or abated.  For the purposes of this report, we refer to these unpaid assessments as Federal tax debt.  Federal tax debts are generally incurred when a taxpayer files a tax return without full payment, an IRS audit identifies additional amounts owed, or the IRS makes adjustments to correct inaccuracies on a return.  In addition, Federal tax debts can be identified as part of IRS enforcement programs.  IRS enforcement programs generally identify taxpayers who fail to:  file or timely file required Federal returns, accurately report their taxes, or voluntarily pay the amount of taxes due.  The IRS classifies its total Federal tax debt inventory into the following four categories:

Under Federal accounting standards, Federal tax debt requires taxpayer or court agreement to be considered Federal taxes receivable.  Because of this distinction, when we refer to Federal tax debts in this report, we are referring to only those debts that have taxpayer or court agreement and are classified by the IRS as taxes receivable or write-offs.  Compliance assessments and memo accounts are not considered Federal taxes receivable because they are not agreed to by the taxpayers or imposed by a court.  We have chosen to rely on these four classification categories as the most accurate indicator available for determining whether a taxpayer agreed to the unpaid assessment.

The IRS Vendor Master File (VMF) contains information about vendors that enables them to engage in contracts, purchase orders, and other noncontract acquisition methods for the purpose of providing goods and services to the IRS and receiving payment for goods and services delivered.  The VMF includes the following three categories of vendors:

·       CCR-registered vendors – Vendors that are required by regulation to be registered in the CCR database prior to award of Federal government contracts, basic agreements, basic ordering agreements, or blanket purchase agreements.  CCR-registered vendors are required to update key information in their CCR profile annually.  If a vendor has not updated its profile within a one‑year period (365 consecutive days), then the vendor becomes “inactive.”  The IRS requires a tax check on CCR-registered vendors prior to award and cannot award new contracts to inactive CCR-registered vendors.

·       CCR-exempt vendors – Vendors that are not required to register in the CCR because a specific contract award meets one of the exceptions in FAR 4.1102(a) and IRS Policy & Procedures Memorandum No. 4.11, Central Contractor Registration (CCR), identified by the Office of Procurement.  CCR exceptions include but are not limited to:  (1) Governmentwide Purchase cards; (2) classified contracts; (3) military or emergency operations; (4) unusual or compelling needs; (5) foreign vendors outside the United States; and (6) micropurchases without an electronic funds transfer.  These vendors are manually entered into the VMF by the IRS.  Like CCR-registered vendors, the IRS requires a tax check on CCR-exempt vendors prior to award and cannot award new contracts to inactive CCR-exempt vendors.  However, unlike CCR-registered vendors, information about CCR-exempt vendors is not required to be reviewed and updated annually.

·       Nonprocurement vendors – Vendors that are doing business with the IRS via a method other than contract, basic agreement, basic ordering agreement, or blanket purchase agreement who are not legally required to register in the CCR database identified by the Office of the Chief Financial Officer (CFO) at Beckley Finance Center.  Like CCR‑exempt vendors, these vendors are also manually entered into the VMF by the IRS and, although a basic check on the validity of the Taxpayer Identification Number (TIN)[14] is performed, information about nonprocurement vendors is not required to be reviewed and updated annually.

The 16,907 vendors that conducted business with the IRS during our audit period were comprised of vendors from all three categories.  Between October 2010 and June 2012, the IRS made 728,507 payments totaling $3.2 billion to the 16,907 vendors for goods and services.  As contractors, both CCR-registered and CCR-exempt vendors are generally subject to the FAR and other established procurement guidelines and contracting requirements.  In contrast, nonprocurement vendors are not subject to these requirements because their goods or services are not obtained using contract acquisition methods.  Specifically, the IRS does not make a separate, independent determination that nonprocurement vendors have adequate financial resources and a satisfactory record of integrity and business ethics, or if nonprocurement vendors have unpaid tax debt.

The IRS’s VMF is maintained within the Integrated Procurement System (IPS), a procurement system used to track obligations, create solicitations and awards, maintain vendor files, and generate reports.  The IPS interfaces, or connects electronically, to allow the sharing of information, with the CCR database in order to obtain procurement vendor information.  As previously mentioned, the CCR is the required point of registration for contractors wishing to do business with the Federal government.  The interface between the CCR and the VMF limits manual input and changes to CCR vendor information made by IRS employees.  The VMF is also used in key aspects of the IRS purchase and payment process such as awarding procurements, recording receipt and acceptance, and initializing payment processing by the Integrated Financial System (IFS).  The IFS is the IRS’s administrative accounting system that facilitates core financial management activities.[15]  Figure 1 shows the relationship between these various IRS systems.

Figure 1: IRS Vendor Maintenance Systems

System for Award Management – formerly the CCR Database

IPS – formerly the Web-Integrated Procurement System (WebIPS)

IFS

Source:  Our interpretation based on review of internal IRS notices related to the referenced systems and discussions with Office of Procurement and Office of the CFO Beckley Finance Center managers.

 

We analyzed data and information obtained from the IRS National Headquarters in the Agency‑Wide Shared Services’ Offices of Procurement, Procurement Policy, and E-Procurement in Washington, D.C., and Oxon Hill, Maryland, and in the Office of the CFO at the Beckley Finance Center located in Beckley, West Virginia, during the period September 2012 through June 2013.  We reviewed and tested selected controls over the IRS VMF to determine if they were adequate to validate the existence and integrity of the vendors receiving payment from the IRS during this period.  We did not determine whether IRS contracting officials performed tax checks prior to award or referred any instances of noncompliance for consideration for suspension or debarment, and we did not examine the effectiveness of the Federal Payment Levy Program as part of this review.  However, a follow-up audit to review the IRS’s compliance with the requirements of the Consolidated Appropriations Act of 2012 is planned. 

We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.  Detailed information on our audit objective, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

Results of Review

 

Vendor Integrity Controls Could Be Improved

The vast majority of vendors that conduct business with the IRS meet their Federal tax obligations.  However, we found that the IRS made payments to vendors with millions of dollars of Federal tax debt and to three vendors that had been excluded (suspended) from doing business with the Federal Government.  Ensuring the validity and integrity of vendors is a key element of preventing fraud and abuse.  During our audit period, the IRS made millions of dollars[16] of payments to 1,168 vendors that collectively had $589 million in agreed-to Federal tax debt, of which $587 million was not part of a current payment plan as of July 2, 2012.[17]  ****1**** *********************************1******************************************************************************1************************************ *************1*********.[18]  Although controls were in place and generally effective, the IRS awarded four new contracts or made contract modifications to existing contracts to exercise an additional option year totaling $2.6 million to three vendors that were excluded (suspended) from doing business with the Federal Government.

