October 6, 2016









FROM: J. Russell George /s/ J. Russell George

Inspector General


SUBJECT: Management and Performance Challenges Facing the Internal

Revenue Service for Fiscal Year 2017




The Reports Consolidation Act of 20001 requires that the Treasury Inspector General for Tax Administration (TIGTA) summarize, for inclusion in the annual Department of the Treasury Agency Financial Report, its perspective on the most serious management and performance challenges confronting the Internal Revenue Service (IRS).


Each year, TIGTA evaluates IRS programs, operations, and management functions to identify the areas of highest vulnerability to the Nations tax system. For Fiscal Year (FY) 2017, the top management and performance challenges, in order of priority, are:


1. Security Over Taxpayer Data and Protection of IRS Resources;

2. Identity Theft and Impersonation Fraud;

3. Implementing the Affordable Care Act and Other Tax Law Changes;

4. Improving Tax Compliance;

5. Reducing Fraudulent Claims and Improper Payments;

6. Improving Tax Systems and Expanding Online Services;

7. Providing Quality Taxpayer Service Operations;

8. Impact of Global Economy on Tax Administration;

9. Protecting Taxpayer Rights; and

10. Achieving Program Efficiencies and Cost Savings.


TIGTAs assessment of the major IRS management challenges for FY 2017 has changed from the prior fiscal year. The trillions of dollars that flow through the IRS each year make it an attractive target for criminals who exploit the tax administration system in various ways for personal gain. Tax-related identity theft continues to have a significant impact on both the IRS and on victims of this crime. In addition, other attempts to defraud tax administration are also increasing. These scams, and the methods used to perpetrate them, are continually changing and require constant



1 31 U.S.C. 3516(d) (2006).






monitoring by the IRS. As a result, TIGTA has added Identity Theft and Impersonation Fraud as the number two challenge facing the IRS. Although not listed this year, human capital remains a serious underlying issue that impacts all 10 of the Major Management Challenges. Between fiscal years 2010 and 2016, the IRS budget decreased by more than $900 million to approximately $11.2 billion and the IRS lost approximately 12,000 full-time employees, including many with substantial institutional knowledge and technical expertise. TIGTA has reported how this trend of lower budgets and reduced staffing has affected the IRSs ability to deliver its priority program areas, including customer service and enforcement activities.2 In FY 2017, it is likely that the IRS will continue to face budgetary pressure.


The following information detailing the management and performance challenges is provided to promote economy, efficiency, and effectiveness in the IRSs administration of the Nations tax laws.




As cybersecurity threats against the Federal Government continue to grow, protecting the confidentiality of taxpayer information will continue to be a top concern for the IRS. According to the Department of Homeland Securitys U.S. Computer Emergency Readiness Team, Federal agencies reported 77,183 cyberattacks in FY 2015, an increase of approximately 10 percent from FY 2014.3 The increasing number of data breaches in the private and public sectors means more personally identifying information than ever before is available to unscrupulous individuals. Much of the data is detailed enough to enable circumvention of most authentication processes. Therefore, it is critical that the methods the IRS uses to authenticate individuals identities promote a high level of confidence that tax information and services are provided only to individuals who are entitled to receive them.


TIGTA reported that although the IRS recognizes the growing challenge it faces in establishing effective authentication processes and procedures, the IRS has not established a Service-wide approach to managing its authentication needs.4 As a result, the level of authentication the IRS uses for its various services is not consistent. Specifically, TIGTA found that while the IRS is evaluating potential improvements to existing authentication methods for the purpose of preventing identity theft, it is not developing overall strategies to enhance authentication methods across IRS functions and programs.



2 TIGTA, Ref. No. 2014-10-025, Implementation of Fiscal Year 2013 Sequestration Budget Reductions (June 2014) and TIGTA, Ref. No. 2015-30-035, Reduced Budgets and Collection Resources Have Resulted in Declines in Taxpayer Service, Case Closures, and Dollars Collected (May 2015).

3 Office of Management and Budget, Annual Report to Congress: Federal Information Security Modernization Act (Mar. 2016).

4 TIGTA, Ref. No. 2016-40-007, Improved Tax Return Filing and Tax Account Access Authentication Processes and Procedures Are Needed (Nov. 2015).






The existence of differing levels of authentication assurance among the various access methods increases the risk of unscrupulous individuals accessing and obtaining personal taxpayer information and/or defrauding the tax system. In August 2015, the IRS indicated that unauthorized users had been successful5 in obtaining information on the Get Transcript application for an estimated 334,000 taxpayer accounts. TIGTA identified additional suspicious accesses to taxpayers accounts that the IRS had not identified.6 Based on TIGTAs analysis of Get Transcript access logs, we identified 620,931 taxpayers whose tax account information involved a potentially unauthorized access not identified by the IRS. Further analysis of these access attempts found that potentially unauthorized users were successful in obtaining access to 355,262 of the taxpayers accounts.


