Part 2. Information Technology
Chapter 8. Audit Information Management System (AIMS)
Section 1. Introduction to AIMS REALTIME Processing
2.8.1 Introduction to AIMS REALTIME Processing
Manual Transmittal
December 15, 2023
Purpose
(1) This transmits revised IRM 2.8.1, Audit Information Management Systems (AIMS), Introduction to AIMS REALTIME Processing.
Material Changes
(1) IRM 2.8.1 updated to add Acting CIO.
(2) IRM 2.8.1.1 Internal Controls revised to comply with the updated standards.
Effect on Other Documents
IRM 2.8.1 dated February 22, 2023, is superseded.
Audience
This IRM is intended for the general use of IDRS system personnel from all four Business Operating Divisions (W&I, SB/SE, LB&I and TE/GE) and Appeals accessing the Audit Information Management System.
Effective Date
(01-01-2024)
Kaschit Pandya
Acting, Chief Information Officer
Program Scope and Objectives
(1) This IRM provides instructions for the use of the Audit Information Management System (AIMS) display terminals in the Campuses or Area Offices. AIMS is using the Integrated Data Retrieval System's (IDRS) Security System. Detailed instructions for administering the IDRS Security System are included in IRM 10.8.34, IDRS Security Controls.
(2) Purpose : This transmits revised IRM 2.8.1, Audit Information Management Systems (AIMS), Introduction to AIMS REALTIME Processing.
(3) Audience: The audience for this IRM section are users of the Audit Information Management System (AIMS).
(4) Policy Owner: Information Technology, Chief Information Officer.
(5) Program Owner: Information Technology, Applications Development, Compliance, Business Compliance Management System Branch AIMS Related Section.
(6) Primary Stakeholders: IDRS users from Appeals, LB&I, SB/SE, TE/GE and W&I
(7) Program Goals: To provide explicit instructions for the use of command codes in entering and extracting data.
Background
(1) . As a result of a study, it was concluded that Examination had a need for a new information management system. The study group recommended a terminal assisted Audit Information Management System (AIMS). A stand alone direct access terminal system was considered along with the enhancement of IDRS. Enhancement of IDRS was determined to be clearly the best choice for the Service.
(2) This new system satisfied Examination Division's current needs for accurate and timely inventory controls, better control of assessments and up-to-date management reports. The system traces examination results through final determination of tax liability including Appeals and Tax Court.
(3) After the successful implementation of AIMS for the Examination Division, control of returns in Appeals was added to AIMS. As of January 1, 1977 control of Exempt Organization returns was added and on October 1, 1977 control of Employee Plan returns was added.
Authority
(1) During the summer of 1973, the Deputy Commissioner established a Task Force to identify ADP requirements of Compliance functions, and to make appropriate recommendations to satisfy their needs.
Responsibility
(1) Headquarters AIMS Related Section is responsible for maintaining procedures related to AIMS programming.
Program Management and Review
(1) IRS implements access control measures that provide protection from unauthorized alteration, loss, unavailability, or disclosure of information.
Terms/Definitions/Acronyms
(1) The following table defines acronyms frequently used throughout this IRM section:
Acronyms | Definition |
IDRS | Integrated Data Retrieval System |
SSN | Social Security Number |
EIN | Employer Identification Number |
DLN | Document Locator Number |
TIN | Taxpayer Identification Number |
AIMS File Content
(1) The AIMS Data Base, Audit Information Management File, contains all the data elements used by the AIMS System.
IDRS Security System
(1) The IDRS Security System is designed to provide protection for both the taxpayer and the IDRS user. The taxpayer must be protected from unauthorized disclosure of information concerning his/her account and unauthorized changes to it. The IDRS user must be protected from other personnel using his/her identification to access or make changes to an account.
Protection of Taxpayer Accounts
(1) The greatest potential for unauthorized disclosure of tax information occurs when IDRS user employees handle telephone inquiries from taxpayers. Employees should exercise special precautions to identify the taxpayer or his/her authorized representative when answering such inquiries. In responding to telephone inquiries, no tax return information may be given out unless it relates to a notice, billing, letter initiated by the IRS, or refund inquiry.
(2) When responding to telephone inquiries about a tax account, the employee handling the inquiry should, at a minimum, obtain the taxpayer's name, address and taxpayer identification number (SSN or EIN). Recipients of calls should continue to ask enough questions to satisfy themselves that they are speaking to the taxpayer. The following are types of information that might be asked the caller:
Document Locator Number (DLN), date or amount on notice or other document received.
Date and/or amount of refund, adjustment, payment, or return.
Type of notice or other communication received.