Vendors had Millions of Dollars of Federal tax debt

Of the 16,907 vendors that received payments from the IRS during our audit period, we found that 1,168 vendors (7 percent) had $589 million in agreed-to Federal tax debt as of July 2, 2012.  These 1,168 vendors received approximately $741 million in payments from the IRS between October 1, 2010, and June 30, 2012.  Figure 2 shows the distribution of total Federal tax debt by the size of the various debts.

Figure 2:  Size of Federal Tax Debt of Vendors by TIN

Figure 2 was removed due to its size.  To see Figure 2, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Source:  Our analysis of the IRS unpaid assessment file.[19]

Of these 1,168, as of July 2, 2012, only 50 vendors with Federal tax debt totaling over $2 million were on a current payment plan to address their tax debt.[20]  The IRS considers a taxpaying entity to be tax compliant if the entity is on a current, valid payment plan for Federal taxes due.  Of the 1,168 vendors, 1,118 vendors (96 percent) with Federal tax debt totaling over $587 million were not on current payment plans and were therefore delinquent as of July 2, 2012.[21]  ***1**** *************************************1*****************************************************************************1****** ***************************************1******.  Of the 1,118 vendors not on a payment plan, only 144 were CCR-registered vendors; the remaining 974 were CCR-exempt or nonprocurement vendors.  CCR-registered vendors with unpaid taxes not on a payment plan received $471 million, while CCR-exempt and nonprocurement vendors with unpaid taxes not on a payment plan received $263 million from the IRS.[22]

The 1,118 vendors with Federal tax debt that were not on a payment plan had delinquent Federal tax debts ranging from just over $100 to $525 million.[23]  As of July 2, 2012, the length of time that this delinquent Federal tax debt remained outstanding ranged from seven days to four or more calendar years since the date the Federal tax debt was assessed.  Figure 3 shows the distribution of total delinquent Federal tax debt by the length of time outstanding.

Figure 3:  Details on the Period of Delinquency for IRS Vendors
Not in a Payment Plan

Length of Time Since the Delinquent Federal Tax Debt Was Initially Assessed

Total Assessment (in millions)

Total Number of Vendor TINs

180 days or less

$16

434

181 days to less than 1 calendar year

$546

115

1 calendar year to less than 2 calendar years

$12

144

2 calendar years to less than 3 calendar years

$2

44

3 calendar years to less than 4 calendar years

$1

26

4 calendar years or more

$10

58

Total

$587

821

Source:  Our analysis of the IRS unpaid assessment file.[24]

We determined that the types of tax liability included corporate and unemployment taxes, payroll and withholding taxes, individual income taxes, and miscellaneous civil penalties.  As of July 2, 2012, the 50 vendors with the most Federal tax debt outstanding owed $572 million collectively to the IRS, of which $570 million was not part of a payment plan.  These 50 vendors received approximately $125 million in payments from the IRS.

·       36 (72 percent) were CCR-exempt or nonprocurement vendors.

·       14 (28 percent) were CCR-registered vendors.  However, CCR-registered vendors received 98 percent of the $125 million in payments and were therefore paid more overall than CCR-exempt and nonprocurement vendors combined.

We further researched the tax histories of the 50 vendors with the most Federal tax debt outstanding and found that:[25]

·       *******************1********************************.

·       ***********1*****************.

·       8 vendors had current liens in place.

·       4 vendors had gone out of business as of April 2013.

·       3 vendors had delinquent tax liabilities that had been written off by the IRS as no longer collectable.

·       14 vendors had been referred for tax examination.

·       26 vendors were currently being audited by the IRS.

·       *******************************1*********************************************1********.[26]

·       5 vendors had been assessed penalties related to tax filing inaccuracies for which they were fined up to 40 percent of the amount they underreported to the IRS.

·       9 vendors had been fined for failing to timely file a return.

The IRS stated that it sometimes does not have a choice in the vendors it must do business with.  For instance, the IRS told us that it routinely issues summons to specific financial intuitions for a particular taxpayer to obtain records as part of its tax administration processes and must pay a fee for obtaining these records.  The IRS stated that it must also pay filing fees to State and county governments in order to file tax liens.  Thus, even if these entities have unpaid tax debt, the IRS must still use their services.  According to the IRS, 863 vendors (77 percent) of the 1,118 vendors not on current payment plans with Federal tax debt totaling over $587 million provided these types of services to the IRS.  The remaining 255 vendors had $548 million in delinquent tax debt.[27]  ******************1******************* *************************************1****************************************************************1***********.[28]

Numerous entities, including Congress, the Civilian Agency Acquisition Counsel, the Defense Acquisition Regulations Council, and the GAO have acknowledged the importance of delinquent tax debts in the consideration of contract awards.  However, the IRS does not make a separate, independent determination whether nonprocurement vendors have adequate financial resources and a satisfactory record of integrity and business ethics, or unpaid tax debts, and therefore does not complete any tax compliance checks on nonprocurement vendors.  Enhancement of vendor requirements to pay their taxes could increase vendor tax compliance, thereby increasing Federal revenue.  Perhaps of greater significance is the negative perception that is created when the IRS conducts business with vendors that do not comply with Federal tax laws.  TIGTA previously recommended that the IRS establish procedures requiring an annual tax check for all IRS contractorsIRS management disagreed with this recommendation and did not implement it.  TIGTA continues to believe that the IRS should establish procedures requiring periodic (annual) tax compliance checks for all contractors.[29]  Because we have already recommended expanded tax checks for IRS contractors, we are making no additional recommendations regarding IRS vendor tax compliance at this time.

The vendor TIN matching program generally worked effectively

Of the 16,907 vendors that received payments from the IRS, we determined that 16,847 (99.6 percent) had names and TINs in the VMF that matched those on record with the IRS.  We identified 60 vendors with missing or invalid TINs that received $15.2 million in payments from the IRS during our audit period.  Of these, 39 records were missing a TIN (the TIN field was blank).  In addition, we found 21 invalid TINs.  The IRS considers a TIN to be valid if both the TIN and the name associated with that TIN match those that are on file in IRS records.  According to IRS internal guidance for CFO payment technicians, a proper invoice requires certain key data to be present, such as a TIN.[30]  

For the 21 vendors for which we determined that the TIN was invalid based on our initial analysis, we used the online IRS TIN validation portal, the same portal used by VMF users to verify a TIN, and the IRS Integrated Data Retrieval System[31] to research these TINs further.  In some cases, the results of our research were different.[32]  When there was a discrepancy between the system research results, we deferred to the Integrated Data Retrieval System, which serves as the primary tool for IRS employees to research taxpayer accounts and tax returns.  When we inquired specifically about the 60 vendors we identified with missing or invalid TINs, we found that 55 (92 percent) were for CCR-exempt foreign vendors not required to have a TIN or for State and local governments that were entered into the VMF prior to the institution of the TIN matching program.  One record related to an interagency agreement.  The remaining four records included one record for which the IRS entered the TIN incorrectly and three records for which the IRS had no records supporting that a TIN match was performed.

