This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 Redaction Legend:

2d = Law Enforcement Technique(s)
2e = Law Enforcement Procedure(s)

Executive Summary

Objective and Scope

Background

Results

conclusion

Appendix I - Detailed Objective, Scope and Methodology

Appendix II - Major contributors to This Report

Appendix III - Report Distribution List

Appendix IV - Status of Prior corrective Actions

Appendix V - Management’s Response to the Draft Report

Appendix VI - Definitions of ERcS and IDRS

Executive Summary

A previous Inspection Service audit report titled, Review of the Selection, control and Disposition of District Examination cases, dated October 1996 (Report Reference Number 070106), reported several weaknesses in two Examination Division processing and case control systems - the Examination Returns control System (ERcS) and the Integrated Data Retrieval System (IDRS). Examination relies heavily on these two computerized systems in the case selection, control and disposition processes. When ERcS and IDRS controls are ineffective, IRS is at greater risk that employees could sell taxpayer information, harass taxpayers, conduct unauthorized examinations, or intentionally lose returns without detection. consequently, IRS risks losing the public’s confidence in its ability to protect the privacy and security of taxpayers' personal and financial information. As a result of the previous audit, the IRS commissioner reported Examination case Assignment and Inventory controls, which included ERcS, as a material weakness to the Department of the Treasury for the 1997 Federal Managers Financial Integrity Act (FMFIA) reporting. ERcS continued as an FMFIA material weakness in 1998.

The objectives of our review were to determine if the IRS had taken corrective actions on the issues presented in the October 1996 report and to determine if those actions were effective.

IRS took corrective actions to improve ERcS controls. The improved controls reduced the risk of inappropriate actions on the approximately 1.7 million examinations closed during Fiscal Year 1998.

However, corrective actions were not effective in the following areas:

• ERcS has not received a security certification as required by government guidelines. The chief Information Officer (cIO) did not ensure the certification was completed timely.
• ****2d,2e****
• ERcS does not prevent acting managers from approving actions on their own inventories. This condition exists because developers in the cIO’s Office misinterpreted Examination’s requirements.
• Examination management did not adequately limit examiners' IDRS capabilities to order tax returns and to establish, update and close examination records. The memorandum from the Assistant commissioner (Examination) prohibiting examiners and managers from having these capabilities was not followed by Operations.
• Examination personnel were not analyzing cases closed due to errors or unlocatable returns to identify and quantify errors, procedural deficiencies, or integrity situations. The instructions provided by Examination management did not specifically address how or what information needed to be analyzed.

IRS needs to take additional actions to enhance the effectiveness of Examination controls and provide further protection of taxpayer rights and tax return data. Information Systems and Examination management can reduce the risk associated with the Examination Division’s use of ERcS and IDRS by effectively implementing the following recommendations.

The Assistant commissioner (Examination) should request the cIO to:

• Develop a process to convert the audit trail files to a format that can be used by external users.
• capture the Social Security Number of each ERcS user and the accesses made in the audit trail.
• Prevent acting managers from having the ability to approve any changes to their inventory.

The Assistant commissioner (Examination) needs to direct district management to: remove examiners’ capabilities to order tax returns and to establish, update, and close examination records; review IDRS usage reports; and ensure field offices monitor and report the results of their analyses of case closures due to errors or unlocatable returns.

The cIO must ensure the system security certification process for ERcS is completed. The cIO must also develop and implement a process for reviewing ERcS user activities, and ensure the ERcS audit trail can be provided to external users in a searchable format. Additionally, Examination and Information Systems need to work cooperatively to improve the effectiveness of ERcS.

Management’s Response: The chief Operations Officer and cIO agreed with our recommendations and have agreed to take corrective actions. Management's comments have been incorporated into the report where appropriate and the full text of their comments is included as Appendix V.

