TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

 

 

Fiscal Year 2015 Statutory Review of Compliance With the Freedom of Information Act

 

 

 

September 18, 2015

 

Reference Number:  2015-30-084

 

 

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

 

 

Phone Number  /  202-622-6500

E-mail Address /  TIGTACommunications@tigta.treas.gov

Website           /  http://www.treasury.gov/tigta

 

 

HIGHLIGHTS

FISCAL YEAR 2015 STATUTORY REVIEW OF COMPLIANCE WITH THE FREEDOM OF INFORMATION ACT

Highlights

Final Report issued on September 18, 2015

Highlights of Reference Number:  2015-30-084 to the Internal Revenue Service Director, Privacy, Governmental Liaison, and Disclosure.

IMPACT ON TAXPAYERS

The IRS must ensure that the provisions of the Freedom of Information Act (FOIA), the Privacy Act of 1974 (Privacy Act), and Internal Revenue Code (I.R.C.) Section (§) 6103 are followed.  Errors can violate taxpayer rights and result in improper disclosures of taxpayer information.

WHY TIGTA DID THE AUDIT

TIGTA is required to conduct periodic audits to determine whether the IRS properly denied written requests for taxpayer information pursuant to FOIA § 552(b)(7) and I.R.C. § 6103.

The overall objectives of this audit were to determine whether the IRS improperly withheld information requested by taxpayers in writing, based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7) or by replying that responsive records were not available.  Specifically, this included determining whether the IRS had adequate and effective policies and procedures to ensure that all of these requests were processed timely and that information was not improperly withheld.  In addition, TIGTA determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act, or I.R.C. § 6103 information requests.

WHAT TIGTA FOUND

TIGTA reviewed a statistically valid sample of 65 information requests from a population of 2,809 FOIA/Privacy Act information requests and found eight (12.3 percent) for which the IRS improperly withheld information from the requestors.  The IRS also improperly withheld information for four (7.3 percent) of the 55 I.R.C. § 6103 information requests reviewed.  Although the IRS properly released thousands of pages from these documents, taxpayer rights still may have been violated because some information was erroneously withheld.

In addition, TIGTA found that the Disclosure Office does not have direct control over how other IRS functions process I.R.C. § 6103 information requests, nor does it regularly assess the quality of disclosure responses throughout the IRS.

Even though the number of backlogged information request cases increased for the second straight year, TIGTA found that responses to all sampled FOIA/Privacy Act information requests were timely.  While there are no statutory time frames within which the IRS must respond to taxpayers’ I.R.C. § 6103 information requests, the IRS established guidelines for all Disclosure Office personnel to contact the requestor and either provide an interim response or submit a status report prior to the expiration of 30 business days.  TIGTA found that for 14 (25.5 percent) of the 55 I.R.C. § 6103 information requests reviewed, the IRS took more than 30 business days to provide a response.

Additionally, disclosure specialists inadvertently disclosed sensitive taxpayer information in three responses to FOIA/Privacy Act and I.R.C. § 6103 information requests.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the IRS:  (1) develop and implement a formalized plan to periodically review the quality and processing of I.R.C. § 6103 information requests worked outside of the Disclosure Office; (2) incorporate timeliness procedures for I.R.C. § 6103 information requests into the Internal Revenue Manual as well as remind employees of the new procedures for processing I.R.C. § 6103 information requests; and (3) develop and implement a plan to focus on decreasing the number of backlogged cases.  The IRS partially agreed with our first recommendation, agreed with our other two recommendations, and plans appropriate corrective actions.

 

September 18, 2015

 

 

MEMORANDUM FOR DIRECTOR, PRIVACY, GOVERNMENTAL LIAISON, AND DISCLOSURE

 

FROM:                       Michael E. McKenney /s/ Michael E. McKenney

                                  Deputy Inspector General for Audit

 

SUBJECT:                  Final Audit Report – Fiscal Year 2015 Statutory Review of Compliance With the Freedom of Information Act (Audit # 201530006)

 

This report presents the results of our review to determine whether the Internal Revenue Service (IRS) improperly withheld information requested by taxpayers in writing, based on Freedom of Information Act (FOIA) exemption (b)(3), in conjunction with Internal Revenue Code (I.R.C.) Section (§) 6103, and/or FOIA exemption (b)(7) or by replying that responsive records were not available.[1]  Specifically, this included determining whether the IRS had adequate and effective policies and procedures to ensure that all of these requests were processed timely and that information was not improperly withheld.  In addition, we determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act of 1974 (Privacy Act), or I.R.C. § 6103 information requests.[2]

The Treasury Inspector General for Tax Administration is required to conduct periodic audits to determine if the IRS properly denied written requests for tax account information.  We are also required to include the results in one of our Semiannual Reports to Congress.  This is our sixteenth review of denials of FOIA, Privacy Act, and I.R.C. § 6103 requests.  This review is included in our Fiscal Year 2015 Annual Audit Plan and addresses the major management challenge of Taxpayer Protection and Rights.

Management’s complete response to the draft report is included as Appendix VI.  Copies of this report are also being sent to the IRS managers affected by the report recommendations.

If you have any questions, please contact me or Matthew A. Weir, Assistant Inspector General for Audit (Compliance and Enforcement Operations).

