[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]









  THE INTERNAL REVENUE SERVICE'S RECORD RETENTION POLICIES: IMPROVING 
                               COMPLIANCE

=======================================================================

                                HEARING

                               before the

                       SUBCOMMITTEE ON OVERSIGHT

                                 OF THE

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 25, 2017

                               __________

                          Serial No. 115-OS06

                               __________

         Printed for the use of the Committee on Ways and Means








[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]










		 
                     U.S. GOVERNMENT PUBLISHING OFFICE 
		 
33-614                    WASHINGTON : 2019                 





                      COMMITTEE ON WAYS AND MEANS

                      KEVIN BRADY, Texas, Chairman

SAM JOHNSON, Texas                   RICHARD E. NEAL, Massachusetts
DEVIN NUNES, California              SANDER M. LEVIN, Michigan
PATRICK J. TIBERI, Ohio              JOHN LEWIS, Georgia
DAVID G. REICHERT, Washington        LLOYD DOGGETT, Texas
PETER J. ROSKAM, Illinois            MIKE THOMPSON, California
VERN BUCHANAN, Florida               JOHN B. LARSON, Connecticut
ADRIAN SMITH, Nebraska               EARL BLUMENAUER, Oregon
LYNN JENKINS, Kansas                 RON KIND, Wisconsin
ERIK PAULSEN, Minnesota              BILL PASCRELL, JR., New Jersey
KENNY MARCHANT, Texas                JOSEPH CROWLEY, New York
DIANE BLACK, Tennessee               DANNY DAVIS, Illinois
TOM REED, New York                   LINDA SANCHEZ, California
MIKE KELLY, Pennsylvania             BRIAN HIGGINS, New York
JIM RENACCI, Ohio                    TERRI SEWELL, Alabama
PAT MEEHAN, Pennsylvania             SUZAN DELBENE, Washington
KRISTI NOEM, South Dakota            JUDY CHU, California
GEORGE HOLDING, North Carolina
JASON SMITH, Missouri
TOM RICE, South Carolina
DAVID SCHWEIKERT, Arizona
JACKIE WALORSKI, Indiana
CARLOS CURBELO, Florida
MIKE BISHOP, Michigan

                     David Stewart, Staff Director

                 Brandon Casey, Minority Chief Counsel

                                 ______

                       SUBCOMMITTEE ON OVERSIGHT

                    VERN BUCHANAN, Florida, Chairman

DAVID SCHWEIKERT, Arizona            JOHN LEWIS, Georgia
JACKIE WALORSKI, Indiana             JOSEPH CROWLEY, New York
CARLOS CURBELO, Florida              SUZAN DELBENE, Washington
MIKE BISHOP, Michigan                EARL BLUMENAUER, Oregon
PAT MEEHAN, Pennsylvania
GEORGE HOLDING, North Carolina























                            C O N T E N T S

                               __________

                                                                   Page

Advisory of July 25, 2017 announcing the hearing.................     2

                               WITNESSES

Mr. Gregory Kutz, Assistant Inspector General for Audit, 
  Management Services and Exempt Organizations, TIGTA............     5
Mr. Jeffrey Tribiano, Deputy Commissioner for Operations Support, 
  IRS............................................................    17
Mr. Edward Killen, Director of Privacy, Governmental Liaison, and 
  Disclosure, IRS................................................    17

 
  THE INTERNAL REVENUE SERVICE'S RECORD RETENTION POLICIES: IMPROVING 
                               COMPLIANCE

                              ----------                              


                         TUESDAY, JULY 25, 2017

             U.S. House of Representatives,
                       Committee on Ways and Means,
                                 Subcommittee on Oversight,
                                                    Washington, DC.

    The Subcommittee met, pursuant to call, at 10:00 a.m. in 
Room 1100, Longworth House Office Building, Hon. Vern Buchanan 
[Chairman of the Subcommittee] presiding.
    [The Advisory announcing the hearing follows:]


  [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
        

                                 

