This report presents the results of the subject review. The primary objective of this review was to assess the effectiveness of controls that protect taxpayers’ rights during correspondence audits and Information Returns Program (IRP) inquiries. In summary, we believe the Internal Revenue Service (IRS) can take additional actions to ensure taxpayers are treated fairly during service center audits. These actions include:

Executive Summary

Objective and Scope

Background

Results

Conclusion

Appendix I - Detailed Objective, Scope, and Methodology

Appendix II - Major Contributors to This Report

Appendix III - Report Distribution List

Appendix IV - Outcome Measures

Executive Summary

Our previous audit report titled, The Internal Revenue Service Needs to Improve Treatment of Taxpayers During Office Audits (Reference Number 093602, dated April 1999), identified several weaknesses in controls over office audits, which led to improper taxpayer treatment. To determine if similar problems existed in other types of examinations, we focused this review on evaluating how taxpayers were treated during correspondence audits conducted by the Internal Revenue Service (IRS) service centers. These audits usually involve one or two tax issues and are generally handled through the mail. In Fiscal Year (FY) 1998, IRS service centers audited about 495,000 taxpayers through correspondence and recommended additional taxes and penalties of approximately $1.7 billion.

Although not technically considered an audit by the IRS, $1.8 billion was also assessed against more than a million taxpayers in FY 1998 through the service centers’ Information Returns Program (IRP). Much like a correspondence audit, the IRP involves sending letters to taxpayers asking them to provide an explanation for a specific tax issue on their tax return. If the issue cannot be resolved, the IRS takes action to assess the additional tax and collect the deficiency.

The IRS has undertaken numerous initiatives recently to better protect taxpayer rights and become more responsive to their needs. However, we believe this report identifies two areas where the IRS could further enhance its efforts to ensure taxpayers are treated properly. The areas involve correcting weaknesses in the audit process conducted through the mail and reducing the risk of improper access to taxpayer data stored on the Midwest Automated Compliance System (MACS).

We found two areas in the correspondence audit process where the IRS could take action to ensure taxpayers are treated fairly. We estimate that the weak controls could impact as many as 227,000 of the 495,000 taxpayers examined annually by correspondence in the service centers.

First, the IRS could do more to increase the number of taxpayers who respond to audit letters. Most of the $1.7 billion assessed in FY 1998 from correspondence audits can be traced to taxpayers who never responded to IRS letters regarding their examinations. When this occurs, the IRS assesses the tax and initiates actions to collect the deficiency. With millions of households moving each year, this can create problems for taxpayers who never receive IRS letters, or who are not aware of audit assessments until liens are filed or other collection actions are taken.

The lack of response may not be entirely the taxpayers’ fault. In 32 of 66 cases (48 percent) reviewed from 2 service centers, we found different addresses for the taxpayers than the ones on IRS’ letters. This indicates that the IRS may not have sent its correspondence to the proper address. We also found no evidence in the cases reviewed that service centers initiated telephone contact with taxpayers when they did not respond to IRS letters.

In addition to doing more to locate taxpayers, the IRS needs to ensure service centers follow its letter procedures for contacting taxpayers. In 20 percent of the cases we sampled, audits were started with letters proposing tax changes rather than the standard audit initiation letters. This reduces the time taxpayers have to respond to IRS inquiries since audit initiation letters indicate the IRS will wait 30 days for taxpayers to submit substantiation before proposing any changes to a tax return. Unless steps are taken to ensure letter procedures are consistently followed, the IRS risks contributing to taxpayers’ perceptions that they are not treated fairly.

In the April 1999 audit report, we reported how the IRS employees in district offices poorly implemented MACS controls and procedures. These insufficient procedures and controls unnecessarily exposed taxpayer data to browsing and increased the risk that employees could selectively target individuals for audit. In the four service centers reviewed, we found the following weaknesses in the MACS control environment that could impact the privacy and security of up to 123 million taxpayers whose data are available on the MACS:

• Control documents that were required to be completed before accessing taxpayer accounts were not used, maintained, or properly approved (four out of the four service centers reviewed). Control documents help ensure that taxpayer accounts are accessed for valid business purposes only, and that taxpayers are not selectively targeted for audit.
• Audit trail files that help identify inappropriate access and use of taxpayer information were not reviewed (three out of the four service centers reviewed).

The IRS can further enhance its efforts to ensure taxpayers are treated fairly by: (1) using locator services to find taxpayers, (2) issuing initial contact letters consistently when starting an audit, (3) expanding the Correspondence Audit Program’s quality review system, and (4) ensuring that MACS audit trail reviews are performed and the results are reported to responsible officials.

We issued a draft of this report to IRS management on February 29, 2000, with a March 30, 2000, response period. However, management’s response was not available at the time this report was released.

