Report Type
Report Category
Submitting Agency
- (-) Railroad Retirement Board OIG (5)
- (-) Treasury Inspector General for Tax Administration (27)
- (-) U.S. Agency for International Development OIG (1)
- (-) U.S. Postal Service OIG (11)
- Department of Agriculture OIG (7)
- Department of Defense OIG (18)
- Department of Education OIG (15)
- Department of Health & Human Services OIG (28)
- Department of Homeland Security OIG (28)
- Department of Housing and Urban Development OIG (1)
- Department of Justice OIG (6)
- Department of Labor OIG (36)
- Department of the Interior OIG (8)
- Department of the Treasury OIG (37)
- Department of Transportation OIG (5)
- Department of Veterans Affairs OIG (27)
- Election Assistance Commission OIG (13)
- Environmental Protection Agency OIG (5)
- Farm Credit Administration OIG (1)
- Federal Deposit Insurance Corporation OIG (1)
- Federal Reserve Board & CFPB OIG (2)
- General Services Administration OIG (4)
- National Science Foundation OIG (11)
- National Security Agency OIG (1)
- Pandemic Response Accountability Committee (1)
- Pension Benefit Guaranty Corporation OIG (2)
- Securities and Exchange Commission OIG (1)
- Small Business Administration OIG (30)
- Social Security Administration OIG (3)
- Tennessee Valley Authority OIG (3)
State/Local Agency
State (State and Local Reports)
Fraud Type
Agency Reviewed
Related Organizations
Management Challenges
Any Recommendations
Any Open Recommendations
Reports
The Child Tax Credit Update Portal Was Successfully Deployed, but Security and Process Improvements Are Needed
The Child Tax Credit Update Portal Was Successfully Deployed, but Security and Process Improvements Are Needed
Ensure that the ELC coaches comply with existing agency requirements related to the independent verification and validation of all ELC artifacts.
Ensure that the ELC coaches comply with existing agency requirements related to the independent verification and validation of all ELC artifacts.
Ensure that the ELC coaches comply with existing agency requirements related to the independent verification and validation of all ELC artifacts.
Prioritize remediation efforts on the two noncompliant SADI system servers that have weighted noncompliance scores of less than 90 percent.
Prioritize remediation efforts on the two noncompliant SADI system servers that have weighted noncompliance scores of less than 90 percent.
Prioritize remediation efforts on the two noncompliant SADI system servers that have weighted noncompliance scores of less than 90 percent.
Ensure that only authorized approving authorities provide status updates and grant final approval of ELC artifacts during required milestone reviews.
Ensure that only authorized approving authorities provide status updates and grant final approval of ELC artifacts during required milestone reviews.
Ensure that only authorized approving authorities provide status updates and grant final approval of ELC artifacts during required milestone reviews.
Establish a formal process, which includes routine updates, to identify primary and proxy approvers for all ELC artifacts.
Establish a formal process, which includes routine updates, to identify primary and proxy approvers for all ELC artifacts.
Establish a formal process, which includes routine updates, to identify primary and proxy approvers for all ELC artifacts.
The Chief Information Officer should ensure that systems supported by the CSPs have an approved IRS ATO prior to a system’s deployment.
The Chief Information Officer should ensure that systems supported by the CSPs have an approved IRS ATO prior to a system’s deployment.
The Chief Information Officer should ensure that systems supported by the CSPs have an approved IRS ATO prior to a system’s deployment.
The Chief Privacy Officer should establish a process that complies with Office of Management and Budget requirements regarding the selection, implementation, assessment, and continuous monitoring of privacy controls.
The Chief Privacy Officer should establish a process that complies with Office of Management and Budget requirements regarding the selection, implementation, assessment, and continuous monitoring of privacy controls.
The Chief Privacy Officer should establish a process that complies with Office of Management and Budget requirements regarding the selection, implementation, assessment, and continuous monitoring of privacy controls.
The Chief Privacy Officer should ensure that formal documentation is created that shows that all the privacy controls applicable to the SADI system are properly selected, implemented, and assessed.
The Chief Privacy Officer should ensure that formal documentation is created that shows that all the privacy controls applicable to the SADI system are properly selected, implemented, and assessed.
The Chief Privacy Officer should ensure that formal documentation is created that shows that all the privacy controls applicable to the SADI system are properly selected, implemented, and assessed.
The Chief Information Officer should ensure that the Cybersecurity function validates that all required NIST physical and environmental protection and media protection controls are implemented.
