TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

Fiscal Year 2014 Statutory Review of Compliance With the Freedom of Information Act

 

 

 

September 17, 2014

 

Reference Number:  2014-30-064

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

 

Phone Number  /  202-622-6500

E-mail Address /  TIGTACommunications@tigta.treas.gov

Website           /  http://www.treasury.gov/tigta

 

 

HIGHLIGHTS

FISCAL YEAR 2014 STATUTORY REVIEW OF COMPLIANCE WITH THE FREEDOM OF INFORMATION ACT

Highlights

Final Report issued on September 17, 2014

Highlights of Reference Number:  2014-30-064 to the Internal Revenue Service Director, Privacy, Governmental Liaison and Disclosure.

IMPACT ON TAXPAYERS

The IRS must ensure that the provisions of the Freedom of Information Act (FOIA), the Privacy Act of 1974 (Privacy Act), and Internal Revenue Code (I.R.C.) Section (§) 6103 are followed.  Errors can violate taxpayer rights and result in improper disclosures of taxpayer information.

WHY TIGTA DID THE AUDIT

TIGTA is required to conduct periodic audits to determine if the IRS properly denied written requests for taxpayer information.  TIGTA is also required to include the results in one of its Semiannual Reports to Congress.  This is TIGTA’s fifteenth review of denials of FOIA, Privacy Act, and I.R.C. § 6103 information requests.

The overall objectives of this audit were to determine whether the IRS improperly withheld information requested by taxpayers in writing, based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7) or by replying that responsive records were not available.  Specifically, this included determining whether the IRS had adequate and effective policies and procedures to ensure that all of these requests were processed timely and information was not improperly withheld.  In addition, TIGTA determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act, or I.R.C. § 6103 information requests.

WHAT TIGTA FOUND

TIGTA reviewed a statistically valid sample of 62 FOIA/Privacy Act information requests from a population of 2,973 FOIA/Privacy Act requests and found seven (11.3 percent) in which taxpayer rights may have been violated because the IRS improperly withheld or failed to adequately search for and provide information to the requestors.

The IRS also did not meet requirements because it failed to adequately search for and provide information in eight (15.1 percent) of 53 sampled I.R.C. § 6103 information requests.  When the sample results are projected to their respective populations, approximately 336 FOIA/Privacy Act and 17 I.R.C. § 6103 information requests may have had information erroneously withheld.

TIGTA found that responses to all FOIA/Privacy Act information requests sampled were timely.  However, there are no statutory time frames within which the IRS must respond to I.R.C. § 6103 information requests.

Additionally, sensitive taxpayer information was inadvertently disclosed in response to 13 (21.0 percent) of the FOIA/Privacy Act and one (1.9 percent) of the I.R.C. § 6103 information requests reviewed.

WHAT TIGTA RECOMMENDED

TIGTA made no recommendations in this report.  However, once the corrective actions in response to recommendations made in TIGTA’s Fiscal Year 2013 report are fully implemented, they should address this year’s findings.

The IRS agreed with the report’s results and will continue to ensure that the provisions of the FOIA, the Privacy Act, and the I.R.C. § 6103 are followed.

 

September 17, 2014

 

 

MEMORANDUM FOR DIRECTOR, PRIVACY, GOVERNMENTAL LIAISON AND DISCLOSURE

 

FROM:                       Michael E. McKenney /s/ Michael E. McKenney

                                  Deputy Inspector General for Audit

 

SUBJECT:                  Final Audit Report – Fiscal Year 2014 Statutory Review of Compliance With the Freedom of Information Act (Audit # 201430006)

 

This report presents the results of our review to determine whether the Internal Revenue Service (IRS) improperly withheld information requested by taxpayers in writing, based on Freedom of Information Act (FOIA)[1] exemption (b)(3), in conjunction with Internal Revenue Code (I.R.C.) Section (§) 6103, and/or FOIA exemption (b)(7) or by replying that responsive records were not available.  Specifically, this included determining whether the IRS had adequate and effective policies and procedures to ensure that all of these requests were processed timely and information was not improperly withheld.  In addition, we determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act of 1974[2] (Privacy Act), or I.R.C. § 6103 information requests.

The Treasury Inspector General for Tax Administration is required to conduct periodic audits to determine if the IRS properly denied written requests for tax account information.  We are also required to include the results in one of our Semiannual Reports to Congress.  This is our fifteenth review of denials of FOIA, Privacy Act, and I.R.C. § 6103 requests.  This review is included in our Fiscal Year 2014 annual audit plan and addresses the major management challenge of Taxpayer Protection and Rights.

Although the Treasury Inspector General for Tax Administration made no recommendations in this report, we did provide IRS officials an opportunity to review the draft report.  Management’s complete response to the draft report is included as Appendix VI.

Copies of this report are also being sent to the IRS managers affected by the report.  If you have any questions, please contact me or Bryce Kisler, Acting Assistant Inspector General for Audit (Compliance and Enforcement Operations).

