The Modernization and Information Technology Services Organization Is Effectively Planning for the Implementation of the Affordable Care Act
September 19, 2011
Reference
Number: 2011-20-105
This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.
Phone
Number | 202-622-6500
Email Address | TIGTACommunications@tigta.treas.gov
Web Site |
http://www.tigta.gov
HIGHLIGHTS
THE MODERNIZATION AND INFORMATION
TECHNOLOGY SERVICES ORGANIZATION IS EFFECTIVELY PLANNING FOR THE IMPLEMENTATION
OF THE AFFORDABLE CARE ACT
Highlights
Final
Report issued on September 19, 2011
Highlights of Reference Number:
2011-20-105 to the Internal Revenue Service Chief Technology Officer.
IMPACT ON TAXPAYERS
On March 23, 2010, the Patient Protection and
Affordable Care Act was signed into law and later amended on March 30, 2010, by
the Health Care and Education Reconciliation Act (hereafter referred to
together as the Affordable Care Act).
The Internal Revenue Service’s Modernization and Information Technology
Services organization is effectively planning the information technology work
needed to implement the Affordable Care Act.
The information technology work needed to implement the Affordable Care
Act provisions will assist in providing
taxpayers with the subsidies and tax credits needed to cover the cost of their
health care coverage as well as provide the capability to administer multiple
tax provisions designed to raise revenue to offset the cost of health care
reform.
WHY TIGTA DID THE AUDIT
This
audit was initiated to evaluate the Modernization and Information Technology
Services organization’s planning efforts to implement the Affordable Care Act.
WHAT TIGTA FOUND
The Modernization and Information Technology Services
organization planned an effective approach to address the information
technology work needed to implement the Affordable Care Act provisions.
For example, it determined the Affordable Care Act’s impact on its
organization, created a new organization called the Associate Chief Information
Officer Affordable Care Act – Program Management Office, and obtained staffing
and funding. A Program Governance Board
Charter was approved and a governance plan was prepared. However, the governance plan did not include
escalation procedures for unresolved issues or critical decisions.
WHAT TIGTA RECOMMENDED
TIGTA
recommended that the Chief Technology Officer ensure that the Modernization and
Information Technology Services organization’s Affordable Care Act – Program Management Office governance plan is updated to
include escalation procedures to timely address unresolved issues and critical
decisions.
In their
response to the report, IRS management agreed with the recommendation. The IRS plans to include the escalation
procedures in the Affordable Care Act – Program Management Office governance
plan.
September 19, 2011
MEMORANDUM FOR CHIEF TECHNOLOGY OFFICER
FROM: Michael R. Phillips /s/ Michael R. Phillips
Deputy Inspector General for Audit
SUBJECT: Final Audit Report – The Modernization and Information Technology Services Organization Is Effectively Planning for the Implementation of the Affordable Care Act (Audit # 201120020)
This report presents the results of our review to evaluate
the Modernization and Information
Technology Services organization’s planning efforts to implement the Patient
Protection and Affordable Care Act[1]
and the Health
Care and Education Reconciliation Act.[2] This audit is included in our Fiscal Year
2011 Annual Audit Plan and addresses the major management challenge of Implementing
Health Care and Other Tax Law Changes.
Management’s complete response to the draft report is included as Appendix IV.
Copies of
this report are also being sent to the IRS managers affected by the report
recommendation. Please contact me at (202)
622-6510 if you have questions or Alan Duncan, Assistant Inspector General for
Audit (Security and Information Technology Services), at (202) 622-5894.
Appendices
Appendix
I – Detailed Objective, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix
III – Report Distribution List
Appendix
IV – Management’s Response to the Draft Report
Abbreviations
|
ACA |
Affordable Care Act |
|
HIRIF |
Health Insurance Reform Implementation
Fund |
|
IRS |
Internal Revenue Service |
|
IT |
Information Technology |
|
MITS |
Modernization and Information
Technology Services |
|
TIGTA |
Treasury Inspector General for Tax
Administration |
On March 23, 2010, the Patient Protection and Affordable Care Act[3]
was signed into law and later amended on March 30, 2010, by the Health Care and
Education Reconciliation Act[4]
(hereafter referred to together as the ACA).