Objective and Scope

The primary objective of this review was to determine if the Internal Revenue Service (IRS) took adequate and effective actions to correct the material control weaknesses identified in a prior audit report titled, Review of the Selection, control and Disposition of District Examination cases, dated October 1996 (Report Reference Number 070106). We tested the capabilities given to users of two Examination Division case control systems - the Examination Returns control System (ERcS) and the Integrated Data Retrieval System (IDRS). Examination relies heavily on these two computerized systems in the case selection, control and disposition processes. (Further definition of ERcS and IDRS is presented in Appendix VI.) We reviewed updated procedures; interviewed personnel responsible for developing, implementing and carrying out automated and manual procedures; and tested the effectiveness of new procedures.

Fieldwork was performed in the office of the Assistant commissioner (Examination), the charlotte Development center, and the following district offices: Georgia, Illinois, Los Angeles, Manhattan, North Texas, Ohio, South Florida and Pacific-Northwest. Audit work was conducted between June and October 1998 in conformance with Government Auditing Standards.

Appendix I to this report contains the detailed objectives, scope and methodology of our review. A listing of major contributors to this report is shown in Appendix II.

Background

The prior audit report identified several control weaknesses in Examination’s use of ERcS and IDRS. As a result, the IRS commissioner reported Examination case Assignment and Inventory control, which included ERcS, to the Department of the Treasury as a material weakness for 1997 Federal Managers Financial Integrity Act (FMFIA) reporting. ERcS continued as an FMFIA material weakness in 1998.

The October 1996 report stated that:

• IRS had not given ERcS a security certification or ensured that the system effectively limited examiners’ and managers’ capabilities.
• ****2d,2e****.
• Examination Division was not effectively limiting examiners’ and group managers’ IDRS capabilities.
• ERcS design did not prevent managers from having individual inventories.
• Examination Division was not identifying and analyzing the causes of cases closed as errors or unlocatable.

Tax returns are assigned to Examination employees and controlled through a variety of computer programs. Examination relies heavily on ERcS and IDRS to process and control cases. Due to this reliance, and as technology increases, the IRS must ensure security and processing controls are in place to minimize the risk of improprieties and erroneous actions.

Effective internal controls serve as a deterrent to employees who may engage in practices that abuse taxpayer rights. When ERcS and IDRS controls are ineffective, Examination employees could sell taxpayer information, harass taxpayers, conduct unauthorized examinations, or intentionally lose examinations without detection.

Results

IRS management has taken some corrective actions in response to the October 1996 report. Appendix IV summarizes the status of the specific recommendations made in the October 1996 report. These actions, which are discussed in more detail later in this report, have improved the control over examiners’ and managers’ activities and will reduce the risk of inappropriate actions being taken on future examination cases. However, management has not adequately reduced the risk of abuse to taxpayers’ rights and taxpayer data. We have organized the results of our review into the following three areas: ERcS controls, Examiners’ IDRS capabilities, and case closures Due to Errors or Unlocatable Returns.

ERcS controls

 The October 1996 report stated that the ERcS design did not meet general government security guidelines. Specifically, the ERcS security certification had not been completed, ****2d,2e****, and ERcS did not effectively limit user capabilities.

In response to that report, Examination and Information Systems jointly developed the following improvements in the ERcS application:

• ERcS now identifies employees who initiate updates.
• ERcS captures sensitive activity on taxpayer cases and user accounts in a computerized audit trail.
• ERcS automatically requires return requisitions, case updates, and changes to user capabilities to be approved by authorized management officials.
• ERcS prevents the assignment of cases to group managers.
• ERcS prevents examiners and managers from obtaining enforcement statistics.

These improvements help protect taxpayer rights and should deter employees from taking inappropriate actions on taxpayer accounts. However, management’s corrective actions did not effectively address all weaknesses with ERcS.

• Information Systems management needs to ensure the ERcS security certification is completed.
• Examination and Information Systems management need to improve the monitoring capabilities and usability of the audit trail.
• Examination and Information Systems management need to address additional significant issues to provide an effective audit trail.
• Examination management needs to ensure examiners in acting assignments do not have the ability to approve their own requests.

Information Systems Management Needs to Ensure That the ERcS Security certification Is completed

 Security certification is a technical evaluation for the purpose of accreditation. As part of the security certification process, the IRS must determine if the system being evaluated meets the controlled Access Protection (c2) requirements according to Treasury Directive 71-10.