Three IRS vendors were listed as excluded parties, but received $2.6 million in new contract awards or contract modifications to existing contracts

The majority of vendors that received a payment from the IRS between October 1, 2010, and June 30, 2012, were not excluded from doing business with the Federal Government at the time the IRS awarded a contract or exercised an option on an existing contract.  However, the IRS did improperly award four new contracts or modify existing contracts to exercise an additional option year totaling $2.6 million to three vendors that were excluded (suspended) from doing business with the Federal Government.[33]  Upon reviewing IRS contract files for the contract histories of these three vendors, in two instances we did not find documentation in the contract file to indicate that contracting officers had complied with a FAR[34] requirement to check the EPLS before exercising an option on an existing contract or awarding a new contract for $2.5 million and $8,900, respectively.  In the remaining two instances, we did find documentation in the contract file to indicate that IRS procurement officials had checked the EPLS, but the system failed to reveal the exclusions that were present.  Consequently, these vendors received contracts for $47,000 and $4,000.  The GAO previously found that when agency contracting officials used the EPLS to search for companies by name, there was no guarantee that a search would reveal a suspension or debarment.[35]  The GAO found that, unlike other search engines, the name search in the EPLS must literally be exact or the suspension or debarment would not be identified.  As a result of IRS contracting officials’ not following FAR requirements and due to potential weaknesses in the EPLS system, three contractors that were suspended from doing business with the Federal Government were improperly awarded new contracts or received modifications to their existing contracts.

All instances where vendor bank information matched IRS employee bank information were related to valid travel expenses

We identified all vendors (persons or entities) receiving payments from the IRS during the period October 1, 2010, through June 30, 2012.  We conducted an analysis to identify instances where vendor banking information for payments made by the IRS during our audit period matched any banking information for IRS employees who were on board as of March 20, 2012.  We identified 39 payments totaling $12,537 that were made to 29 IRS employees.  However, we subsequently verified that for all instances where vendor banking information was the same as IRS employee banking information, there were manual travel vouchers filed for valid travel expenses or other valid miscellaneous items.  When IRS employees require reimbursement for a valid business purpose, they must be included in the VMF as a nonprocurement vendor in order to receive a payment.

Recommendation

Recommendation 1:  The Chief, Agency-Wide Shared Services, should share with the General Services Administration the two instances identified in this report where EPLS searches did not identify suspended contractors in order to determine why the IRS searches of the EPLS did not identify the excluded parties.  Based on the results of this collaboration, IRS policies and procedures for reviewing and documenting EPLS searches should be updated, if necessary.

Management’s Response:  The IRS agreed with this recommendation and stated that it will engage with the appropriate party within the General Services Administration to share the information regarding the two identified instances where a vendor search did not reveal accurate results in the EPLS.  Procedures for reviewing and documenting EPLS searches will be reviewed and updated, if appropriate.

Improved Controls Over Vendor Master File Operations and Maintenance Are Needed

The overall controls concerning the VMF could be improved.  We identified insufficient oversight and a lack of monitoring of VMF operation and maintenance and no guidance to direct VMF group users on the appropriate operation and maintenance of the file.  In addition, we determined that when group users created or made changes to VMF accounts, the information entered was not independently validated and approved by management, nor were supporting forms always maintained.  Further, we identified control weakness in both system-based and manual controls that track changes made to IRS vendor information.  Although tracking of user access may have improved as the result of a system upgrade to the IPS, the IRS did not have any formalized policies and procedures for the selection and training of employees who were provided access to the VMF.  Finally, the IRS does not conduct regular reviews of vendor information in the VMF or impose annual information update requirements on certain types of vendors.

Policies and procedures specific to VMF maintenance are lacking

A lack of operational policies and procedures specific to VMF maintenance was acknowledged by the Office of Procurement and CFO personnel.  According to the Federal Information System Controls Audit Manual (FISCAM), key controls over personnel activities are formal operating procedures which consist of detailed, written instructions that are followed during the performance of work.  Policies and procedures for master data maintenance should be documented and should include, but are not limited to, data quality criteria, archival policies, and backup procedures in the event of a disaster or data corruption error.  Previously, a Memorandum of Understanding served to govern the relationship between the Offices of Procurement, including the Offices of Procurement Policy and E‑Procurement and the Beckley Finance Center, with respect to general controls and maintenance of the VMF.  This memorandum was specifically developed for the purpose of delineating the major duties, responsibilities, and authorities of each organization and the vendor group users for management of the VMF.  It was executed in 2004; however, it is no longer in effect.[36]  As a result, the roles and responsibilities of CFO and Office of Procurement employees as they relate to VMF operation and maintenance are not clearly delineated, and current informal processes and practices are not followed consistently.  Adequate VMF controls are critical for ensuring that payments are made only to legitimate vendors that have a valid business relationship with the IRS.

VMF account maintenance lacked management approval, and supporting documentation was not always maintained

When vendor group users created or made changes to VMF accounts, the vendor information entered was not reviewed or approved by management and supporting documentation was not always maintained.  As required by the GAO Standards for Internal Control in the Federal Government,[37] significant events need to be clearly documented.  The documentation should be readily available for examination, and all documentation and records should be properly managed and maintained.  In addition, key duties and responsibilities need to be divided or segregated among different people to reduce the risk of error or fraud.  This should include separating the responsibilities for authorizing transactions, processing and recording them, reviewing them, and handling any related assets.  No one individual should control all key aspects of a transaction or event.