The Chief Information Officer should ensure that the Cybersecurity function validates that all required NIST physical and environmental protection and media protection controls are implemented.
The Chief Information Officer should ensure that the Cybersecurity function validates that all required NIST physical and environmental protection and media protection controls are implemented.
The Chief Information Officer should ensure that the IRS prioritizes completing the processes that will validate newly built servers being placed into the production environment meet minimum compliance requirements and initiate vulnerability scanning and remediation during the server build process.
The Chief Information Officer should ensure that the IRS prioritizes completing the processes that will validate newly built servers being placed into the production environment meet minimum compliance requirements and initiate vulnerability scanning and remediation during the server build process.
The Chief Information Officer should ensure that the IRS prioritizes completing the processes that will validate newly built servers being placed into the production environment meet minimum compliance requirements and initiate vulnerability scanning and remediation during the server build process.
Ensure that all CTC Update Portal and SADI system associated POA&Ms (listed in Appendix II) are completed timely based on IRS-defined timelines and processes.
American Rescue Plan Act: Implementation of Advance Recovery Rebate Credit Payments
The Commissioner, Large Business and International Division, should coordinate with the territories to share information that will enable the territories to recover duplicate payments that the territories have issued, to the extent permitted under the relevant territory’s domestic law.
If Congress enacts additional stimulus payments, the Commissioner, Wage and Investment Division, should consider additional programming changes to prevent ineligible individuals from receiving advance payments, including individuals claimed as dependents or dependents claimed on multiple returns, nonresident individuals, individuals who had a filing status or filing partner change, deceased individuals, and individuals affected by the mentioned related programming errors.
Program and Organizational Changes Are Needed to Address the Continued Inadequate Tax Account Assistance Provided to Taxpayers
On September 20, 2021, we notified the Director, Accounts Management, that the Austin site was not requiring Accounts Management screeners to come into the office to perform their duties, resulting in a significant backlog and delays in inventory being routed to Accounts Management to be worked. We recommended that the IRS establish consistent guidance and clarification on when resources can be directed to the office to help with screening inventory, to ensure that sufficient staff is available to screen documents in a timely manner, and establish processes to monitor the progress,
The Commissioner, Wage and Investment Division, should update existing scanning software or obtain a new scanning software to
address document capacity concerns.
The Commissioner, Wage and Investment Division, should ensure that programming is updated to systemically reject electronic
submissions of Forms 2848 and 8821 when missing one of the five essential elements (name, address, signature, etc.) without manually mailing a rejection letter.
The Commissioner, Wage and Investment Division, should ensure that the rejection letter used for Forms 2848 and 8821 is updated
to include language that a revised form can be submitted electronically via an IRS Tax Pro Account25 or through Taxpayer Digital Communication.
Develop an action plan to prioritize the continued expansion of documents that can be sent in via electronic fax and converted into a CIS image.
The Commissioner, Wage and Investment Division, should develop an action plan to prioritize the continued expansion of documents that can be sent in via electronic fax and converted into a Correspondence Imaging System (CIS) image.
The Commissioner, Wage and Investment Division, should Identify priority work that needs to be expedited by the Image Control Team (ICT) and assess the feasibility of creating an electronic fax number to receive this inventory.
On July 12, 2021, TiGTA notified the Director, Accounts Management, of concerns regarding inaccuracies as it related to the compiling and reporting of the Accounts Management Inventory Report (AMIR). TIGTA recommended that the IRS perform a reconciliation of each Accounts Management site’s AMIR to the source reports to identify inventory inconsistencies and reporting errors by site
The Commissioner, Wage and Investment Division, should complete the inventory reconciliations for the four remaining Accounts
Management site’s to identify and correct inventory inaccuracies and inconsistencies and implement processes to provide oversight by periodically performing reconciliations for each site so that any future inconsistencies and errors are identified and corrected in a timely manner.
The Commissioner, Wage and Investment Division, should develop specific and detailed instructions for preparing the Accounts Management Inventory Report (AMIR), including how controlled and uncontrolled inventory should be captured
The Commissioner, Wage and Investment Division, should develop a process to systemically pull all controlled inventory for each
Accounts Management site for the Accounts Management Inventory Report (AMIR) to ensure consistency, reduce human error, and
increase efficiencies
The Commissioner, Wage and Investment Division, should modify Accounts Management inventory reporting to report unassigned
controlled inventory separately on the nationwide Accounts Management Inventory Report (AMIR) and limit the site-specific AMIRs to only
the inventory assigned to be worked in each site.
