Date Issued
Report Number
2015-23-081
Report Type
Audit
Special Emphasis
Affordable Care Act (ACA)
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
Recommendations
The Chief Technology Officer should ensure that all identified AVS security vulnerabilities are corrected prior to the 2016 Filing Season.
The Chief Technology Officer and authorizing officials should ensure that security testing and security authorization packages are completed prior to signing security authorizations and placing systems into production.
The Chief Technology Officer should ensure that ACA developers are notified in advance when changes to the development, test, and production environments are made to ensure that the programs being developed are compatible with the updated environments.
The Chief Technology Officer should ensure that testing organizations use only the information from the designated tools for documenting requirements, test results, and defects to prepare the End-of-Test Completion Report (EOTCR).