Objective and Scope

Our objective was to assess the effectiveness of controls that protect taxpayers’ rights during correspondence audits and Information Returns Program (IRP) inquiries. We attempted to identify instances where taxpayers were, or could perceive that they were, harmed when an Internal Revenue Service (IRS) employee: (1) violated a law or regulation, or (2) did not follow IRS procedures that govern its interactions with the public. A brief description of the tests we performed included:

• Comparing the similarities of the IRP and the Correspondence Audit Program processes and evaluating the controls to protect taxpayers’ rights.
• Reviewing samples of closed and open audits to determine if taxpayers were treated properly during the initiation and closing of service center examinations.
• Evaluating controls over access to taxpayer information on the Midwest Automated Compliance System (MACS) to ensure taxpayer data were safeguarded against misuse.

We conducted fieldwork in four IRS service centers between March and September 1999. Our review was conducted in accordance with Government Auditing Standards. Details of our audit objective, scope, and methodology are presented in Appendix I. Major contributors to this report are listed in Appendix II.

Background

In addition to auditing tax returns in district offices, the IRS uses the Correspondence Audit Program and the IRP to verify the accuracy of tax returns. Both programs are performed in service centers and are directed by the Assistant Commissioner (Customer Service). IRS records show that between IRP and correspondence audits, its service centers reviewed 2.35 million individual tax returns in Fiscal Year (FY) 1998.

Figure 1 graphically shows that these contacts accounted for 81 percent of all individual tax returns examined. The recommended additional taxes and penalties from these contacts totaled $3.5 billion.

The Correspondence Audit Program deals with simple tax issues through the mail. In most correspondence audits, the IRS will wait for the taxpayer to submit substantiation before proposing any changes to a tax return.

Under the IRP, computers compare entries on tax returns with information reports submitted from third parties such as banks, brokerage houses, and mortgage companies. If an item on a tax return differs from a report, and a review by an IRS employee does not clear up the discrepancy, a letter is sent to the taxpayer proposing changes to the tax return.

Among the various tools that the IRS uses to select tax returns for service center audits is the Midwest Automated Compliance System (MACS). The system has computerized tax information for a service center’s entire filing population and gives personnel the ability to use locally developed criteria to identify and select tax returns for audit.

Results

Numerous initiatives have been undertaken recently to better protect taxpayers’ rights, particularly the enactment of the IRS Restructuring and Reform Act of 1998 and the IRS’ continuing efforts to treat taxpayers as "customers." Among the things IRS customers expect are fair and consistent treatment. They also have an expectation that the IRS will safeguard their personal and financial information.

We found that IRS employees consistently followed established procedures for protecting taxpayers’ rights when making IRP inquiries. However, the IRS could further enhance efforts to meet its customer expectations by strengthening controls in the correspondence audit process and reducing the risk of employees misusing taxpayer data.

The Internal Revenue Service Needs to Strengthen Controls in the Correspondence Audit Process to Ensure Taxpayers Are Treated Fairly

The IRS has numerous procedures to govern its examination activities. Among these are some that the IRS considers crucial in its overall efforts to safeguard taxpayers’ rights and prevent abuse. For example, the IRS should provide Your Rights as a Taxpayer (Publication 1) and Appeal Rights and Preparation of Protests for Unagreed Cases (Publication 5) when they notify taxpayers that their returns will be examined. Together, the publications tell taxpayers that they have a right to: (1) be represented, (2) have their personal and financial information protected, and (3) appeal IRS findings.

We reviewed 240 examinations and 240 non-examined disposals that were closed by the 4 service centers in FY 1998 (120 total tax returns from each service center). We also supplemented our closed case review with reviews of 240 open FY 1999 cases (60 from each of the 4 service centers). From the information in the case files, we found that examiners routinely sent Publications 1 and 5 to taxpayers, as required, at the start of examinations. However, we found two areas in the correspondence audit process where the IRS could take additional actions to ensure taxpayers are treated fairly.

First, the IRS could do more to increase the number of taxpayers who respond to audit letters. Most of the $1.7 billion dollars ($935 million or 55 percent) assessed in FY 1998 from correspondence audits can be traced to taxpayers who never responded to IRS letters regarding their examination. When taxpayers fail to respond, the IRS assesses the tax and initiates actions to collect the deficiency. With millions of households moving each year, this can create problems for taxpayers who never receive IRS letters and are unaware of audit assessments until liens are filed or other collection actions are taken.

The lack of response may not be entirely the taxpayers’ fault. In 131 of 240 (55 percent) sample cases reviewed, we found no evidence that examiners tried to initiate telephone contact with taxpayers when they did not respond to IRS audit letters. This condition occurred because managers had not sufficiently emphasized this procedure with examiners.

