TIGTA Says IRS Employment-Related Identity Theft Process Lacking

Redaction Legend:

1 = Tax Return/Return Information

IMPACT ON TAXPAYERS

Employment-related identity theft occurs when an identity thief uses the identity of an innocent taxpayer to gain employment. Taxpayers may first realize they are a victim of employment-related identity theft when they receive an IRS notice of a discrepancy in the income they reported on their tax return. The identification of the discrepancy is from the IRS's Automated Underreporter (AUR) Program match of taxpayer income reported on third-party information returns (e.g., Forms W-2, Wage and Income Statement) to amounts reported by taxpayers on their individual income tax returns.

WHY TIGTA DID THE AUDIT

This audit was conducted to evaluate the IRS's AUR processes to identify and assist victims of identity theft. In July 2011, TIGTA reported that the IRS is in a unique position to identify cases of employment-related identity theft. TIGTA recommended that the IRS implement procedures to timely alert taxpayers when the IRS becomes aware that their identity was stolen.

WHAT TIGTA FOUND

Taxpayers identified as victims of employment-related identity theft are not notified. During the period February 2011 to December 2015, the IRS identified almost 1.1 million taxpayers who were victims of employment-related identity theft. In April 2014, the IRS started a pilot initiative to begin notifying taxpayers that they may be a victim of employment-related identity theft. However, our review of the pilot notification initiative found that the IRS did not sufficiently design the pilot to include a representative sample of employment identity theft victims.

The IRS has not established an effective process to ensure that the required notice is sent to the Social Security Administration (SSA) to alert it of earnings not associated with a victim of employment-related identity theft. Our review of a statistically valid sample of 71 cases from the population of 1,878 Tax Year 2013 AUR cases closed as identity theft (i.e., case involved a discrepancy related to wages reported on the tax return) identified that the SSA has no record of receiving an IRS notice for 15 (21 percent) of the 71 cases.

Finally, TIGTA's review of another statistically valid sample of 71 Tax Year 2013 closed AUR cases from the population of 2,011 identity theft cases identified eight (11.3 percent) that were inaccurately processed. Based on these results, the AUR Program may have inaccurately processed an estimated 227 cases.

WHAT TIGTA RECOMMENDED

TIGTA recommended that the IRS develop procedures to notify all individuals identified as victims of employment-related identity theft; develop a tracking process to ensure that notices are completed and sent to the SSA and send notices to the SSA for the 15 discrepancy cases TIGTA identified; and * * * 1 * * *.

The IRS agreed with three recommendations and * * * 1 * * * with the fourth. The IRS plans to notify newly identified victims of employment-related identity theft starting January 2017. The IRS will also develop a process to track notices sent to the SSA and send notices for the 15 taxpayers that TIGTA identified. Finally, * * * 1 * * *.

Management's complete response to the draft report is included in Appendix VII.

Copies of this report are also being sent to the IRS managers affected by the report recommendations. If you have any questions, please contact me or Russell P. Martin, Assistant Inspector General for Audit (Returns Processing and Account Services).

                           Table of Contents

 

Figure 1: Description of Identity Theft Refund Fraud and

 

Employment-Related Fraud

 

 

 

Taxpayers may first realize they are a victim of employment-related identity theft when they receive an IRS notice proposing a change to their tax liability due to a discrepancy in the income they reported on their tax return. The identification of the discrepancy resulting in understated income is from the IRS's Automated Underreporter (AUR) Program's¹ match of taxpayer income reported on third-party information returns (e.g., Forms W-2, Wage and Income Statement) to amounts reported by taxpayers on their individual income tax returns. In cases of employment-related identity theft, the discrepancy results from the innocent taxpayer's stolen identity being used by another individual to gain employment. This can cause significant burden to innocent taxpayers, including the incorrect computation of taxes based on income that does not belong to them.