    Chairman BUCHANAN. The Subcommittee will come to order. 
Welcome to the Ways and Means Oversight Subcommittee hearing on 
the IRS Record Retention Policies: Improving compliance. Last 
year the IRS processed 244 million tax returns. Among them are 
individuals, small businesses like my own, who must retain 
their tax records in case the IRS ever wants to review them.
    The IRS must also identify and retain records for defined 
lengths of time in accordance with the Federal requirements. 
These records may later be needed to respond to requests from 
Congress, private citizens, or those bringing suit against the 
IRS. All of these parties have a right to ask the IRS to 
produce complete records, and the IRS has a responsibility to 
provide those records.
    However, TIGTA found that IRS policies do not comply 
totally with all the Federal requirements, which ensure that 
all records are readily retrievable and usable. Specifically, 
the production of IRS emails currently relies on the IRS's 
ability to search thousands of employee hard drives; or, 
alternatively, each employee's ability and willingness to print 
and file important emails. Neither system is sustainable nor 
reliable enough to satisfy the voluminous records requests 
received by the IRS.
    The IRS has also changed its record retention policy three 
times since 2013, creating confusion across the agency. 
Additionally, the IRS has failed to setup a basic email system 
capable of automatically archiving employee emails.
    These issues ultimately reduce transparency, open the 
agency to exposure to civil lawsuits, and inhibit Congressional 
oversight of the IRS. They also create a double standard 
whereby the IRS is not required to maintain basic records in 
the same way that the average American citizen must.
    No individual or small business could do the same and not 
be subject to punitive actions by the IRS. Furthermore, this 
issue has been raised repeatedly by Congress to the IRS for 
years without a permanent solution.
    So here we are today to discuss TIGTA's most recent 
findings and the IRS's progress in addressing these concerns. I 
believe Members on both sides of the aisle want to ensure IRS 
has the authority and the resources it needs to administer the 
Code. However, in return we need to see stronger efforts by the 
IRS to ensure that records are properly retained and easily 
retrievable. We would also like to see the IRS work to improve 
how it procures and implements its IT system.
    To that end, I look forward to hearing from the witnesses 
today, and now I yield to the distinguished Ranking Member, Mr. 
Lewis, for the purposes of an opening statement.
    Mr. LEWIS. Good morning. Thank you, Mr. Chairman. Thank you 
for holding this hearing. I also would like to thank our 
witnesses for being here today.
    As the broader Ways and Means Committee discusses tax 
reform, our Subcommittee will play a very important role in 
improving the Internal Revenue Service.
    Today's hearing will examine IRS policies to store, 
archive, and produce records, including electronic mail. We 
will also review the IRS's ability to respond to legal, Freedom 
of Information Act or third party requests, including those 
from Members of Congress.
    In 2015, the agency received over 10,000 FOIA requests and 
closed over 99 percent within an average of 23 business days. 
The few requests that took longer than 20 business days 
generally involved privacy or other legal issues that prevented 
a timely response.
    We all agree that Federal agencies must process and reply 
to any request for relevant electronic and other records in a 
timely manner. For any agency, including the IRS, information 
technology is key to meeting this standard. This is one of the 
many reasons that Congress must ensure that the agency's IT 
systems are not only fully funded but also fully staffed.
    Since 2010, Congress cut this agency's budget by almost $1 
billion. That is a lot of money. That is a big cut. In the last 
5 years the agency's IT budget was cut by $71 million, and the 
IRS lost nearly 290 IT employees. Many of you heard me say it 
many times and on different occasions that you cannot get blood 
from a turnip.
    Early this month, the Treasury Inspector General for Tax 
Administration released a report on the IRS's electronic 
records retention policy and IT systems. The TIGTA report made 
five recommendations, and the IRS agreed with every single 
recommendation and suggestion. As we move forward, we must 
remember these lessons learned, and we must be mindful of the 
IRS IT system needs.
    Mr. Chairman, together we will begin a good, inclusive 
process, and I hope that we can continue our strong bipartisan 
work to improve the IRS. Again, I thank you, Mr. Chairman, for 
holding this hearing, and I look forward to the testimony of 
our witnesses.
    And I yield back.
    Chairman BUCHANAN. Without objection, other Members' 
opening statements will be made part of the record.
    Today's witness panel includes three experts, Gregory Kutz, 
Assistant Inspector General for Audit for Management Services 
and Exempt Organizations at TIGTA; Jeffrey Tribiano, Deputy 
Commissioner for Operations Support at the IRS; and Edward 
Killen, Director of Privacy, Government Liaison, and Disclosure 
at the IRS.
    The Subcommittees have received your written statements, 
and they will all be made part of the formal hearing record. 
You have five minutes to deliver your remarks. We will begin 
with you Mr. Kutz. You can begin when you are ready.

  STATEMENT OF GREGORY KUTZ, ASSISTANT INSPECTOR GENERAL FOR 
   AUDIT, MANAGEMENT SERVICES AND EXEMPT ORGANIZATIONS, TIGTA

    Mr. KUTZ. Mr. Chairman, Ranking Member Lewis, and members 
of the Subcommittee, thank you for the opportunity to discuss 
electronic records management.
    Today's testimony highlights the results of our recently 
issued report on this matter. My testimony has two parts. First 
I will discuss our findings, and second, I will discuss our 
recommendations.
    First, the IRS is required by Federal law to retain and 
produce records when requested through appropriate means. 
However, the IRS has had challenges responding to several high-
profile requests from the Congress, the public, and the courts. 
The loss or destruction of information resulting from this as a 
result of inadequate systems and processes along with human 
error.
    Some key findings from our report include the current email 
system does not meet Federal requirements for storing and 
managing email messages. We reported last year that the IRS's 
previous attempt to implement a new email system was 
unsuccessful at a cost of at least $12 million. Electronics 
records storage policies have changed repeatedly since May of 
2013. The policy has changed from wipe and reuse information 
technology, to save everything, to wipe and reuse equipment for 
all but two parts of the IRS, to the current policy of refrain 
from wiping the data from any hard drive. It is not surprising 
that this has resulted in some confusion.
    Storage of tens of thousands of laptops and hard drives at 
dozens of locations across the country is not a sustainable 
recordkeeping solution. And the interim policy for IRS 
executives to archive their emails was not implemented 
effectively.
    Although many challenges remain, progress was made in 
several areas during our audit. For example, IRS has developed 
a new policy prohibiting the use of instant messaging for 
official business, and requiring any instant messages that are 
a Federal record to be retained. And improved policy for 
preserving records for separated employees. In addition, the 
IRS' most recent attempt to implement a new email system is 
planned to be completed by the end of this fiscal year. We also 
found that IRS closed over 70 percent of Freedom of Information 
Act requests within 20 business days as required.
    Moving on to my second point, as you mentioned, we made 
five recommendations to the IRS to enhance its electronic 
records management. These recommendations include: 
implementation of enterprise email solutions that enable the 
IRS to effectively organize and retain emails; develop an 
accurate list of executives and ensure that their emails are 
archived; enhance processes related to retention of records for 
separated employees; and, ensure that FOIA policy is followed 
by all employees responding to requests.
    As Ranking Member Lewis mentioned, the IRS agreed with all 
five of our recommendations and is taking action. TIGTA will 
continue to monitor the progress of the IRS in enhancing its 
electronic records management.
    In conclusion, given that the IRS expects taxpayers to 
retain records for years in support of their tax returns, IRS's 
ability to do the same is essential to maintaining public 
trust.
    Mr. Chairman and Ranking Member Lewis, that ends my 
statement, and I look forward to all of your questions.
    [[The prepared statement of Mr. Kutz follows:]


 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 



                                 

    Chairman BUCHANAN. Thank you.
    Mr. Tribiano, you are recognized.

