What We Found
The Internal Revenue Service needs to increase its capacity to implement new initiatives, improve ongoing enforcement and taxpayer service programs, and combat identity theft refund fraud.
Since our 2019 High-Risk Report, ratings for all five criteria remain unchanged.
The Internal Revenue Service (IRS) continues to demonstrate top leadership commitment for improving tax compliance and has made strides in improving tax gap data. The agency has also taken steps to address identity theft (IDT) refund fraud through continued development and deployment of the Return Review Program (RRP), a system which screens returns for potential IDT and other refund fraud before IRS issues refunds.
However, IRS’s capacity to implement new initiatives, carry out ongoing enforcement and taxpayer service programs, and combat IDT refund fraud remains a challenge.
IRS continues to take actions toward meeting three other criteria for removal from our High-Risk List: developing a corrective action plan, monitoring, and demonstrating progress. The Coronavirus Disease 2019 (COVID-19) affected IRS enforcement operations and availability of services. Fraudulent schemes related to COVID-19 relief payments and tax credits may affect IRS capacity to address IDT refund fraud.
Addressing the Tax Gap
Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2019, with IRS meeting one criterion, partially meeting three, and not meeting one.
Leadership commitment: met. IRS adopted a more strategic approach to identifying and selecting budget program priorities, among other steps. For instance, IRS’s fiscal year 2018-2022 strategic plan includes a goal to facilitate voluntary compliance and deter noncompliance that could help address the tax gap.
Capacity: not met. IRS continues to face capacity challenges with skills gaps and modernizing an aging technology infrastructure. IRS has not fully implemented strategic workforce planning initiatives, such as conducting workforce analysis, and creating and implementing a workforce plan, which could help address the challenges of carrying out ongoing enforcement and taxpayer service programs under an uncertain budgetary environment.
IRS prioritized hiring for information technology and cybersecurity areas but still faces mission-critical gaps for enforcement staff. In addition, IRS has also not evaluated the costs and benefits of expanding RRP to address more tax enforcement activities, such as underreporting and noncompliance more broadly.
Action plan: partially met. IRS is developing a strategy to improve the services it provides to make voluntary compliance easier for taxpayers and to ensure taxes owed are paid. As we reported in September 2020, IRS did not have performance goals and related measures for improving the taxpayer experience. IRS had said it planned to identify performance goals, measures, and targets as part of its report to Congress required by section 1101 of the Taxpayer First Act (Public Law 116-25). IRS released that report in January 2021. We are reviewing the report to determine the extent to which it addresses our prior recommendations.
Monitoring: partially met. IRS continues to use tax gap data to study compliance behaviors and update formulas designed to identify tax returns with a high likelihood of noncompliance. In 2019, IRS documented plans for addressing the noncompliance identified in its analysis of the National Research Program employment tax results.
However, IRS does not adequately measure the effect of some compliance programs—such as those used for large partnerships—because it has not clearly defined them, tracked the results, or analyzed how to better use audit resources.
Section 2301 of the Taxpayer First Act also allows IRS to further lower the electronic filing threshold for filers that file 100 or more information returns in 2021 or 10 or more in subsequent years. Expanded e-filing will help IRS identify which returns would be most productive to examine.
Additional steps to increase third-party reporting, such as for virtual currency and platform worker earnings, could help provide taxpayers useful information for completing tax returns and give IRS an additional tool to address noncompliance.
Demonstrated progress: partially met. IRS implemented some corrective measures to improve compliance and reduce the tax gap, including its use of RRP to screen individual returns claiming refunds, but more work remains to meet this criterion. IRS also lacks specific quantitative goals to reduce the tax gap or improve voluntary compliance.
Without long-term, quantitative voluntary compliance goals and related performance measures, it will be more difficult for IRS to determine the success of its strategies.
Refund Fraud Related to Identity Theft
Ratings for this segment of the high-risk area remain unchanged since our previous High-Risk Report in 2019, with IRS meeting two criteria and partially meeting the other three.
Leadership commitment: met. IRS has demonstrated leadership commitment in addressing IDT refund fraud. For example, IRS has recognized the evolving challenge of IDT refund fraud in its strategic plans, expanded fraud detection activities, and implemented agency-wide antifraud efforts, including bringing officials together from across the organization to discuss potential fraud risks.
Capacity: partially met. RRP is IRS’s primary prerefund system for detecting IDT and other refund fraud, automating some of IRS’s manual processes for screening returns, and identifying fraud schemes. Although IRS can adjust RRP quickly to respond to emerging threats, IRS’s ability to combat IDT fraud continues to be challenged as a result of large-scale cyberattacks on various entities. Further, IRS lacks the governance structure to coordinate all aspects of IRS's efforts to protect taxpayer information while at third-party providers.
Action plan: met. IRS has a strategic plan that acknowledges its responsibility to safeguard taxpayer and IRS data, particularly given the growing incidence and sophistication of cyber and identity theft. It also includes actions that IRS plans to take to combat IDT, such as continuing collaboration with external parties and hiring staff for IDT-related efforts. Further, IRS is using RRP to automatically detect and prevent IDT and other refund fraud in individual returns.
