In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of certain activities of the Commonwealth Health Insurance Connector Authority (CCA) for the period July 1, 2014 through June 30, 2016.
We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Below is a list of our audit objectives, indicating each question we intended our audit to answer, the conclusion we reached regarding each objective, and where each objective is discussed in the audit findings.
No; see Finding 1
No; see Finding 2
To achieve our audit objectives, we gained an understanding of the internal controls we determined to be relevant to our audit objectives and tested the controls’ operating effectiveness over customer service provided under Dell Marketing LP’s service contract at the call center. We conducted further audit testing as described in the following subsections.
We obtained and reviewed policies and procedures related to call center operations and CCA’s walk-in centers, where potential members can receive assistance to enroll in health insurance plans. We visited one of these sites to obtain an understanding of the role of the employees at these locations.
Through meetings with CCA officials, we learned about the agency’s contract with Dell and the customer service Dell provides to CCA. We requested and reviewed the contract between CCA and Dell and reviewed the contract’s change orders that occurred during the audit period. We visited a walk-in center and met with Dell personnel to discuss Dell’s billing process.
Dell submits a monthly report to CCA containing data regarding service-level agreements (SLAs), along with an invoice for payment. We examined the five SLAs related to customer service that were in place during the audit period. For each of the four SLAs that were calculated on a monthly basis, we chose a nonstatistical judgmental sample of 5 of the 24 monthly invoices from the audit period, which represented peak and off-peak enrollment in CCA’s health insurance plans, to test the accuracy of the charges, penalties, and incentives itemized on each invoice. For the SLA that was calculated on a quarterly basis, we tested the only two quarters for which data were available from the audit period and tested the accuracy of the charges, penalties, and incentives itemized on both invoices.
Our data analytics team used Data Ladder software to compare the home addresses of people who had enrolled in an insurance program through CCA, and whom the agency had indicated as verified in its database, to the addresses in Massachusetts ArcGIS, an interactive property map used by the Commonwealth. We performed queries of this data-matching and identified 5,026 home addresses that appeared to be invalid. We selected a nonstatistical random sample of 307 members to test the validity of CCA’s residency verification. We compared each address in our sample to data sources such as Google Maps and the United States Postal Service to determine the validity of each address.
We performed a query of the CCA database to identify the amounts of federal and state subsidies and applied Advance Premium Tax Credits (APTCs). Of the 5,026 members whose addresses are mentioned above, 2,006 had invalid addresses; these 2,006 members were receiving a total of $299,412 in APTCs and a total of $228,561 in state and federal subsidies.
We used nonstatistical sampling to help us achieve our audit objectives and therefore did not project our results to the various populations.
We obtained a full copy of CCA’s Massachusetts Health Insurance Exchange and Integrated Eligibility System database and assessed the reliability of the data we obtained from it. We reviewed the controls for access to programs and data, program changes, and security settings. We also performed additional validity and integrity tests, including testing the accuracy of manually entered data, by selecting a nonstatistical random sample of paper applications and tracing the applications to the data in the database. We determined that the data from this system were sufficiently reliable for the purposes of our audit.
|Date published:||January 16, 2018|