This is the accessible text file for GAO report number GAO-13-132T entitled 'Identity Theft: Total Extent of Refund Fraud Using Stolen Identities is Unknown' which was released on November 29, 2012. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony: Before the Subcommittee on Government Organization, Efficiency and Financial Management, Committee on Oversight and Government Reform, House of Representatives: For Release on Delivery: Expected at 10:00 a.m. EST: November 29, 2012: Identity Theft: Total Extent of Refund Fraud Using Stolen Identities is Unknown: Statement of James R. White, Director: Strategic Issues: GAO-13-132T: GAO Highlights: Highlights of GAO-13-132T, testimony before the Subcommittee on Government Organization, Efficiency and Financial Management, Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: Identity theft is a growing and evolving problem that imposes a financial and emotional toll on its victims. As of September 30, 2012, IRS had identified almost 642,000 incidents of identity theft that impacted tax administration in 2012 alone, a large increase over prior years. A taxpayer may have his or her tax refund delayed if an identity thief files a fraudulent tax return seeking a refund using a legitimate taxpayer’s identity information. GAO was asked to describe identity theft issues at IRS and limits to what is known about the extent of identity theft. GAO updated its analysis on identity theft with current data on identity theft cases and interviewed IRS officials. GAO also reviewed past GAO reports to identify key attributes of successful performance measures and compare information provided by the Global Report. What GAO Found: Understanding the extent and nature of identity theft-related refund fraud is important to crafting a response to it, but Internal Revenue Service (IRS) managers recognize that they do not have a complete picture. Program officials said that one of the challenges they face in combating this type of fraud is its changing nature and how it is concealed. While perfect knowledge about cases and who is committing the crime will never be attained, the better IRS understands the problem, the better it can respond and the better Congress can oversee IRS’s efforts. IRS officials described several areas where the extent and nature of identity theft is unknown. * Total number and cost of fraudulent returns. IRS does not know the full extent of the occurrence of identity theft. Officials said that they count the refund fraud cases that IRS identifies but that they do not estimate the number of identity theft cases that go undetected. * Identity of the thieves. Unless IRS pursues a criminal investigation, IRS generally does not know the real identity of the thieves. * Whether a fraudulent return is an individual attempt or part of a broader scheme. Identifying new schemes or significant cases, such as one thief using numerous taxpayer identities, depends on analysts noticing patterns or other indications that a few cases may be part of a larger scheme. As a result, some schemes or cases involving multiple taxpayers may go undetected. * Characteristics of known identity theft returns. IRS officials told us that the agency does not systematically track characteristics of known identity theft returns, including the type of return preparation (e.g., paid preparer or software), whether the return is filed electronically or on paper, or how the individual claimed a refund (e.g., check, direct deposit, or debit card). While much remains unknown about identity theft, IRS has taken steps to organize what it knows in a newly developed Refund Fraud and Identity Theft Global Report (Global Report). The Global Report consolidates and tracks information about identity theft incidents and IRS detection and resolution efforts from multiple sources within IRS. The report provides information to IRS senior management and a standard source of information for responding to data requests from external entities. GAO’s selected review of the Global Report against key attributes of successful performance measures found that it had many of the attributes useful for program monitoring, but also had some areas where additional information or clarification would make the report more helpful. Updating the Global Report to provide information on definitions, data sources, and limitations such as the unknown number of undetected fraudulent returns, could help ensure users have a more complete picture of the data and its strengths and limitations. The quality of the report will also be enhanced by the institution of process controls to help ensure consistency in how the data in the report are compiled, verified and validated. What GAO Recommends: To improve information available to IRS management and Congress, GAO recommends that IRS update the Global Report to provide definitions and data sources, where such information is missing; document procedures used to compile and validate the data; and describe limitations of the data presented. IRS officials agreed with our recommendations. Based on their comment, we revised language in the report to clarify that, like other forms of fraud, IRS conducts criminal investigations only in the most serious identity theft-related refund fraud cases. View [hyperlink, http://www.gao.gov/products/GAO-13-132T]. For more information, contact James R. White at (202) 512-9110 or whitej@gao.gov. [End of section] Chairman Platts, Ranking Member Towns, and Members of the Subcommittee: I am pleased to be here to discuss the growing problem of identity theft and the Internal Revenue Service's (IRS) efforts to resolve, detect, and prevent identity theft-based refund fraud (identity theft).