Periodically, vendors request that changes be made to their information recorded in the VMF through external forms.  CCR-registered vendors must make changes directly through the CCR.  When a CCR-exempt vendor requests to make a change, the vendor submits an external form requesting that the change to be made, and the requested change is documented on an internal form and generally routed through the Office of Procurement.  Similarly, when a nonprocurement vendor requests to make a change, the vendor submits an external form requesting the change be made, and the requested change is documented on an internal form generally routed through the CFO.  Currently, neither the Office of Procurement nor the CFO requires the internal forms to be maintained; however, in practice, the Office of the CFO maintains the external request forms submitted by nonprocurement vendors.  As a result, management cannot perform any kind of oversight review to determine if the changes made were accurate and appropriate because supporting documentation does not always exist.  In addition, a field or signature line requiring managerial approval of the change is not present on either the Office of Procurement or the CFO internal forms.  IRS personnel also indicated that changes to the data in the VMF do not require any managerial review or approval either.  As a result, there is an inadequate segregation of duties due to the lack of management approval and insufficient oversight of the process.

Weaknesses were identified in the IRS’s ability to track changes to vendor information

We identified weaknesses in both automated system and manual controls that should track changes made to IRS vendor information.  As part of the controls over IRS vendor information, there should be an effective auditing and monitoring capability that allows changes to master data records to be recorded and reviewed when necessary.  To do so, activity must be properly captured and maintained by an automated logging mechanism.

A combination of automated system and manual controls in place for the purpose of tracking changes made to vendor information include:

·       On a daily basis, changes to data associated with CCR-registered vendors are batch uploaded through the IPS into the VMF.  The IRS is able to track changes to CCR‑registered vendors through these uploads.  We did not evaluate the effectiveness of this control.

·       When manual changes are made to VMF records for CCR-exempt and nonprocurement vendor records by Office of Procurement employees, the changes for seven pairs of key fields are automatically captured in a log.

·       When manual changes are made to VMF records for CCR-exempt and nonprocurement vendor records by CFO employees, the log does not capture changes; however, CFO employees are required to provide a written comment in a field within the VMF on the nature of the change.

We determined that the IPS automated vendor change log was unreliable.  We reviewed 59 forms submitted by vendors requesting changes to information stored in a central file at the Beckley Finance Center and determined that in 25 instances a change was made to vendor account data, but the change was not captured in the automated vendor change log.  When we brought these 25 instances to the attention of the IRS, it informed us that the IFS also tracks changes to vendor data.  The IFS relies on a system-based audit trail to track vendor account changes.  However, when we reviewed these same 25 changes made in the IFS, we determined that the IFS tracked only 12 changes (48 percent).  Thus, we determined that the IFS automated audit trail tracking was also unreliable, even though this aspect of the system is the final control before payments are issued.

We also reviewed all 339,731 records in the IPS automated vendor change log made during our audit period and identified 1,541 (0.5 percent) instances in which the log recorded a change when no change to key data in a vendor account was made.  The IRS stated that the most likely cause for these changes being logged was due to an extra space or punctuation being inadvertently added to a record rather than an actual change to key data.

When manual changes are made to VMF records for CCR-exempt and nonprocurement vendor records by CFO employees, the log does not capture changes; however, CFO employees are required to add a written comment in a specific VMF field on the nature of the change.  The VMF comments are an important control for tracking changes made to vendor data in the VMF as they often provide specific information regarding which fields were changed and the purpose for the change.  However, this is a manual control and is subject to human error.  Further, since the comment field is not tracked by the IPS vendor change log, the data could be lost in the event of an IPS system failure.

We determined that the IPS vendor change log was not capturing all manual changes entered and was sensitive to minor changes (such as the addition of spaces) that did not reflect changes to key information.  As a result, we determined that the automated system controls that exist to track changes made to IRS vendor information were unreliable.  Although nothing came to our attention indicating that unauthorized users had accessed the VMF without a valid business purpose during our review period, we were unable to determine whether any unauthorized users actually accessed the VMF due to weaknesses in the controls that exist to track changes made to IRS vendor information.

VMF user access did not have a formal approval process; however, the process has improved

During our audit period, in some cases, users had direct access to the VMF through the Web‑Integrated Procurement System (WebIPS).  The WebIPS lacked an automated process for requesting, tracking, and documenting access approval.  The IRS practice for selecting Office of Procurement and CFO staff who are provided access to vendor accounts was also informal and unstructured, and any training provided occurred on the job.  The WebIPS was able to generate a real-time list of vendor group users, but historical listings of these users were not maintained and no oversight reviews were performed to identify unauthorized user access.  As required by the Standards for Internal Control in the Federal Government, access to records should be limited to authorized individuals, and accountability for their use should be assigned and maintained.  The FISCAM provides guidance on the maintenance of master data files and specifies as a key control the establishment of policies and procedures for authorizing access to data and documentation of such authorizations.  Access should be limited to individuals with a valid business purpose, controls should enforce the segregation of duties, and unnecessary accounts should be removed or disabled.

However, as part of a recent upgrade of the WebIPS to the IPS, the general IRS application approval system has now been integrated and provides an established approval process to grant users access to the VMF for record creation and modification.  As part of this integrated system approval process, steps are taken to ensure that there is proper segregation of duties that could potentially mitigate the risk of unauthorized user access from occurring in the future.  During our audit period, the IRS was at risk of individuals gaining access to the VMF without a valid business purpose due to weak controls over user access.  Since the system upgrade fell outside of our audit scope, we did not evaluate the IRS’s new IPS or the introduction of its integrated approval processes as part of our review.

The IRS does not conduct regular reviews of vendor information in the VMF or impose annual information update requirements on CCR-exempt or nonprocurement vendors

The IRS does not conduct oversight reviews of the VMF to ensure vendor data reliability.  Although the IRS performs limited testing to determine that daily CCR records received are complete and runs quarterly reports between the IPS and IFS systems to detect and resolve discrepancies in the coding of vendors as part of the IRS’s role in administering the Health Coverage Tax Credit program, there are no regularly scheduled oversight reviews performed to ensure the integrity of the data contained in the VMF.  We identified 5,835 CCR-exempt or nonprocurement vendors whose information had not been updated within a one‑year period (365 consecutive days) that received 249,047 payments totaling $71 million during our audit period.  These vendors were mainly comprised of financial institutions and State and local governments.  If these vendors had been required to comply with CCR requirements, they would have been rendered inactive after one calendar year, at which time they would have been required to recertify the accuracy of information contained in the CCR.  According to the FISCAM, periodic reviews of vendor information for accuracy and reliability should be a component of basic master file maintenance controls.  Master records should be reviewed on a regular basis, duplicates should be identified and deleted or blocked, and inactive accounts should be identified and blocked.  In addition, master records should be complete and valid. 

