The teams helping the Internal Revenue Service implement new health law programs need to pay more attention to security configuration control settings.
Alan Duncan, an assistant inspector general at the office of the Treasury Inspector General for Tax Administration, and other office officials have given that assessment in a final audit report on the IRS information technology program.
The Patient Protection and Affordable Care Act requires the IRS to help with activities such as verifying the income and family size of exchange plan applicants, and to help with providing a new premium tax credit for some middle-income health insurance buyers.
In August 2013, the IRS had 292 employees in its PPACA program management office. In fiscal year 2013, which ended Sept. 30, that office had a budget of about $97 million, or about 4 percent of total IRS information technology organization spending.
Investigators often find problems with improper security configuration control settings at the IRS, Duncan and colleagues write in their report.