 

 

Table of Contents

 

Background

Results of Review

The Internal Revenue Service Needs to Continue Its Efforts to Reduce Its Freedom of Information Act Backlog

Managerial Controls Need to Ensure That Disclosure Specialists Properly Respond to Freedom of Information Act, Privacy Act, and Internal Revenue Code Section 6103 Information Requests

Freedom of Information Act and Privacy Act Information Requests Were Responded to Timely by the Internal Revenue Service

The Office of Disclosure Established Timeliness Requirements for Responding to Internal Revenue Code Section 6103 Information Requests

Disclosure Specialists May Be Inadvertently Disclosing Taxpayer Information

Appendices

Appendix I – Detailed Objectives, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measures

Appendix V – Previous Audit Reports Related to This Statutory Review

Appendix VI – Management’s Response to the Draft Report

 

 

Abbreviations

 

AFOIA

Automated Freedom of Information Act

DQMS

Disclosure Quality Measurement System

FOIA

Freedom of Information Act

I.R.C.

Internal Revenue Code

IRM

Internal Revenue Manual

IRS

Internal Revenue Service

TIGTA

Treasury Inspector General for Tax Administration

U.S.C.

United States Code

 

Background

 

Statutory requirements

The Internal Revenue Code[3] (I.R.C.) requires the Treasury Inspector General for Tax Administration (TIGTA) to:

conduct periodic audits of a statistically valid sample of the total number of determinations made by the Internal Revenue Service to deny written requests to disclose information to taxpayers on the basis of section 6103[4] of this title or section 552(b)(7) of title 5, United States Code.[5]

The three primary laws that govern the types of requests for information reviewed in this audit are:

The FOIA requires agencies to make records of the Federal Government available to the public
upon request, unless specifically exempted.

The Freedom of Information Act (FOIA) requires Federal Government agencies to make records available to the public upon request, unless specifically exempted.  Information that is “specifically exempted from disclosure by statute” is one of the exemptions.  I.R.C. Section (§) 6103 is an example of such a statute; it protects the confidentiality of tax returns and return information.  Records or information compiled for law enforcement purposes are also exempt from disclosure under the FOIA.

The Privacy Act of 1974 (Privacy Act)[6] states that no Federal Government agency shall disclose any record that is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.  The Privacy Act mandates that each agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.

I.R.C. § 6103 protects the confidentiality of taxpayers’ returns and return information.  However, it does allow the taxpayer, or a person designated by the taxpayer, to request and receive the taxpayer’s specific documents and information.

Internal Revenue Service (IRS) processing and reporting of FOIA requests

Effective June 2011, the Office of the Deputy Commissioner for Operations Support (through its Office of Privacy, Governmental Liaison and Disclosure) became responsible for ensuring the IRS’s timely compliance with the FOIA, the Privacy Act, and I.R.C. § 6103.  The Headquarters Disclosure Office within the Office of Privacy, Governmental Liaison and Disclosure, sets IRS policy and issues instructions, guidelines, and procedures to the various IRS functions to ensure compliance with the disclosure statutes.

The Office of Disclosure processes FOIA/Privacy Act and I.R.C. § 6103 information requests received by the IRS.  In the Department of the Treasury 2013 Freedom of Information Act Annual Report to the Attorney General of the United States, the IRS reported that a total of 11,035 FOIA/Privacy Act information requests were processed.  This is consistent with the 11,032 FOIA/Privacy Act requests processed on the Automated Freedom of Information Act (AFOIA) system during Fiscal Year 2013.

In addition, the report stated that the IRS denied or partially denied information to requestors in 3,294 (30 percent) of the 11,035 FOIA/Privacy Act information requests processed in Fiscal Year 2013.  This is an increase from the 24 percent reported in Fiscal Year 2012.  The report further stated that the IRS advised requestors that there were no records responsive to requests in 791 (7.2 percent) of the 11,035 FOIA/Privacy Act requests.  This is consistent with the 6.5 percent reported in the prior fiscal year.  The remaining information requests were either granted in full or closed for miscellaneous reasons, such as the request was improper or had been previously granted.

Audit limitations and standards

Individual IRS disclosure offices or other IRS offices having custody of taxpayer records also process written requests for information made under I.R.C. § 6103.  While the IRS is not required to track all information requests made under I.R.C. § 6103, it has elected to do so for requests received by its Headquarters Disclosure Office.  In addition, the Headquarters Disclosure Office used the AFOIA system to track information requests made under the FOIA/Privacy Act for Fiscal Year 2013.  Requests made under I.R.C. § 6103 that were received and processed by IRS offices other than the Headquarters Disclosure Office are not controlled on the AFOIA system or otherwise inventoried.  Consequently, the volume of these requests is not known.  As a result, we can statistically sample only the I.R.C. § 6103 information requests processed directly by the IRS Headquarters Disclosure Office and tracked on the AFOIA system.  We reviewed only those requests processed by the Office of Disclosure that were denied, partially denied, or had no responsive records during the period of October 1, 2012, through September 30, 2013.

