Data Security Tops TIGTA List of IRS Performance Challenges

SUBJECT:
Management and Performance Challenges Facing
the Internal Revenue Service for Fiscal Year 2020

October 15, 2019

MEMORANDUM FOR
SECRETARY MNUCHIN

FROM:
J. Russell George
Inspector General

The Reports Consolidation Act of 2000¹ requires that the Treasury Inspector General for Tax Administration (TIGTA) summarize, for inclusion in the annual Department of the Treasury Agency Financial Report, its perspective on the most serious management and performance challenges confronting the Internal Revenue Service (IRS).

Each year, TIGTA evaluates IRS programs, operations, and management functions to identify the areas of highest vulnerability to the Nation's tax system. For Fiscal Year (FY) 2020, the IRS's top management and performance challenges, in order of priority, are:

TIGTA's assessment of the major IRS management challenge areas for FY 2020 is similar to the prior fiscal year. Where we have made changes, it is to reflect the broader scope of certain challenges. For example, last year's challenge of “Identity Theft and Impersonation Fraud” was changed to “Addressing Emerging Threats to Tax Administration” to more fully encompass the issues that have wide-ranging implications for both the IRS and taxpayers.

Human capital remains a serious underlying issue that impacts all 10 of the Major Management Challenges. Between Fiscal Years 2014 and 2018, the IRS budget increased slightly from $11.2 billion to $11.4 billion. However, cost increases over this time period have resulted in a significant reduction in the number of full-time employees, with a corresponding impact on institutional knowledge and technical expertise. TIGTA has reported how this trend of reduced staffing has affected the IRS's ability to deliver its priority program areas, including customer service and enforcement activities. In FY 2020, it is likely that the IRS will continue to face these staffing issues.

The following information detailing these management and performance challenges is being provided to promote economy, efficiency, and effectiveness in the IRS's administration of the Nation's tax laws.

SECURITY OVER TAXPAYER DATA AND PROTECTION OF IRS RESOURCES

Taxpayers have the right to expect that information they provide to the IRS will not be disclosed unless authorized by law. To achieve its mission, the IRS has developed Internet-accessible, public-facing applications to interact with taxpayers for various tax administrative purposes. These applications collect, process, and store large amounts of Personally Identifiable Information and tax data. Because this information is considered extremely valuable, the IRS is a target of criminals and identity thieves. As such, the IRS must ensure that its applications are secure against threats on the Internet.

Attacks against IRS online portals can have wide-ranging negative ramifications. This was clearly demonstrated in recent years through high-profile attacks against the IRS eAuthentication web portal and the IRS Data Retrieval Tool within the U.S. Department of Education Free Application for Federal Student Aid website, which caused both applications to be taken offline. The absence of these resources affected taxpayers' ability to timely file annual tax returns and, in the case of the latter application, negatively affected the spring college enrollment process nationwide.

TIGTA works continually with the IRS to identify, investigate, and combat threats to the IRS's cyberinfrastructure, both through internal threat vectors and through external manipulations and attacks against online IRS applications. Of particular concern is how the IRS ensures that only authorized taxpayers can access their information on these public-facing applications. Strong electronic authentication controls are needed to prevent identity thieves from succeeding at impersonating taxpayers and gaining improper access to tax records.

TIGTA reported that the IRS is making progress at improving electronic authentication controls on its public-facing applications.² However, the IRS's 52 public-facing applications are not yet compliant with the National Institute of Standards and Technology guidelines issued in June 2017,³ even though the Office of Management and Budget required compliance within one year of publication. Without full compliance with the new guidelines, the IRS increases the risk of using inappropriate authentication controls, which could allow unauthorized access and activities, compromise taxpayer records, and cause revenue to be lost due to identity theft refund fraud.

The IRS must also ensure that contractors or other third parties adequately protect taxpayer data to prevent its unauthorized disclosure. Administration of the U.S. tax system has become increasingly reliant on the use of information returns provided by third parties. For example, the IRS uses the data from information returns to ensure compliance with Federal tax withholding requirements, to identify unreported income or overstated credits and deductions, and to identify potentially fraudulent returns.

