TIGTA Provides Top IRS Management, Performance Challenges for 2019

October 15, 2018

MEMORANDUM FOR SECRETARY MNUCHIN

FROM:
J. Russell George
Inspector General

SUBJECT:
Management and Performance Challenges Facing the Internal
Revenue Service for Fiscal Year 2019

The Reports Consolidation Act of 2000¹ requires that the Treasury Inspector General for Tax Administration (TIGTA) summarize, for inclusion in the annual Department of the Treasury Agency Financial Report, its perspective on the most serious management and performance challenges confronting the Internal Revenue Service (IRS).

Each year, TIGTA evaluates IRS programs, operations, and management functions to identify the areas of highest vulnerability to the Nation's tax system. For Fiscal Year (FY) 2019, the IRS's top management and performance challenges, in order of priority, are:

TIGTA's assessment of the major IRS management challenges for FY 2019 has changed from the prior fiscal year. We reprioritized several challenges to reflect the impact of the Tax Cuts and Jobs Act² on the IRS. This legislation is the largest tax overhaul in more than 30 years with extensive changes affecting both business and individual taxpayers. As such, it will be a significant challenge for the IRS to implement the extensive provisions of this legislation while continuing to deliver its other priority program areas, including customer service and enforcement activities.

The following information detailing these management and performance challenges is being provided to promote economy, efficiency, and effectiveness in the IRS's administration of the Nation's tax laws.

SECURITY OVER TAXPAYER DATA AND PROTECTION OF IRS RESOURCES

Taxpayers have the right to expect that information they provide to the IRS will not be disclosed unless authorized by them or the law. The risk of unauthorized access to tax accounts and unauthorized disclosure of taxpayer data will increase as the IRS expands the availability of online services and self-help tools as part of its Strategic Plan.³ Therefore, it is critical that the methods used by the IRS to authenticate individuals' identities provide a high level of assurance that tax information and services are provided only to individuals who are entitled to receive them.

In June 2016, the IRS deployed a more rigorous electronic authentication process that provides two-factor authentication for the highest risk online applications via a security code sent to text-enabled mobile phones. The IRS also recently completed or updated electronic authentication risk assessments for 28 of its online applications to determine appropriate levels of authentication assurance, and enhanced its network monitoring and audit log analysis capabilities. While the IRS has made progress in improving its electronic authentication controls, TIGTA reported⁴ that network monitoring tools the IRS purchased to improve the prevention and detection of automated attacks were not fully implemented due to issues related to resources, incompatibility, and higher priorities. In addition, controls to prevent a fraudulent user from improperly creating profiles were not fully implemented. Further, the IRS was not fulfilling requirements for monitoring audit logs for suspicious activity.

In addition to protecting taxpayer data against outside attacks, the IRS must ensure that contractors or other third parties adequately protect taxpayer data to prevent its unauthorized disclosure. Because taxpayer accounts shared with the Private Collection Agencies (PCA)⁵ contain tax return information and Personally Identifiable Information⁶ it is critical that these data remain secure when they leave the IRS and are being processed by the PCAs. TIGTA reported⁷ that although the IRS assessed the network and physical security of the PCAs and performed follow-up reviews, additional attention is needed to address system vulnerability scans, the physical security of misdirected taxpayer payments,⁸ and the electronic transfer of taxpayer data. Specifically, the IRS was unaware that one PCA could not provide monthly vulnerability scans of systems containing taxpayer data, and three of the four PCAs were not timely remediating critical and high-risk vulnerabilities within the required 30 calendar days. The IRS also did not enforce the requirements in its own Publication 4812, Contractor Security and Privacy Controls, for cell phone use policy specific to IRS data nor ensure that data files were encrypted before transferring them to the PCAs. Finally, three of the four PCA mailrooms where taxpayer correspondence and payments are received were not included in the IRS's annual security assessments. One of the PCAs lacked a secure mail processing area for payments and did not secure misdirected payments prior to sending them to the IRS.

In another review, TIGTA reported that the IRS controls for verifying and validating users requesting tax transcripts through the Transcript Delivery System did not comply with Federal Government information security standards and did not sufficiently protect taxpayers against unauthorized release of their tax information.⁹ The system allows external third-party customers to view and obtain tax information of both individuals and businesses. TIGTA's review of the Transcript Delivery System audit logs of tax transcript requests made between January 1, 2014, and December 31, 2016, identified anomalies that could be an indication of either misuse of the system or potentially suspicious activity. TIGTA recommended that the IRS implement multi-factor authentication for e-Services, which includes the Transcript Delivery System application, to comply with Federal Government information security standards and implement procedures to ensure that legitimate taxpayers authorized the release of their tax transcripts.