    STATEMENT OF JEFFREY TRIBIANO, DEPUTY COMMISSIONER FOR 
OPERATIONS SUPPORT, IRS; ACCOMPANIED BY EDWARD KILLEN, DIRECTOR 
     OF PRIVACY, GOVERNMENTAL LIAISON, AND DISCLOSURE, IRS

    Mr. TRIBIANO. Good morning, Chairman Buchanan, Ranking 
Member Lewis, and members of the Subcommittee. My name is Jeff 
Tribiano, and I am the Deputy Commissioner for Operations 
Support at the IRS. I appreciate this opportunity to testify 
today.
    In my position at the IRS I oversee internal operations, 
which includes information technology, human capital, finance, 
and privacy, Procurement, Planning, facilities, security, 
enterprise risk, and the office of equity, diversity and 
inclusion.
    Joining me today from the IRS at the witness table is Mr. 
Edward Killen, the IRS Chief Privacy Officer.
    Over the years the IRS has worked closely with the National 
Archives and Records Administration, NARA, to improve our 
processes and protocols in regard to retention of Federal 
records to make sure they are appropriate and work properly.
    We recently have made several significant investments in 
and important progress on a number of fronts to improve our 
records management practices for email and to update our 
existing records management policies, procedures, and 
practices. Our work continues in this area.
    In particular, we are well on our way to completing the 
implementation of an enterprise-wide solution for the 
preservation of electronic records of the agency. This will 
bring us into compliance with the Office of Management and 
Budget directive requiring all Federal agencies to have email 
in an electronically accessible format.
    More broadly, we are also taking a number of other actions 
to improve records management. These include the following:
    We have updated policy and procedure guidance on electronic 
messaging usage and preservation. This includes guidance on the 
preservations of instant messages.
    We have enhanced our clearance procedures for employees who 
leave the IRS, so we can identify and preserve Federal records 
on separating employees before the employee departs.
    We are in the process of upgrading our e-Discovery 
capability to a modern, cloud-based set of tools. This will 
allow more quickly and efficiently for us to meet our discovery 
obligations in relation to litigation or governmental 
investigations.
    In the area of training, we recently released the first 
annual Records Mandatory Briefing for all IRS employees and 
managers. This course is designed to heighten an understanding 
of records retention responsibilities.
    And regarding the Freedom of Information Act, we are 
upgrading the software used for the day-to-day management of 
FOIA operations. Although the IRS already responds to more than 
75 percent of FOIA requests within 20 days, this new system 
will facilitate automation and improve our effectiveness and 
efficiency in this area.
    Taken together, we believe these efforts to improve 
electronic records management are an important step forward. 
They are not only bringing the IRS into compliance with NARA 
standards and the OMB records management directive, but will 
also greatly enhance our ability to timely respond to Congress, 
the courts, and FOIA requests.
    We also appreciate the Treasury Inspector General for Tax 
Administration's recent review on our records retention 
policies and procedures. We agree with all five recommendations 
in the report, and we believe they are helpful in our efforts 
to improve in this area. We have already made significant 
progress toward completing action on the recommendations and 
have implemented two of them. We are on track to complete all 
of them by the end of this year.
    That concludes my opening statement, and I am happy to 
answer any questions.
    [The prepared statement of Messrs. Tribiano and Killen 
follows:]


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




                                 

