Posts Tagged ‘TIGTA’

Everything Is in the Best of Hands: “Security Weaknesses Are Not Timely Resolved and Effectively Managed”

Monday, August 14th, 2023

The Treasury Inspector General for Tax Administration (TIGTA) released a report today, and it doesn’t make for pleasant reading; it’s titled, “Security Weaknesses Are Not Timely Resolved and Effectively Managed.”  If you wonder why some don’t feel confident with the IRS preparing tax returns, look no further.  The summary (relating to what the IRS is currently doing with “Plan of Action and Milestones (POA&Ms)”) is quite damning:

The IRS did not timely review 291 (73 percent) of 401 POA&Ms TIGTA analyzed based on agency security policies nor did it perform the required closure reviews within the 60-day time period for 138 (49 percent) of 282 POA&Ms marked as either Accepted, Completed, or Validated.

Due to staffing shortfalls, IRS employees are not facilitating the timely resolution of information security weaknesses. Agency-wide, there are more than 500 POA&Ms categorized as Late, including 23 with risk severity ratings of either critical or high…

In addition, business units are not timely creating POA&Ms or consistently entering required POA&M information…

Finally, the IRS is not accurately identifying and tracking resources required to resolve information security weaknesses. For the 12,089 POA&Ms, there was a total estimated cost of $2.6 billion to resolve the information security weaknesses. From January 1, 2018, through August 26, 2022, the IRS finalized remediation efforts for 3,139 POA&Ms with total estimated costs of $134.5 million to resolve the information security weaknesses. However, during the closure process, the IRS did not reevaluate the estimated budget and update it with actual costs at closure, as required.

TIGTA made four recommendations, and at least the IRS agreed with all of them; the IRS plans on correcting all of them no later than May 15, 2024.  As to why this is important, TIGTA noted: “Failure to timely review, track, and close POA&Ms to resolve information security weaknesses puts the IRS at risk for exploitation by threat actors. In addition, tracking associated resources required to resolve POA&Ms facilitates informed decision-making.”  Tax professionals have enough security risks without having the IRS contributing more!

That 6 Million Return Backlog? Oops, We Mad a Math Error: It’s Really 24 Million

Saturday, February 12th, 2022

Everyone makes math mistakes.  When we last heard from IRS Commissioner Chuck Rettig, the backlog of unprocessed returns was down to about 6 million.  Per the Washington Post, that was slightly off–well, a bit more than slightly.  The true backlog is 23.8 Million,  a difference of about 18 million returns.  True, this does include unopened correspondence–but that correspondence also likely includes returns.

Of course, you can try calling the IRS up.  I generally do multiple times during a week.  I have about twelve items I need to get resolved and (in theory) I can over the phone, (a) if I get through, (b) I speak to an IRS employee who can resolve the issue, and (c) don’t get hung up on.  Here’s an example: A client paid his tax in October, the IRS cashed the check, but the payment isn’t posted on his account.  He just received a CP504 notice, gave me a Power of Attorney, and sent me a copy of the front and back of the check (and it absolutely cleared).

The first issue is calling the IRS.  I’m in the Pacific time zone, so when I call at 7am (the earliest time I can call), I’m competing against everyone else in the US.  On Monday I couldn’t get through to the Practitioner Priority Service (PPS).  I made ten attempts, and then stopped as I had a full day of appointments.  On Tuesday, I reached the IRS–and was not even on hold!  That’s akin to a one-outer in poker.  The helpful IRS employee (and do note that every IRS employee I’ve dealt with on PPS has been very helpful) could not help me; she did not have access to the computer system that allowed transferring of payments.  She transferred me…and I was on hold with a hold time given of “between 30 and 60 minutes.”  90 minutes later, the IRS system hung up on me (I think it may be programmed to do that when you’re on a call and it lasts two hours).  I couldn’t try to call again on Tuesday, because I had appointments.

On Wednesday, my fourth try to PPS resulted in a callback from the IRS 30 minutes later.  This employee found my client’s payment, and then started the work to move the payment–which apparently was a lot more complex than either he or I thought it would be.  Every five to seven minutes he’d get back on the line stating he was still working on this form to move the payment.  After 100 minutes, the system hung up on me.  On his last “I need another five to seven minutes” he said he was close to having this resolved.  But I don’t know for sure.