At least 42 provisions add to or amend the
Internal Revenue Code, and at least 8 require the Internal Revenue Service
(IRS) to build new processes that do not exist in current tax
administration. These provisions provide
incentives and tax breaks to individuals and small businesses to offset health
care expenses. They also impose
penalties, administered through the tax code, for individuals and businesses
that do not obtain health coverage for themselves or their employees. Other provisions raise revenue to help pay
for the overall cost of health insurance reform.
The IRS is responsible for administering the various tax provisions
included in the ACA, the largest set of tax law changes in 20 years.
The Department of Health and Human Services has the
lead role in all health insurance and health care policy provisions of the
ACA. Several other agencies are involved
in the implementation of the legislation:
the Department of Defense, the Department of Veterans Affairs, the
Social Security Administration, and the Department of the Treasury/IRS. The IRS is responsible for administering the
various tax provisions included in the new law—the largest set of tax law changes in 20
years. The ACA contains $438 billion
worth of revenue provisions in the form of new taxes and fees. It also contains credits that provide incentives
for medical research and for businesses to offer employees health care
insurance. In addition, new reporting
requirements have been established for certain business transactions. The ACA is in effect from March 2010 through
January 2018.
The Modernization and Information Technology
Services’ (MITS) Applications Development organization builds, tests, delivers,
and maintains integrated software solutions to achieve the vision and
objectives of the IRS. However, the IRS
realized the vastness of the work required by the ACA and, in June 2010,
created a new organization called the
Associate Chief Information Officer Affordable Care Act – Program Management Office (hereafter called the
Program Management Office) to mitigate any impact to its ongoing
development efforts and to ensure successful delivery of the required new
systems. The Program Management Office has
responsibility for developing the system solutions to support and execute the
IRS’s portion of the ACA. The Program
Management Office will be accountable for achieving the defined goals and for
managing and integrating the required components, including building new
services and applications, enhancing and extending existing applications, and
ensuring that the appropriate governance and control processes are followed
throughout implementation. The
information technology (IT) work needed to implement the ACA provisions will assist in
providing taxpayers with the insurance premium subsidies and tax credits needed
to cover the cost of their health care coverage as well as providing the
capability to administer multiple tax provisions designed to raise revenue to
offset the cost of health care reform.
This
review is one in a series of audits included in the Treasury Inspector General for Tax Administration’s
(TIGTA) oversight of the ACA implementation.
ACA audits currently in progress include:
This review was performed at the Program Management Office in Memphis, Tennessee, during the period October 2010 through July 2011. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
The Modernization and Information Technology Services Organization Planned an Effective Approach to Address the Information Technology Work Needed to Implement the Affordable Care Act Provisions
The Internal Revenue Manual establishes policy, procedures, and
responsibility for organizing the mission, functions, and structure of the
IRS. The following definitions,
principles, and procedures apply to all IRS organizational elements and
activities. In addition, IRS
organizational structures shall be established according to existing
organization and staffing guidelines.
Regardless of scope, all reorganizations begin with defining the need,
planning changes to meet the need, and preparing the proposal to fully inform
the approving official. Requirements of
a proposal include addressing the following items.
Although a proposal as described in the Internal Revenue Manual was not
prepared, the MITS organization addressed the items listed above and received
IRS Executive Resources Board[5] approval in
August 2010 to fill four key executive positions within the Program Management
Office. The Program Management Office
Charter states that the organization was created in order to ensure a dedicated focus on
fulfilling ACA requirements. The Program
Management Office had several concurrent tasks to complete as part of planning
and implementing the ACA. These tasks
included establishing the general framework for how the Program Management
Office will operate; determining preliminary staffing and budget requirements;
partnering with business owners, external stakeholders, and service delivery
organizations; developing a timeline for anticipated project delivery; defining
the governance board and its members; and identifying how projects will be
delivered.