Process for working AUR cases

IRS management indicated that resource limitations result in the AUR Program not reviewing every identified income discrepancy case. To identify discrepancy cases that will be worked, the AUR Program performs additional data analyses to select the cases most likely to produce tax assessments. Since Tax Year (TY) 2009, the AUR Program has reviewed between 4.3 million and 5.6 million tax returns each year. Figure 2 shows AUR Program totals for the number of tax returns identified with a discrepancy as well as the total number worked from TYs 2009 through 2013.

      Figure 2: AUR Program Case Closures -- TYs 2009 Through 2013

For those tax returns selected to be worked in the AUR Program, tax examiners screen and review each discrepancy case to determine whether the case should be closed, transferred to another function, or referred to another tax examiner for further analysis prior to initiating taxpayer contact. When the discrepancy cannot be resolved internally, the tax examiner mails the taxpayer a notice stating that the AUR Program identified a discrepancy and the taxpayer needs to take action to resolve it. In most cases, the AUR Program mails the taxpayer a Computer Paragraph (CP) 2000, Request for Verification of Unreported Income, Payments, or Credits, notice. All notices are mailed to the address on the taxpayer's Master File² tax account. The IRS refers to this as a taxpayer's address of record.

Taxpayers may respond to the AUR notice by making additional tax payments to satisfy the discrepancy or provide documentation supporting their disagreement as to why they are not liable for the assessment being proposed by the IRS. Taxpayers can provide information supporting their disagreement by telephone, letter, or facsimile. For example, if a taxpayer states he or she did not earn the unreported income being questioned, the AUR Program sends a letter to the payer (employer) to request verification of the income.

If the taxpayer does not respond to the CP 2000 notice or is unable to provide documentation or an acceptable explanation, the IRS will issue a CP 3219-A, AUR Statutory Notice of Deficiency, which is the final notice. For those taxpayers who do not respond to this final notice, or are unable to provide support for the discrepancy, or do not petition the U.S. Tax Court before the notice expires, the IRS will assess a tax liability for the underreported income. If the CP 3219-A notice is returned refused, unclaimed, or undeliverable, internal guidelines require tax examiners working these cases to use due diligence in locating the taxpayers. This includes a search of existing records to locate any updated address information.

Responses to AUR notices can identify taxpayers who are victims of employment-related identity theft

In response to AUR notices, taxpayers can claim they are a victim of identity theft and request that the IRS not make assessments based on income earned by an identity thief. Figure 3 shows the required actions tax examiners took prior to June 2015 when a taxpayer claimed to be an identity theft victim.

In July 2015, the IRS transitioned to a new process for evaluating AUR identity theft cases. The IRS's Identity Theft Victim Assistance (IDTVA) Directorate, which is part of the Wage and Investment Division's Accounts Management function, is now responsible for making identity theft determinations on these case types. When taxpayers respond to an AUR notice stating they are victims of identity theft, tax examiners should research the individual's tax account to determine if the identity theft was already identified by the IRS. If not, the tax examiner is required to request a completed Form 14039 or police report from the taxpayer and, once received, the tax examiner will forward the case, including supporting documentation, to the IDTVA Directorate. The IDTVA Directorate confirms that Form 14039 is completed correctly and, if applicable, will obtain the required documentation and statements from the taxpayer to address the AUR Program's concerns. The IDTVA Directorate will make the identity theft determination, identify what income should be deleted from the taxpayer's account, and notify the AUR Program and the SSA when adjustments to the taxpayer's wages are warranted.

This review was performed at the Atlanta Campus AUR function in Atlanta, Georgia, during the period April 2015 through March 2016. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Detailed information on our audit objectives, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.

Our review identified that, during the period February 2011 to December 2015, the IRS identified almost 1.1 million taxpayers who were victims of employment-related identity theft. The IRS identifies these victims when it processes electronically filed (e-filed) tax returns in which the Individual Taxpayer Identification Number (ITIN)⁵ used to file the tax return does not match the SSN listed on third-party income documents associated with the tax return, such as a Form W-2. We previously reported⁶ that the IRS has no procedures to notify taxpayers it identifies who are victims of employment-related identity theft. For example, in July 2011, we reported that the IRS is in a unique position to identify cases in which a taxpayer's SSN has been compromised. In reviewing the Forms W-2 attached to the returns, tax examiners can see that an SSN was used to gain employment that did not belong to the person filing the return.