[Footnote 1] My testimony today will discuss identity theft issues at IRS and will assess limits to what is known about the extent of identity theft. As discussed at a previous hearing before this committee, identity theft imposes a financial and emotional toll on its victims. A taxpayer may have his or her tax refund delayed if an identity thief files a fraudulent tax return seeking a refund using a legitimate taxpayer's identity information. As of September 30, 2012, IRS had identified almost 642,000 incidents of identity theft that impacted tax administration in 2012 alone, a large increase over prior years. This figure does not include incidents related to the "Operation Mass Mail" scheme in which identity thieves use the stolen identities of Puerto Rican citizens.[Footnote 2] As of September 30, 2012, IRS reported around 436,000 incidents occurred in 2012 related to this scheme. My testimony is based in part on our previous 2009 and 2011 reports. [Footnote 3] Our past work has found that IRS's ability to detect current identity theft incidents is limited and the number of incidents that go undetected is not known. In response to our recommendation that IRS should establish performance measures and collect data suitable for assessing the effectiveness of its identity theft initiatives, IRS agreed and implemented data collection and reporting procedures that help IRS evaluate more completely the effectiveness of its programs and identity opportunities for improvement.[Footnote 4] However, there continues to be gaps in what IRS knows about the extent of identity theft. For this testimony we updated our analysis with current data on identity theft cases and interviewed IRS officials in the Wage and Investment Division (W&I); Criminal Investigation (CI); and the Office of Privacy, Government Liaison and Disclosure (PGLD). We also reviewed our past reports to identify key attributes of successful performance measures and compared information provided by IRS's Refund Fraud and Identity Theft Global Report. To determine the reliability of IRS data on identity theft, we discussed data quality-control procedures with agency officials, reviewed relevant documentation, and tested data for obvious errors. We determined that the data were sufficiently reliable for the purposes of this report. Our prior reports and this November 2012 update were conducted in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We discussed the information in this statement with IRS officials, and they concurred with our findings, conclusions, and recommendations. Identity Theft Issues at IRS: Identity thieves can obtain a legitimate taxpayer's name and Social Security number (SSN) in a variety of ways. They can obtain identity information by hacking into a computer system or paper files at one of the many entities that use names and SSNs in their records (e.g., employers, schools, or financial institutions). Thieves can trick the taxpayer into revealing such information, or they can steal it from the taxpayer. Armed with the stolen identity, the thief can then file a fraudulent tax return seeking a refund. The thief typically files a return claiming a refund early in the filing season, before the legitimate taxpayer files. If IRS determines the name and SSN on the tax return appear valid (IRS checks all returns to see if filers' names and SSNs match before issuing refunds) and it passes through IRS's other filters, IRS will issue the refund to the thief. IRS often becomes aware of a problem after the legitimate taxpayer files a return. At that time, IRS discovers that two returns have been filed using the same name and SSN, as shown in figure 1. The legitimate taxpayer's refund is delayed while IRS spends time determining who is legitimate. Figure 1: Notional Example of Identity Theft-Based Refund Fraud: [Refer to PDF for image: illustration] Identity thief: * Identity thief steals taxpayer's personal information. * Fraudulent return claiming refund is filed early in the filing season. Taxpayer: * Legitimate return is filed after the fraudulent return. IRS: * IRS issues refund to Identity thief; * IRS sends notice of duplicate filing to Taxpayer. Source: GAO. [End of figure] As we have previously reported, IRS has taken multiple steps to detect, resolve, and prevent identity theft-based refund fraud. [Footnote 5] IRS developed new filtering processes in 2012 to detect identity theft based on the characteristics of incoming tax returns that do not rely on a duplicate filing or self-identification by filers. Identity theft indicators--also known as account flags--are a key tool used to resolve and detect identity theft. Identity theft indicators speed resolution by making a taxpayer's identity theft problems visible to all IRS personnel with account access. In some cases, IRS uses its identity theft indicators to screen tax returns filed in the names of known identity theft victims. If a return fails the screening, it is subject to additional IRS manual review, including contacting employers to verify that the income reported on the tax return was legitimate. IRS uses the Identity