The Commissioner, Wage and Investment Division, should evaluate directing taxpayers to send tax account correspondence and
replies intended for Accounts Management directly to Campus Support Sites for processing to reduce backlogs at Tax Processing Centers and improve services to taxpayers.
The Commissioner, Wage and Investment Division, should prioritize the development and implementation of tools that will enable
taxpayers seeking assistance or responding to Accounts Management to correspond with the IRS electronically, including the ability to directly upload documents into Accounts Management’s inventory.
The Chief Taxpayer Experience Officer, in conjunction with the Director, IRS NEXT Office, should evaluate establishing two distinct IRS programs as part of the IRS reorganization under the Taxpayer First Act – one dedicated to answering toll-free telephone calls and one dedicated to working Accounts Management inventory – with adequate staffing to provide appropriate service to taxpayers using each channel.
On June 9, 2021, we notified the Director, Customer Account Services, that Submission Processing requested resources from Accounts Management to assist with clearing the Image Control Team (ICT) backlog and was told by Campus Support management that no resources could be made available to assist with reducing the ICT backlog. We recommended that the IRS assess the availability of Campus Support’s ICT staffing or other resources that could be made available to assist with clearing the ICT backlogs at Tax Processing Centers.
On September 3, 2021, we notified the Director, Accounts Management, of concerns relating to the newly stood-up Fresno Campus Support Site, including scanners not being used to the full extent possible. We recommended that IRS management provide us with it plans to address our concerns identified with the new Fresno Campus Support Site, including additional staffing to assist Image Control Team (ICT).
The Commissioner, Wage and Investment Division, should complete a strategic review of all 10 Image Control Team (ICT) sites to determine what contributes to the ICT’s inability to timely scan and validate documents. Based on the results of this review, initiate steps to address the concerns identified. This should include the development of an action plan to ensure that the high-capacity ICT scanners and staffing are realigned to the appropriate sites based on actual or expected inventory levels and that responsibility of the ICT operations are consolidated under the appropriate function.
The Commissioner, Wage and Investment Division, should cross-train additional mail clerks at Campus Support Sites to work Image Control Team (ICT) validations, freeing up additional resources in sites with higher inventories needing to be scanned, or consider shipping inventory to sites with less inventory to be scanned.
The Commissioner, Wage and Investment Division, should develop specific instructions and a common template for all 10 Image Control Team (ICT) sites to consistently capture ICT inventory information.
Railroad Retirement Board Did Not Implement Sufficient Internal Controls in the Mobile Phones Deployed as a Result of the Pandemic
The Bureau of Information Services should update their mobile phone policies to include and implement a National Archives and Records Administration-approved records schedule and transfer procedures for electronic records associated with mobile phones.
The Bureau of Information Services should develop and implement a records management and retention system for electronic records.
The Bureau of Information Services should research the capabilities of Railroad Retirement Board's Microsoft Azure Cloud's functionality to determine feasibility of incorporating the automated records management and retention capabilities to govern the mobile phones electronic records.
The Bureau of Information Services should submit a yearly affidavit to confirm electronic records associated with mobile phones have been identified and retained until the full transition into Microsoft Azure Cloud.
The Railroad Retirement Board's Director of Administration should define and communicate 'personal usage' establishing Railroad Retirement Board's core hours of 5:00 am to 7:00 pm. Any usage outside of core hours would be considered personal usage excluding business management purposes.
The Railroad Retirement Board's Bureau of Information Services should 1) continue efforts to update the Telecommuting and Mobile Security Computing Policy with current laws and regulations and 2) develop a periodic monitoring control to assess personal usage and address it according to agency guidance.
The Bureau of Information Services should incorporate the mobile phones in an existing assessable unit and update their mobile phone policies to include documentation regarding the specific roles and responsibilities of each office overseeing the mobile phone program.
The Bureau of Information Services should enforce and execute a review and approval process for application and software download and restrict access to specified applications found in their Railroad Retirement Board G-6 Rules of Behavior.
The Bureau of Information Services should implement procedures to periodically track, log, and monitor iPhone usage and the completion of the G-6 Acknowledgement Statement.
The Bureau of Information Services should periodically review the mobile phone inventory for completeness and accuracy to include a comparison with Railroad Retirement Board's personnel position index.
The Bureau of Information Services should implement the use of unique identifiers between disparate data sets (e.g., mobile phone inventory, personnel position index) to facilitate comparisons and reconcile inconsistent information.