On Thursday I had an outside appointment, and by the time I got into the office I didn’t have an open two hours to call the IRS.  (I can work while I’m on the phone with the IRS, but I can’t have a scheduled call or appointment.)  On Friday, I didn’t get through to the IRS.  On Monday, my first scheduled call is at 11am, so I am hopeful I can confirm that this payment has been resolved, and then go on to issue number two (a 2016 return that still hasn’t been processed).

Last week, 30 Senate Republicans wrote a letter to Treasury Secretary Janet Yellen and Commissioner Rettig that the situation is untenable.  They’re correct.  So what can we do–given that it’s likely impossible to salvage the 2022 Tax Filing Season from being on the level of disastrous?  I have some ideas:

  1. Drop the Schedule K-2 and K-3 requirements for all but the largest partnership and S-Corporations (say, $25 million in gross income or more) for 2021 returns.  This will (a) eliminate even more paperwork for the IRS to process (currently, K-2s and K-3s must be attached as pdf’s to returns; this requires the IRS to do special processing), (b) help the tax professional community, and (c) help most taxpayers where these documents add just filing requirements with no tangible benefits to anyone.
  2. Get all IRS employees who are supposed to work in IRS Service Centers back in the Service Centers.  Yes, Covid still exists but it’s going to be with us (likely) forever.  This can be done by Presidential executive order–and Treasury Secretary Yellen and IRS Commissioner Rettig should be demanding this.  This will eliminate the issue with “error” returns (see below).  Additionally, it will increase IRS efficiency: employees will be in the locations they should be in.
  3. Start posting realistic time-frames for processing of paper returns.  I’m quoting 12 months for a paper-filed tax return and 18 months for a paper-filed amended return.  For electronically filed tax returns, I’m quoting two to four weeks if you’re in the lucky 90% that don’t get an error/reject and nine months if you’re in the unlucky 10% that does get an error/reject.  For electronically filed amended returns, I’m quoting one year for processing.  (All time-frames are averages.)  If my suggestion about getting employees back in the Service Centers is acted on, that will reduce the backlog of returns as error/reject returns won’t take the months that they currently take to be resolved (pre-Covid, they took three to four days).
  4. Listen to TIGTA (the Treasury Inspector General for Tax Administration) and spend what technology money you have wisely.  Yesterday, TIGTA released a report noting that the IRS cost the US $56 million in interest payments because of outdated mail processing equipment that would cost between $360,000 to $650,000 to replace.
  5. Work with Congressional leadership to get the budget increased for improved technology, not snooping on bank records.  Secretary Yellen and Commissioner Rettig can point out that improved technology would allow for far greater efficiency within the IRS.  Do you know that the main IRS computer system dates from 1959 and uses COBOL, and the last major improvements date from the 1980s?  Given the current situation, there should be bipartisan support for this.  Yes, this wouldn’t have benefits for a few years but we have to start somewhere.
  6. Work with Congressional leadership to increase starting wages for IRS employees.  The IRS is trying to hire more individuals (including in customer service), but has only hired 10% of the number they want to hire (and are budgeted to hire).

By the way, do you know how many IRS employees there are per phone call coming in to the IRS?  For every 16,000 calls, there’s one employee.  (Yes, employees take more than one call a day, but if you wonder why you and I can’t get through, that’s the answer.)

What does this mean for the 2022 Tax Season?  If your tax professional doesn’t have gray hair, he or she will by October 15th.  If you need to call the IRS, budget a day to get through (you will likely need it).  If you have to write the IRS (or submit a paper return) and need a quick response, consider a prayer: It can’t hurt and it just might help.  And hug your tax professional; he or she will appreciate it.

At Least The IRS Could Find 95% of the Returns…

Thursday, September 3rd, 2020

Two items crossed my in-box within a few minutes of each other this morning. The first was a blog post from the National Taxpayer Advocate requesting that Congress give multi-year funding for modernizing IRS computer systems. The second was a TIGTA report noting the IRS couldn’t find about 5% of tax returns requested.