In addition to external threats, the IRS must ensure that its systems and data are protected against internal threats. These threats may appear in the form of malicious insiders or disgruntled employees who seek to misuse their access to taxpayer data or sensitive IRS business practices for personal gain. In July 2017, TIGTA reported¹⁰ that the IRS has not effectively updated or implemented hiring policies to fully consider past IRS conduct and performance issues prior to making a tentative decision to hire former employees, including those who were terminated or separated during an investigation of a substantiated conduct or performance issue. TIGTA found that more than 200 (approximately 10 percent) of the more than 2,000 former employees who were rehired between January 2015 and March 2016 were previously terminated from the IRS or separated while under investigation for a substantiated conduct or performance issue. This included positions with access to sensitive taxpayer information and individuals who separated while under investigation for unauthorized accesses to taxpayer information or who had been terminated or resigned for willful failure to properly file their Federal tax returns. Hiring employees of high integrity is essential to maintaining public trust in tax administration and safeguarding taxpayer information. In August 2018, a former IRS employee pled guilty to aggravated identity theft for her role in a stolen identity refund fraud scheme. It was alleged that while employed by the IRS, the defendant accessed taxpayer information and used the information to prepare and electronically file fraudulent income tax returns.¹¹

The IRS must also protect its employees located in approximately 550 offices. In the last several years, threats directed at the IRS have remained the second largest component of TIGTA's Office of Investigations' work. Recent incidents involving taxpayers who threatened or assaulted IRS employees underscore the dangers that these employees face each day.

In May 2018, TIGTA special agents arrested a tax service provider for assaulting an IRS revenue officer with a deadly weapon. The revenue officer went to the service provider's place of business to collect a Federal tax payment and the provider threatened him with a shotgun and inflicted bodily injury upon the revenue officer.¹²

IMPLEMENTING THE TAX CUTS AND JOBS ACT AND OTHER TAX LAW CHANGES

On December 22, 2017, the President signed into law the Tax Cuts and Jobs Act of 2017, which made significant changes to the tax code that affects individuals, businesses, and tax-exempt organizations. The IRS estimates that implementation of the legislation will require creating or revising about 450 forms, publications, and instructions; modifying about 140 information technology systems for tax return processing and compliance activities; and responding to 4 million additional telephone calls and taxpayer correspondence.

The Tax Cuts and Jobs Act contains 119 provisions that are administered by the IRS and affects both domestic and international taxes. The Act made significant changes to income tax rates, income tax deductions and credits, and Federal income tax withholding. These provisions are effective for Tax Year 2018 and required the IRS to revise income tax withholding tables for wages paid after January 1, 2018.

Due to the magnitude of the changes, TIGTA quickly assessed the IRS's efforts to implement this new legislation. TIGTA reported¹³ that once enacted, the IRS used several well-established processes and immediately began the difficult and large-scale task of implementing the various provisions. The IRS worked with various consumer and business groups, including the payroll community, to share information about the tax law. In addition, the IRS took steps to develop the new tax withholding tables and updated the online withholding calculator on the IRS website to reflect the changes.

Despite these initial efforts, TIGTA reported that the high volume of changes needed to implement the new legislation increases the risk that the 2019 Filing Season may be delayed.¹⁴ As of July 5, 2018, the IRS's Information Technology organization had not received all final work request notifications and business requirements from the business units to update information technology systems necessary to implement some provisions of the Tax Cut and Jobs Act. Delays in receiving this information will result in less time for modifying and testing systems and increases the risk that the 2019 Filing Season may be delayed. TIGTA also reported that there are concerns surrounding the IRS's ability to quickly fill critical information technology positions. Hiring employees and contractors is a lengthy process resulting in a risk to the timeliness of the information technology updates. Besides updating its computer systems, the IRS must ensure that taxpayers are educated about the changes and comply with the legislation.

In addition to the Tax Cuts and Jobs Act, the IRS must administer other tax law provisions such as those in the Protecting Americans from Tax Hikes Act of 2015 (PATH Act).¹⁵ The PATH Act includes provisions intended to reduce fraudulent refundable tax credit claims and requires the IRS to make a number of modifications to its Individual Taxpayer Identification Number (ITIN) program.¹⁶ During a recent audit,¹⁷ TIGTA found that the IRS had not made a programming change needed to identify potentially fraudulent ITIN applications. As a result, the IRS is unable to identify applications that are questionable based on potentially false or fraudulent supporting documentation via its systemic validation and verification processes. Because of limitations in system consistency and validity checks, the IRS may have issued 151,384 potentially erroneous or fraudulent ITINs. TIGTA also estimates that the IRS erroneously issued 8,116 ITINs because tax examiners did not always ensure that required supporting documentation was provided with applications. Additionally, processes do not ensure that revoked ITINs are prevented from being used on a tax return. TIGTA found that 8,110 ITINs which had been revoked were still valid for use in filing a tax return. In addition, another 687 ITINs were assigned to deceased individuals, but the deceased individual's account was not locked to prevent the individual's identity from being used to file a tax return.

