Audit finds state tax information not always verified, refund checks not controlled, sensitive taxpayer information not protected
September 10, 2013 at 7:19 am
By Charlie Hayward
The agency that collects most Maryland taxes had lax controls over granting tax credits and refund checks, and in one case issued a $101,000 refund that wasn’t due, state auditors found. The comptroller’s Revenue Administration Division also had computer programming errors and did not adequately protect sensitive taxpayer information, according to an audit report.
Four of the auditor’s findings were problems identified in previous audits.
Responding to the audit findings, Comptroller Peter Franchot said, “We will be able to realize significant improvements in our ability to process these credits in the future due to improvements in technology. The legacy tax processing system did not allow for electronic transmission of supporting documents and schedules,” resulting in a “very labor-intensive process.”
Maryland’s Revenue Administration Division collects state taxes and fees including withholding taxes, estimated taxes, sales and use, motor fuel, alcohol, tobacco, estate, inheritance taxes and others. RAD processes tax returns from individuals and business throughout the state.
The division collected $20.4 billion in 2012, of which $4.3 billion was remitted to the 23 counties, Baltimore City, and 168 incorporated cities and towns.
Tax credits not verified
Maryland residents who pay income tax to other states can receive tax credits against Maryland taxes if they include documentation such as a copy of the other state’s tax return with their Maryland tax forms. RAD verifies credits using different procedures for paper and electronic returns.
The auditors found a 17% error rate on a sample of paper returns; some returns did not have the required documentation and one refund was overpaid by $101,000 because of an error in processing the credit.
The auditors also found RAD’s verifications of electronic tax returns’ credits was deficient because RAD did not verify credits in a timely manner or verify the legitimacy of credits per its policy; and did not double-check its verifications.
Social Security numbers not verified, computer program errors
RAD doesn’t have procedures to ensure that dependents’ social security numbers reported by taxpayers on their individual income tax returns are valid. RAD has been trying to develop effective procedures but so far has not implemented controls due to technical difficulties. This is a repeat finding from an audit three years ago.
RAD uses a computer program to identify tax returns with missing documentation such as W-2s. However, the auditor found almost 3,000 deficient tax returns that RAD failed to identify because of computer-programming errors.
Problems controlling refund checks
The auditor found problems with controls over mailing refund checks as well as deficiencies over processing refund checks returned by the Post Office.
The Revenue Administration Division issued approximately 738,000 refund checks totaling $758 million during 2011. RAD uses a log to document the number of checks sent to the mailroom and the number of checks mailed. The auditors found this log wasn’t always used and also found the log showed unexplained differences; checks received by the mailroom did not match the checks mailed.
The Post Office returns millions of dollars of refund checks to RAD every year because addressees are unknown or the mail was undeliverable. RAD employees research problems one-by-one and usually can re-mail the checks or void them and send replacements. However, RAD:
- Keeps track of refund checks via several different logs that track different actions in a manner such that overall control of the re-issued refund checks can’t be easily assured or audited. This was a repeat finding.
- RAD mailed about 26,400 checks ($35 million) between August 2009 and June 2011 without fully verifying their propriety.
Manual adjustments to taxpayer accounts not double-checked
RAD’s computer records of taxpayer accounts sometimes require manual adjustments to correct information. The auditor tested 15 adjustments and found seven that reduced taxpayer liabilities by $28 million but were not reviewed as required.
Sensitive taxpayer information not fully protected
The auditor identified 75,219 tax records from electronic filings including names and social security numbers that could have been stolen by unauthorized individuals if the server on which they were stored was hacked.
The auditor also found that RAD maintains substantial safeguards over taxpayer information, but recommended three areas where controls could be improved. This was a repeat finding.
Incompatible duties and late verifications of alcohol and tobacco tax collections
Alcohol and tobacco tax collections received in the mail totaled approximately $30.5 million during 2012. The auditor found one employee responsible for processing alcohol and tobacco tax collections that had incompatible duties allowing him/her to possibly perpetrate and conceal theft of checks. This was a repeat finding. The auditor also found that deposit verifications either were not performed on a timely basis or not done at all.
Charlie Hayward recently retired after 30 years’ experience with performance, IT, and financial auditing of a wide variety of government programs and activities. He can be reached at email@example.com.