This review was performed with information obtained from the Headquarters Disclosure Office within the Office of Privacy, Governmental Liaison and Disclosure, in Washington, D.C., during the period December 2013 through June 2014.  We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.  Detailed information on our audit objectives, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

Results of Review

 

The Internal Revenue Service Needs to Continue Its Efforts to Reduce Its Freedom of Information Act Backlog

The IRS relies on its disclosure personnel to ensure that information requests received under the FOIA are handled timely and in accordance with laws and regulations.  The IRS supports the FOIA program with a broad policy statement and the Internal Revenue Manual (IRM)[7] that provides guidance nationwide to disclosure personnel.  The policy statement, among other things, affirms the IRS’s commitment to full compliance with the FOIA and administering it in a manner consistent with “the fundamental values held by our society, including public accountability, safeguarding national security, enhancing the effectiveness of law enforcement agencies and the decision-making processes, protecting sensitive business information, and protecting personal privacy.”

Besides providing assurances that FOIA information requests are handled timely and in accordance with laws and regulations, the IRS needs to continue its efforts to reduce inventory backlog under the Governmentwide Improving Agency Disclosure of Information” initiative.  The IRS has taken positive steps to effectively manage its FOIA backlog.  For example, the Headquarters and field office managers review weekly over-age reports and monthly inventory monitoring reports, both of which include FOIA/Privacy Act and I.R.C. § 6103 information request inventory and backlog information.  Disclosure management uses these reports to make informed decisions to better manage their information request inventory.

Overall, National Disclosure Office statistics show that the IRS reduced its backlog of FOIA information requests in Fiscal Years 2009 through 2012.  However, at the end of Fiscal Year 2013, there was an 84 percent increase in the number of information requests that were backlogged (217 requests) compared to the number of backlogged requests at the end of Fiscal Year 2012 (118 requests).  The influx of exempt organization requests starting in June 2013 was the primary cause for the increased backlog.  Figure 1 shows the inventory of backlogged FOIA information requests for Fiscal Years 2009 through 2013.

Figure 1:  Inventory of Backlogged FOIA Information Requests

Figure 1 was removed due to its size.  To see Figure 1, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Source:  Unaudited data provided by the IRS Headquarters Disclosure Office
and TIGTA audit reports issued in Fiscal Years 2010 through
2013.

Going into Fiscal Year 2014, the Federal Government shutdown from October 1 through October 16, 2013, further increased the backlog to 403 requests.  As of June 9, 2014, there were 251 backlogged information requests.  Although this represents a 16 percent increase in backlogged requests since the end of Fiscal Year 2013, it is a decrease of 38 percent since the reopening of the Federal Government on October 17, 2013.  The IRS continues to strive to reduce its backlog inventory.  Reducing the number of backlogged requests is particularly important because of the time frames that need to be met under the FOIA.  However, this backlog does not appear to be causing any significant delays in processing most information requests.  Based on the results of our sample, which is discussed later in this report, we did not identify any timeliness issues related to FOIA/Privacy Act information requests.

Managerial Controls Need to Ensure That Disclosure Specialists Properly Respond to Freedom of Information Act, Privacy Act, and Internal Revenue Code Section 6103 Information Requests

The IRS was not consistent in its service to individuals who requested information under the FOIA/Privacy Act based on the statistically valid sample of information requests reviewed.  Specifically, disclosure specialists improperly withheld information on seven (11.3 percent)[8] of the 62 FOIA/Privacy Act information requests reviewed.  When projected to the population of 2,973 FOIA/Privacy Act requests closed during the period October 1, 2012, through September 30, 2013, the sample results indicate that approximately 336 FOIA/Privacy Act information requests may have had information erroneously withheld.[9]

In addition, disclosure specialists failed to adequately search for and provide information on eight (15.1 percent) of the 53 I.R.C. § 6103 information requests reviewed.[10]  When projected to our population of I.R.C. § 6103 information requests closed during the period October 1, 2012, through September 30, 2013, the sample results indicate that approximately 17 I.R.C. § 6103 requests may have had information erroneously withheld.[11]  See Appendix IV for an explanation of the projections.  Figure 2 shows the audit results for Fiscal Years 2009 through 2013.

Figure 2:  Improper FOIA/Privacy Act and
I.R.C. § 6103 Information Request Withholdings

Figure 2 was removed due to its size.  To see Figure 2, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

 

Source:  TIGTA audit reports issued in Fiscal Years 2010 through 2013
 and audit tests conducted during this review.  Percentages were rounded to the closest tenth.

The IRS relies on its disclosure personnel to ensure that information requests under the FOIA/Privacy Act and I.R.C. § 6103 are properly handled in accordance with laws and regulations.  The IRM provides guidance to disclosure personnel nationwide.  Throughout the IRM, personnel are instructed to properly document in case files all aspects of their work during the receipt, control, research, response, and closing phases of the requests.  This documentation is important because it provides the principal evidence that procedures were followed, as well as providing the foundation for other control processes such as management reviews.

During Fiscal Year 2009, the Office of Disclosure implemented a Disclosure Quality Measurement System (DQMS) which was designed to institutionalize a real-time national process for monitoring the quality of all Office of Disclosure work.  According to IRS management, the DQMS was staffed by temporarily promoting senior disclosure specialists into the review positions on a rotational basis.  During Fiscal Years 2010 through 2012, the implementation of the AFOIA system took a significant investment of staff time for training and related administrative support.  This resulted in sporadic operation of the DQMS program and an insufficient number of reviews to provide a valid analysis of statistical information.  As a result, Office of Disclosure management made the decision to temporarily discontinue the DQMS as a quality review for casework.