    Chairman BUCHANAN. Thank you, and thank you for your 
excellent testimony. We will now proceed to the question and 
answer session. And in keeping with my past precedent, I'd like 
to hold my questions until the end.
    I now recognize the gentleman from Arizona, Mr. Schweikert.
    Mr. SCHWEIKERT. Thank you, Mr. Chairman. I have a handful 
of things here, and I want to first wrap my head around a 
couple of things I was seeing in the notes here.
    Was there an attempt at an enterprise solution that, shall 
we say, failed?
    Mr. TRIBIANO. Yes, sir.
    Mr. SCHWEIKERT. Why did it fail?
    Mr. TRIBIANO. Back in 2015 we identified and procured a 
hybrid cloud-based solution to implement the NARA requirements. 
There was a procurement protest on the procurement that we 
issued. GAO upheld the procurement protest so all work on the 
program had to stop. We had to go to our plan B, which was an 
on-premise based solution for the implementation, and that 
caused a delay in the project.
    Mr. SCHWEIKERT. Okay. So you were doing an enterprise 
cloud-based automated capture backup system?
    Mr. TRIBIANO. We were.
    Mr. SCHWEIKERT. That is what had won, and then there was a 
procurement protest that stopped you from adoption?
    Mr. TRIBIANO. There was a procurement protest, yes, sir, 
and GAO upheld the protest, which means we all----
    Mr. SCHWEIKERT. So you didn't rebid it?
    Mr. TRIBIANO. We went out to a different solution and rebid 
the second solution, yes, sir.
    Mr. SCHWEIKERT. And the second solution was in-house 
retention.
    Mr. TRIBIANO. It was an on-premise solution.
    Mr. SCHWEIKERT. And now you are doing----
    Mr. TRIBIANO. An on-premise solution.
    Mr. SCHWEIKERT. On-premise solution that will be fully 
automated--I mean, I am seeing a number in here of what was it 
33,000 hard drives if I were to count everything that is 
floating around out there, it is going to be able to 
automatically back up and capture.
    Mr. TRIBIANO. All of our electronic emails will be backed 
up and captured on the on-premise solution, yes, sir.
    Mr. SCHWEIKERT. And direct messaging systems?
    Mr. TRIBIANO. The instant messaging system, yes, sir. But 
there is a piece of that. I mean, instant messaging according 
to our policy, and Ed, Mr. Killen can explain this in more 
detail, but it is not supposed to be used for a formalized 
record. If it is, then that has to be copied into the system 
and stored.
    Mr. SCHWEIKERT. But if it is used someone has to make that 
decision to save it?
    Mr. KILLEN. Yes, Congressman, that is correct.
    Mr. SCHWEIKERT. So you and I are working on something, and 
we decide we are going to use the direct messaging system. Is 
that how you refer to your system instead of instant?
    Mr. KILLEN. Instant yes.
    Mr. SCHWEIKERT. I have to actually as the employee make a 
decision, oh, I need to hit the button for this one to be 
retained?
    Mr. KILLEN. That is correct. We refer to that as our office 
communicator system, and the employee would have to if a record 
is created, and we have been very clear in IRS about 
disseminating this guidance, but if a record is created the 
employee does have the affirmative obligation to save that 
record.
    Mr. SCHWEIKERT. Wouldn't it be more elegant just to do a 
constant capture model?
    Mr. KILLEN. I think part of the context around instant 
messaging is that we found that it is a tool that is effective 
for collaborative dialogue, as our employees are working 
various issues. So I think part of the challenge is that most 
of the information associated with those instant messages would 
really essentially be transitory. They would not be 
authoritative records.
    Mr. SCHWEIKERT. So you are basically asking an employee to 
say this is appropriate for retention, this isn't. I see a 
human factor that creates a level of fragility. And, look, I 
know we all have certain concerns of privacy and those things, 
but it is still a government document even if it is transitory. 
I am just surprised you haven't designed an automatic capture, 
which is, you know, in today's price of storage, just capture 
everything and just, you know, build search tools that are more 
robust that may be easier in your life, but this is your area 
of expertise.
    I have been asked just because--and I only know a tiny bit 
of it, so you are going to have to educate me here. Talk to me 
about the Security Summit with some of our, shall we say, folks 
in the private sector and what we are learning from their 
technology and what we can learn to adopt?
    Mr. KILLEN. I appreciate that question. The security summit 
has been a great success story within IRS. As you know, one of 
our challenges has been addressing identity theft and working 
to protect taxpayers from that crime. And so, a couple of years 
ago the IRS commissioner decided that this would really be an 
opportunity for a public-private sector partnership to work 
together with the State Departments of Revenue and also with 
the private sector tax return preparer community in order to 
defend ourselves holistically against this threat, and we 
really refer to it as ``the tax ecosystem.''
    And one of the things that we have found certainly is that 
where there are weaknesses in any one of those links on the 
chain it actually impacts others. So we decided that it would 
be great if we could all work together to try to share lead 
information, threat detection sort of information in an effort 
to protect taxpayers.
    Over the past couple years this has been tremendously 
successful. We have to remain vigilant, but I am pleased to 
report that the commissioner will be announcing later on today 
that over the past 2 years we have seen a reduction in our 
identity theft inventory of over 60 percent, and I think that 
is in large part attributable to those efforts along with 
others, as well.
    Mr. SCHWEIKERT. Mr. Chairman, if there is a second round I 
would love to do some more exploring of this. Thank you for 
your patience.
    Chairman BUCHANAN. I now recognize the Ranking Member from 
Georgia, Mr. Lewis.
    Mr. LEWIS. Thank you, Mr. Chairman. Mr. Deputy 
Commissioner, has the IRS received additional funding to 
implement the five recommendations? Did you get more money?
    Mr. TRIBIANO. No, sir. The last increase that we had in 
this area to be able to implement was--and we are really 
appreciative for--is the $290 million that Congress 
appropriated specifically for identity theft, cyber security 
and customer service at our call centers.
    Mr. LEWIS. How have IRS budget reductions in IT impacted 
your operation? What more could you have done or accomplished 
with more money?
    Mr. TRIBIANO. Well, I appreciate that question. Our 
infrastructure in the IRS is very unique. It is large. It is 
complex. If you step back and look at all the stuff that 
happens within that infrastructure, we process over 200 million 
electronic returns a year within the IRS infrastructure. We 
have two data centers that operate on a 24-hour, 7-day-a-week 
basis.
    We have over 187 million taxpayer accounts on the system. 
We collect and process all the records for $3 trillion in tax 
revenue. We process and release about $400 billion a year in 
refunds through this system.
    If you look at it from all the things that we support, we 
have one of the world's largest audit and collection firms that 
we have to support with 14,000 revenue agents and revenue 
officers. We have one of the largest law firms that have unique 
requirements within the IRS that we have to support from an IT 
perspective. We also have and operate a large call center that 
handles about 64 million calls a year. That comes out of our 
IT.
    We also have a large criminal investigation force that has 
unique IT requirements that we have to support. We have also 
processed, received, and digitalized over 80 million paper 
records that come in with tax returns and correspondence within 
the IT infrastructure. So all of that, all of that work, is 
what we protect every year for filing season, and when we have 
reduced funds we have to then reallocate resources to the areas 
within that system that we believe need it just to maintain 
filing season.
    And what that does is it causes us to shift funds out of 
development projects that we are working on or other areas 
within the system itself to be able to fund the filing season 
systems.
    And what I would really like to do at some point is bring 
