Office of Audit
FILING SEASON 2016: IMPLEMENTATION OF NEW DATA ELEMENTS
Final Report issued on September 21, 2016
Highlights of Reference Number:† 2016-20-062 to the Internal Revenue Service Commissioner for the Wage and Investment Division.
IMPACT ON TAXPAYERS
Tax-related identity thefts adversely affect the ability of taxpayers to file their tax returns and timely receive their tax refunds and can impose financial and emotional hardships on the victims. †Therefore, continued improvements and advancements in identification of identity theft when tax returns are processed and before fraudulent tax refunds are issued must be a priority for the IRS.
WHY TIGTA DID THE AUDIT
The overall audit objective was to review the implementation of new tax return-related data elements based on the 2015 Security Summit, Protecting Taxpayers from Identity Theft Tax Refund Fraud.
WHAT TIGTA FOUND
The IRS tested 23 new Federal tax return‑related data elements in accordance with the Internal Revenue Manual procedures.† All 23 data elements were implemented into the IRSís Return Review Program system, although only three were used systemically to filter returns and help identify potential identity theft tax refund fraud during the 2016 Filing Season.† As of March 25, 2016, the IRS identified approximately $4.1 billion in suspected identity theft tax refund fraud, of which $72 million (21,000 tax returns) is attributable to the three new data elements.† Additionally, the IRS attributed the prevention of 24,000 taxpayer returns from being incorrectly selected as potential identity theft tax refund fraud returns to one of the three data elements.
For the remaining 20 new data elements, there was insufficient historical data to create business rules that would enable systemic usage during the 2016 Filing Season. †The Applications Development division intends to determine their potential use in future filing seasons.
The IRS indicated that the data elements should remain confidential and be kept a secret from the public.† TIGTA agrees with the IRSís position and believes the data elements should be protected from public exposure.
However, TIGTAís search of the IRSís public website identified schemas that included several of the new data elements.† The IRS was notified of this finding and responded by removing the schemas containing the data elements.† Further, TIGTA identified two additional documents on the IRSís public website containing information related to the data elements; one of the documents included specific information about one of the new data elements.
WHAT TIGTA RECOMMENDED
TIGTA recommended that the Commissioner, Wage and Investment Division, permanently remove the data elements from public access to ensure that inappropriate use cannot occur, conduct a thorough inspection of its public websites and publications to determine if other data element information is available to the public and ensure that it is removed, and implement a secure process to provide the data elements to valid parties who have a need to access them.
The IRS agreed with one recommendation and plans to implement a secure process to provide the data elements to valid parties. †The IRS partially agreed with two recommendations and removed the schema information from its website.† TIGTA maintains that data element exposure on the IRS public website and in publications increases the risk of fraud, and stands by the recommendation to remove data element information from the IRSís public website and in publications to minimize potential misuse.
READ THE FULL REPORT
To view the report, including the scope, methodology, and full IRS response, go to:
Phone Number ††/† 202-622-6500
E-mail Address †/† TIGTACommunications@tigta.treas.gov
Website†††††† ††††††/† https://www.treasury.gov/tigta