The DQMS was reestablished at the start of Fiscal Year 2013.  It was implemented as originally intended with senior disclosure specialists temporarily promoted into the review positions on a rotational basis.  Because this was the first year the DQMS was fully operational since Fiscal Year 2009, the performance statistics for Fiscal Year 2013 will be used to provide a baseline against which future performance will be compared.[12]

The DQMS element that corresponds to FOIA/Privacy Act and I.R.C. § 6103 information requests is Accuracy – Proper Determination Made on Releasibility.  This element evaluates whether a caseworker:

·       Conducted appropriate and adequate research for all responsive records.

·       Located and considered for release all responsive records.

·       Disclosed responsive records to the extent legally possible.

·       Decided to withhold records based on the correct interpretation and application of exemptions.

·       Released all records that were within the scope of the request.

Each type of disclosure request is evaluated individually on the DQMS; therefore, FOIA/Privacy Act requests, I.R.C. § 6103(c) requests, and I.R.C. § 6103(e) requests have their own DQMS performance results.  The DQMS performance results for this element, as well as an Office of Disclosure operational review of the DQMS results, are generally consistent with those determined by TIGTA for the FOIA/Privacy Act and combined I.R.C. §§ 6103(c) and (e) Fiscal Year 2013 samples.  Figure 3 compares the cumulative DQMS and TIGTA performance results for this element at the end of Fiscal Year 2013.

Figure 3:  Fiscal Year 2013 Comparison of the DQMS and TIGTA Accuracy
Results for FOIA/Privacy Act and I.R.C. § 6103 Information Requests

Type of Request

Met

Not Met

Not Applicable

Percentage Met[13]

DQMS FOIA/Privacy Act

296

75

93

79.8%

DQMS I.R.C. § 6103(c)

104

25

50

80.6%

DQMS I.R.C. § 6103(e)

28

11

21

71.8%

TIGTA FOIA/Privacy Act

45

17

0

72.6%

TIGTA I.R.C. § 6103

45

8

2

84.9%

Source:  IRS DQMS Reports and TIGTA audit tests conducted during this review. 
Percentages were rounded to the closest tenth.

Office of Disclosure managers continue to be responsible for the quality of work performed locally by the personnel they manage.  By reviewing ongoing work, managers attempt to identify and correct potential problems before they could have an adverse effect on taxpayers.  During Fiscal Year 2014, the Office of Disclosure is conducting a study to determine how managers review cases to identify trends.

Freedom of Information Act and Privacy Act Information Requests Were Responded to Timely by the Internal Revenue Service

The IRS responded timely to the 62 Fiscal Year 2013 FOIA/Privacy Act information requests in our sample.  The FOIA requires Federal Government agencies to respond within 20 business days of the receipt of an information request or, if the 20 business days are not sufficient, to notify the requestor of the reason why the request cannot or will not be filled.  If they are unable to respond to an information request within the time limit, Federal Government agencies are required to immediately notify the requestor of this fact, of the reasons why they are unable to respond, and of the requestor’s right to appeal.

The due date for a FOIA information request is revised when the IRS sends a letter to the requestor exercising its right for an automatic 10-day extension and/or requesting a voluntary extension in excess of the initial statutory 20-day period.  The requestor must agree to the voluntary extension, and the IRS must notify the requestor of its ability to respond by the end of the extension period.  A FOIA information request is considered untimely when the IRS responds to the requestor after the due date.  For Privacy Act information requests, the IRS must respond within 30 calendar days of the taxpayer’s request.

Since Fiscal Year 2001, the IRS has made significant improvement in the timeliness of responses to FOIA/Privacy Act information requests.  Our audits, including this review, indicate that the percentage of untimely responses ranged from zero to 43.5 percentThe results of our last three audits found that the IRS has remained relatively consistent in providing responses to requestors within the statutory time periods.  Figure 4 shows the percentages of untimely information requests we have reported since Fiscal Year 2010.

Figure 4:  Comparison of Untimely FOIA/Privacy Act Responses

Figure 4 was removed due to its size.  To see Figure 4, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Source:  TIGTA audit reports issued in Fiscal Years 2010 through 2013 and audit tests conducted during this review.  Percentages were rounded to the closest tenth.

The Office of Disclosure Established Timeliness Requirements for Responding to Internal Revenue Code Section 6103 Information Requests

There are no statutory time frames within which the IRS must respond to I.R.C. § 6103 information requests.  In response to our Fiscal Year 2013 report, the Director, Office of Privacy, Governmental Liaison and Disclosure established and published guidance to all caseworkers addressing the timeliness of responding to I.R.C. § 6103 requests.  This guidance will be incorporated into IRM 11.3.2 and 11.3.3 by November 7, 2014.