The PATH Act contains provisions requiring the IRS to deactivate unused ITINs and those issued before a specified date. TIGTA reported that computer programming errors and inaccurate use identification resulted in the IRS not deactivating 89,105 ITINs that individuals used to file 1,298 tax returns as of April 20, 2017.¹⁸ These individuals received $637,181 in refundable tax credits and did not pay an estimated $359,127 in tax as a result of erroneous personal tax exemptions. TIGTA also identified 133,054 ITINs that were erroneously deactivated by the IRS and reported that IRS processes did not prevent 11,350 deactivated ITINs from being used by individuals on 9,818 tax returns as of May 4, 2017. These individuals erroneously received more than $2.6 million in refundable tax credits and did not pay more than $2.4 million in tax as a result of erroneous personal tax exemptions.

The PATH Act also contains a number of integrity provisions intended to reduce improper Earned Income Tax Credit (EITC), Child Tax Credit, Additional Child Tax Credit (ACTC), and American Opportunity Tax Credit (AOTC) claims. TIGTA identified 1.4 million tax returns with a discrepancy in wages reported on the tax return and wages reported on third-party Forms W-2, Wage and Tax Statement, that were not reviewed by the IRS prior to refunds being released on February 15, 2017.¹⁹ These taxpayers received approximately $8.2 billion in refunds that included $4.3 billion in the EITC and $1.7 billion in the ACTC. For 660,141 of these returns, the IRS received no third-party Forms W-2 prior to the release of the refunds. These returns had refunds totaling almost $3.7 billion. In addition, the IRS did not disallow almost $9.8 million in refundable credits associated with 4,509 tax returns with a retroactive refundable credit claim. The credits were incorrectly allowed because the Taxpayer Identification Number (TIN) assignment date was not available when some of these tax returns were processed and due to tax examiner error when reviewing retroactive claims.

IDENTITY THEFT AND IMPERSONATION FRAUD

TIGTA has issued a number of reports over the years assessing the IRS's efforts to detect and prevent the filing of fraudulent individual and business tax returns by identity thieves. Identity theft tax fraud occurs when an individual uses another person's or business' name and TIN to file a fraudulent tax return for the purpose of obtaining a tax refund. This type of fraudulent activity is constantly evolving and continues to have a significant impact on tax administration. As such, the IRS must continually adapt its detection and prevention processes to reject fraudulent electronically filed tax returns and prevent fraudulent paper tax returns from posting. For instance, during the 2018 Filing Season,²⁰ the IRS used 200 identity theft filters to identify potentially fraudulent individual tax returns at the time tax returns were processed and prior to the issuance of fraudulent tax refunds. As of February 28, 2018, the IRS reported that it had identified 1.4 million tax returns with refunds totaling more than $6.9 billion for additional review as a result of the identity theft filters and prevented the issuance of $5.6 million in fraudulent tax refunds.

Since TIGTA's first business identity theft report in September 2015, the IRS has created business identity theft filters and selection lists to identify potential business identity theft returns. For Processing Year 2017, these filters identified 20,764 business returns with characteristics of identity theft and associated refunds totaling $2.2 billion. However, TIGTA found²¹ that certain types of business tax returns are not being evaluated for potential identity theft. In Processing Year 2017, TIGTA identified 15,127 business tax returns with refunds totaling more than $200 million that would have been identified as potentially fraudulent if current business identity theft filters included an evaluation of these types of tax returns. TIGTA also found that actions need to be taken to protect refunds associated with confirmed business identity theft from being erroneously released. TIGTA identified 872 business tax returns identified by the IRS as identity theft returns in Processing Year 2016 for which refunds totaling more than $61 million appear to have been released in error.

In addition to identity theft, telephone calls from criminals impersonating IRS agents also land near the top of the IRS's “Dirty Dozen”²² tax scams and remain an ongoing threat to taxpayers as con artists threaten taxpayers with arrest, deportation, and license revocation if the victim does not pay a bogus tax bill. The number of complaints TIGTA has received about this scam has cemented its status as the largest, most pervasive impersonation scam in the history of the agency.

Since the fall of 2013, a significant amount of our Office of Investigations' workload has consisted of investigating a telephone impersonation scam in which more than 2.4 million intended victims have received unsolicited telephone calls from individuals falsely claiming to be IRS or Department of the Treasury employees. The callers demand money under the pretense that they owe unpaid taxes. To date, more than 14,500 victims reported that they have paid approximately $72 million to these criminals.