The IRS has subsequently undertaken a number of steps to improve systems and provide for more secure authentication, including strengthening application and network controls.7 However, TIGTA reported that additional actions could further improve security over the authentication process. The IRS did not clearly specify which parties, including IRS divisions and contractors, were responsible for detecting and preventing such automated attacks. At the time of the Get Transcript incident, audit log reports were not being adequately monitored and these reports did not contain summary information that could be used to identify trends. Additionally, the IRS did not provide responsible staff with the tools and training needed to monitor and analyze large amounts of audit log data.


TIGTA also reported that the IRS did not complete the required authentication risk assessment for its Identity Protection Personal Identification Number (IP PIN) application. We recommended multiple times to the IRS not to reactivate its online IP PIN application for the 2016 Filing Season, due to concerns that the IP PIN authentication process required knowledge of the same taxpayer information that was used by unscrupulous individuals to breach the Get Transcript application.


The risk of unauthorized access to tax accounts will continue to grow as the IRS proceeds with its Future State initiative8 and focuses its efforts on delivering online tools to taxpayers. The IRSs goal is to eventually provide taxpayers with dynamic online account access that includes viewing their recent payments, making minor changes and adjustments to their accounts, and corresponding digitally with the IRS.



5 A successful access is one in which the unauthorized users successfully answered identity-proofing and knowledge-based authentication questions required to gain access to taxpayer account information.

6 TIGTA, Ref. No. 2016-40-037, The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach (May 2016).

7 TIGTA, Ref. No. 2016-20-082, Improvements Are Needed to Strengthen Electronic Authentication Process Controls (Sept. 2016).

8 Preparing the IRS to adapt to the changing needs of taxpayers is described generally as the IRS Future State initiative. A key part of this effort is for taxpayers to have a more complete online experience for their IRS interactions.






In addition to unauthorized access by external parties, the insider threat posed by IRS employees abusing their access to Federal tax information and then disclosing it to others or using the tax data themselves to commit identity theft refund fraud remains a major concern. In one recent Federal prosecution case, an IRS National Taxpayer Advocate employee was sentenced to 110 months in Federal prison and ordered to pay approximately $438,000 in restitution for her role in orchestrating a large-scale identity theft refund scheme and attempting to obtain more than $1 million in fraudulent refunds.9


Besides safeguarding a vast amount of sensitive financial and personal data, the IRS must also protect its employees and more than 550 offices. In the last several years, threats directed at the IRS have remained the second largest component of the TIGTA Office of Investigations work. Recent incidents involving taxpayers who threatened or assaulted IRS employees underscore the dangers that employees face each day. For example, in May 2016, as a result of a criminal complaint filed by a TIGTA special agent,10 TIGTA agents arrested an individual who threatened a revenue officer with a shotgun.11 Physical violence, harassment, and intimidation of IRS employees continue to pose challenges to the implementation of a fair and effective system of tax administration.




Tax-related identity theft continues to have a significant impact on tax administration. Identity theft for the purpose of tax fraud occurs when an individual uses another persons name and Taxpayer Identification Number (TIN), generally a Social Security Number, to file a fraudulent tax return to obtain a tax refund. Unscrupulous individuals are stealing identities at an alarming rate for this purpose. The IRS has described identity theft as one of its Dirty Dozen scams.12


Since 2012, TIGTA has issued a series of reports assessing the IRSs efforts to detect and prevent fraudulent tax refunds resulting from identity theft. The IRS has implemented many of TIGTAs recommendations and has continued its efforts to improve its detection processes. However, because new identity theft patterns are constantly evolving, the IRS needs to continuously adapt its detection and prevention processes. For example, identity theft also affects businesses. In September 2015, TIGTA determined that processing filters could be developed to identify business tax



9 N.D. Ala. Judgment filed Aug. 26, 2016.

10 S.D. Fla. Crim. Complaint filed May 20, 2016.

11 S.D. Fla. Crim. Docket filed May 20, 2016.

12 Compiled annually, the Dirty Dozen lists a variety of common scams that taxpayers may encounter.






returns containing certain characteristics that could indicate potential identity theft cases.13


In December 2015, Congress passed legislation to address TIGTAs ongoing concern about limitations in the IRSs ability to prevent the continued issuance of billions of dollars in fraudulent tax refunds.14 We reported that the IRS did not have timely access to third-party income and withholding information needed to make substantial improvements in its fraud detection efforts. The recently enacted legislation now requires the annual filing of income and withholding information by January 31, beginning in 2017.15 These forms were previously due no later than March 31 (February 28 for forms filed via paper) each year. Access to this information at the beginning of the filing season is an important tool to detect and prevent tax fraud-related identity theft.