The Program Management Office contracted with several vendors to provide consulting and advisory services to assist with the office’s overall design and implementation, as well as its resource planning. For example, one vendor assisted with refining the resource model to identify skill and knowledge requirements and the Federal employee/contractor mix, and with assessing the effectiveness of risk mitigation plans developed for each project. Another vendor was tasked with creating and maintaining an integrated, networked, and multilayered Integrated Master Schedule containing all of the detailed work and planning packages (and lower level tasks or activities) necessary to support the events, accomplishments, and criteria of the Program Management Office.
Both the Program Management Office and the ACA business executive stated that the ACA legislation should not have a significant impact on other MITS organization work because the MITS organization received separate funding from the Department of Health and Human Services to hire staff and contractors for the ACA work. Although the methodology for evaluating the impact was not documented, the results were captured in several documents. The impact analysis of the ACA provisions on the legacy IT systems was shared with applicable stakeholders. We reviewed impact, staffing, and funding information. The results of our review are below.
The MITS organization
determined the ACA’s impact on its organization
MITS
organization management stated that they took a multifaceted approach to
assessing the impact of the ACA legislation.
First, to understand the legislation itself, they worked closely and
very early on with the business teams (e.g., the IRS ACA business executive and
representative from the Office of Chief Counsel) as they reviewed and analyzed
the legislation from a business perspective.
Some ACA provisions were effective upon enactment [e.g., the credit
for employee health insurance expenses of small businesses
(Provision 1421) and the Qualifying Therapeutic Discovery Project Credit (Provision
9023) were effective March 23,
2010]. Other provisions become effective
starting each year from 2010 to 2015, with the final provision for the excise
tax on high-cost, employer-sponsored health coverage becoming effective on
January 1, 2018. While completing this
legislative review, IRS management realized several challenges the ACA would
present to the organization. For example:
·
Implementation of the provisions requires delivery
of a large number of interdependent projects in a short span of time.
·
Collaboration will become critical as a significant
number of stakeholders, both internal and external to the IRS, are affected by
the legislation.
·
Requirements to exchange information means the
Program Management Office will need to develop methods for cross-agency systems
integration and data sharing.
MITS organization management further explained that they used
information about the legislative requirements and compared it with information
about the existing architecture to determine the level of impact and timing of
that impact on its legacy IT environment.
Management stated they provided the results of this analysis to business
and internal IT stakeholders.
Substantial changes to the IT systems would be required to receive new
types of data and accurately calculate the advanced premium assistance credit
for individuals and the new penalty provisions affecting individuals and
employers, as well as detecting fraudulent claims. For example:
·
The Subsidy Payment and Reconciliation project[6] will have a minor to significant impact across the different tax
return and compliance processing functions in January 2014.
Another challenge area identified
by the Program Management Office included the need to staff projects with the required
knowledge and skills. With the assistance of a vendor, it began by
defining the work needed to meet the IT
responsibilities of the provisions. It then reviewed
similar projects (in terms of complexity and
type) and the vendor used its knowledge of private sector projects as input to
determine the number and types of employees needed and the skills they
should possess. Computer engineers, computer
scientists, and IT specialists with skills in specific programming languages
and development processes are examples of the types of employees that were identified
as being needed. Program Management
Office management stated that the initial staffing
model was refined as they learned more about the business needs. We determined that
the process used to identify the staffing needs was adequate. To address future needs, the Program
Management Office participated in a MITS-wide effort to identify resource
requirements across essential projects, including the ACA, and potential areas
of resource contention. On April 20,
2011, MITS organization management stated that the results of this effort were
still being developed, and by May 16, 2011, we had not received the results.