In a memorandum dated November 7, 2013, all caseworkers were advised of the following procedural change:

Beginning immediately, Disclosure personnel processing requests pursuant to I.R.C. § 6103(e) and 6103(c) will ensure that an interim response letter or a status report is initiated by the 30th business date from the IRS received date.  All interim letters or status reports must inform the requester when to expect a final response and must provide a contact name and number for additional inquiries.  If a final response is not provided by the expected final response date of the initial interim response letter or status report, an additional status report must be provided every 30 business days until a final response is issued.

As a result of this change in policy, we will resume the evaluation of the timeliness of I.R.C. § 6103 information requests during our Fiscal Year 2015 review.

Disclosure Specialists May Be Inadvertently Disclosing Taxpayer Information

During operational and regular managerial reviews, casework is reviewed for any inadvertent disclosures.  The DQMS also has procedures in place to review casework for inadvertent disclosures and to report those disclosures when discovered.  However, further review of our sample of 62 FOIA/Privacy Act and 53 I.R.C. § 6103 information requests identified 13 (21.0 percent) FOIA/Privacy Act and one (1.9 percent) I.R.C. § 6103 requests in which disclosure specialists inadvertently disclosed sensitive taxpayer information in their responses.  Those disclosures releasing sensitive taxpayer information are summarized as follows with some requests having more than one issue.

In addition to Personally Identifiable Information, there was one occurrence in which a taxpayer’s Discriminant Function Score was released to the requestor as well.  This numerical score is given to tax returns based upon a computerized classification process that by IRS policy is for “official use only.”  The IRM specifies that release of this information could impair tax administration and should not be disclosed.

Office of Disclosure officials stated that these inadvertent disclosures could have resulted from several contributing factors, such as:

The timely identification and reporting of all inadvertent unauthorized disclosures of sensitive information is critical to quickly initiate any needed investigation or recovery of information.  A prompt report decreases the possibility that the information may be compromised and used to perpetuate identity theft or other forms of harm to taxpayers or the Federal Government.  Disclosure officials addressed the disclosures with the disclosure specialists and their managers who processed and reviewed the requests we identified.  Disclosure officials responded that the appropriate actions were taken to report all of the inadvertent disclosures once we notified them of our concerns.

As result of our previous review, the Director, Office of Privacy, Governmental Liaison and Disclosure developed and implemented a mandatory Disclosure Technical Update training session for all disclosure specialists and managers to review the various types of inadvertent disclosures and stress the need for a careful review of documents prior to release to avoid unauthorized disclosures.  The Disclosure Technical Update includes a review of the procedures for reporting any such disclosures.  The training was recorded and disclosure managers are required to certify on an annual basis that their employees reviewed it.  This training session is also a permanent part of the disclosure orientation training for new disclosure employees.  As of the conclusion of our review, all 173 disclosure specialists and managers have completed the training.  We expect that the implementation of this certification process should result in fewer inadvertent disclosures in future years.

 

Appendix I

 

Detailed Objectives, Scope, and Methodology

 

The overall objectives of this audit were to determine whether the IRS improperly withheld information requested by taxpayers in writing, based on FOIA[14] exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7) or by replying that responsive records were not available.  Specifically, this included determining whether the IRS had adequate and effective policies and procedures to ensure that all of these requests were processed timely and information was not improperly withheld.  In addition, we determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act, [15] or I.R.C. § 6103 information requests.  To accomplish these objectives, we:

I.                 Determined the applicable policies, procedures, and controls that were in place to ensure compliance with the FOIA when denying information, such as:

A.    Policies, operating procedures, systems, documents/files, risks, laws, and regulations related to the receipt, disposition, and resolution or denials of requests for information under the FOIA.

B.    Specific management controls and systems that were in place to ensure the timely and proper receipt, disposition, and resolution or denials of requests for information under the FOIA.

II.               Determined whether the IRS properly adhered to statutory FOIA and Privacy Act requirements, as well as procedural requirements.

A.    Obtained an extract from the AFOIA system for the period October 1, 2012, through September 30, 2013, and identified 2,973 FOIA/Privacy Act information requests closed as denied or partially denied based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, or on FOIA exemption (b)(7), or where the IRS replied that responsive records were not available or did not exist.  We validated the data extract by performing specialized queries.  We determined that the data were sufficiently reliable for the purposes of this report.

B.    Designed a statistically valid sample based on a confidence level of 90 percent and an expected error rate of 6.12 percent for FOIA/Privacy Act information requests, with an estimated precision of ± 5 percent.  Based on these parameters, a statistically valid sample size was 62 information requests.  This sampling methodology was chosen so that we could project the number of requests with improper withholdings to the universe of information requests that were partially or fully denied based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7), or for which requestors were told records were not available.

C.    Reviewed the 62 sampled FOIA/Privacy Act information requests and determined whether the decision to withhold information was appropriate, the record search was adequate, and the determination was made in a timely manner.