There are currently no policies or procedures to require regularly scheduled oversight reviews to ensure the integrity of the data contained in the VMF.  Furthermore, whereas CCR system requirements impose annual self-recertification of CCR-registered vendors’ data, the IRS does not impose similar requirements on CCR-exempt or nonprocurement vendors to ensure that the information the IRS has is current and accurate.  As a result, records for CCR-exempt and nonprocurement vendors in the VMF may be outdated or inaccurate.

Recommendations

The Chief, Agency-Wide Shared Services, and Chief Financial Officer should:

Recommendation 2:  Develop and implement formal policies and procedures for the operation and maintenance of the VMF, including steps to verify the suitability of CCR-exempt and nonprocurement vendor account creation and the validity of changes to vendor account data.  In addition, this policy should clearly delineate the roles and responsibilities of the Office of Procurement and the CFO VMF group users.

Management’s Response:  The IRS agreed with this recommendation and stated that the Chief, Agency-Wide Shared Services, and the CFO will review current practices in their respective areas and develop policies and/or procedures to address the operation and maintenance of the VMF.  These policies and/or procedures will include guidance on update procedures, changes to VMF data, and the roles and responsibilities of those individuals involved in the process.

 

Recommendation 3:  Ensure that all supporting documentation (internal and external vendor information change forms) are centrally maintained for the purpose of conducting periodic oversight reviews of manually entered or edited vendor account information to ensure the appropriateness, accuracy, and reliability of information in the VMF.

Management’s Response:  The IRS agreed with this recommendation and stated that the Chief, Agency-Wide Shared Services, and the CFO will review and update procedures in their respective areas and will develop a method by which change records are maintained and available for review.

 

Recommendation 4:  Enhance IPS and IFS functionality (IPS vendor change log and IFS audit trails) to address the system weaknesses identified in tracking changes made to vendor account information.

Management’s Response:  The IRS agreed with this recommendation and stated that the Chief, Agency-Wide Shared Services, and the CFO will work together to identify if system enhancements are needed to include fields relative to the vendor change log and access to the system and will, based on funding availability, implement the enhancements based on the outcome of the joint assessment.  The IRS stated that it will review and modify Beckley Finance Center VMF Desk Procedures related to tracking documentation.

 

Appendix I

 

Detailed Objective, Scope, and Methodology

 

Our overall objective was to determine whether the IRS had adequate controls over the integrity and validity of the vendors receiving payments from the IRS.  To accomplish this objective, we:

I.                 Obtained and reviewed the applicable policies and procedures pertaining to VMF maintenance.

A.    Obtained and evaluated the Internal Revenue Manual, Office of Procurement policy and procedures memorandums, and desk guides that provide guidance for vendor payment controls relative to VMF creation, validation, and maintenance.

B.    Interviewed key IRS personnel from the Office of Procurement and Office of the CFO to document current practices and their understanding of the roles and responsibilities relative to vendor file maintenance.

II.               Determined whether controls[38] over the vendor group users and the VMF were adequate to protect the IRS against the creation or activation of questionable vendors.

A.    Evaluated IRS controls for employee access to the VMF.

1.     Obtained a list of the current vendor group users as of September 2012.

2.     Determined how members of the vendor group users (from the Office of Procurement and the Office of the Beckley Finance Center) were selected and trained.

3.     Determined how access to enact VMF record creation and modifications was provided and whether a proper separation of duties was part of that process.

4.     Determined whether access to the VMF was periodically reviewed to ensure all accesses were appropriate and for valid business purposes.

5.     Determined if access privileges were removed when employees changed positions or were separated from service.

6.     Identified and evaluated the business unit/function roles and responsibilities that authorized users had in addition to their role as a vendor group user.

B.    Identified management controls for creating, modifying, inactivating, and validating the integrity of the vendor information.

1.     Identified and evaluated the process and documentation required for creating or modifying a vendor record and the related validation and approval process. 

2.     Identified the specific data elements of the VMF that could be changed by the vendor group users for both procurement and nonprocurement vendors.

3.     Identified the process for vendor data maintenance for purging or archiving inactive vendors.

4.     Identified, obtained, and evaluated reviews conducted by the Office of Procurement and the Beckley Finance Center to ensure the validity of vendors during the period October 1, 2010, through June 30, 2012.

C.    Determined whether changes to CCR-registered vendors were enacted only through the WebIPS interface with the CCR database by reviewing the WebIPS vendor change log for VMF modifications occurring during the period October 1, 2010, through June 30, 2012.

D.    Determined whether changes to the CCR-exempt and nonprocurement vendors were properly authorized and approved prior to input by vendor group users.

1.     Identified judgmental samples[39] of changes to the CCR-exempt and nonprocurement vendors that occurred during the period October 1, 2010, through June 30, 2012, and determined whether the changes to the VMF were made by authorized users (i.e., matched employees identified as vendor group users to the vendor change log).  We selected three judgmental samples consisting of: 1) 10 WebIPS vendor log changes, 2) 10 WebIPS vendor log changes to CCR‑exempt vendors only specifically made by Office of Procurement vendor group users, and 3) 10 nonprocurement vendor changes selected from an alphabetical centralized file of vendor forms located at the Beckley Finance Center made specifically by CFO vendor group users.

2.     Obtained and analyzed supporting documentation for the changes identified in the same judgmental samples listed in Step II.D.1 to determine whether the IRS maintained documentation supporting the change and whether the modifications were appropriate and approved by the responsible official.

III.             Evaluated the VMF for vendors receiving payments from the IRS to establish their existence and integrity.

A.              Obtained a data extract from the IPS VMF for active and inactive vendors as of October 25, 2012, and a data extract from IFS payment data for all vendors receiving payments for the period October 1, 2010, through June 30, 2012.  We performed data reliability testing to verify the completeness and accuracy of the data for IPS VMF and IFS data.  We determined that the data were sufficiently reliable for the purposes of this report.

B.    Identified all vendors receiving payments during the period October 1, 2010, through June 30, 2012.

1.     Determined whether vendors’ remittance (payment) information from the IFS payment data agrees with the IPS VMF.  Because we determined that the WebIPS vendor change log data were not sufficiently reliable to complete this test, we based our analysis of a judgmental sample of 59 nonprocurement vendor changes selected from an alphabetical centralized file of vendor forms located at the Beckley Finance Center. 