TIGTA is committed to bring to justice scammers who defraud taxpayers by impersonating employees of the IRS. As a result of TIGTA's commitment to protecting taxpayers, to date, a total of 130 individuals and 10 call centers have been charged in Federal court for their involvement in IRS impersonation scams. This includes the most recent indictment of 15 individuals and five call centers on September 4, 2018.²³ Of the 130 individuals charged Federally, 59 have been sentenced and have received a cumulative total of more than 302 years' imprisonment. In July 2018, 21 members of a massive India-based fraud and money laundering conspiracy that defrauded thousands of U.S. residents of hundreds of millions of dollars were sentenced to terms of imprisonment up to 20 years and more than $8.9 million in restitution. Additionally, the court entered individual preliminary orders of forfeiture against the 21 defendants for assets that were seized in the case and money judgments totaling more than $72 million.²⁴ Although the investigations and prosecutions have reduced the number of scam calls being placed by more than 90 percent, we are still receiving reports that between 4,000 and 10,000 individuals are receiving calls each week.

PROVIDING QUALITY TAXPAYER SERVICE

The President's Management Agenda outlines a goal of improving customer experience with Federal services. Improving the experience citizens and businesses have with Federal services whether online, in-person, or via telephone will increase trust in the Federal Government. Providing taxpayers with quality customer service is a key component in the IRS's mission. Resolving questions before tax returns are filed helps taxpayers avoid unintentional errors and noncompliance, and also reduces the burden on both taxpayers and the IRS that results from the issuance of notices and correspondence. Successfully addressing and resolving taxpayer inquiries through a quality customer service process allows the IRS to direct its limited resources more efficiently.

Taxpayers have multiple options to choose from when they need assistance from the IRS. These include toll-free telephone lines, face-to-face assistance at Taxpayer Assistance Centers or Volunteer Program sites, and self-assistance using IRS.gov and other social media channels (e.g., Twitter, Facebook, YouTube). To address declining budgets, the IRS continues to increase its dependence on technology-based services and external partners in an effort to direct taxpayers to the most cost-effective method to provide the needed service. The IRS notes that this approach allows it to focus limited telephone and walk-in resources on customer issues that can be best resolved with person-to-person interaction.

The IRS's Strategic Plan will play a significant part in the IRS's effort to modernize the taxpayer experience and allow its limited staff to better serve taxpayers who require one-on-one assistance. The IRS's goal is to eventually provide taxpayers with dynamic online tax account access that will allow them to view recent payments, make minor changes and adjustments to their tax accounts, and correspond digitally with the IRS.

Taxpayers and tax practitioners frequently look to the IRS for assistance following major disasters and emergencies. In Calendar Year 2017, more than 49 million individuals and 19 million businesses were eligible for disaster tax relief²⁵ to enable them to meet their tax obligations for filing returns or paying taxes. These types of events require the IRS to identify affected individual and business accounts to timely place disaster relief codes on the accounts and postpone examination and collection activities. In a recent review, TIGTA found that the IRS took the appropriate actions and provided quality customer service to taxpayers affected by major disasters.²⁶ The IRS timely and correctly placed disaster relief codes on approximately 68 million (99 percent) of the eligible taxpayers' accounts. These codes allow the IRS to provide special processing related to any filing payment or interest relief granted for a geographic area. TIGTA also identified that the IRS postponed examination activities on more than 99 percent of impacted individuals and businesses under examination and postponed collection activities for almost all of the impacted individuals and businesses that were in collection status as of the disaster dates.

The IRS must also provide quality service to taxpayers affected by identity theft. Individuals can learn that they are victims of employment-related identity theft when they receive a notification from the IRS of an income discrepancy between the amounts reported on their tax returns and the amounts employers reported to the IRS. This can occur when someone else uses an innocent taxpayer's stolen identity to gain employment. Employment-related identity theft can cause a significant burden to the taxpayer due to the incorrect computation of taxes and Social Security benefits based on income that does not belong to the taxpayer.

In February 2018, TIGTA reported²⁷ that most identified victims remain unaware that their identities are being used by other individuals for employment. A computer programming error limited the IRS notifications to only those victims who were not identified as a victim in previous years. As a result, the IRS did not notify 458,658 repeat victims of employment identity theft that it identified in both Processing Year 2017 and on a tax return processed prior to Processing Year 2017. TIGTA also identified that 15,168 (13.5 percent) of the 112,445 employment identity theft notices were erroneously sent to taxpayers who were not employment identity theft victims. In most instances, these taxpayers were the spouses of taxpayers who filed legitimate tax returns reporting the spouses' wages and Social Security Numbers. The IRS erroneously placed an employment identity theft marker on the spouses' tax accounts, which then generated the notices. After being made aware of these issues, the IRS agreed to send a notice to the 458,658 repeat victims of employment identity theft informing them that their Social Security Number was used by another person to obtain employment. It also agreed to reverse the employment identity theft marker placed on the 15,168 taxpayers' accounts and notify them that the prior notice was sent erroneously.