D.    Projected the number of requests for which information was withheld from the requestor to be in the range of 102 to 569 (3.43 percent to 19.15 percent) for FOIA/Privacy Act information requests that were partially or fully denied based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7), or for which requestors were told records were not available.  The projection was made using the Normal Approximation method for attribute sampling, with a 95 percent confidence level and an actual error rate of 11.29 percent.  The accuracy of our projection was reviewed by TIGTA’s contract statistician.[16]

E.     Discussed all exceptions with Office of Disclosure officials.

F.     Reviewed the Department of the Treasury 2013 Freedom of Information Act Annual Report to the Attorney General of the United States showing various statistics for FOIA/Privacy Act information requests, including appeals and closures.  This information was not independently verified because the accuracy of these statistics did not affect the accomplishment of our audit objective.

III.             Determined whether the IRS Headquarters Disclosure Office is adhering to legal requirements when denying written information requests received under I.R.C. § 6103.

A.    Obtained an extract from the AFOIA system for the period October 1, 2012, through September 30, 2013, and identified 844 I.R.C. §§ 6103(c) and (e) information requests that were denied, partially denied, or had no responsive records.

B.    Designed a statistically valid sample based on a confidence level of 90 percent, an expected error rate of 5.38 percent, and an estimated precision of ± 5 percent.  Based on these parameters, the size of the statistically valid sample was 55 information requests.  This sampling methodology was chosen because it would allow us to project the number of requests with improper withholdings to the universe of closed I.R.C. §§ 6103(c) and (e) information requests that were partially or fully denied or for which the IRS replied that responsive records were not available or did not exist.

C.    Selected a statistically valid sample of 398[17] of the 844 I.R.C. §§ 6103(c) and (e) closed information requests.  We selected a larger sample size to account for the possibility that some requests would not meet our criteria.  We screened 219 of the 398 requests received to identify the necessary 55 information requests for our sample that included instances in which information was partially or fully denied or in which the IRS replied that responsive records were not available or did not exist.

D.    Reviewed the 55 information requests identified and determined whether the decision to withhold the information based on I.R.C. § 6103 was appropriate.  We found that 53 of the 55 cases were complete and could be reviewed and evaluated to determine if information was withheld.  The remaining two cases had incomplete case files.  Therefore, our sample size for this step was 53.

E.     Discussed all exceptions with Office of Disclosure officials.

F.       Projected the number of requests where information was withheld from the requestor to be in the range of eight to 25 (1.01 percent to 3.01 percent) for information requests that were partially or fully denied information or told that records were not available.  The projection was made using the Normal Approximation method for attribute sampling, with a 95 percent confidence level and an actual error rate of 15.09 percent.  To project the number of taxpayers affected, we projected the number of errors to the original 398 requests sampled from the population of 844 I.R.C. § 6103 information requests.  The accuracy of our projection was reviewed by TIGTA’s contract statistician.[18]

IV.            Determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act, or I.R.C. § 6103 information requests.

A.    Reviewed the FOIA and I.R.C § 6103 information requests selected for our samples in Sub-Objectives II.B. and III.B. for any information outside the scope of the request that may have been erroneously disclosed.

B.    Discussed any exception cases with the Privacy, Governmental Liaison and Disclosure staff and obtained agreement.

V.              Followed up on corrective actions from TIGTA’s Fiscal Year 2013 FOIA review.

A.    Obtained and evaluated the mandatory Disclosure Technical Update training session related to inadvertent disclosures that was given to all disclosure specialists.

B.    Verified that managers conducted the initial certification process to ensure that their employees reviewed the Disclosure Technical Update.

C.    Obtained and evaluated the interim guidance memorandum developed by disclosure management to provide specific time frames for responding to I.R.C. § 6103 information requests.

Internal controls methodology

Internal controls relate to management’s plans, methods, and procedures used to meet their mission, goals, and objectives.  Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations.  They include the systems for measuring, reporting, and monitoring program performance.  We determined the following internal controls were relevant to our audit objectives:  the IRS policies, operating procedures, systems, laws, and regulations related to the receipt, disposition, and resolution or denials of requests for information under the FOIA to evaluate whether the IRS improperly withheld tax account information requested in writing.  We evaluated these controls by reviewing source materials, interviewing management, and reviewing statistically valid samples of closed FOIA/Privacy Act and I.R.C. § 6103 information requests.

 

Appendix II

 

Major Contributors to This Report

 

Nancy Nakamura, Assistant Inspector General for Audit (Compliance and Enforcement Operations)

Bryce Kisler, Acting Assistant Inspector General for Audit (Compliance and Enforcement Operations)

Alan Lund, Acting Director

Tina Parmer, Audit Manager

Gail Schuljan, Lead Auditor

David Hartman, Senior Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Operations Support  OS

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Legislative Affairs  CL:LA

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control  OS:CFO:CPIC:IC

Audit Liaison:  Deputy Commissioner, Operations Support  OS

 

Appendix IV

 

Outcome Measures

 

This appendix presents detailed information on the measurable impact that the results of our audit will have on tax administration.  These benefits will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

·       Taxpayer Rights and Entitlements – Potential; 336 responses to FOIA[19]/Privacy Act[20] information requests for which information may have been improperly withheld or the IRS failed to adequately search for and provide during the 12-month period October 1, 2012, through September 30, 2013 (see page 6).