We recommended that the IRS implement procedures that are proactive in timely alerting taxpayers when the IRS becomes aware that a taxpayer's identity has been stolen. Although the IRS agreed with the recommendation and responded that it was taking corrective actions, taxpayers identified as victims are still not being notified. On April 29, 2016, the IRS announced that it plans to begin notifying new victims of employment-related identity theft beginning in January 2017. Initially, the IRS will not notify victims it identified prior to January 2017, but will determine if it is necessary or feasible to notify these victims once the program is initiated.

Process to identify victims of employment-related identity theft

One of the IRS's corrective actions to our July 2011 report was to mark the tax accounts of taxpayers whose SSN was used to commit employment-related identity theft. The IRS took this action prior to the completion of our 2011 review. In February 2011, the IRS began identifying e-filed tax returns with an ITIN, but the Form W-2 attached to the tax return reported wages and withholding under a different taxpayer's SSN. The IRS refers to these filings as an ITIN/SSN mismatch. Once the e-filed tax returns are identified during processing, the IRS systemically places a code on the tax account of the innocent taxpayer whose SSN was used to commit employment-related identity theft. This code will keep the innocent taxpayer from being selected by the AUR Program if an income discrepancy is identified when the AUR match is performed.

However, a similar process has not been established to identify ITIN/SSN mismatches on paper-filed tax returns. We initiated a separate review to determine the extent of ITIN/SSN mismatches filed via paper tax return that the IRS does not identify, including the effect on innocent taxpayers.

The notification of victims of employment-related identity theft pilot was discontinued

We also reported in July 2011 that the IRS had no procedures to notify taxpayers it identifies as victims of employment-related identity theft. In response, the IRS initiated the Employment Related Identity Theft Notification Project in April 2014. The purpose of the project was to notify a test group of taxpayers that their SSNs had been used by another individual for the purpose of obtaining employment and reporting income. During Calendar Year 2014, the IRS mailed Letter 4491-C, Notice of Employment-Related Identity Theft, to 25,000 taxpayers whose accounts contained an ITIN/SSN mismatch marker. The letters notified the taxpayers that their SSN was used by another person for employment and described steps the taxpayers could take to prevent further misuse of their personal information. The steps included reviewing their earnings with the SSA to ensure that their records are correct. Figure 4 provides an excerpt of information included in this notification letter that informs taxpayers of actions they should take to protect their identity.

Our review of the pilot notification initiative found that the IRS did not sufficiently design the pilot to include a representative sample of employment-related identity theft victims. As a result, the IRS was unable to identify and address the costs, problems, and issues associated with implementing a permanent, systemic Letter 4491-C issuance process. Management acknowledged that the pilot limitations prevented the IRS from identifying all issues that would result from implementation but noted that the pilot did provide sufficient information to determine the effectiveness of assistor training, the volume and nature of taxpayer responses, as well as the resources that would be needed to start an expanded pilot.

A follow-up pilot (Letter-CP01E pilot) was planned in which the IRS would mail letters to a more representative sample of taxpayers. However, this pilot was cancelled due to a lack of funding and other competing priorities. Without proper notification, taxpayers are likely unaware that they are victims and will not know the additional steps they should take to protect themselves from financial harm.

Recommendation

Recommendation 1: The Commissioner, Wage and Investment Division, should develop processes and procedures to notify all individuals identified as victims of employment-related identity theft. This should include identifying and notifying individuals whose identity was stolen prior to January 2017.