2.     Analyzed IPS VMF information and IFS payment data to identify questionable vendors.  Our working definition of questionable vendors included:

a)     Vendors that had integrity issues such as outstanding tax debt (analyzed the IRS unpaid tax debt file as of July 2, 2012, against IPS VMF and IFS files, expanding the scope for the 50 vendors with highest outstanding tax debt).

b)     Vendors that were listed in EPLS (analyzed the IPS VMF file as of October 25, 2012, against the General Services Administration’s listings with assistance from the American Recovery and Reinvestment Act of 2009’s[40] Recovery Accountability and Transparency Board).[41]

c)     Vendors that may not exist or may not have been a legitimate business (analyzed IRS e-services TIN Bulk Matching[42] against IPS VMF TIN information).

d)     Vendors with banking information matching that of IRS employees (analyzed Department of Agriculture National Finance Center[43] payroll data against the IFS payment file).

Internal controls methodology

Internal controls relate to management’s plans, methods, and procedures used to meet their mission, goals, and objectives.  Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations.  They include the systems for measuring, reporting, and monitoring program performance.  We determined the following internal controls were relevant to our audit objective:  IRS internal policies and procedures pertaining to VMF maintenance; the WebIPS vendor change log, IPS VMF vendor data, and IFS vendor payment data; practices for creating, modifying, and inactivating vendors and their information in the VMF; and IRS policies, processes, and practices for validating the existence and integrity of vendors.

 

Appendix II

 

Major Contributors to This Report

 

Gregory D. Kutz, Assistant Inspector General for Audit (Management Services and Exempt Organizations)

Russell P. Martin, Acting Assistant Inspector General for Audit (Management Services and Exempt Organizations)

Alicia P. Mrozowski, Director

Heather M. Hill, Audit Manager

Darryl J. Roth, Audit Manager

Dana M. Karaffa, Lead Audit Evaluator

Alberto Garza, Senior Auditor

James S. Mills, Jr., Senior Auditor

Lauren W. Bourg, Auditor

Allison P. Meyer, Auditor

Ryan C. Powderly, Auditor

 

Appendix III

 

Report Distribution List

 

Acting Commissioner 

Office of the Commissioner – Attn:  Chief of Staff  C

Office of the Deputy Commissioner for Services and Enforcement  SE

Chief, Agency-Wide Shared Services  OS:A

Chief Financial Officer  OS:CFO

Chief Technology Officer  OS:CTO

Commissioner, Small Business/Self-Employed Division  SE:S

Associate Chief Financial Officer for Corporate Planning and Internal Controls  OS:CFO:CPIC

Associate Chief Financial Officer for Financial Management  OS:CFO:FM

Director, Enterprise Collection Strategy SE:S:CS

Director, Procurement  OS:A:P

Director, Collection Policy  SE:S:CS:CP

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control  OS:CFO:CPIC:IC

Audit Liaisons: 

Chief, Agency-Wide Shared Services  OS:A

Chief Financial Officer  OS:CFO

Chief Technology Officer  OS:CTO

Director, Procurement  OS:A:P

 

Appendix IV

 

Outcome Measures

 

This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration.  These benefits will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

·       Reliability of Information – Potential; 7,461 records in the VMF with unreliable, missing, or invalid data (see pages 7 and 13).

Methodology Used to Measure the Reported Benefit:

(1)  We analyzed the VMF information as of October 25, 2012, and compared it to IFS payment data between October 1, 2010, and June 30, 2012.  We identified 60 vendors that were either missing TIN information (39 vendors) or had invalid TIN information (21 vendors).

(2)  We selected a judgmental sample of 59 vendor forms from the Beckley Finance Center central files evidencing changes made to vendor information between October 1, 2010, and June 30, 2012.  We compared the vendor forms to the IPS vendor change log for the same time period to determine when a change was requested by the vendor through submission of one or more vendor forms to the IRS but did not appear in the vendor change log.  Of the 59 forms we reviewed, we found 25 instances in which the log did not record a change that was identified in supporting documentation.

(3)  We also analyzed the vendor change log to identify when a change had been recorded in the log between October 1, 2010, and June 30, 2012, but no actual change to key data had been made to the vendor account.  We did this by determining whether values in any of the seven pairs of key fields captured by the log had remained the same even though a change had been recorded by the log and identified 1,541 records that met this description.

(4)  We analyzed the IPS VMF information as of October 25, 2012, and compared it to IFS payment data between October 1, 2010, and June 30, 2012.  We identified CCR-exempt vendor account records which had not been updated in over a year.  CCR-registered vendors must comply with the requirement to annually recertify and validate their information in order to remain active to receive payment; however, the IRS does not currently require CCR‑exempt or nonprocurement vendors to follow this same requirement before they can receive payments.  Because this information has not been updated in over a year, it has the potential to be out of date and inaccurate.  We identified 5,835 CCR-exempt or nonprocurement vendors whose information had not been updated in over a year.

Type and Value of Outcome Measure:

·       Protection of Resources – Potential; four new contract awards or exercised additional option years on existing contracts with a total value of $2.6 million to three vendors excluded from doing business with the Federal Government (see page 7 and 13).

Methodology Used to Measure the Reported Benefit:

We analyzed the IPS VMF information as of October 25, 2012, and identified vendors that had been listed as an excluded party in the EPLS by Data Universal Numbering System number.[44]  We reviewed contract file documentation to locate evidence of searches of the EPLS conducted by procurement officials prior to the award of a new contract or modification of an existing contract, expanding the scope for IRS procurement vendors to include their entire contracting history.  If a vendor was paid by the IRS outside of the period between October 1, 2010, and June 30, 2012, we did not determine whether they were excluded at the time the IRS awarded a contract or exercised an option on an existing contract.

 

Appendix V

 

Management’s Response to the Draft Report

 

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON, D.C. 20224

 

             CHIEF

       AGENCY-WIDE

SHARED SERVICES

 

 

September 11, 2013

 

 

MEMORANDUM FOR MICHAEL E. MCKENNEY

DEPUTY INSPECTOR GENERAL FOR AUDIT

 

FROM:                             David A Grant /s/ David A. Grant

Chief, Agency-W1de Shared Services

 

SUBJECT:                       Draft Audit Report - Vendors had Millions of Dollars of Federal Tax Debt (Audit# 201210028)

 

Thank you for the opportunity to respond to the subject draft audit report.  We are committed to improving the controls over IRS Vendor Master File maintenance and operation.

 

We agree with all four recommendations and will develop and implement the corrective actions detailed in our attached response.