TIGTA found⁴ that processes and procedures to authenticate users of the Filing Information Returns Electronically (FIRE) system⁵ do not comply with Federal Government information security standards. For example, our review identified that the IRS currently does not perform any type of identity proofing prior to providing users with access to the FIRE system. It is important that the IRS has strong authentication controls to ensure the validity of each payer's identity prior to submission of information returns that are then used for return validation, compliance matching, and fraud detection purposes.

TIGTA also reported significant vulnerabilities within the IRS Bring Your Own Device (BYOD) program, which allows its employees to access work resources using their personal mobile devices.⁶ For example, the risk of data leakage with personally owned iPhones^® is increased because iPhones enable the screen capture functionality. In addition, the BYOD servers also contain critical and high-risk vulnerabilities. Of the 68 critical and high-risk vulnerabilities identified in one month, 18 (26 percent) were classified as easily exploitable.

In addition to external threats, the IRS must ensure that its systems and data are protected against internal threats. It is particularly troubling when IRS employees, who are entrusted with the sensitive personal and financial information of taxpayers, misuse their positions to commit identity theft and other fraud. This breach of trust negatively affects our Nation's voluntary tax system and erodes confidence in the IRS. TIGTA proactively reviews the activities of IRS employees who access taxpayer accounts for any indication of unauthorized accesses that may be part of a larger fraud scheme.

In February 2019, an IRS employee was indicted for the unauthorized disclosure of Suspicious Activity Reports (SARs), misuse of a Government computer, and misuse of a Social Security Number in violation of the law. By virtue of his position, the IRS employee intentionally exceeded authorized access to a computer, obtained information regarding SARs that was not necessary to fulfill his official duties, and then knowingly disclosed the SARs. If convicted, the employee could face a maximum of five years' imprisonment for each violation.⁷

TIGTA also plays the key role of protecting IRS employees. Threats and assaults directed at IRS employees, facilities, and infrastructure impede the effective and safe administration of the Federal tax system and the IRS's ability to collect tax revenue. In the last several years, threats directed at the IRS have remained the second largest component of TIGTA's Office of Investigations work. Recent incidents involving taxpayers who threatened or assaulted IRS employees underscore the dangers that these employees face each day.

IMPLEMENTING TAX LAW CHANGES

Implementation of tax law changes will continue to present challenges for the IRS. For example, the Taxpayer First Act,⁸ enacted on July 1, 2019, requires the IRS to propose an organizational redesign, with the goals of improving efficiency, modernizing systems and business processes and finding ways to better serve taxpayers.

In addition, the Tax Cuts and Jobs Act of 2017⁹ also made substantial changes to the tax code that affect individuals, businesses, and tax-exempt organizations. TIGTA has continued to assess the IRS's efforts to implement the provisions of this legislation. Specifically, TIGTA reported that the IRS had to create 48 new tax products, revise 494 existing tax products, and perform computer programming changes affecting 128 information technology systems, including addressing changes in the location of data fields in its fraud detection systems.¹⁰ In addition, the IRS developed an overarching communication outreach strategy that informs stakeholders of tax law changes related to various tax provisions of the Tax Cuts and Jobs Act and also developed a hiring and training plan to support its customer service initiatives.

In addition to the Tax Cuts and Jobs Act, the IRS must administer other tax law provisions such as those in the Protecting Americans from Tax Hikes Act of 2015 (PATH Act).¹¹ The PATH Act contains a number of provisions referred to as program integrity provisions intended to reduce fraudulent and improper Earned Income Tax Credit (EITC), Child Tax Credit, Additional Child Tax Credit (ACTC), and American Opportunity Tax Credit (AOTC) payments. Specifically, the PATH Act modified the AOTC to require individuals claiming the credit to provide the Employer Identification Number of the educational institution. In December 2018,¹² TIGTA identified approximately 234,000 tax returns with claims of $209 million in refundable AOTCs that did not include an educational institution Employer Identification Number as required.