Methodology Used to Measure the Reported Benefit:

We reviewed a statistically valid sample of 62 requests from a population 2,973 FOIA/Privacy Act information requests closed nationally during the period October 1, 2012, through September 30, 2013, as either a:

1)     Full or partial denial with either FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7) cited as one of the reasons for withholding information.

2)     Request for which the IRS replied that responsive records were not available or did not exist.

We identified seven requests where disclosure specialists improperly withheld the requested information.  Based on our sample error rate of 11.29 percent (7/62) and a confidence level of 95 percent, we estimated that the number of requestors erroneously denied information to be 336 [2,973 x 11.29 percent], with a range of 102 to 569.  We arrived at the estimate by multiplying the number of requests closed as either condition 1) or 2) listed in the prior paragraph by the percentage of erroneously denied responses identified in our sample.  The projection was made using the Normal Approximation method for attribute sampling, with a confidence level of 95 percent and an actual error rate of 11.29 percent.  As a result, the actual precision factors were 3.43 percent and 19.15 percent.

Type and Value of Outcome Measure:

·       Taxpayer Rights and Entitlements – Potential; 17 responses to I.R.C. § 6103 information requests for which the IRS failed to adequately search for and provide information during the 12-month period October 1, 2012, through September 30, 2013 (see page 6).

Methodology Used to Measure the Reported Benefit:

We screened 219 of a statistically valid sample of 398 requests to identify 55 requests that satisfied our criteria and were not misclassified, from a population 844 I.R.C. § 6103 information requests closed nationally during the period October 1, 2012, through September 30, 2013, as either a full or partial denial, or a request for which the IRS replied that responsive records were not available or did not exist.

·       We found that 53 of the 55 cases were complete and could be reviewed and evaluated.  The remaining two cases had incomplete case files and could not be reviewed and evaluated.  Therefore, our sample size for this step was 53.

·       We identified eight requests out of the 53 where disclosure specialists failed to adequately search for and provide the requested information.

We used our sample error rate of 15.09 percent (8/53) and a confidence level of 95 percent to calculate our projections.  The error rate for the original statistically valid sample of 398 requests is 2.01 percent (8/398).  We then applied that error rate to the entire population and estimated the number of requestors erroneously denied information to be 17 [844 x 2.01 percent], with a range of eight to 25.  We arrived at the estimate by multiplying the number of requests closed as listed in the prior paragraph by the percentage of improperly denied responses identified in our sample.  The projection was made using the Normal Approximation method for attribute sampling, with a confidence level of 95 percent and an actual error rate of 15.09 percent.  As a result, the upper and lower precision factors were 1.01 percent and 3.01 percent.

Type and Value of Outcome Measure:

·       Taxpayer Privacy and Security – Potential; 14 responses had sensitive taxpayer information inadvertently disclosed in response to either a FOIA/Privacy Act or I.R.C. § 6103 information request (see page 11).

Methodology Used to Measure the Reported Benefit:

While conducting our review, we observed[21] that disclosure specialists inadvertently disclosed sensitive taxpayer information in response to 13 (20.97 percent) of the FOIA/Privacy Act and one (1.89 percent) of the I.R.C. § 6103 information requests in our samples.  These disclosures included Personally Identifiable Information, such as Social Security Numbers, names, tax account transcripts, and tax return information.

 

Appendix V

 

Previous Audit Reports Related to This
Statutory Review

 

TIGTA, Ref. No. 2000-10-116, Taxpayers Should Be Provided Timely Service When Appealing Denied Requests Under the Freedom of Information Act (Aug. 2000).

TIGTA, Ref. No. 2001-10-112, The Internal Revenue Service Should Continue Taking Action to Improve Compliance With the Freedom of Information Act and Related Procedures (Jul. 2001).

TIGTA, Ref. No. 2002-10-093, Actions Should Continue to Be Taken to Improve Compliance With the Freedom of Information Act and Related Procedures (May 2002).

TIGTA, Ref. No. 2003-10-164, Opportunity for Improvement Exists for Compliance With the Freedom of Information Act and Related Procedures (Aug. 2003).

TIGTA, Ref. No. 2004-40-064, Improvements Are Needed to Ensure Compliance With the Freedom of Information Act (Mar. 2004).

TIGTA, Ref. No. 2005-10-089, Some Improvements Have Been Made to Better Comply With Freedom of Information Act Requirements (May 2005).

TIGTA, Ref. No. 2006-10-129, Compliance With Freedom of Information Act Requirements Has Increased (Aug. 2006).

TIGTA, Ref. No. 2007-10-133, The Office of Disclosure Can Improve Compliance With the Freedom of Information Act Requirements (Aug. 2007).

TIGTA, Ref. No. 2008-30-164, The Office of Disclosure Continued to Improve Compliance With the Freedom of Information Act Requirements (Aug. 2008).

TIGTA, Ref. No. 2009-30-115, The Office of Disclosure Continues to Improve Upon Its Responses to Taxpayers’ Requests Under the Freedom of Information Act (Sept. 2009).

TIGTA, Ref. No. 2010-30-090, The Office of Disclosure Continues to Improve Compliance With the Freedom of Information Act Requirements (Aug. 2010).