Individuals can also learn that they are victims of employment-related identity theft if they receive a notification from the IRS of an income discrepancy between the amount reported on a tax return and the amount employers reported to the IRS. This can occur when a taxpayers stolen identity is used to gain employment. It can cause significant burden due to the incorrect computation of taxes and Social Security benefits based on income that does not belong to the taxpayer. In response to a TIGTA recommendation, the IRS is developing processes and procedures to notify taxpayers who may be victims of employment-related identity theft.


In addition, the IRS must work to protect taxpayers by educating them on the numerous schemes currently employed by criminals posing as IRS employees intent on deceiving taxpayers into providing their personal financial information or coercing them into paying money on phony tax obligations through wire transfers or preloaded debit cards. One of those schemes, the telephone impersonation scam, continues to be one of TIGTAs top priorities and has also landed at the top of the IRSs Dirty Dozen tax scams. The number of complaints TIGTA has received about this scam continues to climb, cementing its status as the largest, most pervasive impersonation scam in the history of our agency. As of August 15, 2016, TIGTAs Office of Investigations has received more than 1.5 million reports of these calls; 8,274 victims of this scam have reported to TIGTA they have collectively paid a total of more than $45 million, an average of approximately $5,511 per victim. The highest reported loss by any one individual exceeded $500,000.


These criminals continuously change their tactics, hoping to ensnare even more victims. In addition to requesting payments in the form of wire transfers or preloaded debit cards, the scammers are now tricking victims into paying phony tax obligations with



13 TIGTA, Ref. No. 2015-40-082, Processes Are Being Established to Detect Business Identity Theft; However, Additional Actions Can Help Improve Detection (Sept. 2015).

14 Consolidated Appropriations Act, 2016, Pub. L. No. 114-113, Div. Q, 201 (2015).

15 Id.






iTunes cards.16 As of August 15, 2016, 2,480 victims have reported paying approximately $7.8 million in iTunes cards. The highest dollar loss reported using iTunes cards was $200,000. Because of the complexity of the scammers operations, the telephone impersonation scam will continue to pose a challenge to both the IRS and TIGTA as scams such as these are not typically resolved quickly and they place a strain on limited IRS and TIGTA resources. Many taxpayers are aware of the impersonation scam through public service announcements and other outreach efforts which, in turn, creates other challenges for the IRS when those taxpayers question legitimate IRS employees who are conducting official IRS business. Taxpayers have even threatened employees or called the police because they thought IRS employees were impostors.


In addition to the telephone impersonation scam, taxpayers also fall victim to other scams. We continue to receive reports of people who have become victims of lottery winning scams and we are also seeing an uptick in the number of reported phishing attempts.17 The lottery scam starts with an unsolicited e-mail or telephone call from an impersonator to an unsuspecting victim. The caller tells the intended victim that they have won a lottery or other valuable prize; however, in order to collect the prize, the victim must send money to prepay the tax on the winnings to the IRS. A new phishing scheme involves scammers sending e-mails purporting to be a businesss Chief Executive or Financial Officer. These e-mails notify the employees there has been a mistake on their Form W-2, Wage and Tax Statement, and direct the employees to either e-mail their Form W-2 to the sender, or to provide information that was on the Form W-2 for verification. Both approaches result in the theft of the employees identity information.




Implementation of the Patient Protection and Affordable Care Act (Affordable Care Act)18 will continue to present challenges for the IRS. The Affordable Care Act provides incentives and tax breaks to individuals and small businesses to offset health care expenses and imposes penalties for individuals and businesses that do not obtain health care coverage for themselves or their employees. The IRS continues its efforts to verify claims for the Premium Tax Credit (PTC)19 and must implement processes and



16 An Apple Inc. gift card which can be used to purchase anything available on the Apple App Store, iTunes Store, iBooks Store, or Mac App Store.

17 A fraudulent attempt, usually made through e-mail, to steal an individuals personal information by posing as a trustworthy person or entity.

18 Pub. L. No. 111-148, 124 Stat. 119 (2010) (codified as amended in scattered sections of the Internal Revenue Code and 42 U.S.C.), as amended by the Heath Care and Education Reconciliation Act of 2010, Pub. L. No. 111-152, 124 Stat. 1029.