The Program Management Office obtains staffing and funding
As part of its resource planning, the Program
Management Office entered into staffing negotiations with the Department of the
Treasury and the Office of Personnel Management. In July 2010, the Office of Personnel
Management approved the IRS’s use of direct hire authority to support the ACA
implementation. This authority provided
for the hiring of up to 355 positions by December 31, 2010.[7] The majority of these positions
would support the Program Management Office; however, some positions would also
be provided to the other MITS organization delivery partners. The first wave of direct hires entered on
duty in September 2010.
As of
April 2011, 368 employees were assigned to ACA-related work within the MITS
organization: 255 in the Program
Management Office and 113 in the MITS organization delivery partner
organizations. The Program Management
Office stated that the current staffing is adequate for the current
workload. The Program Management Office
plans to hire additional people as more projects are initiated and will
reevaluate its staffing needs as it works with the IRS operating divisions to
refine the business requirements.
The ACA legislation established a $1 billion fund, called the Health Insurance Reform Implementation Fund (HIRIF), to pay for Federal administrative expenses to carry out the ACA. The HIRIF is administered by the Department of Health and Human Services, which makes disbursements to requesting agencies based on supporting documentation submitted to justify expenditures. The MITS organization prepared a budget for each of the years the ACA has been in effect. As shown in Figure 1, funding for Fiscal Years 2010 – 2011 is from the HIRIF and the IRS Operations Support Fund. In Fiscal Year 2012, the IRS plans to fund ACA work through the normal budget process.
Figure 1: MITS ACA Budget and Funding
|
Fiscal Year |
Budget |
HIRIF Allocation |
Actual HIRIF Funds Spent |
Actual IRS Operations
Support Funds Spent |
Total Spent |
|
2010 |
$15,000,000 |
$14,555,389 |
$13,396,098 |
$4,573,991 |
$17,970,089 |
|
2011 |
$144,763,709 |
$37,307,985* |
$28,886,385* |
$393,980* |
$29,280,365* |
|
2012 |
$188,800,000** |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Source:
IRS Chief Financial Officer and the TIGTA’s Office of Mission Support,
Finance and Accountability.
* = As of April 30, 2011. ** = Pending congressional
approval.
To help ensure appropriate use of the HIRIF, the
MITS organization issued a memorandum outlining how to apply time charges for
personnel costs. Further, the Chief
Financial Officer organization established accounting and timekeeping codes to
track the use of the funds and the time spent on ACA work, respectively.
The Program Management
Office established its mission and functions
With its efforts to hire staff underway, the
Program Management Office needed to establish a framework for how it would
ensure success and mitigate risk. The
MITS ACA Charter states that its mission is to develop the IT systems to support and execute the IRS’s portion of the
ACA. This includes ensuring that the
appropriate governance and control processes are followed throughout
implementation. Part of that process
included identifying the organizational structure of the Program Management Office. Figure 2 depicts the functional view of the
Program Management Office. Although the
Chief Architect and Chief Engineer functionally support the Program Management
Office, organizationally they reside in the Enterprise Services organization.
Figure 2: Program Management Office Functions
Figure 2 was
removed due to its size. To see Figure 2,
please go to the Adobe PDF version of the report on the TIGTA Public Web Page.
The
Program Management Office established the following functions to implement the
ACA.
·
The Program Strategy and Integration function will
maintain and provide innovative and professional-level strategic planning,
analysis, assessment, and monitoring to assist in the development,
implementation, and management of systems and applications.
·
The Management Services function is responsible for
contract management and administrative services (e.g., human resources and
financial) for the organization.
·
The Implementation and Testing function will collaborate with the business and IT partners to validate the design,
development, integration, and implementation of applications.
·
The Core Health Systems function will design,
develop, implement, and support all applications necessary to collect, store,
manage, and share ACA data.
·
A dedicated ACA Architect and Engineer will ensure
that the technical solutions adhere to the overarching business and technology
architecture and engineering principles, standards, and practices.