Do you know anyone who knows COBOL (a computer language)? If you do, the IRS wants to hear from him or her! COBOL dates from 1959 (before I was born). The IRS’s IMF and BMF (Individual and Business Master Files) are older than I am, and run in Cobol on IBM mainframes. They are the oldest computer systems still in use by the federal government! I’ll date myself: I was in the last class at Berkeley to learn computer programming on punch cards. On the bright side, the IRS uses the best of 1950’s technology….

Why doesn’t the IRS take their paper records and digitize them? Some of it has to do with the legacy systems they are run on. A lot of it has to do with inadequate funding.

Seriously, this is a problem. In our office, we don’t keep paper records. We scan everything (and return all paper to our clients). The IRS does this for electronically filed tax returns, but not for all paper returns. Indeed, the TIGTA report notes that 347 of the IRS’s 956 forms cannot be electronically filed (that’s more than 36%). The IRS has 468,000 cubic feet of storage available on their campuses. Additionally, Federal Record Centers store about five million cubic feet of IRS records! The IRS spends $57 million a year on storing and retrieving this mountain of paper.

To give an idea of how large this is, my house is 2400 square feet with (I believe) 10 foot high ceilings (because of the heat in Las Vegas). That’s 24,000 cubic feet. So IRS paper records would fill more than 227 of my sized home. It’s frightening to think of all that paper.

The Taxpayer Advocate noted the IRS needs $2.5 billion over six years to complete its (hoped for) modernization program. They received $150 million in the 2019 fiscal year and $180 million in the 2020 fiscal year for modernization. At the current rate, it will take more than 12 additional years to complete it.

The TIGTA report looked at the ability to get specific pieces of paper. Retrieving that paper is necessary for audits and many other required IRS tasks. TIGTA had requests sent through normal channels for tax returns and examination case files. Most of the time the records could be found. However, 6% of examination case files and 3% of tax returns could not be located. An additional 23% of examination case files and 10% of tax returns were not provided timely.

The TIGTA report should be looked in its entirety for a depressing picture of the reality (vis-a-vis computer systems) at the IRS. It’s not that IRS management disagrees with TIGTA on the recommendations that TIGTA made (they agreed with the four recommendations in the report); rather, the problem is that the IRS almost certainly doesn’t have the money to complete the necessary tasks.

Here’s an example from real life: A fellow tax professional’s client mailed in a Form 1040X last year. That client just received a letter stating, “We have a record of receiving your Form 1040X for the 2018 tax year. We cannot find it. Please send another signed copy by mail to this office….”

I’ve been impacted by this. I had a client a few years ago request an ITIN (Individual Taxpayer Identification Number) for his child. The ITIN unit managed to lose the paperwork (sent by certified mail) three times, including once when it was hand-carried to them by the Taxpayer Advocate Office! (Thankfully, the Taxpayer Advocate kept a copy and the fourth time was a charm!)

Do I think Congress will loosen the purse strings here? Well, maybe before I retire….

“Hello, It Has Been Detected That You Are a Scammer….”

Thursday, November 16th, 2017

After recovering from a bout with the flu I attended continuing education yesterday with the Nevada Society of Enrolled Agents. We had a presentation from a Special Agent with TIGTA (the Treasury Inspector General for Tax Administration). One of the most interesting things he mentioned was that TIGTA is now robocalling IRS scammers, preventing them from calling out. (They’re also conducting lots of investigations of these scammers and have had some successes. Unfortunately, this is a lot like killing weeds: You get rid of one and two more pop up.)

There’s at least one individual who created something where he has been calling IRS scammers; by flooding their phone lines it prevents them from calling out. I do need to warn you that if you do this yourself you may be violating the law. Luckily, there’s no problem with TIGTA making these robocalls to block the scammers.

Here’s a YouTube video from “Project Mayhem.” (There is some NSFW language.) The advice from Project Mayhem is correct: If you get one of these calls, hang up. If they claim to be from a reputable company (and it’s someone you’re doing business with), hang up, look up their phone number, and you call them. If it’s from the IRS and you think you owe money to the IRS, check with your tax professional or call the IRS up yourself (800-829-1040).