Protection Personal Identification Number (IP PIN)--a single-use identification number sent to victims of identity theft that have validated their identities with IRS--to prevent refund fraud. When screening returns for possible identity theft, IRS excludes returns with an IP PIN, which helps avoid the possibility of a "false positive" and a delayed tax refund. If a taxpayer was issued an IP PIN and does not use it when filing electronically, IRS rejects the electronically filed return and prompts the taxpayer to file on paper. Taxpayers that do not use an IP PIN or enter an incorrect IP PIN filing on paper experience processing delays as IRS verifies the taxpayers' identity. As of June 30th, IRS reported providing more than 251,500 IP PINs to taxpayers in 2012 and of those, 150,506 taxpayers filed using an IP PIN. Of filers that filed using an IP PIN, 8.6 percent (12,936) used an invalid IP PIN. IRS officials told us their review of a sample of these cases found that the majority of the invalid IP PINs were due to transposition or keying errors. Details on other IRS actions can be found in our previous reports. Other steps taken in 2012 include temporarily reallocating hundreds of staff from other business units to resolve duplicate filing cases and issue refunds to legitimate taxpayers. Officials in IRS's accounts management function told us that in October 2012 there were more than 1,700 staff working to resolve identity theft cases. Also, in April 2012, IRS began the Law Enforcement Assistance Pilot Program in Florida to help state and local law enforcement agencies obtain tax return data vital to local identity theft investigations. The pilot allows taxpayers to give their permission for IRS to provide state and local law enforcement with the returns submitted using their SSN in certain cases. IRS expanded the pilot to eight additional states in October 2012.[Footnote 6] As of September 2012, 49 state and local agencies participated in the pilot. We did not independently assess IRS's 2012 efforts. Much Remains Unknown about the Extent and Nature of Identity Theft: The full extent and nature of identity theft-based refund fraud is not known, but IRS data indicate that it is a large and growing problem. The data show that in the first 9 months of 2012, the number of known tax-related identity theft incidents has already more than doubled over 2011 (see table 1). Table 1: Tax-Related Identity Theft Incidents Identified by IRS, 2008 to 2012: 2008: Incidents: 47,730. 2009: Incidents: 165,524. 2010: Incidents: 147,680[A]. 2011: Incidents: 242,142. 2012[B]: Incidents: 641,690. Source: IRS. Notes: These figures include incidents affecting tax administration, where (1) a taxpayer identifies the identity theft and substantiates his or her identity with the IRS using documentation or (2) IRS identifies the identity theft. These figures do not include incidents related to the "Operation Mass Mail" scheme. The number of incidents in 2008, 2009, and 2010 differ from what we reported in GAO-11-721T and GAO-11-674T. IRS officials told us they believe the differences in 2008 and 2009 are likely due to indicators that were reversed at a later date. Officials noted that the 2010 data they previously provided erroneously included some Operation Mass Mail incidents. [A] IRS officials told us that the decline in incidents from 2009 to 2010 does not reflect a true decrease in the number of identity theft occurring, and that the decline is likely due to CI transitioning much of its identity theft work to the Accounts Management Taxpayer Assurance Program. [B] The 2012 data are as of September 2012. [End of table] Understanding the extent and nature of identity theft-related refund fraud is important to crafting a response to it. Program officials said that one of the challenges they face in combating this type of fraud is its changing nature. The officials said that when they discover and shut down one vulnerability, thieves often change tactics. The hidden nature of the crime means it is not reasonable to expect perfect knowledge about cases and who is committing the crime. However, the better IRS managers' understanding of the problem, the better they can respond and the better Congress can oversee IRS's efforts. IRS officials described several areas where the extent and nature of identity theft is unknown. * Total number and cost of fraudulent returns. IRS does not know the full extent of the occurrence of identity theft. Officials said that they count the refund fraud cases that IRS identifies but that they do not estimate the number of identity theft cases that go undetected. IRS officials explained that "we don't know what we don't know," because if a fraudulent return goes through IRS's identity theft models and other programs, they are unable to tell if they failed to detect the fraudulent return. Officials explained that it is very difficult to detect a fraudulent return when an identity thief uses a correct SSN and has enough identifying information to make the return "look" like it came from the legitimate tax filer. The tax return appears to be legitimate as it has been filed with a name and SSN that match. Detecting identity theft can also be challenging because some legitimate filers mistakenly file duplicate returns. For example, IRS officials told us that in some cases, taxpayers intending to amend their return are confused and file a second