Million tax returns. Among them are individuals, Small Businesses like my own, who must retain their tax records in case the irs ever wants to review them. The irs must also identify retained records to define lengths of time in accordance with the federal requirements. These records may later be needed to respond to requests from congress, private citizens, or those bringing suits against the irs. All of these parties have a right to ask the irs to produce complete records and the irs has a responsibility to provide those records. However, tgif found that the irs policies do not comply totally with all the federal requirements, which ensure that all records are readily retrievable and usable. Especially the production of the irs emails currently rely on the irss ability to search thousands of employees hard drives, or alternatively each employees willingness to print and file important emails. Neither system is sustainable or reliable enough to satisfy the voluminous records requests received by the irs. The irs also changed its record retention policy three times since 2013, creating confusion across the agency. Additionally, the irs has failed to stand up to a basic email system capable of automatically archiving employees emails. These issues ultimately reduce transparency, open the agency to exposure to civil lawsuits, and inhibit congressional oversight of the irs. They also created a double standard whereby the irs is not required to maintain basic records in the same way that the average american citizen must do. No individual or Small Business could do the same and not be subject to punitive actions by the irs. Furthermore, this issue has been raised repeatedly by congress to the irs for years without a permanent solution. So here we are today to discuss the most recent finding in the irs progress, and addressing these concerns. I believe members on both sides of the aisle want to ensure irs has the authority and the resources it needs to administer the code. However, in return, we need to see stronger efforts by the irs to ensure that records are properly retained and easily retrievable. We would also like to see the irs work to improve how it procures and implements its i. T. System. To that end, i look forward to hearing from the witnesses today. And now, i yield to the distinguished Ranking Member, mr. Lewis, for the purposes of an Opening Statement. Good morning. Thank you, mr. Chairman. Thank you for holding this hearing. I would also like to thank our witnesses for being here today. As we discuss the tax reform, our subcommittee will play a very Important Role in improving the Internal Revenue service. Todays hearing will examine irs policies to store, archive and produce records, including electronic mail. We will also review the irss ability to respond to legal freedom of information act, including those from members of congress. In 2015, the agency received over 10,000 fia requests, and 90 within an average of 23 Business Days. The requests took longer than 20 Business Days. Generally involved privacy of legal issues that prevented a timely response. We all agree that federal agency must process and reply to any request for relevant electronic and other records in a timely manner. For any agency, including the irs, Information Technology is key to meeting this standard. This is one of the many reasons that Congress Must ensure that the agencys i. T. System is not only fully funded, but also fully staffed. Since 2010, congress cut this agencys budget by almost 1 billion. Thats a lot of money. Thats a big cut. In the last five years, the agency i. T. Budget was cut by 71 million. And the irs lost nearly 290 i. T. Employees. Many of you heard me say many times, on different occasions, that you cannot get blood from a turnip. Early this month the Inspector General of the Tax Administration released a report on the irs electronic records retention policy in i. T. System. The report made five recommendations, and the irs agreed with every single recommendation. And suggestion. To move forward, we must remember these lessons learned. And we must be mindful of the irs i. T. System needs. Mr. Chairman, together we have a good and inclusive process and i hope that we can continue our strong bipartisan work to improve the irs. Again, i thank you, mr. Chairman, for holding this hearing, and i look forward to the testimony of our witnesses. And i yield back. Without objection,s, other members Opening Statements will be made part of the record. Todays Witness Panel includes three experts, gregory kutz, jeffrey tribiano, Deputy Commissioner for operation support for the irs, and edward killen, government liaison and disclosure at the irs. The subcommittees will have received your written statements. They will all be made part of the formal hearing record. You have five minutes to deliver your remarks. Well begin with you, mr. Kutz. You can begin when youre ready. Mr. Chairman, Ranking Member lewis and members of the subcommittee, thank you for the opportunity to discuss electronic Records Management. Todays testimony highlights the results of our recently issued report on this matter. My testimony has two parts. First, i will discuss or findings, and second, i will discuss our recommendations. The irs is required by federal law to retain and produce records when requested through appropriate means. However, the irs has challenges responding to several highprofile requests from the congress, the public and the courts. The loss of information resulting from this has a result in inadequate systems and processes along with human error. Some key findings from our report include, the current