The October 1996 audit report stated that ERcS had not been scheduled for security certification. Examination management responded by asking Information Systems to complete the certification process.

As of October 1998, ERcS still had not received a security certification as required by government guidelines. Examination management submitted the required documentation necessary to complete the certification. However, cIO personnel explained that due to the emphasis on Year 2000 issues, staff resources were not available to complete the ERcS certification. Without security accreditation, the IRS cannot provide reasonable assurance to taxpayers under examination that their personal data are protected from unauthorized access or disclosure.

1. The cIO must ensure that the certification process for ERcS is completed.

Management’s Response: To address recommendations 1 through 3 in this report, Examination will request Information Systems to update the level of security for ERcS. Information Systems will assist Examination by identifying ERcS security requirements. They will review current security features and documentation and obtain additional audit trail and security requirements from pertinent users of ERcS (including the recommendations in this report). They will develop an ERcS security requirements document and distribute it to ERcS users to obtain concurrence.

Office of Audit comment: While the above actions will prepare ERcS for certification, the cIO needs to ensure that the certification is completed.

Examination and Information Systems Management Need to Improve the Monitoring capabilities and Usability of the Audit Trail

 ERcS contains sensitive tax information similar to IDRS. ERcS is used for establishing and controlling Examination cases and for updating Master File accounts. Requests and updates are input on ERcS then uploaded to IDRS. These requests and updates are captured by the IDRS audit trail. However, since the IDRS audit trail records only the individual performing the uploading process from ERcS, there is no record identifying the individual who originally input the action on ERcS. ERcS did not have an audit trail that captured this information.

The October 1996 audit report stated that, during one quarter, at least 39 percent of 61,797 transactions at three test sites used this IDRS uploading process. Since then, ERcS use has increased and is now used to update IDRS for all Examination cases (approximately 1.7 million cases annually).

To reduce the risk of not being able to identify employees requesting ERcS actions and to provide effective control over ERcS activity, the October 1996 audit report recommended that the IRS develop an audit trail system. In addition, the report recommended that IRS retain ERcS backup tapes until the new audit trail is implemented.

Information Services developed the audit trail system for ERcS to record significant events with regard to security issues. The system does capture most security-related actions and allows for on-line review of audit trail information. ****2d,2e****

In our opinion, the audit trail monitoring capabilities of ERcS should be similar to those currently used on IDRS. For example, IRS Data Security and the Treasury Inspector General for Tax Administration can monitor IDRS, but not ERcS, to identify security breaches and unauthorized browsing.

The cIO’s Office has not placed sufficient emphasis on the development and implementation of a functional audit trail. cIO personnel also explained that they have no plans to consider monitoring ERcS user access until after the Year 2000 programming is completed.

Without a process to monitor the ERcS audit trail, the IRS may not detect inappropriate accesses to taxpayer data.

1. The cIO should develop and implement a process for reviewing ERcS user activities. This process should allow Examination management to review ERcS user profiles to ensure examiners’ capabilities are commensurate with their duties. The cIO should coordinate with the Treasury Inspector General for Tax Administration’s centralized case Development center (ccDc) to ensure necessary data elements for future audit trail analyses are captured.
2. The cIO should ensure the ERcS audit trail process can be provided to external users in a searchable format to allow for querying on the data over extended time periods.

Management’s Response: See Management’s Response to Recommendation 1.

Examination and Information Systems Management Need to Address Additional Significant Issues to Provide an Effective Audit Trail

 IRS needs to address several additional significant issues with ERcS to provide an effective and functional audit trail.

• ERcS audit trails are recorded in a format that requires additional programming to provide the data in a usable format.
• ****2d,2e****
• The ERcS audit trail identifies users by their name. Most external files that would be matched to ERcS would use an employee Social Security Number (SSN) as the identifier.
• The audit trail records for requested actions and for approvals of those actions are maintained separately on the ERcS database. The two records must be combined to identify the approver of an action.