 

 

Table of Contents

 

Background

Results of Review

Disclosure Specialists Did Not Always Properly Respond to Some Freedom of Information Act, Privacy Act, and Internal Revenue Code Section 6103 Information Requests

Recommendation 1:

Inadvertent Disclosures by Disclosure Specialists Have Been Reduced

Freedom of Information Act and Privacy Act Information Requests Were Responded to Timely

Internal Revenue Code Section 6103 Information Requests Were Not Always Processed Timely

Recommendation 2:

The Internal Revenue Service’s Number of Backlogged Cases Increased for the Second Straight Year

Recommendation 3:

Appendices

Appendix I – Detailed Objectives, Scope, and Methodology

Appendix II – Major Contributors to This Report

Appendix III – Report Distribution List

Appendix IV – Outcome Measures

Appendix V – Previous Audit Reports Related to This Statutory Review

Appendix VI – Management’s Response to the Draft Report

 

Abbreviations

 

AFOIA

Automated Freedom of Information Act

DQMS

Disclosure Quality Management System

FOIA

Freedom of Information Act

I.R.C.

Internal Revenue Code

IRS

Internal Revenue Service

TIGTA

Treasury Inspector General for Tax Administration

 

Background

 

Statutory requirements

The Internal Revenue Code (I.R.C.) requires the Treasury Inspector General for Tax Administration (TIGTA) to:

…conduct periodic audits of a statistically valid sample of the total number of determinations made by the Internal Revenue Service to deny written requests to disclose information to taxpayers on the basis of section 6103 of this title or section 552(b)(7) of title 5, United States Code.[3]

The three primary laws that govern the types of requests for information reviewed in this audit are:

The Freedom of Information Act (FOIA) requires Federal Government agencies to make records available to the public upon request, unless specifically exempted.[4]  Information that is “specifically exempted from disclosure by statute” is one of the exemptions.  I.R.C. Section (§) 6103 is an example of such a statute; it protects the confidentiality of tax returns and return information.  Records or information compiled for law enforcement purposes are also exempt from disclosure under the FOIA.  Section 552(b)(7) provides the following exception to the FOIA’s general disclosure rules by allowing nondisclosure of records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information:  

(A)   Could reasonably be expected to interfere with enforcement proceedings.

(B)    Would deprive a person of a right to a fair trial or an impartial adjudication.

(C)    Could reasonably be expected to constitute an unwarranted invasion of personal privacy.

(D)   Could reasonably be expected to disclose the identity of a confidential source, including a State, local, or foreign agency or authority or any private institution which furnished information on a confidential basis, and, in the case of a record or information compiled by criminal law enforcement authority in the course of a criminal investigation or by an agency conducting a lawful national security intelligence investigation, information furnished by a confidential source.

(E)    Would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law.

(F)    Could reasonably be expected to endanger the life or physical safety of any individual.

The Privacy Act of 1974 (Privacy Act) states that no Federal Government agency shall disclose any record that is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.[5]  The Privacy Act mandates that each agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.

I.R.C. § 6103 protects the confidentiality of taxpayers’ returns and return information.  However, it does allow the taxpayer, or a person designated by the taxpayer, to request and receive the taxpayer’s specific documents and information.

Internal Revenue Service (IRS) processing and reporting of FOIA requests

Effective June 2011, the Office of the Deputy Commissioner for Operations Support (through its Office of Privacy, Governmental Liaison, and Disclosure) became responsible for ensuring the IRS’s timely compliance with the FOIA, the Privacy Act, and I.R.C. § 6103.  The Disclosure Office within the Office of Privacy, Governmental Liaison, and Disclosure sets IRS policy and issues instructions, guidelines, and procedures to the various IRS functions to ensure compliance with the disclosure statutes.

The Disclosure Office processes FOIA/Privacy Act and I.R.C. § 6103 information requests received by the IRS.  In the Department of the Treasury 2014 Freedom of Information Act Annual Report to the Attorney General of the United States, the IRS reported that a total of 10,109 FOIA/Privacy Act information requests were processed.  This is consistent with the 10,108 FOIA/Privacy Act requests processed on the Automated Freedom of Information Act (AFOIA) system during Fiscal Year 2014.

In addition, the report stated that the IRS denied or partially denied information to requestors in 3,097 (30.6 percent) of the 10,109 FOIA/Privacy Act information requests processed in Fiscal Year 2014.  This is a small increase from the 30 percent reported in Fiscal Year 2013.  The report further stated that the IRS advised requestors that there were no records responsive to requests in 646 (6.4 percent) of the 10,109 FOIA/Privacy Act requests.  This is consistent with the 7.2 percent reported in the prior fiscal year.  The remaining information requests were either granted in full or closed for miscellaneous reasons, such as the request was improper or had been previously granted.

Audit limitations and standards

While only the Disclosure Office processes FOIA requests, responsibility for processing requests for information pursuant to I.R.C. § 6103 is greatly dispersed throughout the IRS.  The Disclosure Office processes requests related to I.R.C. § 6103 that are sent directly to it; however, when requests are sent to the many IRS functions across the country, the Disclosure Office has no direct involvement in the processing of those requests.

Although TIGTA is required to audit denials of taxpayer requests for information made pursuant to I.R.C. § 6103, the IRS tracks on its AFOIA system only I.R.C. § 6103 requests worked by Disclosure Office employees.  Requests made under I.R.C. § 6103 that were received and processed by IRS offices other than the Disclosure Office are not controlled on the AFOIA system or otherwise inventoried in a centralized location.  Consequently, the volume of all of these requests is not known by the IRS; however, this volume of uncontrolled inventory may be substantially larger than what the Disclosure Office tracks on its AFOIA system.

As a result, for this audit we statistically sampled only I.R.C. § 6103 information requests processed directly by the IRS’s Disclosure Office and tracked on the AFOIA system.  We reviewed only those I.R.C. § 6103 information requests processed by the Disclosure Office that were denied, partially denied, or had no responsive records during the period October 1, 2013, through September 30, 2014.  However, starting with next year’s review, we plan to start evaluating these other IRS offices that process I.R.C. § 6103 information requests.