email system does not meet federal requirements for storing and managing email messages. We reported last year that the irs previous attempt to implement a new email system was unsuccessful at a cost of at least 12 million. Electronics records storage policy have changed repeatedly since may of 2013. The policy has changed from wipe and reuse Information Technology to save everything, to wipe and reuse equipment for all but two parts of the irs, to the current policy of refrain from wiping the data from any hard drive. It is not surprising that this has resulted in some confusion. Storage of tens of thousands of laptops and hard drives at dozens of locations across the country is not a sustainable Record Keeping solution. In the interim policy for irs executives to archive their emails was not implemented effectively. Although many challenges remain, progress was made in several areas during our audit. For example, irs has developed a new policy prohibiting the use of instant messaging for official business and requiring any instant messages that are a federal record to be retained. Improve policies for preserving records for separated employees. In addition, the irss most recent attempt to implement a new email system is planned to be completed by the end of this fiscal year. We also found the irs closed over 70 of freedom of information act requests within 20 Business Days as required. Moving on to my second point. As you mentioned, we made five recommendations to the irs to enhance its electronic Records Management. These recommendations include, implementation of enterprise email solution that enables the irs to effectively organize and retain emails. Develop an accurate list of executives and ensure that their emails are archived. Enhance processes related to retention of records for separated employees. And ensure that foia policy is followed by all employees responding to requests. As Ranking Member lewis mentioned, the irs agreed with all five of our recommendations, and is taking action. Well continue to monitor the progress of the irs in enhancing its electronic Records Management. P in conclusion, given that the irs expects taxpayers to retain records for years in support of their tax returns, irss ability to do the same is essential to maintaining public trust. Mr. Chairman, and Ranking Member lewis, that ends my statement and i look forward to all of your questions. Thank you, mr. Tribiano. Youre recognized. Good morning, chairman buchanan, Ranking Member lewis and members of the subcommittee. My name is jeff tribiano, and i appreciate this opportunity to testify today. In my position at the irs, i oversee internal operations. Which includes Information Technology, Human Capital, finance, privacy, procurement, planning, facilities, security, enterprise risk and the office of Equity Diversity and inclusion. Joining me today from the irs at the witness table is mr. Edward killen, the irs chief privacy officer. Over the years, the irs has worked closely with the National Archives and Records Administration to improve our processes and protocols in regard to retention of federal records to make sure they are appropriate and work properly. Recently we have made several significant investments in an important progress on a number of fronts to improve our Records Management practices for email, and to update our existing management policies, procedures and practices. Our work still continues in this area. In particular, we are well on our way to completing the implementation of an enterprisewide solution of preservation of electronic records for the agency. This will bring us into compliance with the office of management and budget director requiring all federal agencies to have email in an electronically accessible format. More broadly were also taking a number of other actions to improve Records Management. These include the following. We have updated policy and procedure guidance on electronic messages, usage and preservation. This includes guidance on the preservations of instant messages. We have enhanced our clearance procedures for employees who leave the irs, so we can identify and preserve federal records on separating employees before the employee departs. We are in the process of upgrading our ediscovery capability to a more than cloudbased set of tools. This will allow more quickly and efficiently for us to meet our discovery obligations in relation to litigation or governmental investigations. In the area of training, we recently released the first annual records mandy tore briefing for all managers. Regarding the freedom of information act, were upgrading the software used for the daytoday management of foia. Although the irs already responds to more than 75 of foia requests within 20 days, this new system will facilitate an automation and improve our effectiveness and efficiency in this area. Taken together, we believe these efforts to improve electronic Records Management are an important step forward. They are not ong bringing the irs into compliance with the nara standards, but will also greatly enhance our ability to timely respond to congress, the courts, and foia requests. We also appreciate the treasury Inspector General for Tax Administrations recent review in our records retention policies and procedures. We agree with all five recommendations in the report and we believe they are helpful in our efforts to improve in this area. We have already made significant progress towards completing action on the recommendations, and have implemented two of them, and we are on track to complete all of them by the end of this year. That concludes my Opening Statement and im happy