305-586-2183 info@rushmoregroup.tax

TIGTA Says Most IRS Apps Unable to Track Unauthorized Users

TIGTA Says Most IRS Apps Unable to Track Unauthorized Users

The Internal Revenue Service in recent years has made many advancements in the online service sector, installing helpful applications to aid individual taxpayers. But a new audit shows that if an unauthorized user manages to get into the system, many times the applications are unable to show investigators where those intruders went.

The audit results come from the Treasury Inspector General for Tax Administration, or TIGTA. This latest audit was a follow-up on a previous study of the audit trail capabilities of online IRS applications.

While TIGTA gives the IRS credit for implementing solutions to address weakness in its audit trail policies, procedures and guidance, this latest study shows more work remains to be done.

“Implemented audit trail solutions are not effective, and the IRS continues to have challenges with ensuring that all applications are providing complete and accurate audit trails for monitoring and identifying unauthorized access and for other investigative purposes,” the Inspector General writes.

What did the TIGTA audit request?

TIGTA’s 27-page report says the IRS couldn’t provide its auditors with an accurate inventory of all the applications that store or process taxpayer data as well as Personally Identifiable Information (PII). Auditors believe such an inventory is critical as a baseline for all applications that need to be monitored for potential unauthorized access.

The report adds that the applications are required to provide audit trail records to an electronic repository that is set up for investigative purposes.

What were the TIGTA audit findings?

The TIGTA audit showed that a total of 67 IRS online applications should be monitored for unauthorized access.

“Of these 67 applications, TIGTA determined that six (9 percent) applications were providing accurate and complete audit trails, 30 (45 percent) applications were providing incomplete and inaccurate audit trails, and 31 (46 percent) applications were not providing any audit trails to the repository,” the report states.

In addition, not all applications with audit trail deficiencies were being tracked and monitored as required. This could allow unresolved deficiencies to persist indefinitely.

What are TIGTA’s recommendations?

TIGTA’s audit reports recommends that the Chief Information Officer of the IRS should:

  • ensure that a methodology is developed and implemented to identify and annually update the inventory of all applications that store or process taxpayer and Personally Identifiable Information for the purpose of detecting improper cyber activities and to reconstruct events for potential criminal investigations;
  • ensure that audit trail deficiencies are properly tracked and monitored as required;
  • ensure the internal policy and the Audit Trail Deficiency Memorandum template document clearly and consistently communicate each stakeholder’s responsibilities to ensure that the appropriate actions are taken when security weaknesses have been identified.

In its response, the IRS agreed to properly track audit trail deficiencies, clearly and consistently communicate stakeholders’ responsibilities, and to document process improvements.

However, the agency also said it does not plan to clearly identify which applications use Personally Identifiable Information for purposes of detecting improper activities and to reconstruct events for potential criminal investigations.

Story provided by TaxingSubjects.com

IRS Announces New Identity Theft Affidavit

IRS Announces New Identity Theft Affidavit

Businesses are a favorite target of identity thieves. Reports often cover the theft of customer financial information, like credit cards, debit cards, and bank accounts. Perhaps less well known are scams that routinely use stolen business information—whether the business owner’s personal information or their Employer Identification Number—to file tax returns and Forms W-2. The Internal Revenue Service this week announced a new affidavit for reporting tax-related identity theft incidents that target business entities.

“The Form 14039-B, an identity theft affidavit for businesses and other entities, will make it easier for businesses, estates, trusts and tax-exempt organizations to report identity theft to the IRS,” the IRS says. “Submitting this form will enable the IRS to more quickly assist entities who are victims of identity theft. The form is publicly available on Identity Theft Central at IRS.gov/IdentityTheft under the ‘Business’ tab.”

Tax professionals are often the first to see the signs that one of their business or entity clients have been the victim of tax-related identity theft. If you see a duplicate filing rejection code the first time you submit your client’s return, that’s a massive red flag. Other reasons taxpayers should consider filing out the new affidavit include receiving notices about unfiled tax returns and W-2s, as well as surprise balance due notices.   

That said, the IRS outlines two situations that do not call for filing the new Form 14039-B:

  1. The taxpayer never applied for an EIN but has begun receiving notices for a business in their name. INSTEAD, they should file Form 14039, Identity Theft Affidavit, under their Social Security Number (SSN), Individual Taxpayer Identification Number (ITIN) or Adoption Taxpayer Identification Number (ATIN).
  2. The business, estate, trust or exempt organization experienced a data breach with no tax-related impact to the business entity. For example, a business reports a breach of their computer system and after thorough research of the account, there is no evidence of a fraudulent tax return or W-2s being filed.

Finally, the IRS emphasizes that the new affidavit should not be used to report individual tax-related identity theft incidents. If one of your individual clients is a victim of identity theft, use Form 14039 instead. 