·
The Legislative Implementation function works with
the IRS operating divisions to ensure that work requests submitted to implement
ACA provisions have sufficient information and to monitor the work requests to
completion.
The Clinger-Cohen Act of 1996[8] requires agencies to use a
disciplined capital planning and investment control process to maximize the
value of IT investments and manage the acquisition risk. The Enterprise Governance Authority and
Operations Directive, dated November 25, 2008, establishes mandates for
governance within the IRS and states that a governance process shall be integrated with the IRS capital planning and investment control process. Governance boards
make various decisions such as determining whether projects will proceed to the
next development phase, be suspended, or be terminated and approving cost,
schedule, and scope changes within their chartered authority. The IRS Capital Planning and Investment
Control Guide dated January 2010 states that IRS senior managers should
regularly monitor and track the progress/performance of ongoing IT investments
against projected cost, schedule, performance measures, and delivered
quantitative and qualitative benefits throughout the development or acquisition
lifecycle.
A Program Management Office
Charter and a Program Governance Board Charter were approved January 2011 and
March 2011, respectively. The Program
Management Office referred to the governance plans of prior major IT
modernization efforts to help shape the governing roles and
responsibilities. The Program Management
Office Charter presents the proposed startup governance model and the roles and
responsibilities of each governance entity.
The Program Governance Board Charter outlines the objective of the
Program Governance Board as
follows: “to ensure project and program
objectives are met, risks are managed appropriately, and the expenditure of
enterprise resources is fiscally sound.”
Figure 3 provides an illustration of the governance entities and defines
the members involved. Although Figure 3
indicates the information is proposed/preliminary,
Program Management Office management confirmed that this was the final version
of the governance entities, and it is the version from which they are
operating.
Figure 3: ACA
Governance Entities
Figure 3 was removed due to its size. To see Figure 3, please go to the Adobe PDF
version of the report on the TIGTA Public Web Page.
According to the Program
Management Office Charter, a governance
plan establishes the governance framework, defines the decision rights across
various entities, and describes an escalation path for unresolved issues or
critical decisions. The Program
Management Office provided a finalized governance plan titled MITS Support for
Implementing Healthcare Reform: Program
Governance, dated September 28, 2010.
Although the plan did not include the escalation path for unresolved
issues or critical decisions, it did include a chart illustrating the decision
rights of the various governance entities. See Figure 4 for examples of some of the
decision rights for the ACA governance entities.
Figure 4:
Decision Rights for the ACA Governance Entities
Figure 4 was removed due to its size. To see Figure 4, please go to the Adobe PDF
version of the report on the TIGTA Public Web Page.
Based on our review of the Program Governance
Board meeting minutes, we determined that the Program
Governance Board is meeting as intended.
For example, topics of discussion include project changes, upcoming
milestone exits, and outstanding work requests.
Examples of decisions include approvals to launch a database repository
and the household income and family size verification project. Examples of action items include working with
the Enterprise Operations organization to resolve the ACA environment issue and
working with the Applications Development organization to minimize the impact on
filing season projects. The final
governance plan provided to us indicated a need to complete the establishment
of the governance process. It identified
documentation of “rules for the road” for how governance will operate to foster
efficiency and decision making (i.e., decisions on escalations must occur
within a certain time period) as a next step in the process. Based on the level
of executive oversight and involvement overseeing the implementation of the ACA,
the undocumented escalation procedures currently do not present a high risk to
the Program Management Office. However,
documenting the escalation procedures will ensure that all involved in the
governance process have access to the procedures. This is especially important when there is
turnover in governance board members. Program
Management Office management agreed that the escalation procedures were not
documented, but should be, and stated that the omission was due to an oversight.
The
Program Management Office also established guidelines to determine who would
primarily be responsible for completing the various types of ACA work. See Figure 5 for the description and examples
of the four ACA project types.
