In: Accounting
The Department of Taxation
The Department of Taxation of one state is developing a new computer system for processing state income tax returns of individuals and corporations. The new system features direct data input and inquiry capabilities. Identification of taxpayers is provided by using the Social Security numbers of individuals and federal identification numbers for corporations. The new system should be fully implemented in time for the next tax season. The new system will serve three primary purposes:
• Data will be input into the system directly from tax returns through CRT terminals located at the central headquarters of the Department of Taxation.
• The returns will be processed using the main computer facilities at central headquarters. The processing includes (1) verifying mathematical accuracy; (2) auditing the reason- ableness of deductions, tax due, and so forth through the use of edit routines (these routines also include a comparison of the current year’s data with prior years’ data); (3) identifying returns that should be considered for audit by revenue agents of the department; and (4) issuing refund checks to taxpayers.
• Inquiry service will be provided to taxpayers on request through the assistance of Tax Department personnel at five regional offices. A total of 50 CRT terminals will be placed at the regional offices.
A taxpayer will be able to determine the status of his or her return or get information from the last 3 years’ returns by calling or visiting one of the department’s regional offices. The state commissioner of taxation is concerned about data security during input and processing over and above protection against natural hazards such as fires or floods. This includes protection against the loss or damage of data during data input or processing and the improper input or processing of data. In addition, the tax commissioner and the state attorney general have discussed the general problem of data confidentiality that may arise from the nature and operation of the new system. Both individuals want to have all potential problems identified before the system is fully developed and implemented so that the proper controls can be incorporated into the new system.
Requirements
1. Describe the potential confidentiality problems that could arise in each of the following three areas of processing and recommend the corrective action(s) to solve the problems: (a) data input, (b) processing of returns, and (c) data inquiry.
2. TheStateTaxCommissionwantstoincorporatecontrolstoprovidedatasecurityagainst the loss, damage, or improper input or use of data during data input and processing. Identify the potential problems (outside of natural hazards such as fires or floods) for which the Department of Taxation should develop controls and recommend possible control procedures for each problem identified corporate into the new system.
1. Confidentiality Problems & Recommendation:
(a) At time of Data Input: Since, the data input is through CRT terminals which include manual intervention, the same is prone to confidentiality breach as the concerned inputter may use the data for his personal gains or may leak out the data input by him.
Recommendation: The input should be made automatic and the return should be designed in such a manner that the system picks up the relevant fields from the return and input the same through terminals. For this robotics may be implemented for data input and processing.
(b) At time of processing of Return: Since, the data processing is through mail computers which include manual intervention, the same is prone to confidentiality breach as the concerned processing agent may use the data for his personal gains or may leak out the data input by him.
Recommendation: Processing of returns should be done using robotics which will minimize manual intervention and reduce chances of confidentiality breach.
(c) At time of Inquiry: The data inquiry system states that the user can get returns related information for last three years on call or by visiting the regional office. Since, there is option to get the information through call (which is always prone to confidentiality threats), this may lead to confidentiality problems since the enquirer may ask for information related to other persons on call and use the information for personal gains.
Recommendation: The inquiry of information through phone calls should be restricted to status of processing of returns / status of refunds and no information regarding returns should be shared on call. This may reduce the chances of confidentiality breach.
2. The potential problems for which the Department should develop controls include the following:
(a) Improper Input / processing of returns: To minimize this problem, robotics may be implemented and the returns should be designed in a way to enable direct input or processing of return by system.
(b) Loss of data due to system breakdown / natural hazards: To minimize this, routine back-ups should be taken and also Disaster Recovery Management / preparedness should be implemented.
(c) Confidentiality issues: The same may be minimized by removing manual interventions and making the system of input / processing automatic. Although, the inquiry system would be having manual interventions, the confidentiality breach in the same may be reduced by taking strict actions against the concerned who breaches the confidentiality.