(3) If a caller is unable to furnish enough information to establish that he/she actually is the taxpayer, the employee should request that the caller find out the information and call back. If the caller states he/she does not have the information and cannot obtain it, the employee should advise the caller that a written reply will be mailed to the taxpayer's address of record.
(4) Employees should not provide Taxpayer Identification Numbers over the telephone.
(5) Walk-in taxpayers should not be given tax return information until they have properly identified themselves.
(6) Information concerning taxpayers will not be provided to third parties without written authorization from the taxpayer. For example, specific information concerning a client's bill or notice will not be provided to third parties without receipt of written authorization from the taxpayer. This is true even though the third party requesting information has possession of a copy of the bill or notice in question.
(7) Written authorization from the taxpayer is not restricted to a power of attorney or to any specific form. The authorization must bear the taxpayer's signature. Taxpayer Service employees will not request returns from campuses or Federal Records Center solely for verification of the taxpayer's signature. If there is serious doubt whether the signature on the authorization is the taxpayer's, offer to mail the information to the taxpayer's address of record.
(8) In walk-in contacts, if the third party has possession of a copy of the bill or notice in question, the written authorization should bear the taxpayer's signature and give some indication that the third party is authorized to act for the taxpayer. In the absence of such a written authorization, the third party may only be furnished general information regarding the meaning of the bill or notice. If the third party does not have possession of a bill or notice, the written authorization should bear the taxpayer's name, address and signature and contain information peculiar to the taxpayer of which the third party would not generally be aware. For instance, if the letter or authorization describes a specific refund problem or inquiry with specific facts that only the taxpayer should be aware of, the third party may be given information regarding the refund.
(9) In telephone contacts, Taxpayer Service personnel are restricted to the information they may furnish third parties in the absence of written authorization. Only general information regarding the meaning of a particular notice or letter may be given. Advise the third party to furnish a written authorization in order that information may be provided, or offer to call the taxpayer or mail information to the taxpayer's address of record. Otherwise, no specific information related to the taxpayer or his/her account may be given. No information from IDRS, microfilm, or tax returns may be given to the third party. Naturally, information the third party offers may be accepted. For example, canceled check information may be accepted to initiate a payment tracer on a bill but no information relative to the balance due or nature of the assessment may be given.
(10) When a third party makes a written inquiry, no information may be furnished without written authorization from the taxpayer.
(11) It should be kept in mind that relatives are third parties and the rules outlined in this section apply to them. These rules do not apply to husband and wife when both sign a joint return. However, when a spouse has been claimed as a dependent on a return (instead of filing jointly) the dependent spouse may not be given information without written authorization from the taxpayer who signed the return.
Protection of the IDRS User
(1) It is essential that only properly authorized employees have access to command codes since IDRS terminals can be used to change taxpayers' accounts. It is equally important that each employee be protected from other personnel using his/her identification since the only record of the employee making the change will be computer generated from the entry code input by the operator. Proper use of Command Codes SINON and SINOF will provide necessary protection to the employee. However, an employee must properly safeguard his/her password in order to obtain the benefits of the system.
Authorized Access
(1) IDRS users are authorized to access only those accounts required to accomplish their official duties. IDRS users must not access their own or spouse's account, the account of a friend, relative or co-workers, or any account in which they have a personal or financial interest.
Passwords
(1) Each IDRS user will be given a password and he/she is responsible for its security.
(2) Any time a password is compromised, or even if an employee suspects that it has been, he/she will notify the system Security Supervisor to obtain another password. An employee must request a new password if he/she forgets his/her current password.
SINON
(1) An employee must sign on IDRS before accessing or changing any account on IDRS. The employee will accomplish this by inputting Command Code CC) SINON (see Exhibit 2.8.1–1) that will verify whether or not the employee is authorized to use IDRS.
(2) Immediately prior to signing on, the employee will press any key to determine if the "real-time" system and the terminal are operational. If the real-time happens to go down in the service center before completely inputting CC SINON, the employee should back space through the input. This will clear the sign-on data from the screen. Upon receiving notification that the system is available again, he/she may re-enter CC SINON.
(3) To sign on a terminal the employee will depress (F1). This generates the SINON format with the Production Training Indicator (PTI) which will be P. Next, the Social Security Number (can also use SEID to SINON vs. SSN) and then the name data are input. The password is the last item input before pushing the XMIT key. To protect a password, the employee will tab the cursor to right of the indicator present on the screen.
SINOF
(1) Employees must use CC SINOF (see Exhibit 2.8.1–2) whenever they are going to be away from the terminal (for example, going to lunch, break, or back to desk). Employees should stay signed on only when they are actively using the terminal or when they can see the terminal and anticipate using it again soon.
