Employee Plans Audit Information Management System
Privacy Impact Assessment – Employee Plans Audit Information Management System - Project DPTE
DPTE System Overview
DPTE is an internal IRS system that produces Employee Plans (EP) management information reports containing current fiscal year data on open and closed EP examination cases. The reports are generally downloaded on a monthly basis from the IBM mainframe in Detroit by 11-25 TE/GE users in field offices across the country and are used by TE/GE managers for monitoring their examination programs.
The examination case data included in DPTE originates from the IRS’ Audit Information Management System (AIMS) and is passed to TE/GE’s Base Inventory Master File (DIMF-BIMF) application in Detroit on a monthly basis.
DIMF-BIMF validates the data and passes it to DPTE as well as the DEXP and RICS systems.
The information captured locally on individual examination cases conducted by TE/GE revenue agents are input into AIMS by TE/GE clerks in field area offices. These data include, in part, information identifying the entity being examined, the particular return and tax period that was examined, the employee conducting the examination, the time expended on the case, the type of entity (employee plan) that is being examined and a number of other data fields that specify why the particular return was selected, the issues identified during the examination and the final results of the examination. DPTE summarizes that data and creates a number of formatted reports at the group, area office and national levels.
DPTE users do not log directly into DPTE. Rather, they login to the Detroit mainframe and download the report files to their local system using File Transfer Protocol (FTP). Users have read only access to the zipped report files and are unable to make any changes to the preformatted reports.
System of Records Number(s)
Treasury/IRS 24.046, CADE Business Master File (BMF)
Treasury/IRS 34.037, IRS Audit Trail and Security Records System
Treasury/IRS 42.008, Audit Information management System (AIMS)
Treasury/IRS 50.222, TE/GE Case Management Records
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)
A. Taxpayer’s EIN or SSN, taxpayer’s name, type of return filed, the tax period of the return being examined and other data elements indicating the nature of the examination being conducted and the results of the examination.
B. Agent Name and Grade and time expended on the examination.
C. There is no formal audit trail associated with DPTE since it merely contains pre-formatted reports that are read only. However, access to the reports in DPTE by users is controlled by the OL 5081 process which is approved by both local managers and HQ analysts on a need to know basis.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. All data elements within DPTE are obtained from DIMF-BIMF which in turn obtains its data from the Audit Information Management System (AIMS).
B. No information in DPTE is obtained directly from taxpayers. Taxpayer information is input to AIMS by TE/GE field employees, passes through DIMF-BIMF for validation and goes to DPTE for creation of examination reports.
C. Agents provide their name and grade for AIMS input purposes but no information is provided by employees directly into DPTE.
D., E., F. None.
3. Is each data item required for the business purpose of the system? Explain.
Yes. DPTE users download summary reports containing this data in order to identify the types of organizations being audited and the results of those audits. Identifying this type of data enables TE/GE management to target future examination programs toward the entities that most likely will not be in compliance with tax laws.
4. How will each data item be verified for accuracy, timeliness, and completeness?
DIMF-BIMF receives and validates data from the Audit Information Management System (AIMS) related to TE/GE activities. The data is validated against predetermined criteria that are programmed into the system. Errors in data must be corrected before credit for examination completion is recognized.
DIMF-BIMF feeds this validated data to DPTE which creates Area office and National level reports.
5. Is there another source for the data? Explain how that source is or is not used.
Yes. DIMF-BIMF receives examination data from AIMS and sends data to DEXP, DPTE and RICS. AIMS is used at the local field office level for monitoring examination case inventory; DEXP and DPTE generate summary reports at the area and national levels of inventory and accomplishments, and RICS uses the data for historical trend analysis and research.
6. Generally, how will data be retrieved by the user?
DPTE produces reports that are placed within an area of the MITS 19 GSS mainframe. The OL5081 process is followed for 11-15 TE-GE users which are granted access to these reports at the file level. Users then FTP these reports to their local systems.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
No. DPTE reports of examinations conducted and in process are not retrievable by a personal identifier; however, some of the reports and the error registers generated by the system do contain personal identifier information.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
DPTE has no direct user interfaces. Users are granted access to the standardized reports contained in DPTE through the OL 5081 approval process. Administrators (IRS MITS employees) are granted access only for troubleshooting purposes. This access is time limited and granted by a supervisor.
9. How is access to the data by a user determined and by whom?
Users have no direct access to DPTE data. Users are granted access to DPTE reports through the OL5081 procedures, which requires management approval.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
Yes. DPTE relies on DIMF-BIMF to supply its data. The data in DPTE includes over 100 separate data elements that identify, in part, the taxpayer, the return, the agent and the results of the examination.
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
Certification and Accreditation (C&A):
The following systems do not hold a current Certification and Accreditation in the Mission Assurance Master Inventory:
* DIMF-BIMF (C&A in process)
Privacy Impact Assessment (PIA):
The following systems do not have a current Privacy Impact Assessment in the Office of Privacy Inventory:
* DIMF-BIMF (PIA in process)
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
The files are overwritten each month as new monthly files are received. This conforms with IRM 184.108.40.206-1, 73.(2) (a) Data Center Reports – Destroy 2 years after report date or when no longer needed in current operations, whichever is earlier.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability. No.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring. No.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
No. DPTE is an internal system only. Due process to taxpayers is afforded at the revenue agent level at the conclusion of the examination.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors? Not Applicable.