Enforcement of Tax Laws

Image

Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.

The Internal Revenue Service (IRS) continues to demonstrate top leadership commitment for improving tax compliance and has made strides in improving tax gap data. The agency has also taken steps to address identity theft (IDT) refund fraud through continued development and deployment of the Return Review Program (RRP), a system which screens returns for potential IDT and other refund fraud before IRS issues refunds.

However, IRS’s capacity to implement new initiatives, carry out ongoing enforcement and taxpayer service programs, and combat IDT refund fraud remains a challenge.

IRS continues to take actions toward meeting three other criteria for removal from our High-Risk List: developing a corrective action plan, monitoring, and demonstrating progress. The Coronavirus Disease 2019 (COVID-19) affected IRS enforcement operations and availability of services. Fraudulent schemes related to COVID-19 relief payments and tax credits may affect IRS capacity to address IDT refund fraud.

Addressing the Tax Gap

Image

Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2019, with IRS meeting one criterion, partially meeting three, and not meeting one.

Leadership commitment: met. IRS adopted a more strategic approach to identifying and selecting budget program priorities, among other steps. For instance, IRS’s fiscal year 2018-2022 strategic plan includes a goal to facilitate voluntary compliance and deter noncompliance that could help address the tax gap.

Capacity: not met. IRS continues to face capacity challenges with skills gaps and modernizing an aging technology infrastructure. IRS has not fully implemented strategic workforce planning initiatives, such as conducting workforce analysis, and creating and implementing a workforce plan, which could help address the challenges of carrying out ongoing enforcement and taxpayer service programs under an uncertain budgetary environment.

IRS prioritized hiring for information technology and cybersecurity areas but still faces mission-critical gaps for enforcement staff. In addition, IRS has also not evaluated the costs and benefits of expanding RRP to address more tax enforcement activities, such as underreporting and noncompliance more broadly.

Action plan: partially met. IRS is developing a strategy to improve the services it provides to make voluntary compliance easier for taxpayers and to ensure taxes owed are paid. As we reported in September 2020, IRS did not have performance goals and related measures for improving the taxpayer experience. IRS had said it planned to identify performance goals, measures, and targets as part of its report to Congress required by section 1101 of the Taxpayer First Act (Public Law 116-25). IRS released that report in January 2021. We are reviewing the report to determine the extent to which it addresses our prior recommendations.

Monitoring: partially met. IRS continues to use tax gap data to study compliance behaviors and update formulas designed to identify tax returns with a high likelihood of noncompliance. In 2019, IRS documented plans for addressing the noncompliance identified in its analysis of the National Research Program employment tax results.

However, IRS does not adequately measure the effect of some compliance programs—such as those used for large partnerships—because it has not clearly defined them, tracked the results, or analyzed how to better use audit resources.

Section 2301 of the Taxpayer First Act also allows IRS to further lower the electronic filing threshold for filers that file 100 or more information returns in 2021 or 10 or more in subsequent years. Expanded e-filing will help IRS identify which returns would be most productive to examine.

Additional steps to increase third-party reporting, such as for virtual currency and platform worker earnings, could help provide taxpayers useful information for completing tax returns and give IRS an additional tool to address noncompliance.

Demonstrated progress: partially met. IRS implemented some corrective measures to improve compliance and reduce the tax gap, including its use of RRP to screen individual returns claiming refunds, but more work remains to meet this criterion. IRS also lacks specific quantitative goals to reduce the tax gap or improve voluntary compliance.

Without long-term, quantitative voluntary compliance goals and related performance measures, it will be more difficult for IRS to determine the success of its strategies.

Refund Fraud Related to Identity Theft

Image

Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2019, with IRS meeting two criteria and partially meeting the other three.

Leadership commitment: met. IRS has demonstrated leadership commitment in addressing IDT refund fraud. For example, IRS has recognized the evolving challenge of IDT refund fraud in its strategic plans, expanded fraud detection activities, and implemented agency-wide antifraud efforts, including bringing officials together from across the organization to discuss potential fraud risks.

Capacity: partially met. RRP is IRS’s primary prerefund system for detecting IDT and other refund fraud, automating some of IRS’s manual processes for screening returns, and identifying fraud schemes. Although IRS can adjust RRP quickly to respond to emerging threats, IRS’s ability to combat IDT fraud continues to be challenged as a result of large-scale cyberattacks on various entities. Further, IRS lacks the governance structure to coordinate all aspects of IRS's efforts to protect taxpayer information while at third-party providers.

Action plan: met. IRS has a strategic plan that acknowledges its responsibility to safeguard taxpayer and IRS data, particularly given the growing incidence and sophistication of cyber and identity theft. It also includes actions that IRS plans to take to combat IDT, such as continuing collaboration with external parties and hiring staff for IDT-related efforts. Further, IRS is using RRP to automatically detect and prevent IDT and other refund fraud in individual returns.

Additionally, the Department of the Treasury established a priority goal for IRS to reduce IDT refund fraud through strategic partnerships, as well as enhanced detection models, data analytics, and filters by December 2021. IRS estimated it reduced the amount of unprotected IDT refund paid by 88 percent, about $1.9 billion, between processing year 2016 and 2018.

Monitoring: partially met. Continuously monitoring performance helps IRS better position itself to improve detection and prevention of identity theft. However, in July 2018, we found ways to improve and expand IDT refund fraud prevention—such as digitizing information from paper returns and making the information available to RRP. In June 2018, we reported that IRS also lacks internal controls to effectively monitor telephone, in-person, and correspondence authentication.

Additionally, as we reported in January 2020, IRS needs to develop a fraud risk profile for business IDT consistent with leading practices. This includes identifying fraud scenarios that pose the greatest risk of business IDT and developing fraud detection mechanisms for at least 25 additional tax forms.

Demonstrated progress: partially met. IRS has demonstrated some progress by developing tools and programs to further detect and prevent IDT refund fraud, such as RRP, which uses advanced analytic techniques and business rules to compare taxpayer-reported information to W-2s.

IRS has also made progress on implementing its foundational authentication initiatives and monitoring required resources to complete them. Further, IRS took steps to implement new federal online authentication standards and expects to be in compliance by February 2023.

Still, IRS has not integrated and prioritized authentication options from its new innovation process into its authentication strategy.