Part 4. Examining Process
Chapter 17. Compliance Initiative Projects
Section 3. Requirements
May 15, 2017
(1) This transmits revised IRM 4.17.3, Compliance Initiative Projects, Requirements.
(1) This section has been updated with the following significant changes:
IRM 18.104.22.168 –Added National CIP Database as a source to check for existing projects.
IRM 22.214.171.124 –Clarified CIP coordinator is responsible for managing data. Updated references for data control guidance.
IRM 126.96.36.199 –Added TE/GE.
IRM 188.8.131.52 – Added TE/GE.
IRM 184.108.40.206 –Updated references for security and record control guidance.
Acting Director, Exam Case Selection
Small Business/Self-Employed Division
This section describes the requirements for:
Approval of CIPs
Research of existing data or similar projects
Control, use and disposition of external data
Operational and Disclosure reviews
Privacy, security and disclosure
The appropriate Manager/Director must approve all CIPs and extensions. See IRM 4.17.4, Procedures, for complete approval process procedures.
CIPs must be approved before compliance contacts are made, that is, before taxpayers are contacted by any means as part of a compliance initiative including, but not limited to, taxpayer education, research, examination, or collection activity.
Valuable information may be obtained from existing data or similar projects. Research should be conducted to determine whether such data or projects exist. If a similar project is identified, the CIP coordinator should consider its methodology and results, if available, to determine how or if appropriate to proceed with the proposed project and document these in the Background and Objectives section of the authorization request. Some sources of information on other projects include:
Counterparts in other areas, functions, or units
National Headquarters Office of Research, Electronic Library
The National CIP Database or other internal databases
Preliminary research, that is non-taxpayer specific research, to determine whether there is potential compliance risk does not require an authorized CIP.
The CIP coordinator will control all external taxpayer specific data exclusively related to cases that are part of a CIP being worked by an examination or collection function. For further information on retention of taxpayer data or information, refer to Document 12990, Records and Information Management Records Control Schedule - Item 72 or Schedule 24.
Data can only be used for approved purposes. If new uses are developed for data already acquired, a separate authorization must be obtained prior to beginning the new use. Approval, if appropriate, must also be obtained from the source who provided the data.
The SB/SE PSP Territory Manager; Field Case Selection Program Manager; LB&I Compliance Planning & Analytics (CP&A) function for LB& I; W&I Director Refundable Credits Policy & Program Management; respective TE/GE Compliance Program Manager; or equivalent, will conduct an annual CIP operational review. Other compliance employees may be asked to assist. The objectives of the reviews are to evaluate:
Proper authorization and adherence to CIP procedures.
Compliance with Service policy and guidelines.
Accomplishment of results appropriate to the resources expended.
Adherence to privacy, security, and disclosure requirements.
Merits of continuing ongoing CIPs.
Items to consider include availability of resources, performance measurements and impact on compliance
Timely submission of termination reports.
Proper authorization for modifications to a project’s scope or estimated completion date.
Use of alternative treatments, and their results.
Any issues identified or actions taken as a result of the review should be documented by the Program Manager (or equivalent) and a copy of the results of the review should be shared with the appropriate Headquarter Director responsible for workload selection and delivery.
The disclosure manager may, as part of the normal quality review of functions, evaluate the controls on third party return information used for CIPs and provide a written report to the PSP Territory Manager/ Program Manager, Field Case Selection, LB&I CP&A, respective TE/GE Compliance Program Manager, or equivalent.
Disclosure managers will, at a minimum, address the following questions during quality reviews:
Was third party return information obtained which required the disclosure of internal data to obtain?
Was required headquarters approval obtained through the submission of a CIP authorization request as contained in this document?
Is the information being appropriately safeguarded?
Has the function complied with the terms of the approved CIP request concerning the intended use of the information and its timely final disposition?
The Privacy Act of 1974 provides the legal basis for limiting the actions of federal agencies in order to protect the privacy of individuals. IRC 6103, Confidentiality and Disclosure of Return Information, provides for the protection as well as release of returns or return information.
Only the minimum data required to accomplish a task should be gathered. The data must be appropriate, relevant, and necessary for the project. It must be protected against unauthorized disclosure and disposed of appropriately after it is has been used for its intended purpose. IRM 11.3, Disclosure of Official Information contains additional information.
Physical controls required by IRM 10.2, Physical Security Program, must be used to protect taxpayer information. Additional information may be found in IRM 1.15, Records and Information Management.
All computer systems containing taxpayer information must adhere to the Computer Security Act of 1987 and to the requirements of IRM 10.8, Information Technology Security.