 

We appreciate the continued support and assistance provided by your office.  If you have any questions, please contact me at (202) 622-7500, or a member of your staff may contact Jacob B. Hansen, Director, Procurement at (240) 613-8500.  For matters concerning audit procedural follow-up, please contact Patricia Alvarado, Resource & Operations Management, Agency-Wide Shared Services, at (202) 622-5542.

 

Attachment

 

Attachment

 

RECOMMENDATION 1:

The Chief, Agency-Wide Shared Services should share with the General Services Administration the two instances identified in this report where EPLS searches did not identify suspended contractors, in order to determine why the IRS searches of the EPLS did not identify the excluded parties.  Based on the results of this collaboration, IRS policies and procedures for reviewing and documenting EPLS searches should be updated, if necessary.

 

CORRECTIVE ACTION:

We agree with this recommendation.  The Chief, Agency-Wide Shared Services (AWSS), will engage with the appropriate party within the General Services Administration to share the information regarding the two identified instances where a vendor search did not reveal accurate results in Excluded Parties List System (EPLS).  IRS procedures for reviewing and documenting EPLS searches will be reviewed and updated, if appropriate.

 

IMPLEMENTATION DATE:

February 15, 2014

 

RESPONSIBLE OFFICIAL:

Director, Procurement, Agency-Wide Shared Services

 

CORRECTIVE ACTION MONITORING PLAN:

Procurement, AWSS, will enter accepted corrective actions into the Joint Audit Management Enterprise System (JAMES).  These corrective actions are monitored on a monthly basis until completion.

 

The Chief, Agency-Wide Shared Services, and Chief Financial Officer should:

 

RECOMMENDATION 2:

Develop and implement formal policies and procedures for the operation and maintenance of the VMF, including steps to verify the suitability of CCR-exempt and non-procurement vendor account creation and the validity of changes to vendor account data.  In addition, this policy should clearly delineate the roles and responsibilities of the Office of Procurement and the CFO VMF group users.

 

CORRECTIVE ACTION:

We agree with this recommendation.  The Chief, AWSS, and the Chief Financial Officer (CFO) will review current practices in their respective areas and develop policies and/or procedures to address the operation and maintenance of the Vendor Master File (VMF).  These policies and/or procedures will include guidance on update procedures, changes to VMF data, and the roles and responsibilities of those individuals involved in the process.

 

IMPLEMENTATION DATE:

June 30, 2014

 

RESPONSIBLE OFFICIAL:

Director, Procurement, Agency-Wide Shared Services

Associate CFO for Financial Management

 

CORRECTIVE ACTION MONITORING PLAN:

Procurement, AWSS, will enter accepted corrective actions into JAMES.  These corrective actions are monitored on a monthly basis until completion.

 

RECOMMENDATION 3:

Ensure that all supporting documentation (internal and external vendor information change forms) are centrally maintained for the purpose of conducting periodic oversight reviews of manually entered or edited vendor account information to ensure the appropriateness, accuracy, and reliability of information in the VMF.

 

CORRECTIVE ACTION:

We agree with this recommendation.  The Chief, AWSS, and the CFO will each review and update procedures in their respective areas and develop a method by which change records are maintained and available for review.

 

IMPLEMENTATION DATE:

June 30, 2014

 

RESPONSIBLE OFFICIAL:

Director, Procurement, Agency-Wide Shared Services

Associate CFO for Financial Management

 

CORRECTIVE ACTION MONITORING PLAN:

Procurement, AWSS, will enter accepted corrective actions into JAMES. These corrective actions are monitored on a monthly basis until completion.

 

RECOMMENDATION 4:

Enhance IPS and IFS functionality (IPS vendor change log and IFS audit trails) to address the system weaknesses identified in tracking changes made to vendor account information.

 

CORRECTIVE ACTION:

We agree with this recommendation.  The Chief, AWSS, and the CFO will work together to identify if system enhancements are needed to include fields relative to the vendor change log and access to the system and will, based on funding availability, implement the enhancements based on the outcome of the joint assessment.  The CFO will review and modify Beckley Finance Center VMF Desk Procedures related to tracking documentation.

 

IMPLEMENTATION DATE:

October 31, 2015

 

RESPONSIBLE OFFICIAL:

Director, Procurement, Agency-Wide Shared Services

Associate CFO for Financial Management

 

CORRECTIVE ACTION MONITORING PLAN:

Procurement, AWSS, will enter accepted corrective actions into JAMES.  These corrective actions are monitored on a monthly basis until completion.



[1] TIGTA’s audit period was from October 1, 2010, to June 30, 2012, for this review, thus only five months of this period was covered under the new appropriations law for which Treasury guidance was issued in February 2012.

[2] Pub. L. No. 112-74, 125 Stat. 887.

[3] Tax liability for which all judicial and administrative remedies have been exhausted or have lapsed.

[4] The use of the term “nonprocurement vendors” in this report refers to those identified on page 4 of the report, as distinguished from participants in nonprocurement transactions in 2 C.F.R. part 180.

[5] TIGTA Ref. No. 2011-10-095, Contract Files Lacked Sufficient Information to Support Determinations of Present Responsibility (Sept. 2011), and Ref. No. 2010-30-120, Federal Guidelines Do Not Prohibit the Awarding of Contracts to Contractors With Delinquent Tax Liabilities, (Sept. 2010).

[6] 48 C.F.R. § 9.104-1 (May 2011).

[7] 48 C.F.R. § 9.4 (May 2011).

[8] The System for Award Management consolidated and replaced the CCR and the EPLS in July 2012 and aims to better assist agencies in adhering to FAR requirements.  For the purposes of this report, we will refer to these systems separately as the CCR and the EPLS.

[9] As part of this work, GAO conducted more in-depth investigations of 122 Federal contractors and in all cases found abusive and potentially criminal activity related to the Federal tax system.  These contractors had not forwarded payroll taxes withheld from their employees and other taxes to the IRS.  Willful failure to remit payroll taxes is a felony under U.S. law.  Furthermore, some company owners diverted payroll taxes for personal gain or to fund their businesses.

[10] GAO, GAO-07-742T, TAX COMPLIANCE: Thousands of Federal Contractors Abuse the Federal Tax System (April 2007).  TIGTA, Ref. No. 2011-30-13, Existing Practices Allowed IRS Contractors to Receive Payments While Owing Delinquent Taxes (Feb. 2011).

[11] Contracting and Tax Accountability Act of 2013, H.R. 882, 113th Cong. (2013).  This bill was passed by the House of Representatives on April 15, 2013.  The simplified acquisition threshold is a level below which procurement officials do not have to apply certain requirements of the FAR.  The threshold is currently $150,000, with some very limited exceptions.  See 48 C.F.R. § 2.101 (Aug. 2012).  The Contracting and Tax Accountability Act of 2013 defines seriously delinquent tax debt as an outstanding Federal tax debt for which a notice of lien has been filed in public records, with limited exceptions.