Management Information Report - Railroad Retirement Board's Actions in Response to Pandemic Funding
The Bureau of Fiscal Operations should reconcile the obligations as reported to USAspending.gov and the weekly outlay report to determine the correct total for Coronavirus Disease 2019 obligations charged to the $5 million technology appropriation.
The Railroad Retirement Board's Executive Committee should establish a group tasked with hiring decisions for appropriated funds from the American Rescue Plan Act. This group should use documented and reliable procedures that are based on accurate and reliable data sources to determine hiring and staffing levels using appropriated funders from the American Rescue Plan Act.
The Railroad Retirement Board's Executive Committee should reconsider and revise its plans concerning hiring based on the American Rescue Plan Act appropriation because adequate supporting documentation had not been prepared.
American Rescue Plan Act: Assessment of Processes to Identify and Address Improper Child and Dependent Care Credit Claims
The Commissioner, Wage and Investment Division, should update processes to *****2***** from Form 2441 the care provider’s **2**
******************2*******************, and the amount paid to the care provider.
The Commissioner, Wage and Investment Division, should update paper verification processes to generate errors in the Error
Resolution System when the ****************2****************, or amounts paid to the care provider are missing
The Commissioner, Wage and Investment Division, should revise Form 2441 to include checkboxes to note whether dependent care
expenses are for a spouse or dependent who is physically or mentally incapable of caring for themselves or if special deemed earned income rules apply.
The Commissioner, Wage and Investment Division, should develop a process to identify tax returns with adult **********2**********
**************************2*****************************. These tax returns should be considered for selection for post-refund compliance reviews.
The Commissioner, Wage and Investment Division, should work with the Department of the Treasury, Office of Tax Policy, to obtain
the legal authority to disallow the Child and Dependent Care Credit (CDCC) when the primary or secondary taxpayer is identified by an ***2*** Individual Taxpayer Identification Number (ITIN) on Form 2441
The Commissioner, Wage and Investment Division, should develop a process to identify tax returns with ***2*** Individual Taxpayer Identification Numbers (ITINs) used to identify the care provider. These tax returns should be considered for selection for post-refund compliance review.
The Commissioner, Wage and Investment Division, should revise Form 2441 instructions and Publication 503, using examples, so
taxpayers may better understand the requirements for qualifying care and expenses
The Commissioner, Wage and Investment Division, should develop a process to identify tax returns with care provider ****************************************************2******************************. These tax returns should be selected for post-refund compliance review.
The Commissioner, Wage and Investment Division, should coordinate with the Small Business/Self-Employed Division to develop a compliance plan for post-refund treatment of cases involving **********************2********************************************** ****************************************************2********************************************** ****************************************************2**************************************************2***
The Taxpayer Advocate Service Assisted Thousands of Taxpayers With CARES Act Issues but Faced Challenges in Identifying and Tracking Applicable Cases
The National Taxpayer Advocate should reinforce existing guidance to ensure that Taxpayer Advocate Service (TAS) employees are adhering to: a) the Internal Revenue Manual (IRM) guidance concerning contacts not meeting TAS criteria and b) TAS policies related to the handling of congressional referrals.
The National Taxpayer Advocate should consider establishing an issue code for stimulus-type payments.
Effects of the COVID-19 Pandemic on Business Tax Return Processing Operations
The Commissioner, Wage and Investment Division, should coordinate with the Office of Servicewide Penalties to ensure that the 1,295 taxpayer accounts with potential incorrect ES penalties are reviewed and corrected as necessary.
The Commissioner, Wage and Investment Division, should coordinate with the Office of Servicewide Penalties to ensure that the 1,295 taxpayer accounts with potential incorrect ES penalties are reviewed and corrected as necessary.
The Commissioner, Wage and Investment Division, should evaluate the feasibility to direct additional types of payments from Tax Processing Centers to lockbox sites. This evaluation should also assess the feasibility of directing payments received by field office employees to lockbox sites for processing.
The Commissioner, Wage and Investment Division, should evaluate the feasibility to direct additional types of payments from Tax Processing Centers to lockbox sites. This evaluation should also assess the feasibility of directing payments received by field office employees to lockbox sites for processing.
The Commissioner, Wage and Investment Division, should evaluate the feasibility to direct additional types of payments from Tax Processing Centers to lockbox sites. This evaluation should also assess the feasibility of directing payments received by field office employees to lockbox sites for processing.
U.S. Postal Service Protection Against External Cyberattacks
Implement a consistent process to approve and update the access management system for all employees excluded from mandatory security awareness training and update information security policy to reflect the process.
Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.
Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.
Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.