Story provided by TaxingSubjects.com

Work Virtually for Real Security

Work Virtually for Real Security

More and more, tax professionals are relying on working remotely, also known as teleworking, in order to stay connected with clients and remain productive.

In order to protect the vital information so critical to the income tax process, the Internal Revenue Service and its Security Summit partners are urging tax pros to secure their remote locations by using Virtual Private Networks (VPNs) to protect against cyber threats.

A VPN provides a secure, encrypted “tunnel” to transmit data between a remote user through the internet and the company’s network. With teleworking or working from home increasing during the pandemic, VPNs are critical for protecting and securing internet connections.

Part Three in a Series

The Security Summit has issued a five-part series of guidance articles entitled “Working Virtually: Protecting Tax Data at Home and at Work.” This is the third in that series.

The security awareness initiative by the IRS, state tax agencies and the private-sector tax industry – working together as the Security Summit – spotlights basic security steps for all practitioners, but especially those working remotely or social distancing in response to COVID-19.

“For firms expanding telework options during this time, a virtual private network is a must have,” said IRS Commissioner Chuck Rettig. “We continue to see tax pros fall victim to attacks every week. These networks are something you can’t afford to go without. The risk is real. Taking steps now can protect your clients and protect your businesses.”

Costly Sins of Omission

Teleworking practitioners who fail to use VPNs risk remote takeovers by cyber-thieves, giving criminals access to the tax pro’s entire office network merely by accessing an employee’s remote internet connection.

Tax professionals should seek out cybersecurity experts if they can afford it. If not, tax pros can search online for “Best VPNs” to find a legitimate vendor. Major technology websites also provide lists of top services.

However, never click on a “pop-up” ad hawking a security product. Usually, it’s a scam.

Telework Tips

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also encourages companies and organizations to use VPNs.

CISA offers this advice:

  • Update VPNs, network infrastructure devices and devices being used to remote into work environments with the latest software patches and security configurations.
  • Alert employees to an expected increase in phishing attempts.
  • Ensure information technology security personnel are prepared to ramp up these remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
  • Implement multi-factor authentication on all VPN connections to increase security. If multi-factor is not implemented, require teleworkers to use strong passwords
  • Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritize users that will require higher bandwidths.

For more information on VPNs and other security measures, check out the newly revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology.

In addition, Publication 5293, Data Security Resource Guide for Tax Professionals, can provide a compilation of data theft information available on IRS.gov.

To stay connected to the IRS for the latest in security alerts and recommendations, subscribe to e-News for Tax Professionals and Social Media; or visit Identity Theft Central at IRS.gov/identitytheft

Story provided by TaxingSubjects.com

James Lee to Lead IRS Criminal Investigations

James Lee to Lead IRS Criminal Investigations

The Internal Revenue Service is changing the guard in its Criminal Investigation (CI) division. James Lee, the current deputy chief of the division and a 25-year IRS veteran, will take the reins from retiring Chief Don Fort.

Fort will step down Sept. 30 after leading CI since 2017. Fort began his IRS career in 1991 as a special agent in CI’s Baltimore District.

IRS Commissioner Chuck Rettig says Lee brings a lot of experience to his new position.

“Jim is highly respected throughout the IRS and will continue long-standing working relationships with the civil enforcement functions of the IRS as well as with the Department of Justice’s Tax Division and tax prosecutors throughout the country. He understands the need to support compliant taxpayers by maintaining a strong, robust enforcement effort focused on those who are compliance challenged,” Retting said.

Wide-Ranging Responsibilities

As Chief of the Criminal Investigation division, Lee will lead enforcement efforts to investigate tax code violations and other related yet diverse financial crimes such as money laundering, public corruption, cybercrimes, identity theft, narcotics and terrorist financing.

Before becoming Deputy Chief, Lee served as Director of Field Operations, Northern Area, overseeing CI enforcement in Boston, New Jersey, New York, Ohio, and Philadelphia field offices. He also previously served as Director of Field Operations, Southern Area and the Director of Strategy.

The new Chief started his IRS career in 1995, when he was special agent in Detroit. He later moved into CI’s leadership ranks, serving in increasingly responsible positions as he ascended the management ladder.

His experience included Supervisory Special Agent in the New Orleans Field Office; Headquarters Senior Analyst in the International and Financial Crimes Sections; Assistant Special Agent in Charge within the Boston Field Office; and Special Agent in Charge of the New Orleans Field Office and later the Chicago Field Office.

Lee has a Bachelor of Business Administration Degree with a concentration in Accounting from Tiffin University in Ohio.

Some Big Shoes to Fill

Commissioner Rettig said Lee will follow a path blazed by his predecessor in the Chief’s office. Fort’s contributions to CI, Rettig noted, will only put Lee in a better position to lead the division from here.