Form 1040. In such a case, IRS has to investigate whether the duplicate filing is due to taxpayer confusion or identity theft. IRS captures data on the amount of money it recovers from all types of fraudulent returns, but it does not distinguish whether the type of fraud was identity theft or some other type of fraud. In some cases, external entities, such as banks or other agencies, may notify IRS of potential refund fraud, including suspected identity theft-based refund fraud. IRS reported it had received information from 116 banks and external leads on more than 193,000 accounts between January 1 and September 30, 2012, for all types of refund fraud. IRS reported that banks and other external entities returned almost $754 million dollars during this period. These cases are ones where fraudulent returns passed through IRS processes and refunds were issued. W&I officials told us they analyze data from such cases to identify characteristics of the fraudulent returns to improve their screening for identity theft and other types of refund fraud. The officials told us that the procedure for banks to notify IRS of suspected refund fraud is not new, but more financial institutions have now begun doing so. * Identity of the thieves. Unless IRS pursues a criminal investigation, IRS generally does not know the real identity of the thieves. An investigation is necessary because the only identity information IRS has on the fraudulent tax return is that of the identity theft victim, not the thief. Officials responsible for processing returns said that they do not have the sort of information that would be needed to even begin such an investigation. CI has substantially increased efforts to criminally investigate identity theft cases in fiscal year 2012; however, as with other forms of fraud, CI focuses its investigative resources on the most serious cases. The number of identity theft investigations opened and time spent investigating identity theft cases have increased from fiscal year 2010 to fiscal year 2012, as shown in table 2. Although identity theft is one of CI's investigative priorities, the number of investigations initiated is substantially less than the number of identity theft incidents confirmed by IRS in 2012. CI officials told us that while other IRS functions share leads with CI, not all of these leads meet CI's criteria for developing a case for prosecution. CI officials told us they generally focus their investigative resources on the most egregious and significant identity theft cases, as measured by volume and refund amounts. Table 2: Selected Criminal Investigation Statistics for Identity Theft Cases, Fiscal Year 2008 to 2012: Subject criminal investigations initiated: Fiscal year: 2008: 108; 2009: 187; 2010: 224; 2011: 276; 2012: 898. Direct investigative time (hours): Fiscal year: 2008: 130,800; 2009: 148,900; 2010: 191,700; 2011: 225,100; 2012: 516,400. Direct investigative time (percentage of total): Fiscal year: 2008: 3%; 2009: 4%; 2010: 5%; 2011: 6%; 2012: 13%. Source: IRS. Notes: Fiscal year 2012 data are as of October 2, 2012, and are from the Criminal Investigation Management Information System. Fiscal years 2008 through 2011 data are as of October 4, 2011. We rounded the last two rows of the table. [End of table] * Whether a fraudulent return is an individual attempt or part of a broader scheme. W&I and CI officials told us the two units work closely to utilize the information they obtain from identity theft cases. They use this information to improve their measures to identify new identity theft-based refund attempts and to identify especially significant or egregious cases to consider for possible criminal investigations. When either W&I's analysis of identity theft cases or CI investigations lead to the identification of new schemes, that information is reported to the Return Integrity and Correspondence Services unit so it can strengthen its identity theft filters. Identifying new schemes or significant cases, such as one identity thief using numerous taxpayer identities, depends on analysts noticing patterns or other indications that a few cases may be part of a larger scheme. As a result, some schemes or cases involving multiple taxpayers may go undetected. * Characteristics of known identity theft returns. IRS officials told us that the agency does not systematically track characteristics of known identity theft returns, including the type of return preparation (e.g. paid preparer or software), whether the return is filed electronically or on paper, or how the individual claimed a refund (e.g. check, direct deposit, or debit card). They added that the form in which a refund is claimed would be particularly hard to track using the current processes. Officials noted that they can identify the Internet protocol address of computers used to electronically file returns, which is helpful in detecting potential identity theft. While much remains unknown about identity theft, IRS has taken steps to collect program data on its identity theft detection and resolution efforts. IRS developed the internal Refund Fraud and Identity Theft Global Report (Global Report) in July 2012 to consolidate and track existing information about identity theft incidents from multiple sources within IRS. IRS officials said that the information in the report is not new, but that they saw the need for consistency in identity theft-related information drawn from several data sources. The report is used to provide information to IRS senior management and the Identity Theft Advisory Council[Footnote 7] on identity theft metrics and to provide a standard source of information for responding to data requests from external entities, according to PGLD officials. Officials also stated that because the Global Report is new, they are working to improve its quality. In a selective review of the Global Report, we found that it had many of the attributes we have previously found to be useful for program monitoring.