19 A refundable tax credit to assist individuals and families in purchasing health insurance coverage through an Affordable Insurance Exchange.






procedures to ensure taxpayer compliance with Minimum Essential Coverage20 and Shared Responsibility Payment21 requirements. The IRS will also have to implement processes and procedures to ensure employer compliance with Affordable Care Act provisions. Employers that do not offer health insurance coverage, or offer health insurance coverage that does not meet minimum requirements, may be subject to an Employer Shared Responsibility Payment.


For the 2016 Filing Season, as of May 5, 2016, the IRS reported that it processed more than 4.7 million tax returns that reported $19 billion in PTCs that were either received in advance or claimed at the time of filing. This is a significant increase from the 2015 Filing Season when more than 2.7 million tax returns were processed with PTCs totaling more than $8.8 billion.


TIGTA reported that its evaluation of the IRSs verification of PTC claims during the 2015 Filing Season identified that not all Exchanges22 provided monthly Exchange Periodic Data23 to the IRS prior to the start of the 2015 Filing Season as required.24 Without the required Exchange Periodic Data, the IRS is unable to ensure that individuals claiming the PTC met the most important eligibility requirementthat the insurance was purchased through an Exchange. In addition, we found that processes did not use the most current tax filing data to identify individuals who received Advance PTC25 payments but did not file the required tax return. As a result, letters were erroneously mailed to taxpayers who had in fact filed their required tax return.


We also reported that controls over the financial accounting for disbursements associated with the PTC should be improved.26 Specifically, we found errors in the IRS financial accounting and reporting of PTC-related fund outlays. Due to a programing error, the IRS understated the amount of PTC disbursements and overstated the balance in the IRS PTC account by $447 million. Further, the error we identified in the



20 Minimum Essential Coverage is health insurance coverage that contains essential health benefits including emergency services, maternity and newborn care, and preventive and wellness services. Minimum Essential Coverage also includes doctor visits, hospitalization, mental health services, and prescription drugs.

21 A payment based on each month that individuals or their dependents are without Minimum Essential Coverage and do not qualify for an exemption.

22 The Exchange is where taxpayers find information about health insurance options, purchase qualified health plans, and, if eligible, obtain help paying premiums and out-of-pocket costs.

23 The Affordable Care Act requires Exchanges to provide the IRS with information regarding individuals who are enrolled by the Exchange on a monthly basis. These data are referred to as Exchange Periodic Data.

24 TIGTA, Ref. No. 2016-43-033, Affordable Care Act: Internal Revenue Service Verification of Premium Tax Credit Claims During the 2015 Filing Season (Mar. 2016).

25 An Advance PTC is paid in advance to a taxpayers insurance company to help cover the cost of premiums.

26 TIGTA, Ref. No. 2016-13-021, Affordable Care Act: Controls Over Financial Accounting for the Premium Tax Credit Should Be Improved (Mar. 2016).






financial accounting records, if left uncorrected, would have resulted in a misstatement of the FY 2015 IRS financial statements.


In addition to the Affordable Care Act, the IRS was challenged during the 2016 Filing Season by the passage of legislation that extended a number of expired tax provisions.27 For example, the Trade Preferences Extension Act of 201528 impacted the 2016 Filing Season and prohibits individuals claiming the foreign earned income exclusion or housing deduction from receiving the refundable Additional Child Tax Credit (ACTC). This Act also retroactively extended the Health Coverage Tax Credit for Tax Year 2014 and continued the credit through Tax Year 2019.29


Further, the Protecting Americans From Tax Hikes Act of 2015,30 includes program integrity provisions specifically intended to reduce fraudulent and improper Earned Income Tax Credit (EITC), Child Tax Credit, ACTC, and the American Opportunity Tax Credit (AOTC) payments. These integrity provisions expanded the IRSs ability to verify earned income before claims are paid, increased tax return preparer due diligence requirements and taxpayer reporting requirements, and expanded the IRSs ability to ban individuals previously determined to have filed reckless or fraudulent Child Tax Credit and AOTC claims from receiving the credit. The majority of the program integrity provisions are effective January 1, 2017.