Figure 5: Description and
Examples of ACA Project Types
|
Project Type |
Description of Project Type |
Example |
|
Type 1 – “Brand new business service” |
The Program Management Office is responsible for
completing Type 1 projects. These
projects are new builds that represent “uncharted territory.” Dedicated
teams with specialized skills will be deployed to deliver the solution.
This work may be outsourced to contractors. |
Build a large data repository
to consolidate healthcare data from numerous sources. |
|
Type 2 – “New version of existing service” |
The Program Management Office is responsible for
completing Type 2 projects. These
projects are new builds that can leverage existing IT capabilities. Dedicated teams will be deployed to drive
development. The Program Management Office will be responsible for new
capability building, but will also leverage established processes. |
Levy new fees on insurance companies. |
|
Type 3 – “Enhancements to existing services” |
The Program Management Office is responsible for
completing Type 3 projects. These
represent extensions of existing services that can leverage existing processes
and capabilities. The Program Management Office will oversee project
execution and deploy a “light touch” team to drive project execution. Team members will include
those from the MITS organization delivery partners. |
Add information on health plan costs to the Wage and
Tax Statement |
|
Type 4 – “Tax law changes or
enhancements to existing systems” |
The MITS organization delivery partners are
accountable and responsible for completing and delivering Type 4
projects. The Program Management
Office role will be oversight. |
Change tax rate for high-income taxpayers. |
Source: IRS Program Management Office Charter
(Information Technology), Version 1.0, dated January 3, 2011, and MITS ACA training, Session 3
revised January 2011.
The
Program Management Office is identifying and scheduling required IT work
Although the process used to identify and schedule the IT
work for the ACA was not documented, the results from the process were
documented. Program Management Office
management explained that MITS organization senior executives met with
representatives from the IRS operating divisions and the Office of Chief
Counsel to assess the ACA legislation
and identify the critical business needs and key dates. Based on that information, the Program
Management Office organization prepared a preliminary, high-level schedule
listing 7 categories and 17 related projects.
Program Management Office management stated that 14 of these projects
will require building new systems or building a new system and leveraging
existing systems to implement the ACA provisions. The remaining three projects may require new
systems but this will not be confirmed until the business requirements are
finalized. Figure 6 shows the seven
categories and the related projects.
Figure 6: ACA
Categories and Projects
Figure 6 was
removed due to its size. To see Figure 6,
please go to the Adobe PDF version of the report on the TIGTA Public Web Page.
Another
challenge identified by the Program Management Office during the early
deliberations included that system requirements would evolve and might be
discovered during development. To
address and mitigate the impact of this challenge, the Program Management Office implemented processes to ensure that the
projects meet business needs and are timely completed. For example, some of the projects will use a
development approach that involves business unit representatives in many of the
development and decision-making phases.
The Program Management Office Charter states that
the Program Management Office will
develop a communications strategy to ensure members and stakeholders are able
to exchange the right information in a timely manner. Although the communications strategy has yet
to be formalized, we found that the Program Management Office maintains
documentation showing that they are collaborating with their internal and
external stakeholders. For example, the
Program Management Office staff conducts
periodic joint meetings with internal stakeholders, such as the following IRS operating
divisions: the Large Business and
International Division, Small Business/Self-Employed Division, and Tax Exempt
and Government Entities Division. The operating
divisions attend joint meetings as needed based on their areas of
responsibilities. Topics of discussions
include requests for approval to use a particular development process and
approval to begin projects and action items such as working to minimize the impact
on filing season projects.
The
Program Management Office staff identified its external stakeholders; among them
are the Department of Health and Human Services and the Social Security
Administration. Program Management Office staff has been
meeting with Department of Health and Human Services staff to discuss the ACA
provision to establish the Insurance Exchanges.
On January 12, 2011, the parties completed a Concept of Operations for
Insurance Exchanges that will be used as a baseline for further planning and
development of this project.
Recommendation
Recommendation 1: The Chief Technology Officer should ensure that the Program Management Office governance plan is updated to include the escalation procedures to timely address unresolved issues and critical decisions.