UPGRADING TAX SYSTEMS AND EXPANDING ONLINE SERVICES

Successful modernization of systems and the development and implementation of new information technology applications are critical to meeting the IRS's evolving business needs and enhancing services provided to taxpayers. The IRS's reliance on legacy (i.e., older) systems, aged hardware and software, and its use of outdated programming languages pose significant risks to the IRS's ability to deliver its mission. Modernizing the IRS's computer systems has been a persistent challenge for many years and will likely remain a challenge for the foreseeable future.

The IRS established the Enterprise Case Management (ECM) program in January 2015 in an effort to either partially or fully replace the functionality of identified legacy case management systems. The ECM program goal was to streamline case management processes across the business units and consolidate the case management systems into one common solution. At the time, IRS tax administration was supported by more than 90 different case management systems that varied widely in complexity, size, and customization and were implemented over many years to support the individual needs of multiple business units. In July 2018, TIGTA reported²⁸ that the IRS spent $85.4 million on approximately two and a half years of work on the ECM program that was unsuccessful. After establishing the ECM program, the IRS did not search for a software product that would enable the ECM program to meet its enterprise-wide requirements. Instead, the IRS used a software product that had not proven it could be scalable to the IRS's needs and did not have continuous integration capabilities. After deciding that the software product was not viable for developing the ECM solution, the IRS suspended development activities in April 2017. While these issues delayed implementation, the IRS is scheduled to select a commercial off-the-shelf product in February 2019 that will be used for the ECM solution. Once a commercial off-the-shelf product is selected, the IRS will need to focus on migrating systems and processes to the new ECM solution.

TIGTA also previously reported that the IRS has a large and increasing amount of aged hardware, some of which is three to four times older than industry standards.²⁹ At the end of FY 2017, more than 59 percent of IRS hardware was past its useful life and 26 percent of software was two or more releases behind the most current commercially available version. In its FY 2019 Budget Request, the IRS noted that it must continue efforts to replace obsolete hardware and software and provide a stable foundation for delivering technology services required for day-to-day operations, transforming the tax experience, and modernizing operations. Aged information technology hardware and software, when combined with the fact that components of the infrastructure and systems are interrelated and interdependent, increase the likelihood of outages and failures and may also introduce security risks to critical taxpayer data that IRS systems must protect.

The IRS continues to demonstrate its commitment to broaden access to secure digital services by providing one-stop, web-based services for the general public, Federal agencies, and tax professionals. The IRS offers external web services for the public and employees through the Integrated Enterprise Portal. The Integrated Enterprise Portal was designed to be an innovative and cost-effective system that would provide a fully scalable, managed private cloud capability to the IRS, enabling one-stop, web-based services. TIGTA's analyses of two different types of vulnerability and configuration scan reports found that critical and high-risk vulnerabilities were generally remediated on hardware, virtual machines, and software in the Integrated Enterprise Portal-Registered User Portal environment.³⁰ However, we identified two areas of improvement needed to ensure that the system is protected against the exploitation of unpatched vulnerabilities and misconfigurations that could expose taxpayer data to unauthorized access and disclosure.

IMPROVING TAX REPORTING AND PAYMENT COMPLIANCE

One of the IRS's key responsibilities is to ensure that taxpayers comply with the tax law. As such, the IRS should ensure that taxpayers understand their filing requirements so that the rate of voluntary compliance does not decline. This is critical, because the IRS notes a 1 percent drop in the voluntary compliance rate is estimated to cost the Government tax revenue of $30 billion each year.³¹

To enhance its enforcement actions, the IRS implemented the Private Debt Collection (PDC) program, as required by the Fixing America's Surface Transportation Act, to collect inactive tax receivables that the IRS previously could not collect. In two prior attempts, programs did not generate sufficient revenue to cover costs and the IRS terminated the programs early with net losses to the Government. The Joint Committee on Taxation estimated that the current PDC program would yield approximately $2.4 billion in additional revenue through FY 2025. TIGTA reported³² as of May 31, 2018, that the PDC program generated $56.6 million in revenue compared to $55.3 million in costs for an approximate net profit of $1.3 million. The PCAs collected just 1 percent of the $4.1 billion assigned. Possible causes of the nominal collection yield could be the average age of the cases assigned (4 years), assignment of low-income taxpayers (54 percent of PDC inventory), lack of consequences for subsequent noncompliance, or taxpayers who willfully failed to pay. Other PDC program concerns include the lack of a referral unit, the reliance on PCAs to self-report complaints, authentication procedures that expose taxpayers to risk, and PDC communication strategies that differ from IRS communications regarding tax scams.