Despite IRS efforts to reduce it, the Tax Gap remains a serious and persistent challenge. The Tax Gap is defined as the difference between the estimated amount taxpayers owe and the amount they voluntarily and timely pay for a tax year. In FY 2016, the IRS issued Tax Gap estimates for Tax Years 2008 through 2010 that suggest compliance is substantially unchanged since the last estimate for Tax Year 2006. The Tax Gap for Tax Years 2008 through 2010 is estimated to be $458 billion annually, compared to the $450 billion estimated for Tax Year 2006. In an effort to lower the Tax Gap, the IRS identifies questionable tax returns to determine if any adjustments to the information reported on the tax returns are needed. In addition, the IRS issues notices and contacts taxpayers to collect delinquent taxes. If necessary, the IRS takes enforcement action, such as filing liens and seizing assets, to collect the taxes. In FY 2015, 44 percent of the IRSs appropriation was allocated to closing the Tax Gap through the enforcement of tax laws.


During FY 2015, reductions in staffing and available funding for enforcement activities contributed to a decrease in enforcement revenue, an increase in delinquent account inventory within the collection functions, and a decrease in the number of examinations.



27 TIGTA, Ref. No. 2016-40-034, Interim Results of the 2016 Filing Season (Mar. 2016).

28 Pub. L. No. 114-27.

29 The Health Coverage Tax Credit originally expired at the end of Calendar Year 2013.

30 Consolidated Appropriations Act of 2016, Pub. L. No. 114-113, Div. Q, (2015).






Specifically, enforcement revenue collected decreased from $57.1 billion in FY 2014 to $54.2 billion (5 percent) in FY 2015. In an effort to support its enforcement programs and make up for attrition in recent years, the IRS announced that between 600 and 700 new enforcement employees will be added through the end of FY 2016. These positions have the primary responsibility to improve taxpayer compliance and collect delinquent liabilities.31


TIGTA continues to perform audits related to the IRSs efforts to reduce the Tax Gap. TIGTA reported that the IRSs lack of enforcement of backup withholding requirements contributes to the IRSs continual inability to reduce the Tax Gap.32 In certain circumstances, payers are required to withhold33 tax from certain reportable payments. The purpose of backup withholding is to make sure that the Government is able to collect taxes on all appropriate income, particularly income that is not usually subject to withholding. Although the majority of information returns are submitted by payers with valid TINs, TIGTAs review of Tax Year 2013 information returns identified nearly $9 billion in backup withholding tax that was not withheld as required by payers submitting information returns with missing or incorrect TINs. Enforcing payer backup withholding requirements is essential to ensuring that the Government is able to collect taxes on all appropriate income, particularly income that is not usually subject to withholding.


Approximately $26 billion (6 percent) of the $458 billion Tax Gap is due to individual taxpayers who do not file a tax return or timely pay the associated tax due on such delinquent returns (hereafter referred to as nonfilers). TIGTA reported that improvements to the nonfiler program could help the IRS more effectively address additional nonfilers owing billions of dollars in taxes.34 Although the IRS has implemented a strategy to identify taxpayers who have not filed a tax return, including taxpayers with expired extensions, the IRS failed to identify and address nonfilers with expired extensions due to system programming errors, managerial decisions, and resource constraints. TIGTA estimates that $2.7 billion in additional tax revenue could be collected by addressing 127,000 Tax Year 2013 nonfilers that we identified with expired extensions who did not voluntarily file a tax return or submit full payment of the estimated tax liability.



31 TIGTA, Ref. No. 2016-30-073, Trends in Compliance Activities Through Fiscal Year 2015 (Sept. 2016).

32 TIGTA, Ref. No. 2016-40-078, Due to the Lack of Enforcement, Taxpayers Are Avoiding Billions of Dollars in Backup Withholding (Sept. 2016).

33 Backup withholding provisions require payers to withhold 28 percent of certain reportable payments associated with payees that do not provide the payer with a TIN or payees that provide the payer with an incorrect TIN.

34 TIGTA, Ref. No. 2016-30-085, Improvements to the Nonfiler Program Could Help the Internal Revenue Service More Effectively Address Additional Nonfilers Owing Billions of Dollars in Taxes (Sept. 2016).








The Office of Management and Budget describes an improper payment as any payment that should not have been made, was made in an incorrect amount, or was made to an ineligible recipient. The Improper Payment Information Act of 200235 requires Federal agencies, including the IRS, to estimate the amount of improper payments and report to Congress annually on the causes of and the steps taken to reduce improper payments. The Improper Payment Elimination and Recovery Act of 201036 amended the 2002 Act by strengthening agency reporting requirements and redefining significant improper payments.


TIGTA continues to identify fraudulent claims and improper payments as an IRS major management challenge. The IRS has made little improvement in reducing EITC improper payments since it has been required to provide an estimate of these payments to Congress.37 The EITC is the largest refundable credit38 based on total claims paid, and it continues to be vulnerable to a high rate of noncompliance, including incorrect or erroneous claims caused by taxpayer error or resulting from fraud.