This review was performed with information obtained from the Disclosure Office within the Office of Privacy, Governmental Liaison, and Disclosure, during the period December 2014 through June 2015.  We conducted this performance audit in accordance with generally accepted government auditing standards.  Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives.  We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.  Detailed information on our audit objectives, scope, and methodology is presented in Appendix I.  Major contributors to the report are listed in Appendix II.

 

Results of Review

 

Disclosure Specialists Did Not Always Properly Respond to Some Freedom of Information Act, Privacy Act, and Internal Revenue Code Section 6103 Information Requests

The IRS was not consistent in its service to individuals who requested information under the FOIA/Privacy Act based on the statistically valid sample of information requests reviewed.  Specifically, disclosure specialists improperly withheld information on eight (12.3 percent) of the 65 FOIA/Privacy Act information requests reviewed.  The eight cases we identified included improperly withheld information of examination and collection activity and other tax return information that the taxpayer or authorized Power of Attorney should have received.  When projected to the population of 2,809 FOIA/Privacy Act requests closed during the period October 1, 2013, through September 30, 2014, the sample results indicate that approximately 346 FOIA/Privacy Act information requests may have had information erroneously withheld.[6]  Although the IRS properly released thousands of pages from these documents, taxpayer rights still may have been violated because these information requests had some information erroneously withheld.  See Appendix IV for an explanation of this projection.

In addition, disclosure specialists improperly withheld information for four (7.3 percent) of the 55 I.R.C. § 6103 information requests reviewed.  According to Disclosure Office management, the cases we identified with improperly withheld information could have resulted from an oversight by the caseworker when completing the review or management in their reviews of the case files.  Figure 1 shows the audit results for Fiscal Years 2010 through 2014.[7]

Figure 1:  Improper FOIA/Privacy Act and
I.R.C. § 6103 Information Request Withholdings

Figure 1 was removed due to its size.  To see Figure 1, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Source:  TIGTA audit reports issued in Fiscal Years 2010 through 2014 and audit tests
 conducted during this review.  Percentages were rounded to the nearest tenth.

The IRS relies on its disclosure personnel to ensure that information requests under the FOIA/Privacy Act and I.R.C. § 6103 are properly handled in accordance with laws and regulations.  The Internal Revenue Manual Section 11.3 provides guidance to disclosure personnel nationwide.[8]  Procedures throughout the Internal Revenue Manual instruct personnel to properly document in case files all aspects of their work during the receipt, control, research, response, and closing phases of the requests.  This documentation is important because it provides the principal evidence that procedures were followed as well as provides the foundation for other control processes such as management reviews.

During Fiscal Year 2009, the Disclosure Office implemented a Disclosure Quality Management System (DQMS), which was designed to institutionalize a real-time national process for monitoring the quality of all Disclosure Office work.  According to IRS management, the DQMS was staffed by temporarily promoting senior disclosure specialists into the review positions on a rotational basis.  During Fiscal Years 2010 through 2012, the implementation of the AFOIA system took a significant investment of staff time for training and related administrative support.  This resulted in sporadic operation of the DQMS program and an insufficient number of reviews to provide a valid analysis of statistical information.  As a result, Disclosure Office management made the decision to temporarily discontinue the DQMS as a quality review for casework.

The DQMS was reestablished at the start of Fiscal Year 2013.  The DQMS element that corresponds to FOIA/Privacy Act and I.R.C. § 6103 information requests is Accuracy – Proper Determination Made on Releasibility.  This element evaluates whether a caseworker:

·       Conducted appropriate and adequate research for all responsive records.

·       Located and considered for release all responsive records.

·       Disclosed responsive records to the extent legally possible.

·       Decided to withhold records based on the correct interpretation and application of exemptions.

·       Released all records that were within the scope of the request.

Each type of disclosure request is evaluated individually on the DQMS; therefore, FOIA/Privacy Act requests, I.R.C. § 6103(c) requests (disclosure of returns and return information to designee of taxpayer), and I.R.C. § 6103(e) requests (disclosure to persons with a material interest) have their own DQMS performance results.  The DQMS performance results for this element, as well as a Disclosure Office operational review of the DQMS results, are generally consistent with those determined by TIGTA for the FOIA/Privacy Act and combined I.R.C. §§ 6103(c) and (e) Fiscal Year 2014 samples.  Figure 2 compares the cumulative DQMS and TIGTA performance results for this element at the end of Fiscal Year 2014.

Figure 2:  Fiscal Year 2014 Comparison of the DQMS and TIGTA Accuracy Results for FOIA/Privacy Act and I.R.C. § 6103 Information Requests

Type of Request

Met

Not Met

Not Applicable

Percentage Met[9]

DQMS FOIA/Privacy Act

524

60

3

89.7%

DQMS I.R.C. § 6103(c)

79

30

0

72.5%

DQMS I.R.C. § 6103(e)

91

10

0

90.1%

TIGTA FOIA/Privacy Act

57

 8

0

87.7%

TIGTA I.R.C. § 6103

51

 4

0

92.7%

Source:  IRS DQMS Reports and TIGTA audit tests conducted during this review. 
Percentages were rounded to the nearest tenth.

The Office of Privacy, Governmental Liaison, and Disclosure’s mission is “to preserve and enhance public confidence by advocating for the protection and proper use of identity information.”  However, other than occasionally performing reviews of some of the other IRS functions that process I.R.C. § 6103 information requests (such as the Return and Income Verifications Services program), the Disclosure Office does not have direct control over how these requests are processed, nor does it regularly assess the quality of disclosure responses throughout the IRS.  Because the Disclosure Office is responsible for establishing rules for access to IRS records and the protection of tax information within the IRS, we believe that the Disclosure Office should establish a process to periodically review the quality and processing of I.R.C. § 6103 information requests in all of the other IRS functions.