Our review identified that the IRS has not established an effective process to ensure that the required Forms 9409 are sent to the SSA to notify it of earnings not associated with victims of employment-related identity theft. For example, our review of a statistically valid sample⁷ of 71 cases from the population of 1,878⁸ TY 2013 AUR cases closed as identity theft (i.e., case involved a discrepancy related to wages reported on the tax return) identified 15 (21 percent) for which the SSA had no record of receiving the required Form 9409 from the IRS. Based on the results of our sample, we estimate the IRS may not have sent the required Forms 9409 to the SSA in 397 cases.⁹

During the timeframe our sample cases were worked and closed, AUR Program procedures required tax examiners to notify the SSA via Form 9409, on behalf of taxpayers, when the IRS identified wages earned by an identity thief using the taxpayer's SSN. Tax examiners were also required to annotate the AUR case history notes to document that the Form 9409 was sent to the SSA. However, AUR Program procedures did not require tax examiners to retain copies of the Form 9409 or make it a part of the case file. Other than the tax examiner annotation, the AUR Program had not implemented procedures to ensure that documentation is maintained to support the sending and SSA receipt of the required Forms 9409. Therefore, we contacted the SSA to confirm receipt of the Forms 9409 associated with our sampled cases.

IRS officials agreed that in five of the 15 cases, tax examiners did not send the Form 9409 to the SSA, as the AUR case history had no mention of the tax examiner sending it. For the remaining 10 cases, officials stated that the tax examiner noted in the case history that the Form 9409 was sent to the SSA. AUR Program officials also stated that a more formal process to track their submission and SSA receipt of Form 9409 was not established because tax examiners' annotating AUR case history notes is a sufficient control. It should be noted that, although the case history was annotated for these 10 cases, our communications with the SSA identified that no Forms 9409 were received for these taxpayers from the IRS.

IRS management stated that the preparation and submission of Form 9409 became the IDTVA Directorate's responsibility as of May 2016. IRS procedures state that the IDTVA Directorate is responsible for sending Forms 9409 on behalf of taxpayers to the SSA. Yet, similar to the AUR Program, the IDTVA Directorate does not track or have a process to ensure that these forms are sent to the SSA.

The lack of a formal process to ensure that the SSA is notified of income not associated with an innocent taxpayer is problematic because this notification is essential to ensure that victims' Social Security benefits are not affected. The Form 9409 notification is the basis for the SSA taking action to correct a victim's wage record. However, despite the importance of Form 9409 to victims of employment-related identity theft, the IRS has not developed an effective tracking process to ensure that the form is sent to the SSA for all victims.

Recommendations

Recommendation 2: The Commissioner, Wage and Investment Division, should develop a tracking process to ensure that the required Forms 9409 are completed by tax examiners and sent to the SSA via traceable mail with a return receipt requested.

Our review of a statistically valid sample¹⁰ of 71 TY 2013 closed AUR cases from the population of 2,011 employment-related identity theft cases identified eight (11.3 percent)¹¹ that tax examiners inaccurately processed. Based on the results of our sample, we project that the IRS may have inaccurately processed 227 cases.¹² The eight cases include:

• Five cases closed as identity theft in the AUR system even though there was no documentation to support an identity theft determination. * * * 1 * * *.

• * * * 1 * * *.

• * * * 1 * * *.

On February 12, 2016, the IRS revised procedures to address the limited manager reviews and now require a 100 percent review of cases to be sent to the IDTVA. These new procedures require an AUR Identity Theft Liaison to review the case and, among other things, ensure that documentation supporting potential identity theft is present and that the identity theft marker is placed on the taxpayer's account.

Recommendation

The Commissioner, Small Business/Self-Employed Division, should:

Recommendation 4: * * * 1 * * *.

² The IRS database that stores various types of taxpayer account information. This database includes individual, business, and employee plans and exempt organizations data.

³ The IDTSpT verifies the taxpayer's identity theft claim to make the identity theft determination.

⁴ The Form 9409 is sent to the SSA to correct a taxpayer's wage record. See Appendix VI for an example of Form 9409.