up my CIO and maybe meet with the staffs or any Members of the 
Committee and go through the complexities of the IT system.
    Now, I will give you a few statistics on why it is 
important. We have over 400 tailored applications in support of 
our lines of business. We have over 2,000 individual COTS 
products working across work station servers and mainframes. We 
have over 14,000 physical and virtual servers that run the IRS. 
We have over 7,700 databases that support the servers in the 
mainframe environment, and we support over 82,000 desktops and 
laptops throughout the agency.
    So any time that we have to shift funds because we have a 
lack of them to true up our filing season systems it makes the 
other systems more vulnerable for down time, for longer times 
of repair. We have to shift technical experts around. We have a 
gapping in some of our technical expertise within it.
    So we have to shift physical resources to the systems for 
filing season, which takes them off-line for development and 
production of new systems or upgrades. So it has an impact on 
our ability to operate.
    Mr. LEWIS. Mr. Assistant Inspector General, what is your 
reaction to what has just been stated? I don't understand how 
you can continue to function, the agency has been cut by more 
than $1 billion in the past few years.
    Mr. KUTZ. Certainly in the information technology area they 
have had turnover, they have had a reduction in staff, and they 
are thin in a lot of areas with expertise, and there are a 
large number of people, 40 percent of the people, can retire by 
2019, so they do have a human capital challenge within 
information technology.
    The topic of today's hearing I think is a combination of 
systems, processes, and training of people involved in this. So 
money is one factor, but so is management processes and in 
human beings that are trained, and there are internal controls 
in place to follow up to make sure that in this case records 
are retained and preserved in the way they are supposed to.
    Mr. LEWIS. Thank you very much. Thank you for being here. 
Thank you for your testimony. I yield back.
    Chairman BUCHANAN. Mrs. Walorski you are recognized.
    Mrs. WALORSKI. Thank you, Mr. Chairman. Thanks to our 
witnesses for being here, as well. The General Services 
Administration offers something called Blanket Purchase 
Agreements or BPAs, that cover a wide range of supplies and 
services but are generally designed to streamline the 
procurement process by functioning as sort of a charge account 
with trusted suppliers.
    One such service covered under a BPA is what is called 
cloud-based email as a service, which we touched on a second 
ago, solutions. It is basically a fancy term for things like 
email calendar contacts, collaboration services, such as 
instant messenger, and to aid in record retention requirements, 
archiving, and searchability.
    This particular BPA allows an agency to pick from a range 
of services from 14 different companies. To make it even 
easier, the GSA even breaks down the services into this handy 
grid to make it easy to see what is being offered and by whom, 
correct?
    Mr. TRIBIANO. Yes, ma'am.
    Mrs. WALORSKI. Okay. However, the TIGTA report on the IRS's 
failed acquisition of an enterprise email system showed that 
despite going through the BPA process, the IRS purchased items 
that weren't on the BPA. They purchased something with a 
similar name as the one on the BPA list, but it was a different 
product. A company successfully challenged the purchase with 
the GAO, and the IRS had to abandon the contacts and start 
over.
    Taxpayers spent $12 million on software that was never 
used. Mr. Tribiano, can you walk us through how something like 
this happens, and what you are going to do to prevent it from 
happening again? Because basically what it boils down to is you 
pick from something not on the list, taxpayers get stuck with a 
$12 million bill, and this isn't used.
    So what safeguards are in place from that experience to 
say, oh, my gosh, we made a mistake, we are never going to do 
this again. Because in my district to all the Hoosiers in the 
state of Indiana, $12 million is a lot of money, especially for 
something not used sitting on a shelf. So what safeguards are 
in place now that weren't before?
    Mr. TRIBIANO. Yes, ma'am. At that time that that was done 
it was my understanding there was an assessment done on that 
blanket purchase agreement, and that the products that we were 
going to purchase off the blanket purchase agreement was 
allowed within the range of products that were being offered. 
It was only when the protest happened, I think----
    Mrs. WALORSKI. The lawsuit? When the GAO came back and 
basically said you purchased something that is not on this 
list?
    Mr. TRIBIANO. I don't remember--or read the language that 
GAO said. I know that GAO came back to us and said we are 
upholding the protest that was filed by a vendor. And then when 
that happened we turned to what our plan B would be, which 
would be the on-premise solution, and we went out then and 
contracted for that.
    So the safeguards that are in place is we have a mechanism 
now within our procurement office that has a policy and process 
in place that has a secondary view of any schedule that we go 
to on blanket purchase agreements that allows us to have that 
secondary sign off.
    Mrs. WALORSKI. And have they caught anything? This new 
group, have they been able to catch those same kinds of 
actions? Have they been like the watch guard to make sure this 
doesn't happen again? Has that been successful?
    Mr. TRIBIANO. I think it has been successful. I have not 
seen anything or when I talk with the chief procurement officer 
I haven't seen anything that would stand out as a large item 
that went through or was stopped. I am being briefed that it is 
a successful process, and that a process that happened like 
that in the past should not happen again within the IRS.
    Mrs. WALORSKI. I appreciate it. And then, Mr. Kutz, do you 
believe these actions are sufficient, these safeguards, that 
they will be the net that catches this kind of cross confusion, 
and especially to the tune of $12 million just with one action 
alone?
    Mr. KUTZ. Yeah. I mean, we and GAO, concluded that the 
blanket purchase agreement, the cloud solution, was outside the 
scope of the blanket purchase agreement. We, and GAO, both 
believe that at this time. But we will see. I mean, they are 
supposed to have their new email solution done by the end of 
this fiscal year and whether they are there, we are going to be 
doing work to follow up on that and determine whether it is 
implemented effectively.
    Mrs. WALORSKI. I appreciate that.
    Thank you, Mr. Chairman. I yield back.
    Chairman BUCHANAN. Ms. DelBene, you are recognized.
    Ms. DELBENE. Thank you, Mr. Chair, and thanks to all of you 
for being with us this morning.
    Mr. Kutz, in your testimony you state that there are many 
security measures in place for documents that are pictured in 
the photographs that are attached to the end of your report, 
and that the vast majority of the items in the photographs are 
generated from the replacement of aged equipment.
    I wondered if you could talk to us about the reasons why an 
electronic storage option wasn't used? So if you are phasing 
out old equipment really the question is, why not store 
documents in the cloud or in some other electronic format that 
could be searched and secured?
    Mr. KUTZ. Well, their email solution does not automatically 
archive as everyone has talked about at the beginning here. So 
they have been saving, and I mentioned they were changing the 
policies in my opening statement. Well, the policy that has 
resulted in the old technology and hard drives and other things 
being at all these locations is that they are saving it now 
because there are potentially Federal records on this 
information.
    And so I think we have an issue here of we are all talking 
about going forward. Once IRS has processes to go forward, then 
we have to deal with the going backward, and they have tens of 
thousands of these devices at 50 something locations across the 
country that they are going to have to deal with at some point. 
Some of them they may be able to find records in, the other 
ones the actual hard drive may not be matched to the person.