[Footnote 8] For example, the report covers key program activities and generally provides names, definitions, and data sources. However, we also found some areas where additional information or clarification of information currently in the report could make it more useful, as explained in table 3. Table 3: Overview of Our Selective Assessment of the Global Report Program Data: Attribute: Core program activities; Definition: Measures cover the activities that an entity is expected to perform to support the intent of the program; Potentially adverse consequences of not meeting attribute: Not enough information available in core program areas to managers and stakeholders; GAO assessment: Performance metrics provided in the Global Report cover key efforts used by IRS to resolve, detect, and prevent identity theft. These include identity theft filters used to screen tax returns, the IP PIN program, leads provided by banks, CI investigations, and the Law Enforcement Assistance Pilot Program. The Global Report also provides information on how many days identity theft cases remain open, on average. However, some key data are not included, such as the known amount of funds distributed to identity thieves. Attribute: Clarity; Definition: Measure is clearly stated and the name and definition are consistent with the methodology used to calculate it; Potentially adverse consequences of not meeting attribute: Data could be confusing and misleading to users; GAO assessment: IRS generally provides names, definitions, data sources, and the frequency of data updates in the Global Report; however, it does not include such information for all data elements. For example, the Global Report does not define its level of service measurement, a measure that reflects the success rate of taxpayers who call the toll-free lines seeking assistance. Also, the Global Report's data dictionary does not list any known limitations in the data, such as the unknown number of fraudulent returns that went undetected. IRS officials noted that they are working to include additional information in future report iterations. Attribute: Reliability[A]; Definition: Measure produces the same result under similar conditions; Potentially adverse consequences of not meeting attribute: Reported performance data is inconsistent and adds uncertainty; GAO assessment: PGLD officials reported they manually key in data they receive from other IRS offices into the report. Because the report is new, PGLD staff found inconsistencies in the report. They are reviewing the report to improve the report's accuracy and ensure figures are not double counted. Officials told us they are developing documentation on how they collect and verify data. They are also planning on automating the report so that it will no longer require manual compilation. Developing process controls--such as documentation of procedures used to compile, verify, and validate the data--could reduce the risk that significant data mistakes occur.[B] Source: GAO analysis. Notes: We selected three key attributes discussed in GAO-03-143 that were relevant to the Global Report. All attributes are not equal and failure to have a particular attribute does not necessarily indicate that there is a weakness in that area or that the measure is not useful; rather, it may indicate an opportunity for further refinement. [A] We did not perform a full assessment of the reliability of all data presented in the Global Report. We limited our data reliability assessment to data presented earlier in our report and found it sufficiently reliable for describing the number of identity theft incidents IRS detected. [B] Verification is the process of checking or testing performance information to assess types of errors, such as errors in keying data. Validation is an effort to ensure that data are free of systematic error or bias and that what is intended to be measured is actually measured. [End of table] The Global Report is a useful step towards providing IRS management and other entities with up-to-date, consistent information about identity theft-based refund fraud and IRS efforts to address it. However, it could be improved with the inclusion of additional information about data limitations, definitions, data sources, and the frequency of data updates in some areas. With such additional information, IRS management or other entities that use the report would have a clearer picture of not only what is known about identity theft-based refund fraud, but the strengths and limitations of the available information. The quality of the report will also be enhanced by the institution of process controls to help ensure consistency in how the data in the report are compiled, verified, and validated. Conclusions: Identity theft-related tax fraud is a terrible problem for the victims and a growing problem