(2) Proper use of Command Code SINOF provides employees complete security. If an employee does not SINOF, there is always a danger that someone else will use his/her terminal during his/her absence, and all the actions on the terminal will be recorded as being done by the original employee.
(3) If a user is signed on at a terminal and signs on at another terminal, the original terminal will automatically be deactivated.
EPSF and TPSF
(1) The security system provides identification and authorization for every terminal input. The Employee Profile Security File (EPSF) contains significant data required to recognize each employee authorized to use IDRS. The Terminal Profile Security File (TPSF) includes terminal identification to recognize each terminal in the IDRS.
Training Capabilities
(1) In the EPSF there will be two profiles recorded, a production profile and a training profile. The production or training indicator in CC SINON determines which profile is used. While operating in the training mode on production accounts, no actual updating of any IDRS data can be made. ALL command codes will be used in exactly the same manner as when in production mode.
(2) Trainees will be able to update a training account through real-time and then be able to recall the account to view the updated affect. Accounts may be restored to the original condition by two methods:
by terminal input of CC RESTR to restore a specific module, an entire account, or an Audit Information Management File (AIMS) record.
by daily (or periodic) restoration of the entire training file.
(3) When an IDRS user is signed on in the Training Mode, the terminal will be authorized the same command codes as the user's training profile until he/she signs off.
Security Violations
(1) ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
(2) ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
(3) A terminal will lock after ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡. In the event of a security lockout, the screen of the affected terminal will display the message "SECURITY LOCK ON THIS TERMINAL" and the terminal keyboard will lock. The operator will immediately notify the IDRS USR (Unit Security Representative) who will initiate action to unlock the terminal.
Security Reminders
(1) Employees should always clear the screen when the terminal operation is completed.
(2) Employees should be sure to retrieve all prints if the terminal is connected to a printer. If someone leaves a print in the printer, it should be placed in classified waste if the originator cannot be determined.
(3) IDRS terminals are programmed for real-time usage and are systematically deactivated at the end of each work day. Any input at a time not during the authorized time period will be recorded as a security violation.
RMODE
(1) Command Code RMODE authorizes an employee to use the command codes contained in his/her Training Profile in a research mode. The research mode differs from production mode in that production files are accessed but not updated. It differs from training mode in that the training files are not accessed. The research mode is to be used only by the IDRS Control Group and the RPA Staff for researching production problems that can be resolved only by accessing production data. An Audit Trail Record will be produced for all inputs made in the research mode. In order to use the research capability, an employee must have CC RMODE in his/her Training Profile, and input CC SINON with a Production/Training Indicator of R.
Command Code SINON
(1) Use this command code to sign on to IDRS. An employee cannot be signed on in both training and production modes at the same time.
(2) ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
(3) ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
---|---|---|---|
≡ ≡ | ≡ ≡ | ≡ ≡ | ≡ ≡ ≡ ≡ ≡ |
≡ ≡ ≡ | ≡ ≡ ≡ | ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ | ≡ ≡ ≡ ≡ | ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ | ≡ ≡ | ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ ≡ | ≡ ≡ ≡ | ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ ≡ | ≡ ≡ ≡ | ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ ≡ | ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ | ≡ ≡ | ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
≡ ≡ | ≡ ≡ ≡ | ≡ ≡ ≡ ≡ | ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ |
(4) Response to SINON
Valid Response: SINON SUCCESSFUL Displayed on line 1.
Error Response: Displayed on Line 13
INVALID PTI SECURITY VIOLATION. Production/Training Indicator is not P or T, or R. If R is input, CC RMODE must be in employee's Training Profile. See 9.(14).
SSN FORMAT INVALID SECURITY VIOLATION SSN is not all numeric.
REQUEST DENIED SECURITY VIOLATION. This message is displayed for the following conditions.
SINON request made at a time other than the authorized time or operation as recorded in the TPSF.
Input SSN does not match
Input SEID does not match
Input password does not match
Input name/or initial does not match
PROFILE LOCKED SECURITY VIOLATION. Employee is attempting to sign-on when his/her employee profile is locked. The profile must be unlocked by the Security Officer before the employee can sign-on any terminal.
Command Code SINOF
(1) Use this command code to invalidate assigned entry code.
(2) Input format for Command Code SINOF
(3) Record Element Description for Command Code SINOF
Element | Line | Position | Description and Validity |
---|---|---|---|
1 | 1 | 1–5 | SINOF |
Responses:
Valid response: REQUEST COMPLETED displayed on line 13.