    So I think when we talk today about the solutions, there is 
the going forward solution, and then Congress is going to have 
to work with IRS as to what to do with the issues going 
backward, all these devices being stored around the country 
that potentially have Federal records that shouldn't 
necessarily be destroyed.
    Ms. DELBENE. And right now they would be kind of just kept 
in some printed form?
    Mr. KUTZ. Well, it is growing. They are still keeping more 
and more items. Now with the email solution going forward, that 
should help to some extent, but right now the policy is backup 
tapes are being kept, hard drives are being kept, et cetera, 
indefinitely.
    And, again, I think if we can fix the problems going 
forward, then the question is what do we do looking backward to 
eventually destroy this information because it is a storage 
problem.
    There are large rooms filled with old equipment and hard 
drives and old laptop shells that are going to be there 
indefinitely until a solution is determined.
    Ms. DELBENE. And old systems that people may not know how 
to access well over time?
    Mr. KUTZ. Well, that is a separate issue, the old 
technology with respect to--they have hardware aged, and then 
they also have systems that they are trying to upgrade and 
modernize.
    Ms. DELBENE. Okay. I also wondered if any of you could 
elaborate a bit on the role that HR and IT play in retaining 
electronic records. There is a lot of talk about employees 
printing records out and keeping them, but how are decisions 
made to ensure that important information is backed up on a 
hard drive, and what are you doing to make sure it is not just 
maintained on a hard drive because that is also--if there is a 
crash or anything you lose all of that information, so what is 
being done there?
    Mr. KILLEN. Thank you for the question. One of the 
opportunities that we have as we are moving forward with our 
new email solution is indeed to move away from that historical 
reliance on hard drives and on people saving things on their 
local machines because that is not an optimal way to preserve 
and archive records. You have limitations in the way you can 
search and produce documents when needed.
    And so I think the good news is that the process that we 
are currently implementing to move to our new email system will 
address a significant aspect of that challenge because the 
emails, and that is predominantly in most of these sort of 
instances where authoritative records would lie, the email 
record will be in the server.
    There are requirements around what constitutes an 
appropriate electronic recordkeeping system. That will ensure 
that we are actively able to search, produce records as 
appropriate. As we move away--and one of the benefits of this 
is that we will no longer need the utilization of the hard 
drives because it has been previously a storage issue, which is 
why people were----
    Ms. DELBENE. You are talking about email. What about other 
documents? Aren't there documents outside of email that you 
also would want to make sure are backed up?
    Mr. KILLEN. Yes, ma'am. That is a fair question, as well. 
And so it really is a combination of tools that will move us 
into a better direction. It is the policies associated with 
informing people that you should not be storing Federal records 
on your hard drives because there is limited access to that.
    So we are moving to collaborative sites, sharepoint sites, 
where records should be and can be held but we will not have 
the storage limitations and so that people have a place to put 
those records.
    The email solution we think will address a large segment of 
it because think about it from a practical standpoint, a record 
is of limited utility if you are the only one who has access to 
it.
    Most records that are created are actually being shared or 
disseminated somewhere, so we think the email solution will 
help some of that. For the remaining issues that we have, we 
are formulating a plan to address that to make sure that we 
have no gaps when we are done with this process because we do 
want to get it right.
    Ms. DELBENE. Thank you. I yield back.
    Chairman BUCHANAN. Mr. Holding, you are recognized.
    Mr. HOLDING. Thank you, Mr. Chairman.
    Mr. Killen, how many executives are at the IRS?
    Mr. TRIBIANO. We have 251 SES executives. We have around 
seven senior leaders. And we still have two members that will 
be expiring shortly on the streamline critical pay.
    Mr. HOLDING. So these are the individuals that I guess for 
lack of a term of art are the critical decision makers within 
the IRS, would that be kind of how you describe executives to 
the IRS?
    Mr. TRIBIANO. Yes, sir.
    Mr. HOLDING. And I think as we pointed out, TIGTA reported 
there has been an independent verification that confirmed the 
email accounts of these executives are actually configured to 
auto archive emails, so that was a finding.
    And, you know, you are testifying today that changes have 
been made, so are you able to say today that the emails from 
those number of executives are being auto archived today, and 
if not, what steps are you taking to ensure that they are being 
auto archived?
    Mr. KILLEN. What I am able to say today, sir, is that we 
are actively implementing the solution that should address 
that. And when I say that we are actively implementing it, I 
mean that we are currently in flight in migrating all of our 
IRS employees into the new email environment where all of their 
emails will be saved and archived appropriately.
    Chairman BUCHANAN. Excuse me, Mr. Killen, is your mike on?
    Mr. KILLEN. The light is on, yes.
    So we are actively migrating to that new email environment, 
and when I say, ``active,'' meaning that we have literally 
moved over already tens of thousands of IRS employees into the 
new environment.
    We think that for the most part all of our executives have 
migrated over. That is important because the root cause of the 
finding where some of our executive emails were not configured 
properly was a part of an interim solution that we put in place 
as a stop-gap measure on the path to our permanent solution 
which we are executing again.
    So the important thing about that is that was a manual 
process. It depended upon people to configure their email 
inboxes----
    Mr. HOLDING. So the new platform that you were migrating to 
will not be a manual process, it will be an auto archive? You 
won't be able to switch it on or switch it off?
    Mr. KILLEN. Correct, sir. It will be automatic and 
systemic.
    Mr. HOLDING. Which one of you would be able to address the 
question of what forms of predictive statistical analysis is 
the IRS using to combat fraud, abuse, and so forth?
    Mr. TRIBIANO. I cannot speak to that, nor can Mr. Killen.
    Mr. HOLDING. Most financial institutions when they are 
looking for fraud or money laundering, compromised accounts, 
they use forms of predictive statistical analysis that they run 
all their data through, and that is the reason why you get the 
call from your bank that says did you just charge this on your 
credit card? It sets off red flags, and one would assume that 
the IRS uses something similar to what financial institutions 
would use to find that?
    Mr. KUTZ. I would say that they do. I think they have a lot 
of filters in place to prevent refunds from going out 
improperly. And so that would be similar, I think, to what you 
are talking about where credit card companies see indicators in 
the data that lead them to call you or to cancel your 
transactions to prevent you from making a transaction. But they 
do try to filter up front before refunds are issued looking for 
fraud indicators.
    So if that is what you are talking about, they have quite a 
bit of that, over 100 of those types of filters.
    Mr. TRIBIANO. Thank you, and if that was where that 
question----
    Mr. HOLDING. That is some of it, but predictive statistical 
analysis is something a little bit different, as well. You 
know, it is an analysis of all the data that you have.
    Are you aware of any software that the IRS buys from 
outside vendors that provides, you know, these services, and 
can you relate as to whether it has been effective for the IRS? 
Do you use it if you do buy it?
    Mr. TRIBIANO. We do purchase outside software to help with 
some of our analysis work, and when we talk about return 