1. The Assistant commissioner (Examination), with input from the cIO, should ensure the following issues are addressed to enable the ERcS audit trail to be used to its fullest extent.

• Develop a process to convert the audit trail files to a format that can be used by reviewers.
• capture all ERcS accesses in the audit trail.
• capture the user identification and SSN of each ERcS user initiating action.

Management’s Response: Examination management will address these issues and will develop training relating to the operation and monitoring of the ERcS audit trail.

Examination Management Needs to Prevent Examiners in Acting Assignments From Approving Their Own Requests

 The October 1996 audit report recommended that Examination develop an approval process to provide effective controls over Examination case activities. Examination developed its requirements for an approval process. These requirements were provided to Information Systems, which then developed and included the process in the latest version of ERcS.

We tested portions of the ERcS approval process and determined they provided adequate control over most Examination cases. However, controls did not prevent acting managers from approving actions input on their own inventories by another employee.

Examination’s requirements were not clear. It had requested Information Systems to prevent managers from approving their own requests. The development staff interpreted the requirement as preventing the individual inputting the action from also being the approver of the action. The risk that a subordinate could be directed to input the request or update was not addressed in the programming.

Acting managers with assigned inventories have the potential to control the examination from initiation to closure. There are numerous acting manager assignments throughout the year. The risk of fraud or abuse of taxpayer rights is increased when acting managers have the capability to approve any changes to their assigned inventory.

1. The Assistant commissioner (Examination), with input from the cIO, should develop and submit a Request for Information Services to eliminate acting managers from having the ability to approve any changes to their inventory. All changes to an acting manager's inventory should be subject to second level managerial approval.

Management’s Response: Examination management will request Information Systems to systemically correct this problem. In the interim, management will provide written direction to the field requiring that acting managers with inventories do not approve any actions of their assigned inventory. This direction will also require that when an action of the acting manager needs approval, it be obtained from a manager from another group or the branch chief. Management will also reinforce separation of duties and responsibilities of managers. This issue will be included in the Examination Peer Review Process.

Examiners’ IDRS capabilities

Examination Management Needs to Limit Examiners’ IDRS capabilities

The October 1996 audit report recommended that group and mid-level managers should review examiners’ and managers’ IDRS capabilities to ensure that they are restricted to research only. This would prevent them from using IDRS to inappropriately open, change or close tax cases. The Assistant commissioner (Examination) subsequently issued a memorandum directing that managers conduct these reviews and that new procedures be incorporated into the group managers’ handbook. The memorandum also directed Examination management to restrict examiners and their managers to IDRS research command codes only. IRS guidelines include the same restriction.

We analyzed IDRS command code usage data to determine whether conditions had changed since the prior audit. The total number of revenue agents and tax auditors having command codes that would allow them to establish case controls dropped from 894 to an estimated 434. (IDRS data were available for only 27 of 33 districts. For comparison purposes, we estimated the remaining six districts’ usage from the average of the other 27 districts.)

The actions taken by Examination management have reduced the risk of inappropriate action on taxpayer examinations and protected taxpayer rights. While some examiners still need the capability to establish case controls, a significant number of examiners who did not need the capability still had it.

Additionally, ERcS was designed to allow authorized users to order tax returns and establish, update and close examination records. Employees who examine tax returns should not have these capabilities.

We reviewed IDRS command code usage for the quarter ending June 30, 1998. There were 452 revenue agents, tax auditors and audit aides in Examination groups with IDRS capabilities to order tax returns, or establish, update, and close AIMS records. We included audit aides in this review since they are also involved in the examination process. In addition, as shown in the following table, many of the examiners had these command codes and never used them.

Analysis of command code (cc) Usage by
Revenue Agents, Tax Auditors and Audit Aides

cAPABILITIES	TOTAL WITH cc’S	# WHO DIDN’T USE	% WHO DIDN’T USE
ESTABLISH cASES	243	209	86%
cLOSE cASES	86	41	48%
ORDER RETURNS	151	73	48%

 

Although there was a reduction in the number of examiners with these critical command codes, we believe additional action is needed to limit an examiner’s ability to establish or change examination accounts. The IRS is at risk of integrity breaches when Examination employees who make decisions about tax returns also have the ability to physically obtain the returns or make changes directly to taxpayers’ accounts. These combinations increase the risk of unauthorized modification, disclosure, and destruction of taxpayer information.