for tax administration. For this reason, legislators, government officials, and the public want to know about IRS efforts to address identity theft. The nature of identity theft- related tax fraud means that it will be very difficult, if not impossible, to develop a complete picture of the extent and nature of the problem, which in turn makes it difficult to assess IRS's progress in combating it. While not a direct attack on the problem itself, IRS's new Global Report could be a useful management tool. It is a recognition of the fact that IRS is devoting significant resources to the identity theft problem and that consolidated and more consistent program information could assist in management oversight and decision making. In reading the report, we identified some improvements that could help users better understand the information provided. Recommendations for Executive Action: To improve the identity theft information available to IRS management and Congress, we recommend that the Acting Commissioner of Internal Revenue update the Refund Fraud and Identity Theft Global Report to: * provide definitions, data sources, and the frequency of data updates for data elements where such information is missing; * document procedures used to compile and validate data; and: * describe limitations of the data presented. Agency Comments and Our Evaluation: IRS officials provided oral comments in response to our draft findings, conclusions, and recommendations. The Director of PGLD stated that she agreed with our recommendations and plans on implementing our recommendations to improve the information provided in the Global Report. The Director of CI, Refund Crimes said that the discussion of CI's investigation of identity theft could be interpreted to suggest that CI is expected to work every case of identity theft. We revised language in the report to emphasize that, like other forms of fraud, CI focuses its identity theft-related refund fraud investigations on the most serious cases. Chairman Platts, Ranking Member Towns, and Members of the Subcommittee, this completes my prepared statement. I would be happy to respond to any questions you may have at this time. Contacts and Acknowledgments: For further information on this testimony, please contact James R. White at (202) 512-9110 or whitej@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. In addition to the individual named above, David Lewis, Assistant Director; Shannon Finnegan, Analyst-in- Charge; Michele Fejfar; Sarah McGrath; Donna Miller; Amy Radovich; and Sabrina Streagle made key contributions to this report. [End of section] Footnotes: [1] Taxpayers can also be affected by employment fraud, which occurs when an identity thief uses a taxpayer's name and Social Security number to obtain a job. For additional information on employment fraud see GAO, Taxes and Identity Theft: Status of IRS Initiatives to Help Victimized Taxpayers, [hyperlink, http://www.gao.gov/products/GAO-11-674T] (Washington, D.C.: May 25, 2011). [2] IRS officials told us they do not classify Operation Mass Mail incidents as impacting tax administration since the fraudulent return usually does not harm an innocent taxpayer, as most of these cases involve individuals who do not have a filing requirement. [3] GAO, Taxes and Identity Theft: Status of IRS Initiatives to Help Victimized Taxpayers, [hyperlink, http://www.gao.gov/products/GAO-11-721T] (Washington, D.C.: June 2, 2011); [hyperlink, http://www.gao.gov/products/GAO-11-674T]; and Tax Administration: IRS Has Implemented Initiatives to Prevent, Detect, and Resolve Identity Theft-Related Problems, but Needs to Assess Their Effectiveness, [hyperlink, http://www.gao.gov/products/GAO-09-882] (Washington, D.C.: Sept. 8, 2009). [4] [hyperlink, http://www.gao.gov/products/GAO-09-882]. [5] [hyperlink, http://www.gao.gov/products/GAO-11-721T], [hyperlink, http://www.gao.gov/products/GAO-11-674T], and [hyperlink, http://www.gao.gov/products/GAO-09-882]. [6] As discussed in more detail in our 2009 report, [hyperlink, http://www.gao.gov/products/GAO-09-882], IRS has limited authorities to share identity theft information with other federal, state, and local agencies. Tax returns and other information submitted to, and in some cases generated by, IRS are confidential and protected from disclosure, except as specifically authorized by statute. 26 U.S.C. § 6103. [7] The Identity Theft Advisory Council is part of the governance process to address IRS's service-wide identity theft efforts and is made up of representatives from various IRS functions. The primary objectives of the Identity Theft Advisory Council are to promote a collaborative vehicle for addressing and overseeing enterprise-wide identity theft matters and to monitor and report on the status of related identity theft initiatives. [8] GAO, Tax Administration: IRS Needs to Further Refine Its Tax Filing Season Performance Measures, [hyperlink, http://www.gao.gov/products/GAO-03-143] (Washington, D.C.: Nov. 22, 2002) identifies linkage, clarity, measurable targets, objectivity, reliability, core program activities, limited overlap, and government- wide priorities as key attributes of successful performance measures. Because of the limited time to conduct our analysis for this testimony, we focused on only a few of these attributes that were relevant to the Global Report. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]