filing, we have a robust system of filters to stop anti-fraud.
    We also have a team of researchers within the IRS that do 
research and apply analytics and statistics that can predict 
and show patterns that are happening. I just can't speak to 
what they are using and how they actually do that work. It 
falls underneath another group that I am just not----
    Mr. HOLDING. Thank you. Mr. Chairman, I yield back.
    Chairman BUCHANAN. Mr. Curbelo, you are recognized.
    Mr. CURBELO. Mr. Chairman, thank you very much for this 
hearing.
    This hearing focuses on an issue that I think many of our 
constituents are concerned about, which is government 
competence. And last week we had, I think, a similar hearing on 
Medicare fraud. I get a lot of questions back home from 
Floridians who wonder why if credit card companies can be so 
effective at preventing fraud, why the government seems to be 
more focused on chasing fraud.
    Well, here we are exploring a similar issue, whether the 
government can be competent, can be trusted, whether we can 
help restore the trust and confidence in our government and in 
our institutions.
    One of the issues that the report we are discussing raises 
is the inability of PGLD to compel business units to respond to 
requests for records and to document their search efforts.
    Mr. Killen, is that still the case today?
    Mr. KILLEN. We are working aggressively to improve our 
Freedom of Information Act request process. I would note that 
on the whole I think we do a good job of that, and we have 80 
percent timeliness in responding to the FOIA requests that we 
receive.
    But one of the important aspects of FOIA is that you do 
rely on the custodian who has the record in order to be able to 
produce those records.
    So what we are doing is that we are revising our 
communication mechanisms. We are revising our search 
memorandums to make it very clear what the responsibility of 
the custodian is in performing an adequate search for those 
records. We are revising our training. We are revising our 
internal quality review process to ensure that we have a 
quality process to ensure the efficacy of the search.
    So we are taking a variety of tools. We are making new 
investments and additional tools to help us locate responsive 
documents. And so, this is really an area where we have been 
intensely focused because document retention and production are 
intrinsically linked. You have to have both working in concert 
in order to be successful. We have got certainly work to do, 
and we are committed to refining that and making improvements 
where needed, so we appreciate the perspective of the IG in 
identifying areas that we can improve upon, and we embrace 
that.
    And so this is an area that we are focused on, and we feel 
like on the whole we do a good job, but we certainly have 
opportunities for improvement, and so we are focused on that.
    Mr. CURBELO. So you are confident that at the end of this 
process that you are undertaking, you will be able to 
effectively compel the agency to conduct these searches and to 
document them?
    Mr. KILLEN. I am. I am certainly confident that at the end 
of this process we will have two things. First of all, we will 
be in a materially better place than we have been historically.
    And secondly, I am confident that we should be able to 
improve the process that we currently have, and that is what we 
are focused on. And I do think that we will be in a better 
place.
    When you look at some of the things that really routinely 
cause us challenges and complications, and Mr. Lewis spoke to 
it, it really is those very complicated requests we get. 
Complicated by virtue of the fact that the responsive documents 
could be hundreds or thousands or tens of thousands in some 
instances, of pages.
    And so the additional investments in our new recordkeeping 
system, in our new FOIA and e-Discovery tool, should put us in 
a better place. It is an area where we will have to remain 
vigilant because it is complicated and nuanced, but we are 
squarely focused on making improvements because we realize that 
taxpayers have a right to request information of their 
government, and we are committed to being able to provide that 
information.
    Mr. CURBELO. Thank you. Thank you, Mr. Killen.
    Mr. Tribiano, in the time, what is the agency doing to 
cooperate with these efforts to make sure that we can get the 
desired result?
    Mr. TRIBIANO. Well, two of the things that Ed mentioned 
were the actual training that is happening right now and the 
ability of our new e-FOIA, e-Discovery systems. So once we get 
our new email electronic records system in place where we can 
search emails and have the ability to search all the email 
records quickly, the other piece of that is having the tools to 
be able to go out from the e-Discovery perspective and from a 
FOIA perspective to get through the documents to be able to 
redact whatever needs to be redacted and produce the documents 
to go forward.
    So we are putting in place the policies that wrap around 
that to make sure that the information is flowing forward and 
that we are able to access all the records and get them through 
the process and if it is a FOIA request, getting to whoever 
requested it. If it is a legal aspect, getting them to our 
attorneys to go out.
    Mr. CURBELO. Thank you, Mr. Chairman. I yield back.
    Chairman BUCHANAN. Mr. Kutz, let me ask you, there are a 
lot of good findings and recommendations in the report from 
everything that you have presented today. What are the top one 
or two steps that the IRS has yet to complete that are critical 
to beginning the IRS in terms of compliance?
    Mr. KUTZ. I would say the electronic, the new email system 
that they are supposed to have implemented. Apparently they are 
starting to roll it out now. Having that done as quickly as 
possible takes some of the human element out of it.
    We talked about it that IRS relies on printing paper or 
saving to a hard drive or something, if you take that out of 
it, you are going to have a higher level of compliance.
    And I think then once we get to the point as I mentioned 
earlier going forward, something has to be done about going 
backward and the tens of thousands of devices across the 
country and all of the storage of that and what you are going 
to do to deal with that because that is a major problem, and it 
is something that I think--it is costly for them to keep it 
like it is now.
    So some solution to that, perhaps working with Congress on 
that is going to be critical.
    Chairman BUCHANAN. In terms of working with Congress, do 
you have any suggestions or things that we could do to be more 
helpful?
    Mr. KUTZ. Well, today is a great example. I think your 
oversight of this on a bipartisan basis is very important and 
holding IRS accountable for the dollars they get, the promises 
they have made, and making sure that they follow through on the 
actions that they say they are going to take.
    So certainly with respect to the email system, follow up to 
see that they get it done at the end of the fiscal year, 
whatever their plan is.
    And then we are going to do work in the future AND we will 
report back to you and IRS on the actual implementation of that 
email system. That is something we have planned for fiscal 
2018, and we are very hopeful that they will be successful, but 
we will do the trust but verify with you.
    Chairman BUCHANAN. Mr. Tribiano, you touched emails 
questions which have been brought up. This concept of the 
future state initiative, where are you in terms of that process 
as it relates to emails?
    Mr. TRIBIANO. Thank you, Mr. Chairman. We are on schedule 
to have the new email on-premise solution that backs up 
electronically all the emails from all the IRS employees, 
taking the human element out of it. We are scheduled to have 
that completed by the end of September. We have an end of 
probably another 30 days after that for some work that has to 
happen in order to take the old email system off-line and have 
everything over there.
    But what we are going to do beyond that before our partners 
at TIGTA come in and take a look at what we are doing is we are 
going to have two independent verifications and validations 
done.
    First we are going to go out while we are in flight in the 
month of October and ask MITR, a Federally funded research and 
development team, to come in and take a look at where we are 
