In what many accountants fear could lead to a “fishing” expedition by the Internal Revenue Service as they seek out creative ways to generate money for the federal government, small business owners, under a tax audit, are being told to turn over exact copies of their electronic business records located in their internal software programs. While the objective for the IRS is to collect more taxes from small businesses, CPA trade associations posit that by forcing small businesses to turn over data related to client lists, personnel, confidential trade secrets, and other bits of irrelevant information, the IRS agents are exceeding the limits beyond their investigative purpose.
Unlike large corporations who have elaborate accounting systems that can give the IRS exactly what they seek, small businesses rely on more basic rudimentary software programming (i.e. QuickBooks, Peachtree, etc.) that is unlikely to have the necessary filter controls in place. Lack of technical controls aside, small businesses are also unlikely to have a comprehensive data governance program in place, and when those two factors are meshed together, the fears expressed by CPA trade associations become increasingly more valid. However, are those factors a sufficient enough position to say that small businesses should be treated differently than larger corporations when it comes to business records requests under an IRS audit?
Aside from business continuity and hacking issues, the request for information from a regulatory body also puts a company at risk if the party unintentionally turns over information that is otherwise not requested. Derivatively, this action could jeopardize privileged information that would otherwise be classified under the attorney-client doctrine. A data governance program should provide the business with a way of not only managing the data, but also how to dictate the transfer of data, both internally and externally. Thus, there are many moving parts involved to a comprehensive data governance program which need to be considered.