⁵ The IRS created the ITIN to provide a Taxpayer Identification Number, when needed for tax purposes, to individuals who do not have and are not eligible to obtain an SSN. Individuals assigned an ITIN are not entitled to work in the United States.

⁶ Treasury Inspector General for Tax Administration, Ref. No. 2010-40-040, Procedures Need to Be Developed for Collection Issues Associated With Individual Taxpayer Identification Numbers (March 2010) and Treasury Inspector General for Tax Administration, Ref. No. 2011-41-061, Individuals Who Are Not Authorized to Work in the United States Were Paid $4.2 Billion in Refundable Credits (July 2011).

⁷ To select our statistically valid sample, we used an expected error rate of 5 percent, a precision rate of 5 percent, and a confidence interval of 95 percent.

⁸ There were actually 2,011 TY 2013 AUR cases closed as identity theft but only 1,878 involved wages.

⁹ Our projection, based on a 95 percent confidence interval and a 9.34 percent precision rate, is that tax examiners may not have sent the required Forms 9409 to the SSA for between 221 and 572 cases.

¹⁰ To select our statistically valid sample, we used an expected error rate of 5 percent, a precision rate of 5 percent, and a confidence interval of 95 percent.

¹¹ Three cases included multiple discrepancies.

¹² Our projection, based on a 95 percent confidence interval and a 7.24 precision rate, is that the IRS could have inaccurately processed or misclassified between 81 and 372 cases.

I. Assessed the adequacy of AUR Program processes and procedures to research notices returned as undeliverable or with no response to identify cases that may involve identity theft.

Internal controls methodology

Internal controls relate to management's plans, methods, and procedures used to meet their mission, goals, and objectives. Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations. They include the systems for measuring, reporting, and monitoring program performance. We determined that the following internal controls were relevant to our audit objectives: AUR Program procedures for identifying addresses used for AUR notices, AUR system controls for processing cases, and the controls to ensure that tax examiners notify the SSA of income not belonging to a taxpayer. We evaluated these controls by interviewing personnel, reviewing identity theft case files, and analyzing taxpayer Master File account data including addresses, identity theft codes, and assessed penalties and interest amounts.

W. Allen Gray, Director

Jamelle L. Pruden, Audit Manager

Ken Carlson, Lead Auditor

Kathy Coote, Auditor

Erica Law, Auditor

Shay Paschal, Auditor

Office of the Commissioner -- Attn: Chief of Staff

Deputy Commissioner for Services and Enforcement

Director, Automated Underreporter Policy

Director, Examination

Director, Office of Audit Coordination

Type and Value of Outcome Measure:

• Taxpayer Rights and Entitlements -- Potential; 397 taxpayers who were victims of employment-related identity theft, but the IRS did not notify the SSA of wages earned by an identity thief using the taxpayers' SSNs (see page 8).

We selected a statistically valid sample¹ of 71 closed TY 2013 AUR cases from the population of 1,878 cases closed with a process code on the AUR system indicating the taxpayer was the victim of an employment-related identity theft that involved wages. Because the IRS was unable to provide any documentation that it sent a Form 9409, IRS/SSA Wage Worksheet, to the SSA for these taxpayers, we contacted the SSA to obtain copies of the forms. The SSA had no record of receiving the form for 15 (21 percent) of the taxpayers. Based on the results of our sample, we estimate the IRS may not have sent Form 9409 to the SSA in 397 cases.²

Type and Value of Outcome Measure:

• Reliability of Information -- Potential; 227 taxpayers whose AUR cases were marked as identity theft cases on the AUR system but were inaccurately processed (see page 9).

We selected a statistically valid random sample³ of 71 TY 2013 cases from the population of 2,011 AUR cases with a process code indicating the taxpayer was a victim of employment-related identity theft. We manually reviewed the 71 case files and determined that eight (11.3 percent) were not properly processed. Based on the results of our sample, we project that the AUR Program inaccurately processed 227 cases.⁴ * * * 1 * * *:

• Five cases closed as identity theft in the AUR system even though there was no documentation to support the identity theft determination.