ADDRESSING EMERGING THREATS TO TAX ADMINISTRATION

TIGTA has issued a number of reports over the years assessing the IRS's efforts to detect and prevent the filing of fraudulent individual and business tax returns by identity thieves. Identity theft tax fraud occurs when an individual uses another person's or business' name and Taxpayer Identification Number (TIN) to file a fraudulent tax return for the purpose of obtaining a tax refund. This type of fraudulent activity is constantly evolving and continues to have a significant impact on tax administration. As such, the IRS must continually adapt its detection and prevention processes to reject fraudulent electronically filed tax returns and prevent fraudulent paper tax returns from posting. For the 2019 Filing Season, the IRS is using 193 identity theft filters to identify potentially fraudulent individual tax returns and prevent the issuance of fraudulent tax refunds. As of April 30, 2018, the IRS reported that it had identified 2.8 million tax returns with refunds totaling $16.6 billion for additional review because of identity theft filters.

The IRS continues to work with the Security Summit¹³ to explore programs and processes to improve the extent of sharing identity theft information in an effort to further improve the detection and prevention of tax-related identity theft through the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC).¹⁴ According to the April 2018 Identity Theft Tax Refund Fraud ISAC Annual Report, participation in the ISAC has increased from 18 participating organizations in Calendar Year 2017 to 60 participating organizations and more than 400 registered users in Calendar Year 2018. The Taxpayer First Act expanded the information the ISAC can use to detect and prevent tax-related identity theft. This Act modified the IRS's authority to allow it to share information on identity theft tax returns the IRS identifies with the ISAC.

In addition, the IRS developed additional filters in response to TIGTA recommendations to improve the detection of fraudulent tax returns that use Schedule C, Profit or Loss From Business (Sole Proprietorship), income and foreign addresses. However, because of programming errors and the use of a dollar tolerance, TIGTA reported that 28,092 potentially fraudulent tax returns with refunds totaling more than $4.4 million were not identified.

In addition to identity theft, telephone calls from criminals impersonating IRS agents also land near the top of the IRS's “Dirty Dozen”¹⁵ tax scams and remain an ongoing threat to taxpayers as con artists threaten taxpayers with arrest, deportation, and license revocation if the victim does not pay a bogus tax bill. Since the fall of 2013, a significant amount of TIGTA's Office of Investigations workload has consisted of investigating these scams in which more than 2.5 million intended victims have received unsolicited telephone calls from individuals falsely claiming to be IRS or Department of the Treasury employees. To date, more than 15,700 victims reported that they have paid approximately $79 million to these criminals. The number of complaints TIGTA has received about this scam has cemented its status as the largest, most pervasive impersonation scam in the history of the IRS.

SUPPORTING AN ENHANCED TAXPAYER EXPERIENCE

The President's Management Agenda outlines a goal of improving customer experience with Federal services. Improving the experience citizens and businesses have with Federal services, whether online, in-person, or via telephone, will increase trust in the Federal Government. Providing taxpayers with quality customer service is a key component in the IRS's mission. Resolving questions before tax returns are filed helps taxpayers avoid unintentional errors and noncompliance and also reduces the burden on both taxpayers and the IRS that results from the issuance of notices and correspondence. Successfully addressing and resolving taxpayer inquiries through a quality customer service process allows the IRS to direct its limited resources more efficiently.

Taxpayers have multiple options to choose from when they need assistance from the IRS. These include toll-free telephone lines, face-to-face assistance at Taxpayer Assistance Centers or Volunteer Program sites, and self-assistance using IRS.gov and other social media channels (e.g., Twitter, Facebook, YouTube). To address declining budgets, the IRS continues to increase its dependence on technology-based services and external partners in an effort to direct taxpayers to the most cost-effective method to provide the needed service. The IRS notes that this approach allows it to focus limited telephone and walk-in resources on customer issues that can be best resolved with person-to-person interaction.

The IRS provides taxpayers with face-to-face tax assistance throughout the Nation at 359 Taxpayer Assistance Centers, 38 Virtual Service Delivery sites, and five Social Security Administration offices, as of December 31, 2018. The IRS should place these sites in optimal locations to service taxpayers who are likely to seek face-to-face assistance. However, TIGTA reported that the IRS did not use its data-driven Geographic Coverage Model to expand face-to-face assistance to new locations. TIGTA's analysis of this model identified 28 underserved areas with a high number of taxpayers who are likely to seek face-to-face assistance.¹⁶ These taxpayers have low income or received an IRS letter or notice and live more than 30 miles from a Taxpayer Assistance Center.