Recommendation

Recommendation 1:  The Director, Privacy, Governmental Liaison, and Disclosure, should develop and implement a formalized plan to periodically review the quality and processing of I.R.C. § 6103 information requests worked in all of the other IRS functions.

Management’s Response:  The IRS partially agreed with this recommendation.  The IRS agreed that quality reviews of the processing of I.R.C. § 6103 requests completed by other functions is a part of its responsibility.  The IRS also agreed to have the Disclosure Office conduct a risk-based assessment and, upon completion of the assessment, evaluate the findings and develop a plan, within the constraints of available resources, to periodically review and document compliance with I.R.C. § 6103.

Inadvertent Disclosures by Disclosure Specialists Have Been Reduced

Casework is reviewed for any inadvertent disclosures during operational and regular managerial reviews.  The DQMS also has procedures in place to review casework for inadvertent disclosures and to report those disclosures when discovered.  During our Fiscal Year 2014 review, we identified that disclosure specialists inadvertently disclosed sensitive taxpayer information in 14 responses to FOIA/Privacy Act and I.R.C. § 6103 information requests.  As a result of our findings, the Director, Office of Privacy, Governmental Liaison, and Disclosure developed and implemented a mandatory Disclosure Technical Update training session for all disclosure specialists and managers to review the various types of inadvertent disclosures and stress the need for a careful review of documents prior to release to avoid unauthorized disclosures.  The Disclosure Technical Update includes a review of the procedures for reporting any such disclosures.  The disclosure managers are now required to certify on an annual basis that their employees reviewed this training.  The training session is also a permanent part of the disclosure orientation training for new disclosure employees.  We found that all disclosure specialists and managers had completed this training.

This training seems to be effective because during our Fiscal Year 2015 review we identified that disclosure specialists inadvertently disclosed sensitive taxpayer information in only three responses to FOIA/Privacy Act and I.R.C. § 6103 information requests.  These inadvertent disclosures included Personally Identifiable Information and tax return information.

Disclosure Office officials stated that these inadvertent disclosures could have resulted from several contributing factors, such as:

The timely identification and reporting of all inadvertent unauthorized disclosures of sensitive information is critical to quickly initiate any needed investigation or recovery of information.  A prompt report decreases the possibility that the information may be compromised and used to perpetuate identity theft or other forms of harm to taxpayers or the Federal Government.  Disclosure officials addressed the disclosures with the disclosure specialists and their managers who processed and reviewed the requests we identified.  Disclosure officials responded that the appropriate actions were taken to report all of the inadvertent disclosures once we notified them of our concerns.

Freedom of Information Act and Privacy Act Information Requests Were Responded to Timely

The IRS responded timely to all 65 Fiscal Year 2014 FOIA/Privacy Act information requests in our statistical sample.  The FOIA requires Federal Government agencies to respond within 20 business days of the receipt of an information request or, if the 20 business days are not sufficient, to notify the requestor of the reason why the request cannot or will not be filled.  If they are unable to respond to an information request within the time limit, Federal Government agencies are required to immediately notify the requestor of this fact, of the reasons why they are unable to respond, and of the requestor’s right to appeal.

The due date for a FOIA information request is revised when the IRS sends a letter to the requestor exercising its right for an automatic 10-business-day extension and/or requesting a voluntary extension in excess of the initial statutory 20-business-day period.  The requestor must agree to the voluntary extension, and the IRS must notify the requestor of its ability to respond by the end of the extension period.  A FOIA information request is considered untimely when the IRS responds to the requestor after the due date.  For Privacy Act information requests, the IRS must respond within 30 calendar days of the taxpayer’s request.

Since Fiscal Year 2001, the IRS has made significant improvement in the timeliness of responses to FOIA/Privacy Act information requests.  Our audits, including this review, indicate that the percentage of untimely responses were zero for three of the last five yearsThe results of our last two audits found that the IRS has remained relatively consistent in providing responses to requestors within the statutory time periods.  Figure 3 shows the percentages of untimely information requests we have reported since Fiscal Year 2010.

Figure 3:  Comparison of Untimely FOIA/Privacy Act Responses

Figure 1 was removed due to its size.  To see Figure 1, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Source:  TIGTA audit reports issued in Fiscal Years 2010 through 2014 and audit tests conducted during this review.  Percentages were rounded to the nearest tenth.

Internal Revenue Code Section 6103 Information Requests Were Not Always Processed Timely

Although there are statutory time frames in which the IRS must respond to FOIA information requests, there are no such requirements for responding to I.R.C. § 6103 requests.  However, in response to our Fiscal Year 2013 report, the Director, Office of Privacy, Governmental Liaison, and Disclosure established guidelines for all Disclosure personnel to contact the requestor and either provide an interim response or submit a status report prior to the expiration of 30 business days.[10]  Despite these guidelines, our review of 55 I.R.C. § 6103 information requests identified 14 (25.5 percent) with response dates that were more than 30 business days.

In a memorandum dated November 7, 2013, all Disclosure caseworkers were advised of the following procedural change:

Beginning immediately, Disclosure personnel processing requests pursuant to I.R.C. § 6103(e) and 6103(c) will ensure that an interim response letter or a status report is initiated by the 30th business date from the IRS received date.  All interim letters or status reports must inform the requester when to expect a final response and must provide a contact name and number for additional inquiries.  If a final response is not provided by the expected final response date of the initial interim response letter or status report, an additional status report must be provided every 30 business days until a final response is issued.