• * * * 1 * * *.

• * * * 1 * * *.

² Our projection, based on a 95 percent confidence interval and a 9.34 percent precision rate, is that tax examiners may not have sent the required Forms 9409 to the SSA for between 221 and 572 cases.

³ To select our statistically valid sample, we used an expected error rate of 5 percent, a precision rate of 5 percent, and a confidence interval of 95 percent.

⁴ Our projection, based on a 95 percent confidence interval and a 7.24 precision rate, is that the IRS could have inaccurately processed or misclassified between 81 and 372 cases.

 

END OF FOOTNOTES TO APPENDIX IV

 

 

* * * * *

 

 

Appendix V

 

 

Letter 4491C, Notice of Employment-Related Identity Theft

 

 

 

 

 

 

* * * * *

 

 

Appendix VI

 

 

Form 9409, IRS/SSA Wage Worksheet

 

 

 

We take seriously our obligations to victims of employment-related identity theft. In 2014, we completed a pilot program to notify such victims that their SSN was used by another person to obtain employment. This notification to taxpayers alerted them that we've taken actions to ensure there is no impact to their tax return or tax account, and that they may wish to review the earnings posted to their account with the Social Security Administration (SSA) (because this incident could result in additional amounts being credited to their SSA account) and that they should consider credit monitoring options.

As your report notes, this pilot did not include a random sample, but, rather, included a "clean" sample to eliminate undeliverable notices. Although this design did not provide information on all costs associated with implementing notification (e.g., cost associated with undeliverable notices), the "clean" population sample provided more robust information about the cost and efficacy of our victim assistance. Specifically, the clean sample maximized information about the effectiveness of our phone assistor training; the volume and nature of taxpayers' responses to the notifications; and the effectiveness of the information on "IRS.gov." Based on the results of the pilot, we've developed our going-forward path and we will begin in January 2017 notifying all victims of such employment-related identity theft that we identify.

When we identify cases of employment-related identify theft, we use Form 9409, IRS/SSA Wages Worksheet, to notify the SSA of the theft to allow them to correct the victims' records. As you note, SSA had no record of receiving the Forms 9409 in 15 of the 71 selected cases that Treasury Inspector General for Tax Administration (TIGTA) reviewed; however, 10 of those case files contained information reflecting that the form was sent to SSA despite SSA's apparent lack of receipt. We agree to improve our processes for ensuring that examiners complete the Form 9409, IRS/SSA Wages Worksheet, when required, and to appropriately track the delivery of Forms 9409 to the SSA. We have sent Forms 9409 to SSA for the 15 cases TIGTA identified.

We recognize the importance of properly resolving employment-related identity theft cases. Your report states that eight of 71 identified sample cases were inaccurately processed; resulting in an estimated 227 cases that may have been inaccurately processed. To put this rate into perspective, we note that, in FY 2014, the Automated Underreporter (AUR) system closed 3.7 million cases; as such 227 cases represent less than .01 percent of the total closures. * * * 1 * * *.

Also, as we continue to battle and make progress against all strains of identity theft in the tax ecosystem, we recognized that we were missing an important partner in this effort -- the taxpaying public. So starting in November 2015, with the strong support of all the Security Summit partners, we launched the "Taxes, Security, Together" campaign to raise awareness about actions people can take to protect themselves and avoid becoming victims of identity theft. Many of the steps are basic common sense, but given that 150 million households file tax returns every year, we believe these steps cannot be stressed enough. People continue to fall prey to clever cybercriminals who trick them into giving up SSNs, bank account numbers, password information, or other sensitive personal data. So having the public's help will greatly strengthen and improve our new tools we have to stop the crime of identity theft. As part of this public awareness campaign, the IRS, in the weeks leading up to the 2016 filing season, issued weekly tax tips describing the actions people could take to protect their data. We have updated several publications for taxpayers, and will continue to spread awareness of the important of protecting your personal information.

