Skip to main content

Benefits

Report: IRS Needs to Strengthen Controls on ACA Health Care Tax Credits

The Internal Revenue Service (IRS) needs to strengthen systems development controls for the Premium Tax Credit (PTC) Project, the Treasury Inspector General for Tax Administration (TIGTA) concludes in a new report publicly released today.

health-care-tax-credit1

The government watchdog that oversees the Internal Revenue Service, and was also instrumental in bringing light to the agency's scrutiny of conservative political non-profits, says the IRS needs to strengthen systems development controls for the Premium Tax Credit Project, according to a report from the Treasury Inspector General for Tax Administration, which is responsible with overseeing the nation's tax agency.

The PTC is part of the Affordable Care Act (aka, Obamacare). Beginning January 2014, eligible taxpayers who purchase health insurance through the Health Insurance Marketplace (an Exchange) may qualify for and request a refundable tax credit to assist with paying their health insurance premium.  The credit is claimed on the taxpayer’s Federal tax return at the end of each coverage year.  Because it is a refundable credit, taxpayers who have little or no income tax liability can still benefit.  The PTC can also be paid in advance to a taxpayer’s health insurance provider to help cover the cost of premiums.   This credit is referred to as the Advanced Premium Tax Credit.

The IRS’s implementation plan for ACA Exchange provisions includes providing information that will support the Department of Health and Human Services and the Exchanges in three main areas: eligibility and enrollment; developing calculations for the maximum APTC; and reconciling PTCs with reported taxable income.

TIGTA reviewed whether the IRS is adequately managing systems development risks for the PTC Project.  TIGTA evaluated the IRS’s key management controls and processes for risk management, requirements and change management, testing, security, and fraud detection for the PTC Project.

TIGTA found that the IRS has completed development and testing of the software used to calculate the Advanced Premium Tax Credit and the Remainder Benchmark Household Contribution which is the household’s contribution towards the monthly insurance premium.

In addition, the IRS developed a process to verify the accuracy of the PTC calculations. Based on an analysis of IRS test cases for the software,  TIGTA was able to replicate the IRS’s results showing that the software accurately calculated the maximum APTC and RBHC amounts for eight specific test cases within the IRS test environment.  While the IRS was able to accurately calculate the maximum APTC amounts within the software testing environment, TIGTA was unable to assess the software’s full operational capabilities based on the test cases.

TIGTA found that improvements are needed to ensure the long-term success of the PTC Project by adherence to systems development controls for: (1) configuration and change management; (2) interagency test management process; (3) security; and (4) fraud detection and mitigation in accordance with applicable guidance.

“With the healthcare exchanges open for business, it is imperative that the IRS ensure the accuracy and completeness of Premium Tax Credit and Advanced Premium Tax Credit calculations and ensure the security of information provided by taxpayers to the IRS and subsequently transmitted to other government entities,” said J. Russell George, Treasury Inspector General for Tax Administration.

TIGTA made seven recommendations to the IRS, including that it develop an action plan for resolving security test issues and that the Internal Revenue Manual be updated to provide specific guidance on how to identify and mitigate potential fraud risks with the design, development, and testing of the new information technology systems that must be implemented to meet ACA requirements.

The IRS agreed with six of the recommendations and plans to implement corrective actions.  However, the IRS disagreed with the security test recommendation. TIGTA maintains that this recommendation should be addressed to verify the completion of necessary corrective measures for failed information technology controls that were observed during the audit.