to answer any questions. Thank you. And thank you for your excellent testimony. Well now proceed to the questionandanswer session. I would like to hold my questions until the end. I now recognize the gentleman from arizona, mr. Schweikert. Thank you, mr. Chairman. I have a handful of things here. I first want to get my head around a couple of things i was seeing in the notes here. Was there an attempt at an enterprise solution that, shall we say failed . Yes, sir. Why did it fail . Back in 2015, we identified and procured a hybrid cloudbased solution to implement the nara requirements. There is a procurement protest on the procurement that we issued. Gao upheld the procurement, so all work on the program had to stop. We had to go to our plan b, which was an onpremise based solution for the implementation, and that caused the delay in the project. Okay. So you were doing an enterprise cloudbased automated capture backup system . We were or thats what that was one, and a procurement protest that stopped you from adoption . Yes, sir. Gao upheld the protest. So you didnt rebid it . We went out to a different solution and rebid the second solution. The second solution was inhouse onpremise solution. Now youre doing an onpremise solution. Onpremise solution . It will be fully automated that will sweep the im seeing a number in here, what was it, 33,000 hard drives if i were to count everything that is floating out around there, will automatically back up and capture . All of our electronic emails will be backed up and captured, yes, sir. Direct messaging systems . The instant messaging system. But theres a piece of that. Instant messaging according to our policy, mr. Killen can explain this in more detail, but its not supposed to be used to for a formalized record. If it is, then that has to be copied into the system and stored. But if it is used, someone has to make that decision to save it . Yes, congressman, that is correct. So you and i are working on something, and we decide were going to use the direct messaging system, is that how you referred to your system instead of instant . Instant messaging. I have to actually, as the employee, make a decision, saying, oh, i need to hit the button for this one to be retained . That is correct. We refer to that as an Office Communicator system. And the employee would have to if a record is created, and weve been very clear in the irs about disseminating this guidance, but if a record is created, the employee does have the affirmative obligation to save that record. Wouldnt it be better to do a constant capture model . I think part of the context around sort of the instant messaging is that we found that its a tool that is effective for collaborative dialogue, as our employees are working various issues. So i think part of the challenge is that most of the information associated with those instant messages would really essentially be transitory. They would not be authoritative records. So youre basically asking an employee to say, this is appropriate for retention, this isnt . I see a human factor that creates a level of fragility. I know we all have certain concerns of privacy, and those things, but its still a government document, even if its transitory. Im just surprised you havent designed an automatic capture, you know, in todays price of storage, just capture everything. And just, you know, build search tools that are more robust, that may be easier in your life. This is your area of expertise. Ive been asked just because and i only know a tiny bit of it. So youre going to have to educate me here. Talk to me about the Security Summit with some of our, shall we say folks in the private sector and what were learning from their technology and what we can learn to adopt. I appreciate that question. The Security Summit has been a Great Success story within irs. As you know, one of our challenges has been addressing Identity Theft. And working to protect taxpayers from that crime. And so a couple of years ago the irs commissioner decided that this would really be an opportunity for a Public PrivateSector Partnership to Work Together with our with the state department of revenue, and also with the private sector tax return community, in order to defend ourselves holistically against this threat. We really refer to it as the tax ecosyst ecosystem. One of the things that weve found, certainly, is where there are weaknesses in any of those links on the chain, it actually impacts others. We decided it would be great if we could all Work Together to try to share lead information, Threat Detection sort of information, in an effort to protect taxpayers. And so over the past couple of years, this has been tremendously successful. We have to remain vigilant. But i am announcing later on in the day the past two years weve seen a reduction in our Identity Theft inventory of over 60 . Thats in large part attributable to those efforts along with others as well. Mr. Chairman, in the second round, thank you for your patience. I now recognize the Ranking Member from georgia, mr. Lewis. Thank you, mr. Chairman. Mr. Deputy commissioner, has the irs received additional funding to implement the fia recommendation . Do you get more money . No, sir. The last increase that we had in this area, to be able to implement, and were really appreciative for, is 90 million that congress appropriated specifically for Identity Theft, cybersecurity, and Customer Service at our call centers. How have the irs budget reductions impacted your operation . What more could you have done, or accomplished with more money . Appreciate that question. The our infrastructure in the irs is very unique