To ensure that requestors are responded to in a timely manner or notified of any processing delays, the Disclosure Office should ensure that these procedures for I.R.C. § 6103 information requests are being followed.

Recommendation

Recommendation 2:  The Director, Privacy, Governmental Liaison, and Disclosure, should incorporate the timeliness procedures for I.R.C. § 6103 information requests into Internal Revenue Manual Section 11.3.  In addition, Disclosure Office management should remind their employees of the new procedures for processing I.R.C. § 6103 information requests.

Management’s Response:  The IRS agreed with this recommendation.  The IRS stated that it had partially implemented the recommendation by issuing an Interim Guidance Memorandum dated November 7, 2013, which acts as published guidance and promotes compliance with the procedures until the Internal Revenue Manual update is completed.  In addition, the IRS will draft a communique for issuance to all disclosure employees and managers specific to the need to focus on ensuring that the guidance is followed and for managers to ensure that employee actions in adhering to that guidance are documented using the normal case review procedures.  The IRS also stated that disclosure managers will address compliance with the guidance as part of their operational reviews in Fiscal Year 2016.

The Internal Revenue Service’s Number of Backlogged Cases Increased for the Second Straight Year

The IRS relies on its disclosure personnel to ensure that information requests received under the FOIA are handled timely and in accordance with laws and regulations.  The IRS supports the FOIA program with a broad policy statement and the Internal Revenue Manual that provides guidance to disclosure personnel.  The policy statement, among other things, affirms the IRS’s commitment to full compliance with the FOIA and administering it in a manner consistent with “the fundamental values held by our society, including public accountability, safeguarding national security, enhancing the effectiveness of law enforcement agencies and the decisionmaking processes, protecting sensitive business information, and protecting personal privacy.”

In 2005, President George W. Bush signed an Executive Order mandating that agencies identify ways to reduce their FOIA backlog consistent with resources, case complexity, and volume.[11]  Overall, national Disclosure Office statistics show that the IRS reduced its backlog of FOIA information requests in Fiscal Years 2011 and 2012, but the number of backlogged cases increased during the last two years.

At the end of Fiscal Year 2014, there was a 46 percent increase in the number of backlogged information requests (317 requests) compared to the number of backlogged requests at the end of Fiscal Year 2013 (217 requests).  This increase follows an 84 percent increase for Fiscal Year 2013.  IRS management stated that case complexity including requests involving IRS Counsel and multiple business units as well as a reduction in staffing has caused the backlog to increase.

Prior to Fiscal Year 2014, the U.S. Department of the Treasury established a yearly numerical case backlog goal for the IRS.  For example, the IRS’s backlog goal in Fiscal Year 2013 was 106 cases.  In Fiscal Year 2014, the U.S. Department of the Treasury eliminated the case backlog goal for the IRS and now requires that only the 10 oldest FOIA cases in its own inventory be worked.  However, the IRS voluntarily follows the same goal.  Figure 4 shows the inventory of backlogged FOIA information requests for Fiscal Years 2010 through 2014.

Figure 4:  Inventory of Backlogged FOIA Information Requests

Figure 1 was removed due to its size.  To see Figure 1, please go to the Adobe PDF version of the report on the TIGTA Public Web Page.

Source:  Unaudited data provided by the IRS Headquarters Disclosure Office and TIGTA audit
reports issued in Fiscal Years 2010 through
2014.

The IRS has tools to effectively manage its FOIA backlog.  For example, the Headquarters and field office managers review weekly over-age reports and monthly inventory monitoring reports, both of which include FOIA/Privacy Act and I.R.C. § 6103 information request inventory and backlog information.  Disclosure management uses these reports to make informed decisions to better manage their information request inventory.

Based on our review results, this backlog does not currently appear to be causing any significant delays in processing most information requests.  However, reducing the number of backlogged requests is particularly important for the IRS because of the processing time frames that need to be met under the FOIA.

Recommendation

Recommendation 3:  The Director, Privacy, Governmental Liaison, and Disclosure, should develop and implement a plan to focus on decreasing the number of backlogged cases.

Management’s Response:  The IRS agreed with this recommendation.  The IRS will develop and implement a plan to focus on decreasing the number of backlogged cases.

 

Appendix I

 

Detailed Objectives, Scope, and Methodology

 

The overall objectives of this audit were to determine whether the IRS improperly withheld information requested by taxpayers in writing, based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7) or by replying that responsive records were not available.[12]  Specifically, this included determining whether the IRS had adequate and effective policies and procedures to ensure that these requests were processed timely and that information was not improperly withheld.  In addition, we determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act, or I.R.C. § 6103 information requests.[13]  To accomplish these objectives, we:

I.                 Determined the applicable policies, procedures, and controls that were in place to ensure compliance with the FOIA when denying information.

A.    Reviewed policies, operating procedures, documents/files, risks, laws, and regulations related to the receipt, disposition, and resolution or denials of requests for information under the FOIA.

B.    Reviewed specific management controls and systems (such as the DQMS) that were in place to ensure the timely and proper receipt, disposition, and resolution or denials of requests for information under the FOIA.

C.    Verified whether managers conducted the initial certification process to ensure that their employees reviewed the Disclosure Technical Update training.

D.    Verified whether the I.R.C. § 6103 guidelines were incorporated into the Disclosure portion of the Internal Revenue Manual.

II.               Determined whether IRS disclosure officers were adhering to statutory requirements when denying written information requests received from taxpayers under the FOIA or Privacy Act.