In addition, the IRS did not comply with the congressional directives accompanying the Consolidated Appropriations Act of 2018¹⁷ prior to closing Taxpayer Assistance Centers in Calendar Year 2018. For example, the IRS did not timely provide a report to congressional committees on the steps being taken to prevent Taxpayer Assistance Center closures. In addition, the IRS did not conduct a study on the taxpayer impact of closing four Taxpayer Assistance Centers that the IRS closed after Congress passed the Consolidated Appropriations Act of 2018.

Each year, millions of taxpayers call the IRS toll-free telephone assistance lines seeking help to understand the tax laws and meet their tax obligations. However, TIGTA reported that the IRS's telephone performance measures do not reflect overall call demand or performance for IRS telephone assistance.¹⁸ The Level of Service¹⁹ as calculated by the IRS does not account for total taxpayer demand, the cost of providing telephone service, the time it takes taxpayers to talk to an assistor, or the level of resources the IRS is able to devote to telephone service. Further, TIGTA identified that, in some instances, IRS management does not clearly disclose in congressional testimony and in reports to external stakeholders that the Level of Service only includes the 30 Accounts Management function's telephone lines. For FY 2018, the IRS had 110 toll-free telephone lines but calculated the Level of Service based on taxpayer contacts on only its Accounts Management function's 30 (27 percent) telephone lines.

MODERNIZING IRS OPERATIONS

In April 2019, the IRS issued its Integrated Modernization Business Plan, which is a six-year road map to improve the taxpayer experience by modernizing core tax administration systems, IRS operations, and cybersecurity. Successful modernization of systems and the development and implementation of new information technology applications are critical to meeting the IRS's evolving business needs and enhancing services provided to taxpayers. The IRS's reliance on legacy (i.e., older) systems and aged hardware and software, and its use of outdated programming languages, pose significant risks to the IRS's ability to deliver its mission. Modernizing the IRS's computer systems has been a persistent challenge for many years and will likely remain a challenge for the foreseeable future.

The IRS's Information Technology (IT) organization provides and maintains the information technology products and services needed by the IRS to meet its mission to deliver tax administration. TIGTA evaluated the effectiveness of IRS efforts to prioritize computer programming requests to support effective tax administration and identified areas for improvement.²⁰ Specifically, the allocation of information technology resources is primarily set by the IT organization with minimal involvement from the IRS's business operating divisions. The operating divisions are concerned that their lack of participation limits their input when establishing agency priorities for determining how to allocate IT organization resources.

In addition, due to insufficient IT resources, projects are not started that would reduce taxpayer burden, protect revenue, and save significant IRS resources. For example, there were 82 programming requests denied in Calendar Year 2016. IRS executives informed us that this had negative impacts on tax administration, such as the potential for billions of dollars in lost revenue, taxpayers not receiving proper credits, and the IRS having to pay a large amount of interest due to withholding that was not credited to taxpayer accounts.

IMPROVING TAX REPORTING AND PAYMENT COMPLIANCE

One of the IRS's key responsibilities is to ensure that taxpayers comply with the tax law. As such, the IRS should ensure that taxpayers understand their filing requirements so that the rate of voluntary compliance does not decline.

As required by the 2015 Fixing America's Surface Transportation Act,²¹ the IRS implemented the Private Debt Collection (PDC) program to begin using private collection agencies (PCA) to collect inactive tax receivables that the IRS previously could not collect. The Joint Committee on Taxation estimated that the current PDC program would yield approximately $2.4 billion in additional revenue through FY 2025. As of September 2018, the IRS had assigned more than 700,000 taxpayer accounts to private collectors. The PCAs collected approximately $88.8 million (2 percent) from the balance owed on these accounts. They also established more than 21,000 payment arrangements, but taxpayers later failed to make payments on more than half of them.²² Both the IRS and the PCAs monitor performance using various attributes such as procedural accuracy and professionalism. All of the PCAs performed well under these attributes. However, the performance attributes focus almost entirely on the PCAs' telephone conversations with the taxpayers and do not measure other important aspects of case management, such as returning cases to the IRS when required and the accuracy of payment arrangements. TIGTA also reported that PCA payment calculators do not calculate interest and penalties accurately.²³

Another area of concern is collecting the tax owed by self-employed individuals. Studies based on IRS National Research Program data have found that sole proprietors underreported their net income by 64 percent (based on the average for Tax Years (TY) 2008 through 2010), which is up from 57 percent in the TY 2001 estimate. With the growth of online platform companies in recent years, which allow people easy and convenient ways to obtain needed services and others to work as self-employed individuals providing those services (also known as the “gig economy”), it is likely that self-employment tax underreporting will continue to be a growing problem if not addressed. The gig economy is comprised of online platform companies such as Uber, Lyft, Etsy, Handy, and TaskRabbit.

