Thursday, April 5, 2012

Audit Reports on the IRS - the not perfect and the pretty bad

The Treasury Inspector General for Tax Administration (TIGTA) has issued two press releases dealing with IRS operations. The first, issued on April 3, is headlined, "IRS Computer Security Center Effective, Could Be Better." The problems with Computer Security Incident Response Center (CSIRC) include the "host-based intrusion detection system is not monitoring 34 percent of IRS servers, which puts the IRS network and data at risk." Overall, though, CSIRC is described as "effectively performing most of its responsibilities for preventing, detecting, and responding to computer security incidents." And, "The IRS agreed with the recommendations and corrective actions are planned or in process for five of the six recommendations." The press release is here and the audit report is here.

The 2nd press release, issued today, is not so favorable. "TIGTA Finds IRS Designated Payment Codes Inaccurate and Ineffective." The IRS is supposed to keep track of payments from tax payers in a manner that allows appropriate people within the IRS to later determine what a payment was for. This is important when determining what additional collection actions may (or may not) need to be taken. Designated Payment Codes (DPCs) are supposed to be used to provide that information when the payment is related to an IRS enforcement action. "TIGTA reviewed a statistical sample of 138 subsequent payments that posted to taxpayer balance due accounts. Auditors determined that 106 (77 percent) of the 138 subsequent payments were processed without the required DPC. In addition, 11 (34 percent) of the 32 subsequent payments that had a DPC were not accurate." 138 may not sound like a large sample but if it was randomly selected from even a very large population, then it probably gives a good picture of that population. Part of the problem is the IRS does not have DPCs for many payment types and the procedures for applying DPCs are inconsistant. The press release conclusion states, "TIGTA made five specific recommendations to encourage the IRS's more consistent and accurate use of DPCs. IRS management disagreed with TIGTA's findings and recommendations and said they plan to complete their own review of DPCs. TIGTA noted that the IRS has already completed an internal study and did not use its results due to concern over its reliability. The IRS took no further action except to initiate another study." The press release is here and the audit report is here.

There have been enough horror stories about computer systems being hacked into for people to understand threats implied in the April 3 press release. Not coding payments correctly may not be seen as that big a deal -- until you make a payment and the IRS says you didn't because they couldn't code it properly. Sure, the problem gets worked out eventually but not until you (or your accountant) have spent a lot of time proving you did what you said you did.

Taxpayers can maximize the chances of receiving proper credit for a payment by following the related instructions. Send the payment to the correct address. Include any required documentation. Indicate on the memo line of the check what the payment is for.

For what it's worth, this statement caught my eye. "... the IRS has already completed an internal study and did not use its results due to concern over its reliability. The IRS took no further action except to initiate another study." One definition off irrational behavior is doing the same thing over again and expecting a different outcome. I guess (or hope) the second study is being conducted differently from the first.

No comments:

Post a Comment