Although examiners are not required to use the IRS’ locator services to search for taxpayer addresses, we accessed partial credit bureau reports for 66 no-response audits through these services in 2 service centers. Our research found a different address from the one on the IRS’ letters in 32 of the 66 (48 percent) audits tested. The different addresses for the same taxpayer indicate the possibility that the IRS may not have sent the letters to the proper address. Correspondence examination representatives told us they had not used locator services because they considered finding taxpayers to be a collection function.

In addition to doing more to locate taxpayers, the IRS needs to ensure service centers follow its letter procedures. Rather than using the standard audit initiation letters, 98 of 480 (20 percent) sample cases were started by proposing changes to the taxpayers’ tax returns. Standard audit initiation letters indicate the IRS will wait 30 days for the taxpayer to submit substantiation before proposing any changes to a tax return.

We believe examiners were attempting to expedite the audit process, but did not adequately consider the impact of treating taxpayers inconsistently. Unless steps are taken to ensure letter procedures are consistently followed, the IRS risks contributing to taxpayers’ perceptions that they are not treated fairly.

Additionally, the Correspondence Audit Program’s quality review system evaluates samples of audits to identify problems and advises management when corrective actions are needed. However, the reviews do not address whether personnel are taking the proper steps to locate taxpayers or if they are incorrectly starting audits by proposing changes to tax returns. Consequently, the reviews were not likely to surface either of these weaknesses for management’s attention.

We estimate that these weaknesses could impact up to 227,000 of the 495,000 taxpayers audited annually by correspondence in the service centers.

1. The Assistant Commissioner (Customer Service) should revise procedures to use locator services to find taxpayers’ addresses who do not respond to audit contact letters.
2. The Assistant Commissioner (Customer Service) should take actions to ensure service center personnel are better informed about existing IRS procedures that are designed to ensure taxpayers are treated fairly during service center audits. These actions could include issuing a memorandum to the responsible employees that emphasizes the need to issue audit contact letters before proposing changes to tax returns, as well as initiating telephone contact with taxpayers who do not respond to audit letters.

3. The Assistant Commissioner (Customer Service) should expand the Correspondence Audit Program’s quality review system to provide additional feedback to managers on how well the IRS’ procedures governing taxpayer treatment are followed during audits. Specifically, quality reviews should address the effectiveness of steps taken to locate taxpayers when they have not responded to audit letters and whether all required letters are being sent to taxpayers.

Management’s response was not available at the time this report was released.

Actions Are Needed to Reduce the Risk of Employees Misusing Taxpayer Data

The IRS reports that the MACS has controlled access protection to prevent and detect unauthorized accesses and misuse of taxpayer data. Officials in the National Office have also developed comprehensive controls and procedures. Together, these controls help safeguard the computerized tax return facsimiles related to about 123 million individual and corporate taxpayers stored on MACS computers that are located throughout the nation.

Our previous audit report titled, The Internal Revenue Service Needs to Improve Treatment of Taxpayers During Office Audits (Reference Number 093602, dated April 1999), identified breakdowns in the way IRS employees implemented MACS controls and procedures in district offices. We found similar problems in the four service centers visited during this audit.

Specifically, control documents that help ensure taxpayer accounts are accessed for valid business purposes were not used, maintained, or properly approved. In addition, monthly audit trail reviews designed to identify inappropriate access and misuse of taxpayer information were not conducted.

At one service center, for example, requests for tax return facsimiles were accepted over the telephone and sent uncontrolled to IRS employees in an office several hundred miles away. During a two-month period that we tested, 1,053 tax return facsimiles were handled in this manner. But, we were only able to locate 4 of the 1,053 tax return facsimiles.

Audit trail reviews could have detected problems with the control documents and served as a basis for taking corrective actions. However, no audit trail reviews had been conducted between January 1998 and March 1999 in three of the four service centers. One of the service centers had not conducted reviews since 1994.

In our opinion, Correspondence Audit Program officials did not provide sufficient emphasis on the security of taxpayer information on the MACS. In addition, there were no controls in place to ensure that MACS sites were conducting the audit trail reviews.

4. The Assistant Commissioner (Examination) should revise MACS guidelines to require that security officers document results of their future audit trail reviews on the Monthly Security Report. For oversight purposes, copies of the report should be provided to, and maintained by, both the national and local officials who are responsible for ensuring that security requirements are met. The Assistant Commissioner (Examination) should maintain a log to identify those offices who have not conducted the required reviews.
5. Where audit trail reviews have not been conducted, the Assistant Commissioner (Examination) should take actions to ensure that taxpayer data have not been misused. These actions could include directing security officers to properly conduct, document, and report reviews over periods that were not previously evaluated.

Conclusion

We believe our recommendations for increasing the number of taxpayers who respond to audit letters and ensuring audit contact letters are issued consistently will better protect the rights of about 227,000 of the 495,000 taxpayers examined annually through correspondence in the service centers. In addition, our recommendations to reduce the risk of employees misusing taxpayer data will increase the privacy and security of individual and corporate tax return data related to approximately 123 million taxpayers.