“Don has been a remarkable leader and champion for IRS Criminal Investigation,” Rettig said. “He has a distinguished career and the entire IRS leadership team appreciates everything he has done to uphold the law and support tax administration. We look forward to Don’s remaining time at the IRS as well as Jim taking on a new role and building on the great tradition in CI.”

Story provided by TaxingSubjects.com

Taxpayers Get More Time to Qualify for Rehabilitation Tax Credit

Taxpayers Get More Time to Qualify for Rehabilitation Tax Credit

The Internal Revenue Service has good news for taxpayers restoring historic buildings. Last week, the agency announced that they have granted additional time to qualify for the Rehabilitation Tax Credit to mitigate logistical issues arising from the coronavirus pandemic.

What is the Rehabilitation Tax Credit?

The rehabilitation tax credit lets real estate owners deduct a percentage of the renovation cost from qualifying buildings if the project meets certain qualifying conditions. The IRS says that “projects must satisfy the ‘substantial rehabilitation test’ within a 24- or 60-month period for determining whether the rehabilitation work is sufficient to qualify a building for the rehabilitation credit.” Which timeframe applies is governed by the Tax Cuts and Jobs Act. 

“The … [TJCA] generally requires the rehabilitation credit to be claimed over a five-year period for amounts that taxpayers pay or incur for qualified rehabilitation expenditures after December 31, 2017,” the IRS explains in last week’s release. “However, taxpayers may claim the credit all in one year under pre-TCJA rules for projects that qualify under a transition rule.”

While you can and should read more about how the rehabilitation tax credit is met for current and future renovation projects in Notice 2020-56, IRS.gov has a concise breakdown titled “Rehabilitation Tax Credit – Real Estate Tax Tips.” It outlines the TCJA-related changes, when the transition rule applies, and who needs to file Form 3468, Investment Credit.  

How much additional time do I have to satisfy the substantial rehabilitation test?

Following the publication of Notice 2020-56, “taxpayers that have a measuring period under the substantial rehabilitation test ending on or after April 1, 2020, and before March 31, 2021, now have until March 31, 2021 to satisfy the test … [which also] applies to the substantial rehabilitation test for claiming the credit or qualifying under the TCJA transition rule.”

Sources: IR-2020-173; IRS Tax Reform Tax Tip 2018-161

Story provided by TaxingSubjects.com

CARES Act Allows Penalty-Free Withdrawals from Some Retirement Plans

CARES Act Allows Penalty-Free Withdrawals from Some Retirement Plans

Taxpayers can dip into Coronavirus Aid, Relief, and Economic Security Act-specified retirement accounts without suffering a penalty, according to an Internal Revenue Service press release published yesterday. The reminder comes days after the $600 unemployment benefits included in that legislation expired.

How do the retirement account withdrawals work?

“Under the CARES Act, individuals eligible for coronavirus-related relief may be able to withdraw up to $100,000 from IRAs or workplace retirement plans before December 31, 2020, if their plans allow,” the IRS writes. “In addition to IRAs, this relief applies to 401(k) plans, 403(b) plans, profit-sharing plans, and others.”

The IRS outlines four ways the CARES Act makes pulling money from retirement accounts easier for those facing hardships during the pandemic, including penalty-free repayments: “These coronavirus-related withdrawals:

  • May be included in taxable income either over a three-year period (one-third each year) or in the year taken, at the individual’s option. 
  • Are not subject to the 10% additional tax on early distributions that would otherwise apply to most withdrawals before age 59½, 
  • Are not subject to mandatory tax withholding, and 
  • May be repaid to an IRA or workplace retirement plan within three years.”

Loans are also available from certain retirement plans until September 22, 2020. The IRS says taxpayers can “borrow as much as $100,000 (up from $50,000) from a workplace retirement plan, if their plan allows.” However, IRAs are not eligible for this loan program.

To qualify for a retirement-plan withdrawal or loan, taxpayers must satisfy one of the following requirements:

  • Be diagnosed with COVID-19 by a CDC-approved test
  • Have a spouse or dependent diagnosed by an approved test
  • Show that COVID-19 has caused financial hardship

Taxpayers who need to satisfy the financial-hardship requirement must show that they or their spouse have lost a job, worked reduced hours, been paid less, had to close a business, or some other similar difficulty due to the coronavirus pandemic. Many American businesses have been forced to close or adopt modified schedules due to local restrictions—restaurants, for example, have been hard hit by stay-at-home orders and limits on social gatherings. 

Notice 2020-50 and an FAQ page on IRS.gov include further details about making withdrawals and taking loans from qualifying retirement plans.  

Source: IR-2020-172

Story provided by TaxingSubjects.com