TIGTA recently reported that billions of dollars in potential tax discrepancies involving taxpayers who earn income in the gig economy are not worked by the IRS.²⁴ Many cases were not selected to be worked by IRS programming due to the large volume of discrepancies that were identified. In addition, IRS employees removed thousands of cases from inventory without justification or with justification that was inaccurate. Further, Treasury Regulations do not require certain gig economy businesses to issue Form 1099-K, Payment Card and Third Party Network Transactions, unless workers earn at least $20,000 and engage in at least 200 transactions annually. Consequently, many taxpayers who earn income in the gig economy do not receive a Form 1099-K; therefore, their income is not reported to the IRS. When income is not reported to the IRS, taxpayers are more likely to be noncompliant.

TIGTA also reported that billions of dollars in non-payroll tax withholding discrepancies are not being addressed.²⁵ A business entity (payer), such as a bank or financial institution, is often required to withhold backup withholding or Federal income tax when making payments involving non-payroll compensation to recipients. The payer of these reportable transactions is required to provide income and withholding documents to the IRS and recipients. Payers report total backup and Federal income tax withheld during the tax year on Form 945, Annual Return of Withheld Federal Income Tax.

However, TIGTA's analysis identified instances in which payers did not report backup and Federal income tax withholding amounts on Form 945 or reported a lesser amount on Form 945 than reported on the Forms 1099 or Forms W-2G, Certain Gambling Winnings, issued to recipients. For example, TIGTA identified 7,265 payers that provided to the IRS TY 2016 Forms 1099 or W-2G reporting almost $923 million in withholding but did not file the required TY 2016 Form 945. TIGTA also identified 3,163 payers that reported on Form 945 approximately $760 million less in withholdings than what they reported on associated Forms 1099 and W-2G.

The IRS also needs to improve its processes to address the discrepancies between alimony deductions claimed and income reported. An alimony income reporting discrepancy occurs when individuals claim deductions for alimony that they did not pay or individuals do not report alimony income they received. Apart from examining a small number of tax returns, TIGTA reported in August 2019 that the IRS still has not developed processes and procedures to address the substantial compliance gap that results from alimony income reporting discrepancies.²⁶ TIGTA analyzed TY 2016 tax returns with an alimony deduction processed as of February 8, 2018, and found that the amount associated with alimony income reporting discrepancies increased 38 percent from $2.3 billion in TY 2010 when we first reported²⁷ this concern to more than $3.2 billion in TY 2016. Based on TIGTA's analysis, alimony reporting discrepancies could result in more than $1.1 billion in unreported tax over the next five years.

REDUCING FRAUDULENT CLAIMS AND IMPROPER PAYMENTS

The Office of Management and Budget describes an improper payment as any payment that should not have been made, was made in an incorrect amount, or was made to an ineligible recipient. Improper payment legislation²⁸ required Federal agencies, including the IRS, to estimate the amount of their improper payments and report to Congress annually on the causes of and the steps taken to reduce such improper payments. The EITC has been identified as a high-risk program, and as such, the IRS must include the rate and amount of improper payments in the Department of the Treasury's annual Agency Financial Report. The IRS estimates that approximately 25 percent ($18.4 billion) of EITC payments were issued improperly in FY 2018.

While refundable credits such as the EITC, ACTC, and AOTC provide benefits to individuals, the unintended consequence of these credits is that they can be the targets of unscrupulous individuals who file erroneous claims. Refundable credits can result in tax refunds when no income tax is paid or withheld because these credits are allowed even if they exceed the amount of the individual's tax liability. Consequently, they pose a significant risk as an avenue for those seeking to defraud the Government. Congress passed the PATH Act with a number of integrity provisions intended to reduce improper refundable credit claims. These provisions are projected to save approximately $7 billion over 10 years by reducing fraud, abuse, and improper payments in refundable tax credit programs.