Detailed Objective, Scope, and Methodology

Our objective was to assess the effectiveness of controls that protect taxpayers’ rights during service center audits. We attempted to identify instances where taxpayers were, or could perceive that they were, harmed when an Internal Revenue Service (IRS) employee: (1) violated a law or regulation, or (2) did not follow IRS procedures that govern its interactions with taxpayers. Case reviews and on-site visits were performed in the Brookhaven, Fresno, Memphis, and Ogden Service Centers. The specific audit tests included:

1. Conducting on-site visits to the four service centers to assess current Information Returns Program (IRP) and correspondence audit practices.
2. Analyzing a national database of 14,003 taxpayers’ accounts which contained both IRP and audit indicators for the same period to evaluate whether IRP inquiries followed established procedures to protect taxpayers’ rights. We reviewed 180 cases from 3 IRS service centers (60 cases from each center). One service center did not make IRP inquiries.
3. Reviewing a random sample of 240 closed agreed audits, 240 open unagreed audits, and 240 non-examined closures from 4 service centers. We determined whether actions taken by examiners and managers during the initiation and closing of returns in the audit stream led to improper taxpayer treatment.
4. Accessing partial credit bureau reports for 66 taxpayers to determine whether IRS locator services could be used to locate taxpayer addresses.
5. Conducting on-site visits to the four service centers to assess how well controls protected access to tax return information stored on the Midwest Automated Compliance System (MACS).

Major Contributors to This Report

Maurice S. Moody, Associate Inspector General for Audit (Headquarters Operations and Exempt Organizations Programs)
Stephen Mullins, Director
Frank Dunleavy, Audit Manager
Earl Charles Burney, Auditor
Stanley Pinkston, Auditor

Report Distribution List

Deputy Commissioner Operations C:DO
Chief Operations Officer OP
Assistant Commissioner (Customer Service) OP:C
Assistant Commissioner (Examination) OP:EX
Director, Brookhaven Service Center D
Director, Fresno Service Center D
Director, Memphis Service Center D
Director, Ogden Service Center D
Director, Office of Program Evaluation and Risk Analysis M:O

National Director for Legislative Affairs CL:LA

Audit Liaisons:
Chief Operations Officer OP
Assistant Commissioner (Customer Service) OP:C
Assistant Commissioner (Examination) OP:EX

Office of the Chief Counsel CC

Office of Management Controls M:CFO:A:OMC

Outcome Measures

This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration. These benefits will be incorporated into our Semiannual Report to the Congress.

Finding and Recommendations:

The Internal Revenue Service (IRS) can improve the treatment of taxpayers during service center audits by: (1) soliciting more responses to audit letters, (2) issuing initial audit contact letters at the start of audits, and (3) reducing the risk of employees misusing taxpayer data.

Type of Outcome Measure:

Taxpayer rights and entitlements ¾ Actual

Taxpayer privacy and security ¾ Actual

Value of the Benefit:

We believe the recommendations to use locator services to find taxpayers and issue audit contact letters at the start of audits will better protect the rights of approximately 227,000 of the 495,000 taxpayers who are examined annually through the Correspondence Audit Program in the IRS service centers.

The recommendation to reduce the risk of employees misusing taxpayer data stored on the Midwest Automated Compliance System (MACS) will better protect the privacy and security of individual and corporate tax return data related to approximately 123 million taxpayers.

Methodology Used to Measure the Reported Benefit:

The methodology described below and used to measure the reported benefits contains results from a judgmental random sample of cases. Specifically, the 480 cases mentioned below were selected from 4 of the 10 IRS service centers. Consequently, the results cannot be reliably projected into the universe of taxpayers examined through the correspondence audit process in all of the IRS service centers.

To estimate how many taxpayers may benefit from the IRS using locator services and issuing audit contact letters consistently, we analyzed the Audit Information Management System (AIMS), which contained results from correspondence audits closed in Fiscal Year (FY) 1998. We also used our case review results, which showed that 98 of 480 (20 percent) taxpayers’ audits were started by proposing changes to their return, rather than a standard audit initiation letter.

The analysis identified 495,000 taxpayers who were audited through the correspondence audit process in all the IRS service centers. Among these taxpayers are about 227,000 who were either assessed additional taxes after not responding to any IRS letters (149,000 taxpayers) or who had their audits started by the IRS proposing changes to their returns (77,000 taxpayers) instead of a standard audit initiation letter.

The IRS reports that the MACS contains the tax return data from all individual and corporate taxpayers that filed. To estimate how many taxpayers may benefit from the IRS taking actions to reduce the risk of employees misusing taxpayer data, we averaged the number of tax returns filed in these categories according to the IRS’ 1997 and 1998 Data Books, Publication 55B.