Fed watchdog tells IRS to beef up ACA database security
- The Treasury Inspector General for Tax Administration (TIGTA) recently made public a report on the status of the Coverage Data Repository (CDR), a database of tax-related ACA data for the IRS.
- The report found planned interagency testing for the CRD with federal and state exchanges was not completed.
- As of Nov. 21, the IRS has received data from three states.
TIGTA evaluated CDR testing processes, including interagency, release-level and project-level functional testing controls as well as security controls. According to a prepared statement from TIGTA, subsequent to the audit review, the IRS received additional data, but it still had not yet received all exchange periodic data submissions from the exchanges as of Jan. 20, the start of the 2015 filing season.
The government watchdog recommendations to the IRS CTO included that the agency ensure interagency exchange testing is completed and future ACA projects complete release-level testing before starting interagency testing.
While the IRS agreed with two of TIGTA’s recommendations, it did not agree with recommendations to strengthen systems testing practices or with TIGTA’s assessment of the process applied to demonstrate and verify system functionality for the CDR. TIGTA maintained improvements are needed to ensure adequate risk mitigation practices in each of these areas because the IRS plans to rely on the CDR as its authoritative source for ACA data.
“It is imperative that the IRS ensures that all its information technology projects, including those associated with the implementation of the Affordable Care Act, are capable of performing the tasks they are designed to perform,” said J. Russell George, Treasury inspector general for tax administration, in the prepared statement.
Follow Jeff Byers on Twitter