TIGTA, Ref. No. 2011-30-093, The Office of Disclosure Continues to Improve Compliance With the Freedom of Information Act Requirements (Sept. 2011).

TIGTA, Ref. No. 2012-30-098, Fiscal Year 2012 Statutory Review of Compliance With the Freedom of Information Act (Aug. 2012).

TIGTA, Ref. No. 2013-30-109, Fiscal Year 2013 Statutory Review of Compliance With the Freedom of Information Act (Sept. 2013).

 

Appendix VI

 

Management’s Response to the Draft Report

 

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON, D.C. 20224

 

 

PRIVACY, GOVERNMENTAL

LIAISON AND DISCLOSURE

 

AUGUST 28, 2014

 

 

MEMORANDUM FOR DEPUTY INSPECTOR GENERAL FOR AUDIT

 

FROM:                             Mary J. Howard /s/ Mary J. Howard

                                          Director, Privacy, Governmental Liaison and Disclosure

 

SUBJECT:                       Draft Audit Report - Fiscal Year 2014 Statutory Review of Compliance with the Freedom of Information Act (Audit #201430006)

 

Thank you for the opportunity to respond to the above referenced draft audit report.  The IRS is committed to implementing openness in Government to ensure the public trust and establish a system of transparency, public participation, and collaboration.  We appreciate your recognition of the positive steps taken by the IRS to effectively manage our Freedom of Information Act (FOIA) backlog and will continue to work towards processing our information requests in a timely and quality manner.

 

We take our responsibility to maintain confidential information seriously and instruct our employees to protect the privacy interests of those seeking information through the FOIA and the various other Internal Revenue Code (IRC) Section 6103 provisions.  We implemented mandatory training to address inadvertent disclosures and require employees to certify annually that they understand their responsibilities.

 

We agree with the proposed outcome measures cited in the report but would like to provide clarification on one of the key findings.  Although the unauthorized disclosures identified in the report were unfortunate and inadvertent, the information released in many of these instances did not include any sensitive information that could be misused by the recipient.  The impact to the IRS and taxpayers in question was minimal based upon what was released and to whom.  The IRS recognizes the importance of providing accurate responses and is taking steps to strengthen our management and quality controls to avoid future inadvertent disclosures.

 

We will continue to ensure that the provisions of the FOIA, the Privacy Act of 1974 and the IRC Section 6103 are followed.  If you have any questions, please contact me at (202) 317-6449 or a member of your staff may contact Joyce Peneau, Associate Director, Disclosure at (510) 637-3024.



[1] 5 U.S.C. § 552 (2010).

[2] 5 U.S.C. § 552a (2010).

[3] 25 U.S.C. § 7803.

[4] I.R.C. § 6103 (2013).

[5] 5 U.S.C. § 552 (2010).

[6] 5 U.S.C. § 552a (2010).

[7] Contains the policies, procedures, instructions, guidelines, and delegations of authority which direct the operation and administration of the IRS.  Topics include tax administration, personnel and office management, and others.

[8] For purposes of reporting, percentages presented in the body of the report are rounded to one decimal place.  Actual error rate percentages in Appendix I and for calculations in Appendix IV are presented to two decimal places.

[9] The point estimate projection is based on a two-sided 95 percent confidence interval, a precision rate of ± 5 percent, and an error rate of 11.3 percent.  We are 95 percent confident that the point estimate is between 102 and 569 requests.

[10] The population consists of 844 I.R.C. § 6103 information requests closed during the period October 1, 2012, through September 30, 2013.  We pulled a random sample of 400 cases and screened 219 of them to identify our sample of 55 cases.  Of those 55 cases, two files were incomplete and we were unable to evaluate whether they were worked properly.  That left 53 cases on which we could make a determination.  Out of those 53 cases, eight were exception cases.  An error rate of 15.1 percent was calculated based on the 53 cases.

[11] The point estimate projection is based on a two-sided 95 percent confidence interval, precision rate of ± 5 percent, and an error rate of 15.1 percent.  We are 95 percent confident that the point estimate is between eight and 25 requests.

[12] A baseline consists of a specified set of documents, software, and other items defined as final (or point-in-time) products for a project.  A baseline establishes a predefined point from which to evaluate project progress.

[13] Formula used by the IRS to calculate the Percentage Met is column Met divided by (columns Met plus Not Met).

[14] 5 U.S.C. § 552 (2010).

[15] 5 U.S.C. § 552a (2010).

[16] Based on advice from TIGTA’s contract statistician, we used a 90 percent confidence level to select our sample and a 95 percent confidence level to formulate our projections.

[17] The sample of 398 requests consisted of the original 400 cases selected less the two cases that were incomplete.

[18] Based on advice from TIGTA’s contract statistician, we used a 90 percent confidence level to select our sample and a 95 percent confidence level to formulate our projections.

[19] 5 U.S.C. § 552 (2010).

[20] 5 U.S.C. § 552a (2010).

[21] The scope of this audit focused on information being withheld, not on the information that was inadvertently released to the taxpayer.  Therefore, due to the nature of the sample selected, the results of this finding cannot be projected to the population.