Management did not effectively monitor user profiles or emphasize the use of ERcS to input these actions. IRS’ National Office Examination personnel do not have the ability to review all IDRS user profiles. However, Examination personnel at the district level have the ability to conduct these reviews.

Recommendation

2. The Assistant commissioner (Examination) needs to direct district management to review IDRS command code Usage Reports to ensure examiners have only research command codes in their profiles. Management needs to remove examiners’ capabilities to order tax returns and to establish, update, and close examination accounts. Also, a follow-up review by district management should be conducted quarterly to ensure this process is effective.

Management’s Response: Examination management will direct all managers to:

• Remove command codes used to order tax returns, and to establish, update, and close records from the IDRS profiles of Examination employees who do not need these capabilities to conduct their duties.
• Review the IDRS Security Profile Report monthly.
• certify the review of the IDRS Security Profile Report to the regions and National Office quarterly.

case closures Due to Errors or Unlocatable Returns

Examination Management Needs to Effectively Analyze case closures Due to Errors or Unlocatable Returns

 The October 1996 audit report stated that Examination did not have sufficient information to effectively address the causes of case closures due to errors or unlocatable returns. This information would allow Examination management to identify and quantify errors, procedural deficiencies, and integrity situations. There were approximately 17,000 cases closed as errors or unlocatable returns during Fiscal Year 1995. In Fiscal Year 1998, there were approximately 76,000 cases closed in this manner.

The Assistant commissioner (Examination) issued a memorandum in October 1996 requiring all districts to analyze case closures due to errors or unlocatable returns. The results of these analyses were to be provided to district Examination management annually. A new form was developed to document the reasons for these types of closures.

However, the instructions in the memorandum did not specifically address how or what information needed to be analyzed. Due to these vague instructions, Examination personnel did not consistently perform this analysis.

To determine whether the corrective action was effective, we reviewed documentation of case closures at eight district offices. Seven of the eight districts were generally documenting the reasons for these closures. Only one district had a materially high number of closures without documentation. However, only two of the eight districts were analyzing the data and reporting the results to Examination management.

Without an analysis, Examination management cannot identify and quantify errors, procedural deficiencies, or integrity situations. This information is vital to prevent future occurrences and to identify potential integrity situations. IRS remains at risk to intentional loss or destruction of tax information by unscrupulous employees for personal gain.

1. The Assistant commissioner (Examination) should require Examination personnel to report the results of their analyses of case closures due to errors or unlocatable returns to the National Office, as well as district Examination management. National Office Examination management should follow up annually to ensure these analyses are performed.

Management’s Response: Examination management will direct the regions and the Assistant commissioner (International) to gather the information from the districts, analyze it and submit results to the National Office. Two National Office analysts will review the data and determine potential systemic causes and possible solutions. Examination will require the analysis to be done annually.

conclusion

 Management has taken some corrective actions to improve the control system in Examination. The improved controls reduced the risk of inappropriate action on the approximately 1.7 million examinations closed during Fiscal Year 1998.

However, additional actions are needed to enhance the effectiveness of Examination controls and provide further protection of taxpayer rights and tax return data. Otherwise, the IRS risks losing the public’s confidence in its ability to protect the privacy and security of their personal and financial information. Examination and Information Systems need to work together to improve the effectiveness and functionality of ERcS and IDRS.

Appendix I

The primary objective of this follow-up review was to determine if adequate and effective corrective actions were taken to correct the material control weaknesses identified in the prior audit report titled, Review of the Selection, control and Disposition of District Examination cases, dated October 1996 (Report Reference Number 070106). To accomplish our objective, we reviewed updated procedures, interviewed personnel responsible for developing, implementing and carrying out automated and manual procedures, and tested the effectiveness of new procedures. We also tested the capabilities given to users of two Examination Division computerized case control systems - the Examination Returns control System (ERcS) and the Integrated Data Retrieval System (IDRS).

