Treasury Inspector General for Tax Administration

Office of Audit

AFFORDABLE CARE ACT – THE INCOME AND FAMILY SIZE VERIFICATION PROJECT:  IMPROVEMENTS COULD STRENGTHEN THE INTERNAL REVENUE SERVICE’S NEW SYSTEMS DEVELOPMENT PROCESS

Issued on March 29, 2013

Highlights

Highlights of Report Number:  2013-23-034 to the Internal Revenue Service Chief Technology Officer.

IMPACT ON TAXPAYERS

In March 2010, the President signed into law the Patient Protection and Affordable Care Act (ACA) to provide more Americans with access to affordable health care by January 1, 2014.  The Income and Family Size Verification (IFSV) Project is a core project of the ACA Program and will support open enrollment beginning in October 2013.  The IFSV Project is important to the functionality and success of the ACA Program because it is responsible for developing a solution that will verify income and family size, based on tax return data, for determining an individual’s eligibility for the advanced premium tax credit for health insurance.

WHY TIGTA DID THE AUDIT

This audit was initiated to determine whether the IRS adequately managed systems development risk for the IFSV Project.  Specifically, TIGTA evaluated whether the IFSV Project adequately managed project management risk related to the new Iterative Path of the Enterprise Life Cycle and whether the IFSV Project developed a security plan to protect taxpayer data.  To accomplish these objectives, TIGTA reviewed high-risk areas related to the IRS applying the new Iterative Path to the IFSV Project as its systems development life cycle rather than a traditional sequential life cycle (e.g., Waterfall Systems Development Life Cycle Path).  TIGTA also considered information technology security documentation for the IFSV Project.

WHAT TIGTA FOUND

By the end of August 2012, the IFSV Project had completed all six systems development components, each delivering a piece of approved functionality.  While cost data specific to the IFSV Project were not readily available during this audit, the IRS is generally managing systems development risk areas with the implementation of the new Iterative Path within the Enterprise Life Cycle.  However, process improvements are needed to better ensure that (1) the IFSV Project team adheres to configuration management guidelines when baselined requirements are changed and (2) the ACA Program Configuration Control Board emergency meeting processes are effectively communicated.  Further, an integrated suite of automated tools could improve requirements management and testing for the IFSV Project.

WHAT TIGTA RECOMMENDED

TIGTA made three recommendations to the Chief Technology Officer.  In its response to the report, the IRS agreed with our first two recommendations and plans to implement corrective actions for both.

However, the IRS disagreed with our third recommendation to implement a standard suite of integrated, automated tools for the ACA Program and ACA projects to manage sprint processes, develop and manage requirements, develop and manage test cases, and bidirectionally trace requirements and test cases.  Notwithstanding the IRS’s response, TIGTA believes that an action plan to address this recommendation would permit the IRS to better ensure long‑term success for the IFSV Project along with the many other information technology components and systems supporting new functionality and transactions required to address its mission-critical capabilities under the ACA.

Lastly, the IRS disagreed with the statement in the report that cost data were not readily available during the audit.  TIGTA maintains that cost information was not readily available because it took the IRS 28 business days to provide basic budget and cost data.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to:  

http://www.treas.gov/tigta/auditreports/2013reports/201323034fr.html

E-mail Address:   TIGTACommunications@tigta.treas.gov

Phone Number:   202-622-6500

Website:   http://www.treasury.gov/tigta