The Consolidated Appropriations Act of 201639 provides the IRS with additional tools to reduce EITC improper payments. However, it did not expand the IRSs authority to systemically correct the erroneous claims it identifies. Without this authority, the IRS continues to be unable to address the majority of potentially erroneous EITC claims it identifies. The IRS can audit potentially erroneous EITC claims; however, the number of claims the IRS can audit is limited by resources. As a result, billions of dollars in potentially erroneous EITC claims will continue to go unaddressed each year.


In addition, the IRS continued to rate the risk of improper payments associated with the ACTC and the AOTC in FY 2015 as low. However, based on the IRSs own enforcement data, TIGTA estimates that the potential ACTC improper payment rate for FY 2015 is 24.2 percent, with potential improper payments totaling $5.7 billion, and estimates that the potential AOTC improper payment rate for FY 2015 is 30.7 percent, with potential improper payments totaling $1.8 billion. In response to our most recent review assessing its FY 2015 compliance with annual improper payment reporting requirements, the IRS stated that both the ACTC and the AOTC payment error risk assessment are under revision. IRS management indicated that its revised assessment of significant improper payments will better reflect the inherent risks in administering refundable credits through the tax system.



35 Pub. L. No. 107-300, 116 Stat. 2350.

36 Pub. L. No. 111-204, 124 Stat. 2224.

37 TIGTA, Ref. No. 2016-40-036, Without Expanded Error Correction Authority, Billions of Dollars in Identified Potentially Erroneous Earned Income Credit Claims Will Continue to Go Unaddressed Each Year (Apr. 2016).

38 A refundable credit allows taxpayers to reduce their tax liability to below zero and thus receive a tax refund even if no income tax was withheld or paid.

39 Pub. L. No. 114-113, 129 Stat. 2242 (2015).






TIGTA has also reported on concerns with the issuance of potentially fraudulent refunds. The IRSs Return Integrity and Compliance Services organization is responsible for identifying, evaluating, and preventing the issuance of improper refunds. This includes the protection of revenue by identifying potentially fraudulent tax returns and verifying the accuracy of reported income and withholding information. However, TIGTA identified more than $27 million of refunds that were erroneously issued for 13,043 Tax Year 2013 tax returns because of a programming error.40 The programming error is overriding the IRSs two-week processing delay on some refund tax returns that are identified by the IRS as potentially fraudulent. These are tax returns that the IRS Examination function also identified as claiming a questionable tax credit. The portion of the refund that is not reviewed by the Examination function is erroneously issued before the IRS can complete its verification of income and withholding.


TIGTA also reported that IRS controls over the examination of amended individual tax returns with claims for refunds or abatements of taxes did not always ensure that claims were properly evaluated and were not always effective in preventing the potentially inappropriate issuance of tax refunds and allowance of tax abatements.41 TIGTA reviewed a statistical sample of FY 2013 closed surveys and audits of amended individual returns with claims for refunds or abatements of taxes and found that claims were not appropriately substantiated and/or had large, unusual, or questionable items on the tax return that were not adequately considered and investigated. We estimate that approximately $34.4 million in tax refunds and abatements may have been inappropriately allowed.




Successful modernization of IRS systems and the development and implementation of new information technology applications are critical to meet the IRSs evolving business needs and to enhance services provided to taxpayers. A primary focus for the IRS over the past two decades has been to migrate taxpayers to electronic filing. In FY 2015, more than 85 percent of individual tax returns were filed electronically. Outside of filing activities, taxpayers also use the Internet to download forms, view content, and check the status of their refund. In FY 2015, taxpayers made more than 493 million visits to IRS.gov and used the IRSs Wheres My Refund? application more than 234 million times. These types of online activities will increase as the IRS implements its Future State Initiative.


The IRSs modernization effort continues to focus on core tax administration systems designed to provide more sophisticated tools to taxpayers and IRS employees. It will provide the foundation for implementing a real-time tax system, reducing improper



40 TIGTA, Ref. No. 2016-40-006, Improvements Are Needed to Better Ensure That Refunds Claimed on

Potentially Fraudulent Tax Returns Are Not Erroneously Released (Nov. 2015).

41 TIGTA, Ref. No. 2016-30-032, Improvements Are Necessary to Ensure That Individual Amended

Returns With Claims for Refunds and Abatements of Taxes Are Properly Reviewed (May 2016).






payments and fraudulent refunds, and providing the technology infrastructure and architecture that will enable taxpayers and other stakeholders the capability to securely access tax account information.


