Identity theft protection process at IRS needs improvements, TIGTA says

Identity theft was the number one type of consumer complaint in 2011, according to the Federal Trade Commission, and some practitioners have asked if tax-related identity theft has become an epidemic. In light of the growing problem, the Treasury Inspector General for Tax Administration (TIGTA) recently audited the IRS’s Taxpayer Protection Program, to assess how the Service is handling the explosive growth in tax return identity theft in recent years.

TIGTA found that the IRS has greatly improved the program since the 2012 filing season, but that additional changes should be made (The Taxpayer Protection Program Improves Identity Theft Detection; However, Case Processing Controls Need to Be Improved, TIGTA Report No. 2013-40-062 (June 21, 2013)). The report looked at the program controls used to process suspected cases, not at the adequacy of IRS filters in identifying potential tax identity theft fraudulent refund claims, which will be the subject of a separate TIGTA review.

Improvements noted

TIGTA’s first finding was that the Taxpayer Protection Program improves identity theft detection and that the improvements made since the 2012 filing season helped even more. In 2012, the program identified 324,670 tax returns involving identity theft and prevented the issuance of fraudulent tax refunds totaling $2.2 billion. During the 2012 filing season (for 2011 returns), only 10 employees were assigned to answer the toll-free telephone hotline, and as a result only 24% of the calls to the number reached an employee. For the 2013 filing season, responsibility to answer the toll-free number was transferred to the Wage and Investment Division’s Accounts Management function, where more than 200 employees answered the phones. 

Other improvements were the development of clear guidelines for employees to follow in working potential identity theft cases. TIGTA interviewed a number of IRS employees, all of whom said the guidelines were helpful and that management listened to their suggestions for improvement.

Shortcomings

Under the program, the IRS mailed 375,742 letters to taxpayers during calendar year 2012, asking the taxpayer to verify that he or she filed the return. If the letter is returned as undeliverable, there is no response, or the tax return is determined to involve identity theft, the IRS does not process the return and places an identity theft indicator on the return. However, TIGTA found that required case tax identity theft indicators were not always placed on taxpayer accounts because Taxpayer Protection Program employees did not consistently follow procedures to input these indicators and because the format for entering information was not consistent, which resulted in mismatched taxpayer identification numbers (TIN).

The second shortcoming was that employees in the Taxpayer Protection Program were not updating the central IRS Account Management Services (AMS) system with the actions they had taken on taxpayers’ identity theft accounts. TIGTA explained that it was crucial that employees accurately update the AMS system because managers use it to identify the inventory of open and closed cases and to review case work.

Third, TIGTA found that the IRS had not established procedures to track how long identity theft cases took to resolve. The IRS claimed that it took an average of 15 minutes from the time a taxpayer placed a telephone call to resolve cases, but TIGTA noted that this did not account for taxpayer attempts to contact the IRS by mail, pointing specifically to taxpayer letters that had not been assigned to an employee in the three months after they were received.

The final criticism was the lack of documentation of training that Taxpayer Protection Program employees had received. The IRS provided TIGTA with a list of the employees who had received the training, but kept no other records and did not require training to be documented in the Enterprise Learning Management System, the IRS’s centralized storage location for employee training records.

Recommendations

TIGTA made four recommendations to address these shortcomings, all of which the IRS agreed to implement:

• Develop a process to ensure that required identity theft indicators are placed on taxpayer accounts;
• Develop a process to be sure that employees are properly updating the AMS system with the actions they have taken on identity theft cases;
• Develop a system to measure how long it takes to resolve cases and be sure the measurement begins at the first taxpayer contact;
• Be sure employees receive the required training and that records are kept in the Enterprise Learning Management System.

—Sally P. Schreiber (sschreiber@aicpa.org) is a JofA senior editor.