TIGTA Seal graphic

Treasury Inspector General for Tax Administration

Press Release


December 2, 2014
TIGTA - 2014-48
Contact: David Barnes
(202) 622-3062
David.barnes@tigta.treas.gov
TIGTACommunications@tigta.treas.gov

Affordable Care Act: Improvements Are Needed to Strengthen Security and Testing Controls for the Affordable Care Act Information Returns Project

WASHINGTON – Improvements are needed to ensure the security of health care information provided to the Internal Revenue Service (IRS) by health insurance providers and pharmaceutical manufacturers and importers.

That is the conclusion of a new report publicly released today by the Treasury Inspector General for Tax Administration (TIGTA).

The Affordable Care Act requires the IRS to calculate and collect annual fees based on form reports provided by health insurance providers and pharmaceutical manufacturers and importers. The annual fees are due by September 30 of each year.

The overall objective of this review was to determine if the IRS is adequately mitigating systems development risks for the AIR Release 1 Project. TIGTA evaluated the IRS’s key management controls and processes for risk management, requirements and change management, testing, security, and fraud detection for the AIR Release 1 Project.

While the IRS conducted security and other tests to identify vulnerability weaknesses and verify that the AIR Release 1 system would function as designed, improvements are needed to ensure the long-term success of the AIR system. TIGTA identified specific system control weaknesses that should be promptly addressed.

TIGTA’s recommendations included that the IRS’s Chief Technology Officer ensure that: 1) procedures are developed to provide direction on how to mitigate vulnerability weaknesses; 2) vulnerability weaknesses identified are promptly corrected and resolved; 3) the ACA Plan of Action and Milestones adequately addresses the vulnerability weaknesses within the required time frames; 4) The IT implementation and Testing organization effectively manages the testing processes executed by the external contractors.

The IRS agreed with the majority of TIGTA’s recommendations and plans to implement corrective actions. However, the IRS partially agreed with one recommendation and disagreed with two recommendations. TIGTA notes its concern about the IRS response to these recommendations in the report.

Read the report.

###

Note: The difference between the date TIGTA issues an audit report to the Internal Revenue Service and the date TIGTA publicly releases the report is due to TIGTA's internal review process to ensure that public release is in compliance with Federal confidentiality laws.

A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.