The Internal Revenue Service does not notify taxpayers it identifies as victims of employment-related identity theft and has not established an effective process to send the required notice to the Social Security Administration to alert it of earnings not associated with these victims, the Treasury Inspector General for Tax Administration found.

Taxpayers may first realize they are victims of employment-related identity theft, which occurs when someone uses the identity of another person to gain employment, when they receive a notice from the IRS that there was a discrepancy in the income reported on their tax return.

Publicly released Tuesday, TIGTA’s audit report evaluates the IRS’s Automated Underreporter (AUR) program, which identifies discrepancies when it matches taxpayer income reported on third-party information returns to amounts that taxpayers pay on their individual income tax returns.

In July 2011, TIGTA reported that the IRS was in a unique position to identify cases of employment-related identity theft and recommended that the IRS implement procedures to timely alert taxpayers when it becomes aware their identity was stolen. In the report, TIGTA found taxpayers were still not notified.

From February 2011 to December 2015, the IRS identified almost 1.1 million taxpayers as victims of employment-related identity theft, and in April 2014, the IRS started a pilot initiative to begin notifying taxpayers they may be victims.

In its review of the pilot notification initiative, TIGTA found the IRS did not sufficiently design the pilot to include a representative sample of employment-related identity theft victims. TIGTA also found the IRS has not established an effective process to ensure that it sends the required notice to alert the SSA of earnings not associated with a victim of employment-related identity theft.

TIGTA’s review of a statistically valid sample of 71 cases from the population of 1,878 tax year 2013 AUR cases closed as identity theft (cases that involved a discrepancy related to wages reported on the tax return) identified that the SSA has no record of receiving an IRS notice for 15 (21 percent) of the 71 cases.

“Employment-related identity theft can cause significant burden to taxpayers, including the incorrect computation of taxes based on income they did not earn,” said J. Russell George, the Treasury Inspector General for Tax Administration, in a statement.

Of the four recommendations TIGTA made in the report, the IRS agreed with three, partially with the fourth, and plans to take corrective action on them. In response to the report, the IRS stated it has scheduled programming changes to be implemented in January 2017 to notify taxpayers when the IRS has reason to believe they may be victims of identity theft.