Treasury Inspector General for Tax Administration

Office of Audit

AFFORDABLE CARE ACT:† IMPROVEMENTS ARE NEEDED TO STRENGTHEN SYSTEMS DEVELOPMENT CONTROLS FOR THE PREMIUM TAX CREDIT PROJECT

Issued on September 27, 2013

Highlights

Highlights of Report Number: †2013-23-119 to the Internal Revenue Service Chief Technology Officer.

IMPACT ON TAXPAYERS

In March 2010, the President signed into law the Health Care and Education Reconciliation Act of 2010 and the Patient Protection and Affordable Care Act (ACA) (collectively referred to as the ACA).† The ACA law seeks to provide more Americans with access to affordable health care.† The Premium Tax Credit (PTC) Project falls under the IRS ACA Program.† Beginning January 2014, eligible taxpayers who purchase health insurance through an Exchange may qualify for and request a refundable tax credit (the PTC) to assist with paying their health insurance premium.† The credit is claimed on the taxpayerís Federal tax return at the end of each coverage year. †Because it is a refundable credit, taxpayers who have little or no income tax liability can still benefit.† The PTC can also be paid in advance to a taxpayerís health insurance provider to help cover the cost of premiums.† This credit is referred to as the Advanced Premium Tax Credit (APTC).

WHY TIGTA DID THE AUDIT

The overall objective of this review was to determine if the IRS is adequately managing systems development risks for the PTC Project.† TIGTA evaluated the IRSís key management controls and processes for risk management, requirements and change management, testing, security, and fraud detection for the PTC Project, which is being developed in the IRSís new Enterprise Life Cycle Iterative Path.

WHAT TIGTA FOUND

The IRS has completed development and testing for the PTC Computation Engine (PTC-CE) needed to calculate the APTC and the Remainder Benchmark Household Contribution.† In addition, the IRS developed a process to verify the accuracy of the PTC-CE calculations.† However, improvements are needed to ensure the long-term success of the PTC Project by adherence to systems development controls for:† (1) configuration and change management; (2) interagency test management process; (3) security; and (4) fraud detection and mitigation, in accordance with applicable guidance.

WHAT TIGTA RECOMMENDED

TIGTA made seven recommendations to the IRS Chief Technology Officer.† In managementís response to the report, the IRS agreed with six of the recommendations and plans to implement corrective actions.

However, the IRS disagreed with one of our recommendations to ensure that the Cybersecurity organization resolves or develops an action plan for the failed security tests. TIGTA maintains that this recommendation should be addressed to verify that corrective measures for failed controls have been implemented.

READ THE FULL REPORT

To view the report, including the scope, methodology, and full IRS response, go to: †

http://www.treas.gov/tigta/auditreports/2013reports/201323119fr.html.†

E-mail Address: ††TIGTACommunications@tigta.treas.gov

Phone Number:†† 202-622-6500

Website:†† http://www.treasury.gov/tigta