A.    Obtained extracts from the AFOIA system for the period October 1, 2013, through September 30, 2014, and identified 2,809 FOIA and Privacy Act cases closed as denied/partially denied based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, FOIA exemption (b)(7), or for which the IRS replied responsive records did not exist.[14]  We assessed the reliability of the data by (1) performing electronic testing of required data elements, (2) reviewing existing information about the data and the system that produced them, and (3) interviewing agency officials knowledgeable about the data.  We determined that the data were sufficiently reliable for purposes of this report.  We then performed specialized queries on the database extracts provided by the IRS to ensure that the data met our criteria.

B.    Designed a statistically valid sample based on a confidence level of 90 percent, an expected error rate of 13.85 percent for FOIA/Privacy Act information requests, and an estimated precision of ±7 percent.  Based on these parameters, we selected a statistically valid sample of 65 information requests.[15]  This sampling methodology was chosen so we could project the number of requests with improper withholdings to the universe of information requests that were partially or fully denied based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7), or for which requestors were told records were not available.

C.    Reviewed the 65 sampled FOIA/Privacy Act information requests and determined whether the decision to withhold information was appropriate, the record search was adequate, and the determination was made in a timely manner.

D.    Discussed all exceptions with Disclosure Office officials.

E.     Projected the number of requests for which information was withheld from the requestor for FOIA/Privacy Act information requests that were partially or fully denied based on FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7), or for which requestors were told records were not available.  The projection was made using the Normal Approximation method for attribute sampling, with a 90 percent confidence level and an actual error rate of 12.31 percent.  The accuracy of our projection was reviewed and confirmed by our contracted statistician.

III.             Determined whether IRS disclosure officers are adhering to legal requirements when denying written requests received from taxpayers under I.R.C. § 6103.

A.    Obtained extracts from the AFOIA system for the period October 1, 2013, through September 30, 2014, and identified 517 closed I.R.C. § 6103 (c) and (e) requests.  We assessed the reliability of the data by (1) performing electronic testing of required data elements, (2) reviewing existing information about the data and the system that produced them, and (3) interviewing agency officials knowledgeable about the data.  We determined that the data were sufficiently reliable for purposes of this report.  We then performed specialized queries on the database extracts provided by the IRS to ensure that the data met our criteria.

B.    Designed a statistically valid sample based on a confidence level of 90 percent, an expected error rate of 10.35 percent, and an estimated precision of ±6 percent.  Based on these parameters, we selected a statistically valid sample of 55 information requests.  This sampling methodology was chosen because it would allow us to project the number of requests with improper withholdings to the universe of closed I.R.C. §§ 6103(c) and (e) information requests that were partially or fully denied or for which the IRS replied that responsive records were not available or did not exist.  To identify 55 I.R.C. §§ 6103(c) and (e) cases for review, we had to evaluate the total population of 517 information requests closed during the period October 1, 2013, through September 30, 2014.  The 55 cases we selected were the only ones in the total population of 517 I.R.C. §§ 6103(c) and (e) cases that met our sampling criteria.  As a result, our projection would be limited to these 55 cases.

C.    Reviewed the 55 information requests identified and determined whether the decision to withhold the information based on I.R.C. § 6103 was appropriate and whether the determination was made in a timely manner.

D.    Discussed all exceptions with Disclosure Office officials.

IV.            Determined whether IRS disclosure officers erroneously disclosed sensitive taxpayer information when responding to written FOIA, Privacy Act, or I.R.C. § 6103 information requests.

A.    Reviewed the FOIA, Privacy Act and I.R.C § 6103 information requests selected for our samples in Steps II.B and III.B for any information outside the scope of the request that may have been erroneously disclosed.

B.    Discussed all exceptions with Disclosure Office officials.

Internal controls methodology

Internal controls relate to management’s plans, methods, and procedures used to meet their mission, goals, and objectives.  Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations.  They include the systems for measuring, reporting, and monitoring program performance.  We determined the following internal controls were relevant to our audit objectives:  IRS policies, operating procedures, laws, and regulations related to the receipt, disposition, and resolution or denials of requests for information made under the FOIA, the Privacy Act, or I.R.C. § 6103.  We evaluated these controls by reviewing source materials, interviewing management, and reviewing statistically valid samples of closed FOIA/Privacy Act and I.R.C. § 6103 information requests.

 

Appendix II

 

Major Contributors to This Report

 

Matthew A. Weir, Assistant Inspector General for Audit (Compliance and Enforcement Operations)

Bryce Kisler, Director

Tina Parmer, Audit Manager

Nancy VanHouten, Acting Audit Manager

Carol Gerkens, Lead Auditor

John Chiappino, Senior Auditor

Gwendolyn Green, Senior Auditor

 

Appendix III

 

Report Distribution List

 

Commissioner  C

Office of the Commissioner – Attn:  Chief of Staff  C

Deputy Commissioner for Operations Support  OS

Chief Counsel  CC

National Taxpayer Advocate  TA

Director, Office of Audit Coordination  OS:PPAC:AC

Director, Office of Program Evaluation and Risk Analysis  RAS:O

Office of Internal Control  OS:CFO:CPIC:IC

Audit Liaison:  Deputy Commissioner, Operations Support  OS

 

Appendix IV

 

Outcome Measures

 

This appendix presents detailed information on the measurable impact that the results of our audit will have on tax administration.  These benefits will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

·       Taxpayer Rights and Entitlements – Potential; 346 responses to FOIA/Privacy Act information requests for which information was improperly withheld during the 12-month period of October 1, 2013, through September 30, 2014 (see page 4).[16]

Methodology Used to Measure the Reported Benefit:

We reviewed a statistically valid sample of 65 requests from a population of 2,809 FOIA/Privacy Act information requests closed nationally during the period October 1, 2013, through September 30, 2014, as either a:

1)     Full or partial denial with either FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, and/or FOIA exemption (b)(7) cited as one of the reasons for withholding information.