The IRS is currently developing a new fraud detection system, the Return Review Program, to identify suspected identity theft and fraudulent tax returns. The IRS believes that the Return Review Program provides new and improved capabilities that will advance its fraud detection and prevention into the next generation. However, TIGTAs analysis showed that 54,175 confirmed identity theft tax returns with refunds totaling more than $313 million were identified by other existing fraud detection systems, but were not selected by the Return Review Program.42 As the IRS continues to develop this system, it needs to ensure that it will identify identity theft cases that are being identified by existing systems as well as other identity theft cases that are not currently being identified.


Additionally, the IRS implemented the Integrated Production Model (IPM) to provide a single point of access to core taxpayer data (such as taxpayer accounts and tax returns) and other specific data used by a wide range of IRS business applications. The accuracy, completeness, and reliability of data on the IPM are essential to the IRS and its tax administration mission. However, while TIGTA found the IPM system is meeting IRS business needs and has improved the efficiency of data access via a singular data repository, access controls were not documented, and TIGTA was unable to definitively verify that the IPM pulls data from only designated source systems.43 This increases the risk that inaccurate, incomplete, or unreliable data could be passed from source systems through the IPM database to downstream systems that use the data for case selection. Using inaccurate, incomplete, or unreliable data could result in the erroneous selection of cases for audit or further review. Erroneous case selection could result in the misallocation of limited IRS personnel and the IRS missing larger tax violations for which collections are necessary.


In another audit, TIGTA determined that the IRS is not effectively managing its Tier II environment backup and restoration process.44 The Tier II environment consists of non-mainframe servers that run various operating systems, but they may also operate as database, web, e-mail, and file servers, and provide a host of other important functions supporting the IRS network infrastructure. Some examples of important data stored within the Tier II environment include e-mails, personal and shared files, and taxpayer information.



42 TIGTA, Ref. No. 2016-40-008, Continued Refinement of the Return Review Program Identity Theft Detection Models Is Needed to Increase Detection (Dec. 2015).

43 TIGTA, Ref. No. 2016-20-058, The Integrated Production Model Increases Data Access Efficiency; However, Access Controls and Data Validation Could Be Improved (July 2016).

44 TIGTA, Ref. No. 2016-20-019, Management Oversight of the Tier II Environment Backup and Restoration Process Needs Improvement (Feb. 2016).






Specifically, TIGTA reported that IRS management has not established goals and does not regularly collect sufficient performance metrics to monitor, measure, and report on the effectiveness of the backup and restoration process. The lack of management information about the backup process contributed to a significant incident in December 2014 when a backup did not exist to restore the Work Request Management System45 database, which had been deleted in error. The IRSs analysis of the incident determined that the backup for the database had not been created for four months prior to its discovery of the condition. As a result, IRS personnel expended significant resources restoring the data lost from the incident. The potential remains for these

events to occur to other critical systems within the IRS.




Providing taxpayers with quality customer service is a key component in the IRSs mission. Ensuring that taxpayers understand and meet their tax responsibilities is crucial for the IRS in its effort to encourage voluntary compliance with the tax laws. Resolving taxpayer questions before tax returns are filed helps taxpayers avoid unintentional errors and also reduces the burden that results from the issuance of notices and correspondence. Further, successfully addressing and resolving taxpayer inquiries through a quality customer service process allows the IRS to direct its limited resources more efficiently.


Taxpayers have several options to choose from when they need assistance from the IRS, including assistance through the toll-free telephone lines, face-to-face assistance at the Taxpayer Assistance Centers or Volunteer Program sites, and self-assistance through IRS.gov and various other social media channels (e.g., Twitter, Facebook, and YouTube). The IRS continues to increase its dependence on technology-based services and external partners that direct taxpayers to the most cost-effective IRS or partner channel available to provide the needed service. The IRS notes that this approach allows it to focus limited toll-free and walk-in resources on customer issues that can be best resolved through person-to-person interaction. However, the cuts the IRS has made in its traditional services continue to significantly affect a number of critical areas.


For example, the IRS assisted 5.6 million taxpayers in FY 2015 at its Taxpayer Assistance Centers and plans to assist 4.7 million taxpayers in FY 2016, a 16 percent decrease from FY 2015. In addition, assistance provided to taxpayers via the telephone continues to be a challenge. As a result of the IRS receiving additional funding for customer service in FY 2016, the IRS is forecasting a 47 percent Level of Service46 for



45 The Work Request Management System tracks and controls information technology work requests from submission through completion and maintains the status and assignment information.