TIGTA believes that the IRS is significantly understating its estimate of improper payments associated with refundable tax credits in its reports to the Office of Management and Budget and Congress. TIGTA reported²⁹ that the IRS continues to incorrectly rate the improper payment risk associated with the ACTC, the AOTC, and the Premium Tax Credit (PTC). As a result, the incorrect rating allows the IRS to continue to avoid the reporting of required information for these programs to the Department of the Treasury for inclusion in the Agency Financial Report. The IRS estimates that nearly 33 percent ($8.7 billion) of ACTC payments made during TYs 2009 through 2011 were likely improper and that over 31 percent ($5.3 billion) of AOTC payments made during TY 2012 were likely improper.

In addition, the IRS's own analysis of its compliance data indicates that the estimated error rate for Net PTC payments was 41 percent ($440 million). This analysis confirmed that Net PTC improper payments, as defined by the Office of Management and Budget, would likely exceed the improper payment reporting thresholds used for classification as a high risk.

IMPACT OF GLOBAL ECONOMIES

Complexity and change in the international tax environment require that the IRS collaborate with tax administrations of foreign countries to enforce compliance. The IRS must continue to focus significant efforts on global tax cooperation and tax administration practices that can prevent and resolve disputes among countries to increase certainty for taxpayers. As of February 2018, the IRS has 43 active or pending reporting agreements with other countries to cooperate through a reciprocal approach to sharing information and enforcing international tax law.³⁰ Virtual currencies³¹ also continue to present a significant risk to tax administration, particularly since one of the attractions to their use is the anonymity of transactions.

Among its many provisions, the Tax Cuts and Jobs Act provides for a tax (subject to special tax rates) on U.S. shareholders of specified foreign corporations (and U.S. persons that own interests through domestic pass-through entities that are U.S. shareholders of specified foreign corporations) through a one-time deemed repatriation of foreign accumulated earnings set forth under Section 965 of the Internal Revenue Code.

TIGTA reported that the retroactive components of Section 965 presented significant challenges for the IRS in implementing the provision.³² The IRS made reasonable efforts informing external stakeholders of Section 965 requirements and the process for filing a tax return reporting a Section 965 inclusion amount. However, in issuing guidance, the IRS initially did not specifically address excess payments of the Section 965 portion of their income liability immediately due and did not clearly inform taxpayers of the implications of making these excess remittances. This resulted in at least 115 taxpayers making $2.8 billion in payments on their Section 965 liability that they did not intend to make.

To further address taxpayer noncompliance and audit selection, the IRS implemented a new approach described as “campaigns.” The Form 1120-F, U.S. Income Tax Return of a Foreign Corporation, Nonfiler Campaign was one of the first campaigns rolled out by the Large Business and International Division. Form 1120-F nonfilers are foreign entities that are legally required to file but fail to do so. The IRS considers nonfiling an egregious problem because it contributes to the Tax Gap and undermines tax compliance.

However, TIGTA reported that the Form 1120-F campaign was initiated without establishing evidence of a significant compliance risk pertaining to Form 1120-F nonfilers.³³ Moreover, a coordinated strategy was not established to ensure that critical campaign case actions were performed timely. Furthermore, the Large Business and International Division did not properly plan for unresponsive taxpayers, and consequently, it was unable to follow up appropriately with those that failed to respond. Overall, initial campaign case results show low examination referral and proposed assessment rates.

PROTECTING TAXPAYER RIGHTS

The IRS must balance tax compliance activities against the rights of taxpayers to receive fair and equitable treatment. The IRS continues to dedicate significant resources and attention to complying with the taxpayer rights provisions of the IRS Restructuring and Reform Act of 1998.³⁴ The IRS provides taxpayers with the Taxpayer Bill of Rights³⁵ in many notices and in-person interviews to inform taxpayers about their rights with respect to examinations, appeals, collections, and refunds.

