OIO - Employee Activity on Dummy Account Executive Summary
Office of the Chief Financial Officer
Executive Summary for Closed Reports
Report No. IA:OTR:2904-M02: Review of Employee’s Activity in ITS based on Dummy Account Alert, dated February 27, 2009.
Follow-up Report No. IS:0011-0088-A, dated April 20, 2012. “OTR has made significant changes to the processes in the RPA area including the elimination of all but two dummy accounts [called Unidentified Taxpayer Accounts], necessary to post remittances that cannot be immediately processed. Employees in RPA have had modifications to their privileges in ITS to restrict access.”
Chief Risk Officer’s Risk Assessment
The risk associated with fraud is High. The use of “dummy accounts” was identified as a potential root cause although no evidence of fraud was found. Therefore, particular attention is paid to OIO recommendations.
Overview of Recommendations
OIO offered six recommendations. Five recommendations were implemented to further strengthen existing internal controls.
- The Dummy Accounts were closed and the two Unidentified Taxpayer Accounts (UTA’s) were restricted and suppressed. Only authorized Users with restricted access can post, adjust and transfer credits/payments within the UTA(s). All adjustments must be notated following procedures for notating unidentified taxpayer accounts in ITS. All reviews of activities on UTA(s) must be updated on the UTA Quality Assurance Spreadsheet. All employees received desk job aids from instructions documented in the procedural manuals. Control tests are performed quarterly and annually to review activities posted to UTA(s) accounts. A control for separation of duties was implemented. This control eliminated the ability for a user to make an adjustment and also approve a refund or bill at the same time.
- A specific employee was cited. The employee resigned April 2009.
- RPA Systems and Forms employees do not have the access to correct taxpayer's accounts. All taxpayer account issues are now referred to Customer Service.
- After review, abatements can no longer be done by employees in RPA.
- OTR training on the ITS SAND data warehouse system was held 9/24/09 - 9/25/09.
The one recommendation that was not implemented was in reference to specific items. As cited in the audit report, these account adjustments were valid. There was no business justification to reverse these adjustments. The capability that allowed this employee to perform abatements was removed from all RPA employees.
To view the full report Click : Employee’s Activity in ITS based on Dummy Account Alert Full Report