Exempt Organizations and Government Entities Audit System
Privacy Impact Assessment – Exempt Organizations and Government Entities Audit System
DEXP System Overview
DEXP is an internal IRS system that produces Exempt Organization (EO) and Government Entity (GE) management information reports containing current fiscal year data on open and closed EO and GE examination cases. The reports are generally downloaded on a monthly basis from the IBM mainframe in Detroit by 11-25 TE/GE users in field offices across the country and are used by TE/GE managers for monitoring their examination programs.
The examination case data included in DEXP originates from the IRS’ Audit Information Management System (AIMS) and is passed to TE/GE’s Base Inventory Master File (DIMF-BIMF) application in Detroit on a monthly basis. DIMF-BIMF validates the data and passes it to DEXP as well as the DPTE and RICS systems.
The information captured locally on individual examination cases conducted by TE/GE revenue agents are input into AIMS by TE/GE clerks in field area offices. These data include, in part, information identifying the entity being examined, the particular return and tax period that was examined, the employee conducting the examination, the time expended on the case, the type of entity (exempt organization or government entity) that is being examined and a number of other data fields that specify why the particular return was selected, the issues identified during the examination and the final results of the examination. DEXP summarizes that data and creates a number of formatted reports at the group, area office and national levels.
DEXP users do not log directly into DEXP. Rather, they login to the Detroit mainframe and download the report files to their local system using File Transfer Protocol (FTP). Users have read only access to the zipped report files and are unable to make any changes to the preformatted reports.
System of Records Number(s)
24.046 CADE Business Master File
34.037 IRS Audit Trail and Security Records System
42.008 Audit Information Management System
50.222 Tax Exempt/Government Entities (TE/GE)Case Management Records
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. Taxpayer’s EIN or SSN, taxpayer’s name, type of return filed, the tax period of the return being examined and other data elements indicating the nature of the examination being conducted and the results of the examination.
B. Agent Name and Grade and time expended on the examination.
C. There is no formal audit trail associated with DEXP since it merely contains pre-formatted reports that are read only. However, access to the reports in DEXP by users is controlled by the OL 5081 process which is approved by both local managers and HQ analysts on a need to know basis.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. All data elements within DEXP are obtained from DIMF-BIMF which in turn obtains its data from the Audit Information Management System (AIMS).
B. No information in DEXP is obtained directly from taxpayers. Taxpayer information is input to AIMS by TE/GE field employees, passes through DIMF-BIMF for validation and goes to DEXP for creation of examination reports.
C. Agents provide their name and grade for AIMS input purposes but no information is provided by employees directly into DEXP.
D., E., F. None.
3. Is each data item required for the business purpose of the system? Explain.
Yes. DEXP users download summary reports containing this data in order to identify the types of organizations being audited and the results of those audits. Identifying this type of data enables TE/GE management to target future examination programs toward the entities that most likely will not be in compliance with tax laws.
4. How will each data item be verified for accuracy, timeliness, and completeness?
DIMF-BIMF receives and validates data from the Audit Information Management System (AIMS) related to TE/GE activities. The data is validated against predetermined criteria that are programmed into the system. Errors in data must be corrected before credit for examination completion is recognized. DIMF-BIMF feeds this validated data to DEXP which creates Area office and National level reports.
5. Is there another source for the data? Explain how that source is or is not used.
Yes. DIMF-BIMF receives examination data from AIMS and sends data to DEXP, DPTE and RICS. AIMS is used at the local field office level for monitoring examination case inventory; DEXP and DPTE generate summary reports at the area and national levels of inventory and accomplishments, and RICS uses the data for historical trend analysis and research.
6. Generally, how will data be retrieved by the user?
DEXP produces reports that are placed within an area of the MITS 19 GSS mainframe. The OL5081 process is followed for 11-15 TE-GE users who are granted access to these reports at the file level. Users then FTP these reports to their local systems.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
No. DEXP reports of examinations conducted and in process are pre-formatted reports and not retrievable by a personal identifier; however, some of the reports and the error registers generated by the system do contain personal identifier information.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
DEXP has no direct user interfaces. Users are granted access to the standardized reports contained in DEXP through the OL 5081 approval process. Administrators (IRS MITS employees) are granted access only for troubleshooting purposes. This access is time limited and granted by a supervisor.
9. How is access to the data by a user determined and by whom?
Users have no direct access to individual DEXP data records. Users are granted access to DEXP standardized reports through the OL5081 procedures, which requires management approval.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
Yes. DEXP relies on DIMF-BIMF to supply its data. The data in DEXP includes over 100 separate data elements that identify, in part, the taxpayer, the return, the agent and the results of the examination.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
Certification and Accreditation (C&A):
The following systems do not hold a current Certification and Accreditation in the Mission Assurance Master Inventory:
* DIMF-BIMF (C&A in process)
Privacy Impact Assessment (PIA):
The following systems do not have a current Privacy Impact Assessment in the Office of Privacy Inventory:
* DIMF-BIMF (PIA in process)
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
The files are overwritten each month as new monthly files are received. This conforms with IRM 188.8.131.52-1, 73.(2) (a) Data Center Reports – Destroy 2 years after report date or when no longer needed in current operations, whichever is earlier.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
No. DEXP is an internal system only. Due process to taxpayers is afforded at the revenue agent level at the conclusion of the examination.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors? Not Applicable.