[12] 48 C.F.R. § 9.104-5 (May 2011).

[13] Taxpayer Relief Act of 1997, Pub. L. No. 105-34, 111 Stat. 788 (codified as amended in scattered sections of 5 U.S.C., 19 U.S.C., 26 U.S.C., 29 U.S.C., 31 U.S.C., 42 U.S.C., and 46 U.S.C. app.).

[14] A TIN is an identification number used by the IRS in the administration of tax laws.  For an individual, a TIN is a Social Security Number.  For a business entity, a TIN is usually an Employer Identification Number.

[15] These activities include the general ledger, budget formulation, accounts payable, accounts receivable, funds management, cost management, and financial reporting.  The IFS was upgraded by the IRS in November 2012.

[16] The IRS made $741 million in payments to 1,168 vendors that had agreed-to tax debt.  It is important to note that in some instances the vendor owed a very large tax debt and only received a relatively small amount in payments from the IRS.  In other instances, the vendor received a large amount in payments and had a very small tax debt.

[17] These 1,168 vendors were associated with 864 TINs.  In other words, one TIN might be associated with multiple vendors in the VMF.  While our tax compliance analysis was performed based on vendors’ TINs, we are reporting information based on the number of vendors.  Information on these Federal tax debts is as of July 2, 2012, because this is the most recent date that data were available at the time our analysis was performed.  Under Federal accounting standards, Federal tax debt requires taxpayer or court agreement to be considered Federal taxes receivable.  Because of this distinction, in this report, when we refer to Federal tax debts, we are referring only to those debts that have taxpayer or court ordered agreement.

[18]********************1*******************.

[19] Information is as of July 2, 2012.

[20] These 50 vendors on payment plans were associated with 43 TINs.  Because payment plans are entered into at the TIN level, the greatest possible number of payment plans is 864 (not 1,168).

[21] These 1,118 vendors were associated with 821 TINs.

[22] Currently, the IRS does not place the same tax compliance requirements on nonprocurement vendors as it does on CCR-registered or CCR-exempt vendors (the latter two must be current, including any payment plans, on all agreed‑to Federal taxes receivable).

[23] In performing our analysis, we eliminated any tax debts of less than $100.  *************1***** *************1****************.

[24] Information is as of July 2, 2012.

[25] A single vendor can have more than one characteristic described here; therefore, these numbers are not cumulative.

[26]********************1*********************************************************.

[27] Because one TIN could be associated with multiple vendors, only if all vendors associated with a particular TIN were involved in summons and lien activity did we remove them from this calculation.  These 255 vendors were associated with 177 TINs.

[28]*************1***********************************.

[29] As a further step to facilitate the IRS’s collection of tax debts, the contracting officer must notify the Director, Collection Policy, of the open market or other agency award of a contract to a contractor identified as having a Federal tax debt or to a contractor that has proposed a subcontractor identified as having a Federal tax debt in order to facilitate the IRS’s collection of that debt

[30] The TIN is not required by the IRS on invoices to issue payment for the following essential services:  cell phones, liens, locator services, pagers, parking, seizures, administrative summons, telephones, and utilities.

[31] An IRS computer system capable of retrieving or updating stored information.  It works in conjunction with a taxpayer’s account records.

[32] The IRS TIN validation portal identified 18 TINs as invalid, whereas the Integrated Data Retrieval System identified 21 TINs as invalid.  We believe that the Integrated Data Retrieval System data were more current and reliable.

[33] If a vendor was paid by the IRS outside of the period between October 1, 2010, and June 30, 2012, we did not determine whether the contractor was excluded at the time IRS awarded a contract or exercised an option on an existing contract.

[34] 48 C.F.R. § 9.4 (May 2011).

[35] GAO, GAO-09-174, EXCLUDED PARTIES LIST SYSTEM:  Suspended and Debarred Businesses and Individuals Improperly Receive Federal Funds (Feb. 2009).

[36] We reviewed IRS Policy & Procedures Memorandums No. 4.11, Central Contractor Registration, and No. 13.3, Purchase, Delivery, and Task Order Preparation Guidelines, and determined that they do not provide comprehensive guidance on the operation and maintenance of the VMF and do not reflect recent system upgrades.  While the CFO, Beckley Finance Center, CAPMAP Accounts Payable Desk Procedures makes some references to VMF maintenance and related payment procedures, the guidance it provides is not easily understood.

[37] GAO (formerly known as the General Accounting Office), GAO/AIMD-00-21.3.1, Standards for Internal Control in the Federal Government (Nov. 1999).

[38] Because we could not rely on the data contained in the WebIPS vendor change log, we were unable to identify the total population of changes made to IRS vendor information for Steps II.C, II.D, and III.B.1; we were also unable to take statistically valid samples and were thus limited to taking judgmental samples to draw respective conclusions regarding IRS internal controls for tracking vendor changes.

[39] A judgmental sample is a nonstatistical sample, the results of which cannot be used to project to the population.

[40] Pub. L. No. 111-5, 123 Stat. 115.

[41] The Recovery Accountability and Transparency Board was established by the American Recovery and Reinvestment Act of 2009.  The Recovery Accountability and Transparency Board consists of a Presidentially appointed chairman and 12 Inspectors General.  As part of its operations, the Board has a Recovery Operations Center that utilizes sophisticated technology and software to review and analyze Recovery-related information for possible concerns or issues and notifies Inspectors General accordingly.  Recovery Operations Center analysts can also perform additional research and analysis upon request.

[42] The IRS TIN Matching Program, available through the IRS eServices Registration home page, is administered by the IRS Office of Electronic Tax Administration.  The program is intended for payers of Form 1099 series and matches name and TIN information provided by payees against an IRS database with similar information.  The TIN Matching Program has the option for interactive TIN matching (typically for a single name/TIN) or bulk TIN matching (typically for multiple names/TINs).

[43] The National Finance Center is a U.S. Department of Agriculture operation that provides payroll, personnel, administrative payments, accounts receivable, property management, budget, and accounting activities for its own agency as well as for over 140 other Federal Government agencies, including the IRS.

[44] A Data Universal Numbering System number is a unique character identification number that is mandatory for all CCR and CCR‑exempt vendors, except when the CCR‑exempt category is nonprocurement.