and make sure we met the requirements.
    And then we are going to ask NARA to come over and take a 
look at it and make sure we met all the NARA requirements, so 
we can be confident that everything is backed up, everything is 
moved over, everything is where it is supposed to be. And then 
I know our partners at TIGTA will come in after that and take a 
look and offer their opinions and suggestions about anything 
else we can do to improve that.
    Now, that is just the future state of where we are going 
with the emails. You know, one of the issues, and my colleague 
brought it up, is all the hard drives that we currently have 
stored, and what are we going to do with those? Well, I tell 
you, the majority of those hard drives were refreshers, meaning 
we purchased a new laptop.
    So we copied everything off of one hard drive onto the new 
hard drive, which is now with an IRS employee. But we didn't 
destroy the old hard drive because we are nervous about doing 
anything that is going to remove any piece of digital 
information, until we are sure that we have the new solution in 
place. Then we will go through a systematic process to remove 
the hard drives and laptops that were just refreshers in the 
process. Get our disaster recovery tapes back into the cycle of 
copying over, which is what they are supposed to be doing.
    Chairman BUCHANAN. Let me touch on one point. You thought 
you were going to have it in place by the end of September? We 
are almost in August. In two months? This is a future 
initiative? It seems like a lot of work in two months.
    Mr. TRIBIANO. Well, we have been working on it, sir, since 
we initiated the secondary to plan B procurement for the on-
premise solution. We did that in September of last year, and we 
started the implementation process and testing of it in 
January. Our first migration, the first people that started 
moving over started happening in March.
    So we were working through it systematically to be able to 
make sure that we worked out the kinks on how employees would 
be moved over. We have been in flight in that process and we 
have a committed team of professionals working on it. We will 
have it done by the end of September of this year.
    Chairman BUCHANAN. Well, great. That is nice, because I 
know they talked about September--to actually hit the target 
around here is pretty tough, but good for you guys. Mr. 
Schweikert, do you have another question?
    Mr. SCHWEIKERT. Thank you, Mr. Chairman. I was hoping just 
because I have the talent here to go just a couple side 
questions that I have always been somewhat curious about.
    You are a taxpayer. Your records burn up, something 
horrible happens, like my house right now with the monsoon 
leaking through my house. So I turn to the IRS and say, hey, 
could I get copies of my last seven years of records? Tell me 
the process.
    Mr. TRIBIANO. Sir, I am not exactly familiar with how that 
would happen. There is a process that taxpayers can go through 
in order to receive information and get past records. There is 
information out there on how to get transcripts in other forms.
    Mr. SCHWEIKERT. So where I am going with this is many of us 
have great interest in highly secure methodologies where I can 
actually use this to be able to access everything from my 
college transcripts to my IRS records to my vaccination 
records, those things, and look, you are all very smart, you 
have all probably been tracking, you know, the double path 
systems in regards to a distributive ledger.
    My understanding is even just with a number of servers you 
have throughout the IRS community, you could actually build 
your own node network. And then build a world where, you know, 
NIST, as you may know about 10 days ago published an encryption 
agreement or document saying I could carry my medical records 
on this, and here are the types of encryption they would 
believe would be safe and uniform and could be commonly adopted 
across platforms. The ability to have a biometric and a 
password.
    Could you imagine a world where myself as a taxpayer, could 
log in with my thumbprint, my passcode, see my quarterly 
payments, see my IRS records, see my documentation, see how 
they relate to all my filings, and would that also change just 
even the paperwork load you have when I am getting a loan, and 
I have to document because I am an independent contractor, so I 
have to have the IRS document my last couple years' worth of 
income?
    What type of visioning is going on at the agency to 
understand this world of technology that is out there that 
could make all of our lives much more efficient, much more 
elegant? Where are you going with it?
    Mr. TRIBIANO. That is a great question, and I know you guys 
have been in discussions with the IRS about the IRS future 
state about where we believe the IRS should go. It is very 
similar to what you described.
    It is offering the ability for taxpayers to proactively 
interact with the IRS digitally, if that is their choice of 
medium. We still have to offer walk-in centers, call centers 
and so forth for those that want to communicate in different 
means, but the majority of the public in the research we did 
says they want to be able to communicate and work with the IRS 
digitally like they would with a bank.
    Mr. SCHWEIKERT. Well, you are already doing the project, 
and this ties into the discussion with the Security Summit. If 
I use one of the package softwares on the TurboTax, the TaxCut, 
whatever it may be, I can log in and see all my filings I have 
done through them going back several years, correct?
    So in some ways we already know it is being done on the 
private side of the ledger. It would be an interesting elegance 
that from the Security Summit and then the concepts that if we 
are truly almost to a national standard for encryption using a 
distributive ledger, and the fact that you have servers all up 
and down the chain, you could actually become one of the great 
node networks and control it.
    Mr. TRIBIANO. Yes, sir. Everything that you described is 
always doable. The concern I would bring up from my side of the 
house, not from the service and enforcement side, from my side, 
is that infrastructure.
    As we transition to whatever that future state looks like, 
however we are going to interact with the taxpayers, however we 
are going to do that work, I have to still deliver a successful 
filing season. That is what we talk about with the things that 
could be done to help us. It is to true up our current state of 
systems and protect the current filing season as we do the 
development towards that future.
    Mr. SCHWEIKERT. And, Mr. Chairman and Ranking Member, where 
this thought moves through my mind if we are truly going to 
deliver a tax reform that is much more elegant and simple also 
at the same time delivering a methodology where American 
taxpayers have a more elegant way to use their base technology 
to see their relationship, see their filing, see their history, 
it is sort of a unified theory of simplicity and technology, 
and with that I yield back, Mr. Chairman.
    Chairman BUCHANAN. Thank you. And let me just close on one 
other thought because obviously all of you have been in this 
space for a long time.
    Our goal is as a Committee on a bipartisan basis to try to 
produce an IRS reform bill by tax filing day next year. Maybe 
it is ambitious, but that is our goal. So we would like to get 
your best thoughts and ideas as we move toward that.
    It has been 20 years. We want to try to be helpful in terms 
of the agency being more productive and effective long-term. So 
that is the idea of a lot of these hearings, and we are going 
to be doing more of them. Any thoughts or ideas you have on 
that? I like the idea we talked about the Future State because 
my mind says being in business for a long time I am very big on 
planning and kind of thinking about where we need to be in the 
next 10 or 20 years or five or 10 years down the road.
    Okay. I would like to thank our witnesses for appearing 
before us today. Please be advised Members have two weeks to 
submit written questions to be answered later in writing. Those 
questions and your answers will be made part of the formal 
hearing record. With that the Subcommittee stands adjourned.
    [Whereupon, at 10:57 a.m., the Subcommittee was adjourned.]

                                 [all]