1. To determine if ERcS met general government security guidelines, we:
1. Interviewed Information Systems certification personnel to determine whether the certification testing has been completed.
2. Interviewed ERcS development personnel to determine the status of completion of certification documentation.
3. Accessed the Office of Management controls Intranet page to obtain information on Senior counsel on Management controls review of Federal Managers Financial Integrity Act weaknesses and the status of the ERcS weakness.
2. To determine whether ERcS included an effective audit trail that met controlled Access Protection (c2) requirements and user needs, we:
1. Interviewed Information Systems personnel and one ERcS systems administrator concerning audit trail procedures.
2. Reviewed the audit trail requirements communicated to the chief Information Officer via a Request for Information Services (RIS) from Examination to identify types of actions that need to be recorded.
3. Judgmentally selected 82 transactions to test the audit trail functionality. We tested the following transactions that are required to be recorded on the audit trail: Updates (10), Requests (6), Approvals (17), User Updates (10), and Research (39).
4. Reviewed prints of audit trail screens for the 82 transactions above to determine whether necessary transactions were written to the audit trail.
5. Discussed the new audit trail process with ERcS development personnel and one ERcS functional coordinator, and reviewed new ERcS documentation.
3. To determine if the IRS had implemented effective ERcS controls to restrict examiners and group managers from ordering returns and establishing or updating Examination's inventory, we:
1. Interviewed the Pacific-Northwest District ERcS coordinator, group managers, and Examination Planning and Special Programs managers.
2. Reviewed a memorandum issued by the Assistant commissioner (Examination) communicating procedures to follow until ERcS enhancements can be implemented.
3. Reviewed a follow-up memorandum concerning interim use procedures directing management to remove ERcS capabilities for examiners with inventory.
4. Reviewed the RIS prepared by Examination that communicated user needs developed in response to Audit’s recommendations.
5. Reviewed IRS procedures concerning actions requiring management approval.
6. Analyzed the permissions allowed to 2,661 ERcS users in the Pacific-Northwest, Ohio, Georgia, and Dallas Districts.
7. Reviewed ERcS documentation concerning user capabilities and the approval process.
8. Tested the functionality of the ERcS approval processes (first- and second-level) for 17 transactions by matching update and requisition transactions for examining and support functions to ERcS overage approval reports and audit trail records. The following actions were tested:
1. Status code updates
2. Short closures
3. Employee identification number updates
4. Organization code updates
5. Returns requisitions
6. Statute of limitation information updates
9. Analyzed the approval capabilities given ERcS users at the Pacific-Northwest, Ohio, Georgia, and Dallas Districts.
10. Tested in the Pacific-Northwest District whether ERcS allows acting managers to approve actions taken on cases in their own inventory whether input by themselves or other users.
4. To determine whether effective ERcS controls existed to prevent managers from holding their own inventory of cases, we:
1. Interviewed a National Office Examination analyst, a Pacific-Northwest District ERcS coordinator, and Examination group managers to identify controls and procedures over managers holding their own inventory and creation of phantom ERcS user logons.
2. Reviewed the RIS developed by Examination concerning ERcS changes, ERcS documentation to identify changes made to ERcS and their functionality.
3. Reviewed the Assistant commissioner (Examination) memorandum concerning ERcS interim use procedures.
4. Judgmentally selected 53 managers in the Pacific-Northwest District and queried ERcS to identify those managers holding case inventories.
5. Reviewed the Assistant commissioner (Examination) memorandum concerning the use of phantom employees.
5. To determine if effective controls were implemented to ensure that missing returns were adequately accounted for, we:
1. Reviewed the Assistant commissioner (Examination) memorandum that provided procedures for documenting and reporting causes of cases closed due to unlocatable returns.
2. Interviewed an Audit Information Management System (AIMS) Analyst in the National Office to determine if districts were monitoring and reporting the reasons for these closures.
3. Obtained AIMS data for all 10,351 cases closed as unlocatable or error returns from the Treasury Inspector General for Tax Administration’s Electronic Data Processing (EDP) staff for the period January 1, 1998 through May 31, 1998. EDP was able to obtain data only from the closed AIMS database. certain types of closures remain on the Open AIMS database for approximately 12 months before dropping off. EDP staff estimated that we had approximately 70 percent of the cases we were looking for.
4. Analyzed the AIMS data to identify trends and unusual conditions.
5. Judgmentally selected samples (totaling 151) of these closures for eight district offices (Georgia, Illinois, Los Angeles, Manhattan, North Texas, Ohio, South Florida, and Pacific-Northwest). We then reviewed documentation retained by AIMS staff in the district offices to determine whether IRS procedures were being followed and reasons for these closures were being analyzed and reported to district Examination management.
6. To determine whether taxpayer data was adequately secure from inappropriate access and use by managers and employees, we:
1. Discussed Policy Statement P-1-20 issues with ERcS developers and reviewed an electronic mail message showing that the request to remove this data had been made.
2. Requested that the ERcS functional coordinator in the Pacific-Northwest District access case data through the Manager and Branch chief screens, and determined whether deficiency, penalty, and/or interest amounts were present.
3. Attended the ERcS implementation workshop at the charlotte Development center.
7. To determine if the Examination function effectively controlled examiners' and group managers' IDRS capabilities, we:
1. Reviewed the Assistant commissioner (Examination) memorandum providing instructions pertaining to IDRS usage which was issued as result of the October 1996 audit report.
2. Requested IDRS command code usage data (for seven sensitive command codes) for all Examination employees (IDRS organization codes 600 – 799) and matched that data to IRS employment data for employees identified with job series for tax auditors, revenue agents and audit aides. We identified 452 examiners who had at least one of the command codes we were reviewing. We included employees identified as audit aides in our analysis because they are often involved in building Examination cases. [Note: We were able to obtain the IDRS data from only 8 of 10 service centers. Therefore, we had data for only 27 of the 33 districts in the nation.]
3. Analyzed the data for the 452 examiners above to identify those examiners with sensitive command codes and their usage, and compared the results to conditions found in the prior audit.
4. Discussed examiners’ IDRS usage with an Examination analyst.