Additionally, the Department of the Treasury established a priority goal for IRS to reduce IDT refund fraud through strategic partnerships, as well as enhanced detection models, data analytics, and filters by December 2021. IRS estimated it reduced the amount of unprotected IDT refund paid by 88 percent, about $1.9 billion, between processing year 2016 and 2018.
Monitoring: partially met. Continuously monitoring performance helps IRS better position itself to improve detection and prevention of identity theft. However, in July 2018, we found ways to improve and expand IDT refund fraud prevention—such as digitizing information from paper returns and making the information available to RRP. In June 2018, we reported that IRS also lacks internal controls to effectively monitor telephone, in-person, and correspondence authentication.
Additionally, as we reported in January 2020, IRS needs to develop a fraud risk profile for business IDT consistent with leading practices. This includes identifying fraud scenarios that pose the greatest risk of business IDT and developing fraud detection mechanisms for at least 25 additional tax forms.
Demonstrated progress: partially met. IRS has demonstrated some progress by developing tools and programs to further detect and prevent IDT refund fraud, such as RRP, which uses advanced analytic techniques and business rules to compare taxpayer-reported information to W-2s.
IRS has also made progress on implementing its foundational authentication initiatives and monitoring required resources to complete them. Further, IRS took steps to implement new federal online authentication standards and expects to be in compliance by February 2023.
Still, IRS has not integrated and prioritized authentication options from its new innovation process into its authentication strategy.
This high-risk area, added to the list in 1990, comprises two pressing challenges for IRS—addressing the tax gap and combatting IDT refund fraud. In 2019, IRS estimated that the average annual net tax gap—the difference between taxes owed and taxes paid on time—was $381 billion, on average, for tax years 2011-2013. IRS enforcement of the tax laws helps fund the U.S. government by collecting revenue from noncompliant taxpayers and, perhaps more importantly, promoting voluntary compliance by giving taxpayers confidence that others are paying their fair share.
IDT refund fraud occurs when an identity thief files a fraudulent tax return using a legitimate taxpayer’s identifying information and claims a refund. For calendar year 2018, IRS estimates that at least $6.1 billion in individual IDT refund fraud was attempted and that it prevented the theft of at least $6 billion of that amount. IRS estimated that it paid between $90 million and $380 million to fraudsters.
Addressing the Tax Gap
Over the years since we added this area to our high-risk list, we have made numerous recommendations related to this high-risk issue, 103 of which were made since the last High-Risk Report in 2019. As of December 2020, 213 recommendations are open. IRS should implement all of our recommendations on improving audit effectiveness and resource investments, such as
- re-establishing goals for improving voluntary compliance and developing and documenting a strategy that outlines how it will use its data to update compliance strategies;
- evaluating the costs and benefits of expanding RRP to analyze individual returns not claiming refunds to support other enforcement activities;
- taking steps to increase third-party reporting on taxable transactions involving virtual currency; and
- determining what thresholds would be the most appropriate for payment information reporting for platform workers who are independent contractors and, if warranted, recommending that Congress adjust the thresholds.
Congressional Actions Needed
Given that the tax gap has been a persistent issue, reducing the tax gap will require targeted legislative actions. Specifically, Congress should consider
- expanding third-party information reporting. For example, reporting could be required for certain payments that rental real estate owners make to service providers, such as contractors who perform repairs on their rental properties, and for payments that businesses make to corporations for services;
- providing IRS with authority—with appropriate safeguards—to correct math errors and to correct errors in cases where information provided by the taxpayer does not match information in government databases; and
- establishing requirements for paid tax return preparers to help improve the accuracy of the tax returns they prepare.
Refund Fraud Related to Identity Theft
We have made numerous recommendations related to IDT refund fraud, 14 of which were made since the last High-Risk Report in 2019. As of December 2020, all 14 recommendations are open. IRS should implement all of our recommendations for addressing IDT refund fraud, including
- implementing the most cost-effective method to digitize information provided by taxpayers who file returns on paper;
- implementing improvements to online authentication consistent with federal standards;
- developing internal controls to effectively monitor telephone, in-person, and correspondence authentication;
- developing a governance structure or other form of centralized leadership to coordinate all aspects of IRS's efforts to protect taxpayer information while at third-party providers;
- developing a fraud risk profile for business IDT consistent with leading practices; and
- identifying, prioritizing, and implementing new business IDT fraud filters consistent with its fraud risk profile.
Congressional Actions Needed
Given that IDT refund fraud has been an ongoing issue, combating it will require targeted legislative actions, including
- requiring that returns prepared electronically but filed on paper include a scannable code printed on the return to better leverage RRP’s capabilities; and
- providing IRS with explicit authority to establish security requirements for the information systems of paid preparers and Authorized e-file Providers.