The Internal Revenue Service did not finish testing a centralized data repository of health insurance coverage with federal and state exchanges in time for last tax season, according to a new government report.
The
However, TIGTA’s report found that the interagency testing planned for the CDR with the federal and state health insurance exchanges was not completed. As of Nov. 21, 2014, the IRS had only received data from three states. Subsequent to the audit review, the IRS received additional data, but it still had not yet received all Exchange Periodic Data submissions from the exchanges as of Jan. 20, 2015, the start of the 2015 filing season.
TIGTA found that not all the IRS’s interagency testing with the federal and state exchanges was completed. Release-level testing was completed but not prior to initiating interagency testing with the Centers for Medicare and Medicaid Services. During project-level testing, system developers did not always demonstrate CDR functionality to business owners and did not maintain complete records verifying business participation.
The CDR was deployed before security risk assessments were completed, TIGTA found. In addition, the CDR Application Audit Plan was not implemented as needed to support the IRS’s program and policy to mitigate the risks for unauthorized access to taxpayers’ records.
“It is imperative that the IRS ensures that all its information technology projects, including those associated with the implementation of the Affordable Care Act, are capable of performing the tasks they are designed to perform,” said TIGTA Inspector General J. Russell George in a statement.
TIGTA recommended that the IRS’s chief technology officer ensure that interagency testing with the exchanges is completed, and ensure that future ACA projects complete release-level testing before starting interagency testing.
The IRS agreed with two of TIGTA’s recommendations but did not agree with recommendations to strengthen systems testing practices nor with TIGTA’s assessment of the process applied to demonstrate and verify system functionality for the data repository. “We place a high degree of emphasis on the importance and the value of testing, as was demonstrated during the course of this audit,” wrote IRS chief technology officer Terence V. Milholland in response to the report. “The IRS developed a robust strategy to ensure the IRS systems were fully tested and concluded all prior tests prior to the Go-Live. The strategy included a dynamic process of continually assessing, planning, and prioritizing the test case inventory as the test cycle unfolded. Management must often use discretion in determining where integration tests, such as release level testing and interagency testing, must run sequentially, may overlap, or run in parallel. It is this dynamic model which allowed us to ensure all tests of the IRS systems were completed prior to putting them into production. Without this flexibility, development, test and deployment efforts would have been severely hampered.”