46 The primary measure of service to taxpayers. It is the relative success rate of taxpayers who call for live assistance on the IRS toll-free telephone lines.






its toll-free telephone lines for the full fiscal year, which is an increase from its original forecast of 34 percent.


Further, the IRSs ability to process taxpayer correspondence in a timely manner has also declined. TIGTA evaluated IRS processes for timely resolving taxpayer correspondence and reported that the over-aged correspondence inventory has steadily increased from FY 2012 to FY 2015.47 Delays in processing correspondence create a burden for taxpayers who must wait to obtain assistance and, in some cases, receive refunds. For the IRS, delays in processing correspondence can result in the unnecessary payment of interest. For example, in FY 2014, the IRS paid more than $27.6 million to taxpayers as a result of not timely processing or resolving correspondence cases such as amended returns, net operating losses, and injured spouse cases. We reported this same condition in September 2012 in our prior assessment of the IRSs efforts to timely process net operating loss cases.48


TIGTA has also identified continuing issues with assistance to victims of identity theft. In September 2013, TIGTA reported that, on average, it took the IRS 312 days to resolve tax accounts of identity theft victims for the cases we reviewed.49 In March 2015, we reported that taxpayers were still experiencing long delays in resolving their tax accounts and that the IRS continued to make errors on the victims tax accounts.50 We also reported that the majority of identity theft victims are no longer provided with a single point of contact.51 We also found that the IRSs process does not ensure that taxpayers are timely informed about the IRSs receipt of their supporting documentation or the status of their identity theft claims. In July 2015, the IRS centralized its identity theft victim assistance efforts within its Accounts Management function by creating the Identity Theft Victims Assistance directorate. The IRS stated that centralizing its victim assistance functions will reduce redundancies, streamline leadership accountability and responsibility, help better identify compliance issues, and improve processes. The IRS believes this effort will also allow for more consistent guidance to employees working identity theft cases so that taxpayers receive timely and consistent help in resolving their cases. In addition, we reported that the IRS has not established an effective process to ensure that the required notice is sent to the Social Security Administration to alert it



47 TIGTA, Ref. No. 2016-40-023, Continued Inconsistent Use of Over-age Correspondence Lists Contributes to Taxpayer Burden and Unnecessary Interest Payments (Feb. 2016).

48 TIGTA, Ref. No. 2012-40-111, Delays in Processing Net Operating Loss Cases Resulted in Millions of Dollars in Unnecessary Interest Payments (Sept. 2012).

49 TIGTA, Ref. No. 2013-40-129, Case Processing Delays and Tax Account Errors Increased Hardship for Victims of Identity Theft (Sept. 2013).

50 TIGTA, Ref. No. 2015-40-024, Victims of Identity Theft Continue to Experience Delays and Errors in Receiving Refunds (Mar. 2015).

51 TIGTA, Ref. No. 2016-40-003, Improvements Are Needed in the Identity Protection Specialized Unit to Better Assist Victims of Identity Theft (Oct. 2015).






of earnings not associated with a victim of employment-related identity theft.52 Our review of a statistically valid sample of 71 cases from the population of 1,878 Tax Year 2013 cases closed as identity theft (i.e., cases involved a discrepancy related to wages reported on the tax return) identified that the Social Security Administration had no record of receiving an IRS notice for 15 (21 percent) of the 71 cases.


TIGTA also reported that the IRS did not place identity theft incident markers on the tax accounts of 3,206 of the 289,843 taxpayers it initially identified as affected by the Get Transcript application breach.53 We also found that the IRS did not offer an IP PIN or free credit monitoring to 79,122 individuals whose tax accounts the IRS identified as being involved in an attempted access.




The tax compliance of business and individual taxpayers involved in international transactions remains a significant concern. Traditionally, tax administration has been concerned with large corporate taxpayers in the cross-border environment. Continued improvements in and access to information technology allows more small businesses and individuals to conduct business in international markets and make investments in foreign countries, increasing the number of taxpayers involved in international activity.


In its most recent strategic plan,54 the IRS recognized that the evolution and proliferation of virtual commerce has expanded the exchange of goods, services, and currencies across jurisdictions, further complicating tax administration. The IRS has taken steps to encourage international compliance. Specifically, the IRS is implementing the Foreign Account Tax Compliance Act,55 which requires taxpayers and foreign financial institutions to report to the IRS specified financial assets that exceed certain thresholds. Additionally, the IRS established the Offshore Voluntary Disclosure Program (OVDP) to encourage taxpayers with offshore accounts and related income to return to the tax system.


In an audit assessing how well the IRS is managing the OVDP, TIGTA found that the IRS needs to improve its efforts to address noncompl