IRS to Tax Professionals: Rules for Thee but Not for Us

Thursday, October 8th, 2015

Today I received an alert from the IRS that a new version of Publication 4557 is available. (At this point, only the web version of the publication is available.) Interestingly, the IRS notes the following:

To safeguard taxpayer information, you must determine the appropriate security controls for your environment based on the size, complexity, nature and scope of your activities. Security controls are the management, operational and technical safeguards you may use to protect the confidentiality, integrity and availability of your customers’ information. Examples of security controls are:

1. Locking doors to restrict access to paper or electronic files;
2. Requiring passwords to restrict access to computer files;
3. Encrypting electronically stored taxpayer data;
4 .Keeping a backup of electronic data for recovery purposes;
5. Shredding paper containing taxpayer information before throwing it in the trash.
6. Do not mail unencrypted sensitive personal information.

Further, Authorized IRS e-file Providers that participate in the role as an Online Provider must follow the six security, privacy and business standards to better serve taxpayers and protect their individual income tax information collected, processed and stored. See “Safeguarding IRS e-file” in Publication 1345 for more information. [emphasis added]

There’s nothing wrong with these recommendations; in fact, they’re excellent. But note that the IRS says that authorized e-file providers that participate in the role as an Online Provider must follow these rules.

I highlighted the last rule (#6, above) regarding mailing unencrypted sensitive personal information. Why? Because the IRS is one of the biggest offenders in this area. Indeed, just yesterday TIGTA (the Treasury Inspector General for Tax Administration) issued a report stating this. From the TIGTA press release:

In Fiscal Year 2014, the IRS mailed more than 141 million notices and 37 million letters to taxpayers for various reasons, to help them understand and meet their tax obligations. In a prior review, TIGTA reported that the IRS had not made significant progress in redacting or masking taxpayers’ SSNs from systems, notices, and forms. This audit was initiated to assess the IRS’s progress in eliminating taxpayer SSNs from correspondence.

TIGTA found that as of January 2015, the IRS estimates that it has removed SSNs from 58 (2 percent) of the 2,749 types of letters and 93 (48 percent) of the 195 types of notices it issues.

“A person’s Social Security Number is the most valuable piece of personal data identity thieves can obtain.” said J. Russell George, Treasury Inspector General for Tax Administration. “The fact that the IRS does not have processes and procedures to accurately identify all correspondence that contain Social Security Numbers remains a concern.”

There’s not much to add to this. The IRS needs to act on this as they are a far larger source of identity theft than tax professionals. I state that as I open up an IRS letter and an IRS notice to clients that both contain their social security numbers. And there was the IRS notice which didn’t have the full social security number but put the number within a bar code instead….

TIGTA: “IRS Can’t Track International Correspondence.” IRS: “So What.”

Wednesday, September 30th, 2015

The nature of my practice is such that I have a relatively large number of clients who live outside the United States. When one of my expatriate clients gets an IRS notice, I shudder. The IRS offices that handle international issues have issues with correspondence coming from the US. I’ve had to send the same item five times to the ITIN office…where it was lost five times. (At least they were consistent.) It turns out that the IRS doesn’t know what happens to much of the mail the agency sends overseas.

It was no surprise when I read a report issued by TIGTA (the Treasury Inspector General for Tax Administration) today titled, “Planned Improvements Have Not Been Made to Manage and Track Correspondence With International Taxpayers.” Here’s what TIGTA found:

Even though the IRS sent approximately 855,000 notices and letters to U.S. taxpayers living in other countries during Calendar Year 2014, it cannot determine taxpayer response rates. The lack of data on response rates for international taxpayers is problematic because this information is needed to determine the effectiveness of international correspondence on increasing taxpayer compliance and to make program improvements.

IRS data systems are not designed to accommodate the different styles of international addresses, which can cause notices to be undeliverable. Other factors complicate the delivery of international mail, making its delivery less certain than domestic correspondence.