During another review, TIGTA found³³ that the IRS can more effectively address filing noncompliance and underreporting by better using the State Audit Report Program. TIGTA analyzed FYs 2013 through 2016 State Audit Report Program nonfiler inventories and found that the IRS had dropped 39,142 records for taxpayers who were either repeat nonfilers, high-income nonfilers, or both, with estimated tax liabilities not collected totaling approximately $285 million. Only 12 States participate in the State Audit Report Program as we found that there is a lack of coordination and knowledge regarding the agreements with State agencies.

Issuing levies is another effective enforcement tool that the IRS can use to collect overdue taxes. In many cases, a levy causes the taxpayer to make contact with the IRS, which provides the IRS an opportunity to help bring the taxpayer into compliance. TIGTA found³⁴ that IRS management has been deliberately reducing notices of levy in recent years because it believed there were insufficient resources to handle the resulting taxpayer telephone calls. The total number of Automated Collection System (ACS) levies issued (paper and systemic) decreased by nearly 90 percent during the 18-month period after management's decision. Levy proceeds decreased by 70 percent, or almost $966 million. Further, the analysis showed that in addition to these quantifiable decreases, the decision to suspend ACS systemic levies also negatively affected other collection actions, such as an increase in the number of accounts written off as uncollectible due to the expiration of the statute of limitations.

As previously mentioned, ensuring that taxpayers understand and meet their tax responsibilities is crucial for the IRS in its effort to encourage voluntary compliance with the tax laws. Paid tax return preparers play an important role in the U.S. tax system as they prepare approximately 60 percent of all tax returns filed, and their actions have an enormous impact on the IRS's ability to administer tax laws effectively. Because of the critical role tax preparers have in helping taxpayers comply with the tax laws, identifying incompetent and unscrupulous preparers is an essential component of the IRS's oversight responsibilities. While the IRS's effort to regulate preparers was invalidated as a result of litigation,³⁵ the IRS has tools, including civil penalties, civil injunctions, and criminal investigations to identify and discourage preparer misconduct.

TIGTA found no evidence of a coordinated strategy in the IRS to address preparer misconduct.³⁶ Only a relatively small number of civil examinations are pursued against preparers each year relative to complaints about tax preparers. During FY 2016, the IRS investigated just 140 (15 percent) of 951 misconduct referrals and, of the cases that resulted in preparer penalties, the IRS collected only 15 percent of assessed penalties. Further, the IRS checks tax compliance for tax professionals but not for most unregulated preparers. TIGTA reported that more than 26,000 tax professionals who were Preparer Tax Identification Number recipients acknowledged being tax noncompliant. In addition, while preparing tax returns without a Preparer Tax Identification Number is subject to a penalty, the penalties are assessed on a limited ad hoc basis. In Processing Year 2016, the IRS failed to assess $121,175,195 in Preparer Tax Identification Number penalties.

To establish certainty regarding a taxpayer's tax obligations for U.S. Corporation Income Tax Returns, the IRS created Schedule UTP, Uncertain Tax Position Statement, beginning in Tax Year 2010. The IRS expected the schedule would maintain consistent treatment of taxpayers, increase IRS resource efficiency by focusing on issues and taxpayers that posed the greatest risk of noncompliance, and strategically leverage resources during inventory identification and delivery. Despite IRS efforts to collect meaningful data to assist the examination process, TIGTA reported that the Schedule UTP does not gather sufficient information to achieve its intended goals.³⁷ The weaknesses in the form provide for limited use by examiners and group managers in the field and by Large Business and International Division management and executives to strategically use the form during inventory identification and delivery. The IRS plans to coordinate with the Department of the Treasury, Office of Tax Policy, to consider the feasibility of modifying the schedule to include information needed to be more useful for its intended purpose.

REDUCING FRAUDULENT CLAIMS AND IMPROPER PAYMENTS

The Office of Management and Budget describes an improper payment as any payment that should not have been made, was made in an incorrect amount, or was made to an ineligible recipient. Improper payment legislation³⁸ required Federal agencies, including the IRS, to estimate the amount of their improper payments and report to Congress annually on the causes of and the steps taken to reduce such improper payments. The EITC has been identified as a high-risk program, and, as such, the IRS must include the rate and amount of improper payments in the Department of the Treasury's annual Agency Financial Report. The IRS estimates that $16.2 billion (23.9 percent) in EITC payments were issued improperly in FY 2017.