Over the years, TIGTA has audited certain taxpayer rights provisions and reported that, in general, the IRS has improved its compliance with these statutory provisions and is documenting its protection of taxpayer rights. However, during the review of the IRS's process to notify taxpayers of their rights when requesting an extension of the statute of limitations for assessing additional taxes and penalties, TIGTA found³⁶ that some taxpayer audit files lacked documentation to support that employees followed the IRS's internal procedures for further explaining the taxpayers' rights to the taxpayers. In addition, TIGTA's review found instances in which the audit files lacked documentation to support that the IRS complied with procedures requiring the notification of a taxpayer's representative when an authorization for third-party representation existed.

During the review of the IRS Office of Appeals Collection Due Process Program, TIGTA determined from a statistical sample that the IRS did not always classify taxpayer requests properly, and as a result, some taxpayers received the wrong type of hearing.³⁷ The IRS also did not timely process the hearing requests for some taxpayers and made errors relating to the determination of the Collection Statute Expiration Date (CSED) on taxpayer accounts. The CSED is the expiration of the time period established by law to collect taxes. From a statistically valid sample, TIGTA identified instances in which the IRS incorrectly extended the CSED, allowing the IRS additional time it should not have had to collect the delinquent taxes.

TIGTA also evaluated the IRS's compliance with legal seizure provisions.³⁸ TIGTA reviewed a judgmental sample of 52 of the 260 seizures conducted from July 1, 2017, through June 30, 2018, to determine whether the IRS complied with legal and internal guidelines related to each seizure. TIGTA identified instances in which the IRS did not comply with a particular Internal Revenue Code section or an internal procedure or there was no guidance present.

ACHIEVING OPERATIONAL EFFICIENCIES

Achieving efficiencies within Federal tax administration requires the IRS to continuously monitor and effectively manage a wide range of risks that are inherent within a fast-paced, changing operational environment. For example, efficient and cost-effective management and implementation of the IRS's software assets is crucial to ensure that information technology services continue to support the IRS's business operations and help provide services to taxpayers efficiently. However, TIGTA reported that the IRS did not effectively manage software tools acquired to address its software asset management and software development needs.³⁹ In addition, the IRS did not actively monitor the costs associated with purchasing the software licenses and software subscription and support. As a result, the IRS purchased software licenses that it never deployed and purchased software subscription and support for licenses it did not use.

Due to potential cost-saving benefits, the IRS made a decision to consolidate platforms and migrate applications to Linux-based operating systems from Oracle-based proprietary hardware. However, TIGTA reported that the IRS did not develop an initial project plan or conduct upfront assessments and technical analysis on the applications and databases that were to be migrated to a new operating system.⁴⁰ As a result, the pilot project took 22 months to complete. In addition, only eight of the 141 applications in the Linux Migration Project inventory in February 2018 had completed migration. Further, the hardware and support purchased in September 2016 for $6.8 million has been underutilized.

TIGTA also reported that Criminal Investigation (CI) could improve identification and investigation of tax-related identity theft cases.⁴¹ Many incidents initiated by taxpayers were not placed in CI's Scheme Tracking Referral System for consideration in CI's scheme development process. Specifically, 98,773 taxpayer-initiated identity theft returns processed in Calendar Year 2016 were not placed in CI's referral system, which is the master list of all schemes developed for the IRS. By not including these returns, CI may limit its ability to identify fraud characteristics for returns that bypass IRS filters for possible investigation.

Improvement can also be made in the processing of amended tax returns. When taxpayers make an error on an originally filed Form 1040, U.S. Individual Tax Return, they can file an amended tax return. However, TIGTA's analysis found that processing errors by IRS employees continue to result in erroneous refunds associated with amended returns.⁴² As a result, we forecast that the IRS could issue nearly $1.4 billion in potentially erroneous tax refunds claimed on amended tax returns over the next five years.

CONCLUSION

This memorandum is provided as our annual summary of the most serious major management and performance challenges confronting the IRS in FY 2020. TIGTA's Fiscal Year 2020 Annual Audit Plan contains our proposed reviews. If you have any questions or wish to discuss our views on the challenges in greater detail, please contact me at (202) 622-6500.

cc:
Assistant Secretary for Management
Deputy Chief Financial Officer
Commissioner of Internal Revenue