Management’s Response: IRS management agreed with the recommendation. The Chief Technology Officer will ensure that the ACA Program Management Office governance plan is updated to fully describe the escalation procedures to timely address any unresolved issues and critical decisions.
Appendix I
Detailed Objective, Scope, and Methodology
Our overall objective was to evaluate the MITS organization’s planning efforts to implement the Patient Protection and Affordable Care Act[9] and the Health Care and Education Reconciliation Act[10] (hereafter referred to together as the ACA). To accomplish our objective, we:
I.
Determined how MITS organization management evaluated and assessed
the impact of the ACA legislation on MITS organization operations and support
for other MITS organization priorities.
A.
Interviewed
MITS organization management to determine the
process used to assess the impact of the ACA legislation.
B.
Reviewed
documentation of the assessment methodology and
results, including any reports from contractor assistance.
II.
Evaluated the effectiveness of the MITS organization’s approach
and/or plan to implement the IT changes needed to support the ACA provisions.
A.
Interviewed MITS organization management and reviewed
documentation to determine how the MITS organization planned to timely
implement ACA-related IT changes, including developing IT systems and processes
and obtaining the staff and funds needed to support the implementation of the
ACA provisions.
B.
Determined
how the Program Management Office plans to coordinate with internal
stakeholders, for example, IRS business units and other MITS organization areas,
to ensure ACA IT changes and new system developments or processes will timely
and effectively support implementation of the ACA provisions without negatively
affecting existing IT systems and processes.
C.
Determined
how and when the Program Management Office plans to coordinate with external
stakeholders (the States and Federal agencies such as the Department of
Health and Human Services, the Social
Security Administration, the Department of Veterans Affairs, and the Department
of Defense) to ensure the Program Management Office provides the IT
capabilities needed by these external stakeholders to implement the ACA
provisions. We reviewed supporting
documentation.
III.
Determined the effectiveness of the governance structure/process
over MITS organization ACA activities.
A.
Interviewed Program Management Office personnel to determine the
governance process overseeing ACA activities performed by the MITS
organization.
B.
Reviewed documentation describing the finalized/approved
governance structures and decision-making process (i.e., project
identification, prioritization, approval, and monitoring) identified in Step III.A.
C.
Reviewed the meeting minutes/notes of the governance bodies (i.e.,
executive steering committees and investment review boards) overseeing the implementation
of the ACA provisions.
IV. Determined whether the structure of the Program Management
Office supports the goals and mission of the IRS and the ACA.
A.
Obtained the Program Management Office Reorganization Proposal and
Charter to identify the mission of the Program
Management Office and determine whether it supports the IRS’s mission to
implement the ACA tax provisions.
B.
Interviewed various
Program Management Office personnel to discuss the staffing needed to implement
the ACA provisions.
Internal controls methodology
Internal controls relate to management’s
plans, methods, and procedures used to meet their mission, goals, and
objectives. Internal controls include
the processes and procedures for planning, organizing, directing, and
controlling program operations. They
include the systems for measuring, reporting, and monitoring program
performance. We determined the following
internal controls were relevant to our audit objective: IRS policies and procedures for establishing
an organization. We evaluated these controls by interviewing management and
by reviewing policies and procedures such as the Internal Revenue Manual, the
IRS Capital Planning and Investment Control Guide, Federal guidance such as the
Clinger-Cohen Act of 1996,[11] and relevant supporting documentation.