While refundable credits such as the EITC, ACTC, and AOTC provide benefits to individuals, the unintended consequence of these credits is that they can be the targets of unscrupulous individuals who file erroneous claims. Refundable credits can result in tax refunds when no income tax is paid or withheld because these credits are allowed even if they exceed the amount of the individual's tax liability. Consequently, they pose a significant risk as an avenue for those seeking to defraud the Government. Congress passed the PATH Act with a number of integrity provisions intended to reduce improper refundable credit claims. These provisions are projected to save approximately $7 billion over 10 years by reducing fraud, abuse, and improper payments in refundable tax credit programs.

TIGTA believes that the IRS is significantly understating its estimate of improper payments associated with refundable tax credits in its reports to the Office of Management and Budget and Congress. TIGTA reported³⁹ that the IRS continues to incorrectly rate the improper payment risk associated with the ACTC and AOTC as medium risk when, in fact, the risk is high. The medium risk rating is contrary to the IRS's own National Research Program and compliance data which, when analyzed, show a high risk of improper payments. The incorrect rating allows the IRS to continue to circumvent the reporting of required information for these programs to the Department of the Treasury for inclusion in the Agency Financial Report. We estimated that $7.4 billion (23.2 percent) of ACTC payments and $1.3 billion (28.3 percent) of AOTC payments made during FY 2017 were improper.

IMPACT OF GLOBAL ECONOMY ON TAX ADMINISTRATION

The IRS continues to focus significant efforts on global tax cooperation and tax administration practices that can prevent and resolve disputes among countries to increase certainty for taxpayers. Complexity and change in the international tax environment require that the IRS collaborate with tax administrations of foreign countries to enforce compliance. As of February 2018, the IRS has 43 active or pending reporting agreements with other countries to cooperate through a reciprocal approach to sharing information and enforcing international tax law.⁴⁰

Significant efforts to improve U.S. taxpayer compliance with reporting foreign assets and offshore accounts resulted in the enactment of the Foreign Account Tax Compliance Act (FATCA).⁴¹ Beginning in Tax Year 2011, the FATCA requires taxpayers with specified foreign financial assets that meet certain dollar thresholds to report the information to the IRS. The FATCA also requires foreign financial institutions to register and agree to report to the IRS information about financial accounts held by U.S. taxpayers or foreign entities in which U.S. taxpayers hold substantial ownership interest.

TIGTA reported⁴² that despite spending nearly $380 million, the IRS took limited or no action on a majority of planned activities in the FATCA Compliance Roadmap.⁴³ Foreign financial institution reports did not include (or included invalid) TINs, which affected the IRS's ability to identify and enforce individual taxpayer FATCA requirements. After TIGTA provided feedback, the IRS initiated action to enforce withholding agent compliance. TIGTA observed that a significant percentage of the Forms 1042-S, Foreign Person's U.S. Source Income Subject to Withholding, the IRS receives that pertain to the FATCA do not have valid TINs. However, most Form 1099 series information returns pertaining to the FATCA do have valid TINs and can be used by the IRS in its FATCA compliance strategies. There were 62,398 Tax Year 2015 Forms 1042-S with invalid TINs reporting more than $717 million, of which just over $47 million was withheld.

Additionally, improvements are needed in the IRS Large Business and International Division to address treaty-based income exemptions for some nonresident aliens. Nonresident aliens who are temporarily present in the United States to study, obtain training, teach, conduct research, and/or perform services as an employee are generally subject to income tax. Under certain tax treaties, some nonresident aliens who perform services as an employee may be eligible to exempt some or all of their income from tax. According to IRS records from Processing Years 2016 and 2017, 119,544 nonresident aliens claimed $2 billion in treaty-based exempt income.

TIGTA found⁴⁴ that IRS forms, instructions, and publications are inadequate and assume that nonresident aliens have both a Form 1042-S, reflecting income exempt by treaty, and a Form W-2, reflecting taxable wages. Nonresident aliens will have both forms only if they file a Form 8233, Exemption From Withholding on Compensation for Independent (and Certain Dependent) Personal Services of a Nonresident Alien Individual, with their withholding agent (generally their employer) in order to receive a full or partial exemption from withholding. The IRS needs to consider updating the appropriate forms, instructions, and publications to clarify how nonresident aliens who do not receive treaty-based exemption forms are still able to claim exemptions. Outreach and education is also needed to inform withholding agents (generally employers) of reporting rules which will improve accuracy of information reporting and reduce the number of erroneous tax returns.