In addition, the IRS generally does not know if international taxpayers receive the tax correspondence sent to them. Without specific controls to monitor and metrics to measure international tax correspondence, the IRS cannot determine the impact of its international tax correspondence on taxpayer compliance.

TIGTA made five recommendations; the IRS disagreed with all but one of them:

While the IRS generally agreed that TIGTA’s recommendations could provide additional insight into the factors contributing to undeliverable international mail, it does not believe this information would permit the IRS to overcome budgetary, statutory, and operational constraints as needed to achieve appreciable improvement in its current processes. TIGTA does not believe that the IRS’s response is adequate because current IRS processes for addressing international mail issues are ineffective or nonexistent.

So what should you do if you’re an international taxpayer? The easiest solution is to have someone in the US designated to receive a copy of your correspondence from the IRS. You can do this by completing Form 8821 and checking box 5a (“If you want copies of tax information, notices and other written communications sent to the appointee on an ongoing basis, check this box”). The instructions for Form 8821 are here.

By the way, I completely agree with what TIGTA wrote–that the IRS’s response is inadequate. But don’t worry, the IRS’s Annual Filing Season Program is continuing….

The Scamsters Haven’t Stopped

Thursday, May 1st, 2014

One of my clients called me first thing this morning (we’ll call him Joe from Richmond, Virginia; all names and cities have been changed to protect the innocent and guilty). Joe said he got a phone call from David. David identified himself as working for the IRS in Seattle. David accused Joe of not paying his taxes from 2008 – 2011; that Joe had not responded to a threat of a lawsuit that was mailed to him in December 2013; that unless Joe acted that lawsuit would be filed by the IRS. David told Joe Joe’s address and the first five digits of Joe’s social security number to “verify” his story.

Joe hung up the phone on David.

The phone call Joe received was almost certainly a variation of this scam:

TIGTA Warns of “Largest Ever” Phone Fraud Scam Targeting Taxpayers

WASHINGTON — The Treasury Inspector General for Taxpayer Administration (TIGTA) today issued a warning to taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.

“This is the largest scam of its kind that we have ever seen,” said J. Russell George, the Treasury Inspector General for Tax Administration. George noted that TIGTA has received reports of over 20,000 contacts and has become aware of thousands of victims who have collectively paid over $1 million as a result of the scam, in which individuals make unsolicited calls to taxpayers fraudulently claiming to be IRS officials.

“The increasing number of people receiving these unsolicited calls from individuals who fraudulently claim to represent the IRS is alarming,” he said. “At all times, and particularly during the tax filing season, we want to make sure that innocent taxpayers are alert to this scam so they are not harmed by these criminals,” George said, adding, “Do not become a victim.”

Inspector General George urged taxpayers to heed warnings about the sophisticated phone scam targeting taxpayers, noting that the scam has hit taxpayers in nearly every State in the country. Callers claiming to be from the IRS tell intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer. The scammers threaten those who refuse to pay with arrest, deportation or loss of a business or driver’s license.

The truth is the IRS usually first contacts people by mail – not by phone – about unpaid taxes. And the IRS won’t ask for payment using a pre-paid debit card or wire transfer. The IRS also won’t ask for a credit card number over the phone.

“If someone unexpectedly calls claiming to be from the IRS and uses threatening language if you don’t pay immediately, that is a sign that it really isn’t the IRS calling,” he said.

The callers who commit this fraud often:

  • Use common names and fake IRS badge numbers.
  • Know the last four digits of the victim’s Social Security Number.
  • Make caller ID information appear as if the IRS is calling.
  • Send bogus IRS e-mails to support their scam.
  • Call a second time claiming to be the police or department of motor vehicles, and the caller ID again supports their claim.

If you get a call from someone claiming to be with the IRS asking for a payment, here’s what to do:

  • If you owe Federal taxes, or think you might owe taxes, hang up and call the IRS at 800-829-1040. IRS workers can help you with your payment questions.
  • If you don’t owe taxes, call and report the incident to TIGTA at 800-366-4484.
  • You can also file a complaint with the Federal Trade Commission at Add “IRS Telephone Scam” to the comments in your complaint.