Attached is a detailed response outlining our corrective actions to address your recommendations, If you have any questions, please contact me, or a member of your staff may contact Shenita Hicks, Director, Examination, Small Business/Self-Employed Division at 240-613-2849.

Attachment

The Commissioner, Wage and Investment Division, should develop processes and procedures to notify ail individuals identified as a victim of employment-related identity theft. This should include identifying and notifying individuals whose identity was stolen prior to January 2017.

CORRECTIVE ACTION:

We have scheduled programming changes that will be implemented in January 2017 to notify taxpayers when the IRS has reason to believe they may be victims of employment-related identity theft. There is a possibility that potential victims identified prior to 2017 will be issued a notice during 2017. Therefore, after the first year of this systemic notification, we will evaluate the results and determine an appropriate course of action with respect to the previously identified potential victims. This course of action will efficiently utilize our limited resources and prevent taxpayer confusion by preventing multiple notices from being issued to the same taxpayer.

IMPLEMENTATION DATE:

March 15, 2017

RESPONSIBLE OFFICIAL:

Director, Accounts Management, Customer Account Services, Wage and Investment Division

CORRECTIVE ACTION MONITORING PLAN:

IRS will monitor this corrective action as part of our internal management system of controls.

RECOMMENDATION 2:

The Commissioner, Wage and Investment Division, should develop a tracking process to ensure that the required Forms 9409 are completed by tax examiners and sent to the SSA via traceable mail with a return receipt requested.

CORRECTIVE ACTION:

We agree with this recommendation and will develop processes to help ensure that examiners complete the Form 9409, IRS/SSA Wages Worksheet, when required, and to appropriately track the delivery of Forms 9409 to the Social Security Administration.

IMPLEMENTATION DATE:

December 15, 2016

RESPONSIBLE OFFICIAL:

Director, Accounts Management, Customer Account Services, Wage and Investment Division

CORRECTIVE ACTION MONITORING PLAN:

IRS will monitor this corrective action as part of our internal management system of controls.

RECOMMENDATION 2:

The Commissioner, Wage and Investment Division, should develop a tracking process to ensure that the required Forms 9409 are completed by tax examiners and sent to the SSA via traceable mail with a return receipt requested.

CORRECTIVE ACTION:

We agree with this recommendation and will develop processes to help ensure that examiners complete the Form 9409, IRS/SSA Wages Worksheet, when required, and to appropriately track the delivery of Forms 9409 to the Social Security Administration.

IMPLEMENTATION DATE:

December 15, 2016

RESPONSIBLE OFFICIAL:

Director, Accounts Management, Customer Account Services, Wage and Investment Division

CORRECTIVE ACTION MONITORING PLAN:

IRS will monitor this corrective action as part of our internal management system of controls.

RECOMMENDATION 3:

The Commissioner, Small Business/Self-Employed Division, should send the Forms 9409 to the SSA for the 15 deficiencies cases we identified because the SSA has no record of receiving the forms.

CORRECTIVE ACTION:

We sent the Forms 9409 for all 15 cases to the SSA via traceable mail with a return receipt requested on July 20, 2016.

IMPLEMENTATION DATE:

Implemented

RESPONSIBLE OFFICIAL:

Director, Examination, Field and Campus Policy, Small Business/Self-Employed Division

CORRECTIVE ACTION MONITORING PLAN:

N/A

RECOMMENDATION 4:

The Commissioner, Small Business/Self-Employed Division, should ensure * * * 1 * * *.

CORRECTIVE ACTION:

We agree in part and note that our systems * * * 1 * * *.

IMPLEMENTATION DATE:

Implemented

RESPONSIBLE OFFICIAL:

Director, Examination, Field and Campus Policy, Small Business/Self-Employed Division

CORRECTIVE ACTION MONITORING PLAN:

N/A