PROTECTING TAXPAYER RIGHTS

The IRS must balance tax compliance activities against the rights of taxpayers to receive fair and equitable treatment. The IRS continues to dedicate significant resources and attention to complying with the taxpayer rights provisions of the IRS Restructuring and Reform Act of 1998.⁴⁵ The IRS provides taxpayers with the Taxpayer Bill of Rights⁴⁶ in many notices and in-person interviews to inform taxpayers about their rights with respect to examinations, appeals, collections, and refunds.

Over the years, TIGTA has audited certain taxpayer rights provisions and reported that, in general, the IRS has improved its compliance with these statutory provisions and is documenting its protection of taxpayer rights. However, during the review of the IRS's compliance with Notice of Federal Tax Lien due process procedures, TIGTA found⁴⁷ that the IRS did not always send lien notices to the taxpayer's last known address. In addition, the IRS did not always send copies of the lien notices to all taxpayers' authorized representatives.

TIGTA also evaluated the IRS's compliance with legal seizure provisions.⁴⁸ TIGTA reviewed a judgmental sample of 51 of the 359 seizures conducted from July 1, 2016, through June 30, 2017, to determine whether the IRS complied with legal and internal guidelines related to each seizure. TIGTA identified three seizures in which IRS Collection employees did not exhibit due diligence to ensure that the seizure was appropriate. TIGTA also found that the pilot program the IRS was using for the sale of seized property through the Internet resulted in higher sale-related expenses. Sale-related expenses are paid from sale proceeds and reduce the amount that is applied to the taxpayer's outstanding tax liability.

TIGTA also assessed whether the IRS complied with requirements to notify taxpayers prior to issuing levies.⁴⁹ Our tests of taxpayers with ACS paper levies identified five cases in which ACS employees levied the taxpayer before waiting 30 days after providing the notice of Collection Due Process rights to the taxpayer. Further, analysis of taxpayers with ACS paper levies in which additional tax was assessed prior to the levies identified 783 (1 percent) taxpayers who did not receive a new notice of intent to levy after an additional assessment was made on a tax period listed on the levy.

ACHIEVING PROGRAM EFFICIENCIES AND COST SAVINGS

Continuing to identify and achieve greater program efficiencies and cost savings is imperative for the IRS as it strives to successfully accomplish its mission with declining resources. Implementing cost saving strategies is particularly critical as the IRS is tasked with additional legislative responsibilities, often with limited budgetary funding. Recent audits concerning rent costs and IRS employee awards have identified opportunities for cost savings and improving the integrity of the system of tax administration.

After payroll, rent is the IRS's largest operating expense, with the IRS expecting to spend more than $600 million on real estate costs in FY 2018. Since March 2012, the IRS has taken steps to reduce its total office space by nearly 8 percent by either closing or consolidating office spaces. Although progress has been made, the rate of employee attrition has outpaced office space reduction efforts. The IRS's workstation utilization rate was only 66 percent as of December 2017. TIGTA reported⁵⁰ that changing the method by which the IRS develops and implements its space reduction projects, to incorporate more effective workstation and office sharing, could reduce the need for as many as 10,473 workspaces. By releasing these underutilized workspaces and the square footage of leased space associated with them, the IRS could achieve more than $80 million in rental cost savings over the next five years.

TIGTA found that the IRS had not capitalized on underutilized workspace reduction cost savings that could be achieved from better utilization of employee “hoteling” (managers and employees sharing workspaces), such as reduced rental, workspace buildout, furnishing, and equipment costs. The IRS could not provide any documentation demonstrating measurable progress in releasing underutilized workspaces as a result of highly mobile employees and employees who participate in frequent or recurring telework.

Besides ensuring proper stewardship of Government funds, the IRS must maintain the integrity of the agency. TIGTA reported⁵¹ that the IRS did not ensure that all employees with conduct and tax compliance issues were screened prior to receiving a performance award, as required by Department of the Treasury policy and Federal law. Increased screening procedures for awards resulted in the IRS denying almost 80 percent of awards to screened employees with identified conduct and tax issues. However, TIGTA found that in FY 2016 and FY 2017, the IRS still issued more than $1.7 million in awards to 1,962 employees who had a disciplinary or adverse action during the 12 months prior to receiving their award. Some of these employees had serious misconduct such as unauthorized access to tax return information, substance abuse, and sexual misconduct. In addition, TIGTA found that IRS screening processes do not look for or identify employees with tax compliance issues unless those issues have resulted in disciplinary action.

CONCLUSION

This memorandum is provided as our annual summary of the most serious major management and performance challenges confronting the IRS in FY 2019. TIGTA's Fiscal Year 2019 Annual Audit Plan contains our proposed reviews, which are organized in accordance with these challenges. If you have any questions or wish to discuss our views on the challenges in greater detail, please contact me at (202) 622-6500.

cc:
Assistant Secretary for Management
Deputy Chief Financial Officer
Commissioner of Internal Revenue