2)     Request for which the IRS replied that responsive records were not available or did not exist.

We identified eight requests for which disclosure specialists improperly withheld the requested information.  Based on our sample error rate of 12.31 percent and a confidence level of 90 percent, we estimated that the number of requestors erroneously denied information to be 346 [2,809 x 12.31 percent], with a range of 158 to 533.  We arrived at the estimate by multiplying the number of requests closed as either condition 1) or 2), as previously noted, by the percentage of erroneously denied responses identified in our sample.  The projection was made using the Normal Approximation method for attribute sampling, with a confidence level of 90 percent and an actual error rate of 12.31 percent.  As a result, the actual precision factors were 5.63 percent and 18.98 percent.

Type and Value of Outcome Measure:

·       Taxpayer Rights and Entitlements – Potential; four responses to I.R.C. § 6103 information requests for which the IRS improperly withheld information during the 12-month period of October 1, 2013, through September 30, 2014 (see page 4).

Methodology Used to Measure the Reported Benefit:

We identified 517 I.R.C. § 6103 information requests closed during the period October 1, 2013, through September 30, 2014.  We had to evaluate all 517 of them to identify our sample of 55 I.R.C. §§ 6103(c) and (e) cases.[17]  Out of those 55 cases, four were exceptions.  An error rate of 7.3 percent was calculated based on the 55 cases.

Type and Value of Outcome Measure:

·       Taxpayer Privacy and Security – Potential; three responses with sensitive taxpayer information inadvertently disclosed in response to FOIA/Privacy Act and I.R.C. § 6103 information requests (see page 7).

Methodology Used to Measure the Reported Benefit:

While conducting our review, we identified that disclosure specialists inadvertently disclosed sensitive taxpayer information in three responses to FOIA/Privacy Act and I.R.C. § 6103 information requests.[18]  These inadvertent disclosures included Personally Identifiable Information and tax return information.

 

Appendix V

 

Previous Audit Reports Related
to This Statutory Review

 

TIGTA, Ref. No. 2000-10-116, Taxpayers Should Be Provided Timely Service When Appealing Denied Requests Under the Freedom of Information Act (Aug. 2000).

TIGTA, Ref. No. 2001-10-112, The Internal Revenue Service Should Continue Taking Action to Improve Compliance With the Freedom of Information Act and Related Procedures (Jul. 2001).

TIGTA, Ref. No. 2002-10-093, Actions Should Continue to Be Taken to Improve Compliance With the Freedom of Information Act and Related Procedures (May 2002).

TIGTA, Ref. No. 2003-10-164, Opportunity for Improvement Exists for Compliance With the Freedom of Information Act and Related Procedures (Aug. 2003).

TIGTA, Ref. No. 2004-40-064, Improvements Are Needed to Ensure Compliance With the Freedom of Information Act (Mar. 2004).

TIGTA, Ref. No. 2005-10-089, Some Improvements Have Been Made to Better Comply With Freedom of Information Act Requirements (May 2005).

TIGTA, Ref. No. 2006-10-129, Compliance With Freedom of Information Act Requirements Has Increased (Aug. 2006).

TIGTA, Ref. No. 2007-10-133, The Office of Disclosure Can Improve Compliance With the Freedom of Information Act Requirements (Aug. 2007).

TIGTA, Ref. No. 2008-30-164, The Office of Disclosure Continued to Improve Compliance With the Freedom of Information Act Requirements (Aug. 2008).

TIGTA, Ref. No. 2009-30-115, The Office of Disclosure Continues to Improve Upon Its Responses to Taxpayers’ Requests Under the Freedom of Information Act (Sept. 2009).

TIGTA, Ref. No. 2010-30-090, The Office of Disclosure Continues to Improve Compliance With the Freedom of Information Act Requirements (Aug. 2010).

TIGTA, Ref. No. 2011-30-093, The Office of Disclosure Continues to Improve Compliance With the Freedom of Information Act Requirements (Sept. 2011).

TIGTA, Ref. No. 2012-30-098, Fiscal Year 2012 Statutory Review of Compliance With the Freedom of Information Act (Aug. 2012).

TIGTA, Ref. No. 2013-30-109, Fiscal Year 2013 Statutory Review of Compliance With the Freedom of Information Act (Sept. 2013).

TIGTA, Ref. No. 2014-30-064, Fiscal Year 2014 Statutory Review of Compliance With the Freedom of Information Act (Sept. 2014).

 

Appendix VI

 

Management’s Response to the Draft Report

 

DEPARTMENT OF THE TREASURY

INTERNAL REVENUE SERVICE

WASHINGTON, D.C. 20224

 

Privacy, Governmental Liaison,

and Disclosure

 

September 8, 2015

 

 

MEMORANDUM FOR DEPUTY INSPECTOR GENERAL FOR AUDIT

 

FROM:                             Mary J. Howard /s/ Mary J. Howard

                                          Director, Privacy, Governmental Liaison and Disclosure

 

SUBJECT:                       Draft Audit Report - Fiscal Year 2015 Statutory Review of Compliance with the Freedom of Information Act (Audit #201530006)

 

Thank you for the opportunity to respond to the above referenced draft audit report.  The IRS is committed to openness in Government to ensure the public trust and support the ideals of transparency, public participation, and collaboration.  We appreciate your recognition of the positive steps taken by the IRS to operate an effective Freedom of Information Act program and we will continue to work towards improving the processing of information requests in a timely and quality manner.