Appendix II

Stephen Mullins, Regional Inspector General for Audit

Scott Macfarlane, Deputy Regional Inspector General for Audit

Edward Neuwirth, Acting Deputy Regional Inspector General for Audit

Louis Tancabel, Audit Manager

Alan Lund, Senior Auditor

Debra Dunn, Auditor

Erin Kaauwai, Auditor

Kristi Larson, Auditor

Jeff Randall, computer Specialist

Larry Reimer, computer Specialist

David cox, Auditor

Deadra English, Auditor

Michelle D. Brasfield, Auditor

Jim Mccormick, Auditor

Elizabeth Stout, Auditor

Appendix III

Deputy commissioner for Operations c:DO

Office of Management controls M:cFO:A:M

National Director for Legislative Affairs cL:LA

chief Operations Officer OP

Assistant commissioner (Examination) OP:EX

chief Information Officer IS

Deputy chief Information Officer (Systems) IS

Assistant commissioner for Systems Development IS:S

Director, customer Service, compliance and Management Systems Division IS:S:cS

Audit Liaisons

chief Operations Officer OP

chief Information Officer IS

Deputy chief Information Officer (Systems) IS

Assistant commissioner for Systems Development IS:S

customer Service, compliance and Management Systems Division IS:S:cS

Appendix IV

(As of October 30, 1998)

Appendix V

Response has been removed due to its size. To see the complete Response, please go to the Adobe PDF version of this report.

Appendix VI

ERcS is a computerized IRS system that automates tax return inventory control. This includes the adding, updating and closing of tax examination records. It also automates the time reporting processes for each IRS district office Examination Division.

IDRS is IRS' computer system used by employees to (1) research taxpayer account information, (2) request tax returns, (3) enter transactions on taxpayer accounts, (4) enter tax collection information for storage and processing, and (5) generate notices to taxpayers and other collection documents.