Appendix II
Major Contributors to This Report
Alan Duncan, Assistant Inspector General for Audit (Security and
Information Technology Services)
Danny Verneuille, Director
Diana Tengesdal, Audit Manager
Tina Wong, Lead Auditor
Joan Bonomi, Senior Auditor
Sarah White, Program Analyst
Appendix III
Commissioner C
Office of
the Commissioner – Attn: Chief of Staff C
Deputy Commissioner for Operations Support OS
Deputy Chief Information Officer, Operations OS:CTO
Associate Chief Information Officer, Affordable Care Act –
Program Management Office
OS:CTO:ACA
Chief Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Director, Office of Program Evaluation and Risk Analysis RAS:O
Office of Internal Control OS:CFO:CPIC:IC
Audit Liaison:
Director, Risk Management Division OS:CTO:SP:RM
Appendix IV
Management’s Response to the Draft Report
DEPARTMENT OF THE TREASURY
INTERNAL REVENUE SERVICE
WASHINGTON, D.C. 20224
CHIEF
TECHNOLOGY OFFICER
AUG 25, 2011
MEMORANDUM
FOR DEPUTY INSPECTOR GENERAL FOR AUDIT
FROM: Terence V. Milholland /s/
Terence V. Milholland
Chief Technology Officer
SUBJECT: Draft Audit Report - The
Modernization and Information Technology Services Organization is Effectively
Planning for the Implementation of the Affordable Care Act - Audit # 201120020
(e-trak #2011-24152)
Thank you for
the opportunity to review and respond to the subject draft audit report.
I am pleased
that the report accurately reflects and acknowledges our efforts to assess the
impact of the Affordable Care Act (ACA) legislation on IRS IT operations and to
plan an effective approach to deliver the IT capabilities needed to implement
those provisions. The IT organization put a Program Management Office (ACA PMO)
in place and identified the appropriate complement of skilled resources to
begin staffing that organization. The ACA PMO, as noted, also effectively
identified and scheduled the required IT activities.
The report
accurately documents that a governance plan was developed that established
roles and responsibilities of each governance entity and that we are following
the plan. I acknowledge your finding that the plan did
not fully describe the escalation path for unresolved issues or critical
decisions. Accordingly, I agree with the recommendation noted in the report and
will implement an appropriate corrective action.
We value your
continued support and the assistance and guidance your team provides. We look
forward to working with you on other ACA-related audits. If you have any questions,
please contact me at (202) 622-6800 or Andrea Greene-Horace, Senior Manager of
Program Oversight, at (202) 283-3427.
Attachment
Attachment
RECOMMENDATION
#1: The Chief Technology Officer should ensure
that the Program Management Office governance plan is updated to include the
escalation procedures to timely address unresolved issues and critical decisions.
CORRECTIVE
ACTION #1: We concur with this recommendation. The Chief
Technology Officer will ensure that the ACA Program Management Office governance
plan is updated to fully describe the escalation procedures to address timely,
any unresolved issues and critical decisions.
IMPLEMENTATION
DATE: March 1, 2012
RESPONSIBLE
OFFICIAL: The Associate Chief Information Officer,
Affordable Care Act Program Management Office (ACA PMO)
CORRECTIVE
ACTION MONITORING PLAN:
We enter accepted corrective
actions into the Joint Audit Management Enterprise System (JAMES) and monitor
them on a monthly basis until completion.
[1] Pub. L. No. 111-148, 124 Stat. 119 (2010).
[2] Pub. L. No. 111-152, 124 Stat. 1029.
[3] Pub. L. No. 111-148, 124 Stat. 119 (2010).
[4] Pub. L. No. 111-152, 124 Stat. 1029.
[5] Core members are the Deputy Commissioner for Services and Enforcement; Deputy Commissioner for Operations Support; Chief of Staff; Chief, Equal Employment Opportunity and Diversity; and IRS Human Capital Officer.
[6] See Figure 6 for the current list of ACA projects.
[7] The direct hire authority was subsequently extended until January 31, 2011.
[8] Federal Acquisition Reform Act of 1996 (Information Technology Management Reform Act of 1996), Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).
[9] Pub. L. No. 111-148, 124 Stat. 119 (2010).
[10] Pub. L. No. 111-152, 124 Stat. 1029.
[11] Federal Acquisition Reform Act of 1996 (Information Technology Management Reform Act of 1996), Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C., 16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C., 44 U.S.C., 49 U.S.C., 50 U.S.C.).