 

We agree with the outcome measures cited in the report and generally with the overall recommendations.  However, we wish to offer additional perspective with respect to the error rates cited.  In the report, you concluded:

 

"We identified eight requests for which disclosure specialists improperly withheld the requested information.  Based on our sample error rate of 12.31 percent and a confidence level of 90 percent, we estimated that the number of requestors erroneously denied information to be 346 [2,809 x 12.31 percent]".

 

Although we do not dispute those findings, it is important to understand the eight exception cases involved the release of 12,984 pages of records.  Of those 12,984 pages identified, only 102 of those pages contained errors in under or over-withholding. Statistically, that computes to an error rate of only 0.785 percent.

 

Disclosure offices process and release hundreds of thousands of pages on an annual basis, using a system that does not have search and find functionality that would enhance consistency in applying redactions to duplicate pages.  In addition, our processes are subject to human error and the low error rate on the number of pages released reflects a more realistic picture of our effectiveness that should be noted.

 

Attached is a detailed response outlining our planned corrective actions.

 

We will continue to ensure that the provisions of the FOIA, the Privacy Act and IRC §6103 are followed.  If you have any questions, please contact me at (202) 317-6449 or a member of your staff may contact Joyce Peneau, Associate Director, Disclosure at (510) 637-3024.

 

Attachment

 

Recommendation 1:  The Director, Privacy, Governmental Liaison, and Disclosure, should develop and implement a formalized plan to periodically review the quality and processing of I.R.C. § 6103 information requests worked in all of the other IRS functions.

 

Corrective Action:  The IRS partially agrees with this recommendation. We agree quality reviews of the processing of I.R.C. § 6103 requests completed by other functions is a part of our responsibility. Disclosure will conduct a risk based assessment, and upon completion of this assessment, evaluate the findings and develop a plan, within the constraints of available resources, to periodically review and document compliance with I.R.C. § 6103.

 

Implementation Date:  September 15, 2016.

 

Responsible Official(s):  Director, Privacy, Governmental Liaison and Disclosure

 

Corrective Action Monitoring Plan:  Establish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

Recommendation 2: The Director, Privacy, Governmental Liaison, and Disclosure, should incorporate the timeliness procedures for I.R.C. § 6103 information requests into the Internal Revenue Manual Section 11.3.  In addition, Disclosure Office management should remind their employees of the new procedures for processing I.R.C. § 6103 information requests.

 

Corrective Action: The IRS agrees with this recommendation.  We partially implemented this recommendation by issuing an Interim Guidance Memo dated November 7, 2013, which acts as published guidance and promotes compliance with the procedures until the IRM update is completed.  In addition, we will draft a communique for issuance to all Disclosure employees and managers specific to the need to focus on ensuring the guidance is followed and for managers to ensure that employee actions in adhering to that guidance are documented using the normal case review procedures.  Disclosure Managers will address compliance with the guidance as a required operational review item in FY 16.

 

Implementation Date:  September 15, 2016

 

Responsible Official(s):  Director, Privacy, Governmental Liaison and Disclosure

 

Corrective Action Monitoring Plan:  Establish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.

 

Recommendation 3:  The Director, Privacy, Governmental Liaison, and Disclosure, should develop and implement a plan to focus on decreasing the number of backlogged cases.

 

Corrective Action:  The IRS agrees with this recommendation. We will develop and implement a plan to focus on decreasing the number of backlogged cases.

 

Implementation Date:  January 15, 2016

 

Responsible Official(s):   Director, Privacy, Governmental Liaison and Disclosure

 

Corrective Action Monitoring Plan:  Establish a timeline of necessary actions that incorporates expected outcomes and dates to successfully accomplish stated tasks.



[1] 5 U.S.C. § 552.

[2] 5 U.S.C. § 552a.

[3] I.R.C. Section 7803.

[4] 5 U.S.C. § 552.

[5] 5 U.S.C. § 552a.

[6] The point estimate projection is based on a two-sided 90 percent confidence interval, a ±7 percent precision rate, and a 12.3 percent error rate.  We are 90 percent confident that the point estimate is between 158 and 533 requests.

[7] The population consists of 517 I.R.C. § 6103 information requests closed during the period October 1, 2013, through September 30, 2014.  We evaluated all 517 information requests to identify our sample of 55 I.R.C. §§ 6103 (c) and (e) information requests.  The 55 cases we selected were the only ones in the total population of 517 I.R.C. §§ 6103(c) and (e) cases that met our sampling criteria.  Out of these 55 cases, four were exception cases.  An error rate of 7.3 percent was calculated based on the 55 cases.

[8] Contains the policies, procedures, instructions, guidelines, and delegations of authority that direct the operation and administration of the IRS.  Topics include tax administration, personnel and office management, and others.

[9] Formula used by the IRS to calculate the Percentage Met is column Met divided by (columns Met plus Not Met).

[10] TIGTA, Ref. No. 2013-30-109, Fiscal Year 2013 Statutory Review of Compliance With the Freedom of Information Act (Sept. 2013).

[11] Executive Order 13392 (December 19, 2005).

[12] 5 U.S.C. § 552.

[13] 5 U.S.C. § 552a.

[14] By law, tax records may not be disclosed to any individual unless authorized by I.R.C. § 6103.

[15] One case in our sample had almost 100,000 pages and was replaced because of the time that would be needed to review it.  With the assistance of our contracted statistician, we selected another case for review.

[16] 5 U.S.C. § 552 and 5 U.S.C. § 552a.

[17] The 55 cases we selected were the only ones in the total population of 517 I.R.C. §§ 6103(c) and (e) cases that met our sampling criteria.  As a result, our projection would be limited to these 55 cases.

[18] The scope of this audit focused on information being withheld, not on the information that was inadvertently released to the taxpayer.  Therefore, due to the nature of the samples, the results of this finding cannot be projected.