TIGTA and the IRS encourage taxpayers to be alert for phone and e-mail scams that use the IRS name. The IRS will never request personal or financial information by e-mail, texting or any social media. You should forward scam e-mails to Don’t open any attachments or click on any links in those e-mails.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes winner) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.

Given that Joe has paid his taxes without fail every year, that the IRS would send multiple notices about unpaid taxes, and the fact that the IRS doesn’t file lawsuits (the US Department of Justice acts as the legal arm for the IRS when the IRS initiates legal action), the chance that David was telling the truth is about the same as it snowing in Las Vegas in August.

Joe did the right things. He reported this to TIGTA (see above on how to do that), and he has saved (for now) the follow-up phone message where David whined at Joe for hanging up the phone on him and that action “wasn’t professional.” Joe also sent in an Identity Theft Affidavit to the IRS because it appears others do have his confidential personal information. (He’ll also be adding fraud alerts to his credit reports.)

Almost always, the IRS initiates contact through the US mail. If you owe significant money, IRS Collections will sometimes knock on your door and leave a business card. If you file an appeal with the IRS, that conversation may come by phone (but you would first get a letter from IRS Appeals).

If you get a phone call like Joe did, it probably is a scam. If you owe taxes, call the IRS back (800-829-1040); they can tell you if your account has been assigned to collections and whom to contact. If you don’t owe the IRS money, call TIGTA.

I’m hopeful that David and his ilk see the inside of ClubFed for a long, long time.

While I Was Out: TIGTA Assails IRS’s ITIN Management and Did Harry Reid Violate the Law?

Wednesday, August 8th, 2012

My vacation is over, and that’s not a good thing (for me). While I was enjoying my time off, our Congresscritters remain in a bickering mood. A close election–and this year’s presidential race will likely be one such race–means that neither side wants to give. Who cares about all those expiring tax laws at year-end, or the AMT patch….

Meanwhile, the Taxgirl (Kelly Phillips Erb) has a post regarding Senator Harry Reid’s remarks about Republican presidential candidate Mitt Romney’s taxes. A CPA is claiming that Senator Reid’s remarks are illegal. As a Nevadan, the remarks appear distasteful. IRS Commissioner Shulman, I suppose, will have to decide whether to forward the case to the Department of Justice. And given that Senator Reid is a Democrat, the chance of any prosecution is the same as it snowing today in Las Vegas (it’s 101 F right now).

Meanwhile, TIGTA (the Treasury Inspector General for Tax Adminstration) released a report that’s very critical on the Individual Taxpayer Identification Number (ITIN) program. From the Highlights of the report:

This audit was initiated because TIGTA received IRS employee complaints referred from members of Congress alleging that IRS management responsible for overseeing the ITIN operation was encouraging employees to assign ITINs to applicants when the ITIN application was fraudulent…

TIGTA substantiated many of the allegations set forth in the IRS employees’ complaints. The complaints alleged that IRS management is not concerned with addressing questionable applications and is interested only in the volume of applications that can be processed, regardless of whether they are fraudulent.

The audit found that the ITIN application review and verification process is so deficient that there is no assurance that ITINs are not being assigned to individuals submitting questionable applications. Because of lax documentation requirements to obtain an ITIN, tax fraud can go undetected.

Ouch. This report is absolutely scathing. The IRS has “Eliminated successful processes used to identify questionable ITIN application fraud patterns and schemes.” There’s plenty more, and the entire report should be read. Reuters has a report on it, too.

At Least They Got 30% Right…

Thursday, December 24th, 2009

Government efficiency is usually thought of as an oxymoron. Yet another example of this has come to light—this time, in the world of tax. The Treasury Inspector General for Tax Administration (TIGTA) audited the IRS’ assignment of Individual Taxpayer Identification Numbers (ITINs) and found:

“TIGTA reviewed a sample of ITIN applications and found that almost 70% contained significant errors and/or raised concerns that should have prevented the issuance of an ITIN. The IRS estimates that it has issued more than 14 million ITINs as of December 2008.”

And we’re going to be giving healthcare work to the IRS, too?!?

HatTip: TaxProf Blog