This is the accessible text file for GAO report number GAO-05-115 
entitled 'Social Security Administration: Actions Needed to Strengthen 
Processes for Issuing Social Security Numbers to Children' which was 
released on February 23, 2005.

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Report to the Chairman, Committee on Finance, U.S. Senate:

United States Government Accountability Office:

GAO:

January 2005:

Social Security Administration:

Actions Needed to Strengthen Processes for Issuing Social Security 
Numbers to Children:

GAO-05-115:

GAO Highlights:

Highlights of GAO-05-115, a report to the Chairman, Committee on 
Finance, United States Senate: 

Why GAO Did This Study:

In fiscal year 2004, the Social Security Administration (SSA) issued 
about 4.2 million original Social Security numbers (SSN) and 2 million 
SSN replacement cards to U.S.-born children. Despite its narrowly 
intended purpose, today, young children need a SSN to be claimed on 
their parent’s income tax return or to apply for certain government 
benefits. Because children’s SSNs, like all SSNs, are vulnerable to 
theft and misuse, the Chairman of the Senate Committee on Finance 
requested that GAO (1) document SSA’s current processes and internal 
controls for issuing SSNs to U.S.-born children under the age of 18 and 
(2) identify any weaknesses that may affect SSA’s ability to ensure the 
integrity of the SSN and the efficiency of enumeration processes.

What GAO Found:

SSA has two processes for issuing SSNs to U.S.-born children—one that 
allows parents to request SSNs through a hospital during birth 
registration and one that permits them to apply through SSA field 
offices—both of which include various internal control mechanisms. 
Today, SSA issues the majority of SSNs to children through its 
Enumeration at Birth (EAB) program. Participating hospitals forward the 
SSN request and other birth registration data to vital statistics 
agencies, which then send it to SSA. SSA’s automated system ensures 
that the data are complete and mails the SSN to the parent. Parents may 
also request SSNs through SSA field offices by mail or in person. This 
process requires parents to present proof of the child’s age, identity, 
and citizenship as well as proof of their own identity. As fraud 
prevention measures, SSA also interviews children 12 and older and 
verifies documents with a third party for those over age 1. If a 
child’s SSN card is lost or stolen, parents may also apply for a 
replacement card. SSA requires proof of identification for both the 
parent and the child to obtain such cards.

Despite SSA’s efforts to improve its enumeration processes, weaknesses 
persist in EAB program oversight and outreach, manual birth 
verification procedures, and other vulnerabilities that could adversely 
affect the integrity of SSA’s processes. Federal internal control 
standards state that agencies should assess and mitigate risk to their 
programs. However, SSA does not conduct comprehensive integrity 
reviews, or coordinate with external auditing agencies to ensure that 
vital statistics agencies and hospitals are properly collecting and 
protecting enumeration data for children. In addition, SSA lacks a 
nationwide capability to efficiently verify birth certificates for 
children whose parents apply through SSA field offices, although a 
prior SSA pilot proved successful in providing such verifications. 
Further, SSA lacks a policy for securing and tracking birth 
certificates once manual verifications are complete, making these 
documents vulnerable to misuse. Finally, SSA’s policies for verifying 
birth certificates of children under age 1 and for issuing replacement 
SSN cards, which allow for up to 52 cards annually, remain weak and 
could expose the program to fraud. The Intelligence Reform and 
Terrorism Prevention Act of 2004 will assist SSA in protecting the 
integrity of the SSN by requiring the agency to verify birth documents 
for all SSN applicants, except for EAB purposes, and limit the issuance 
of SSN replacement cards.

4.2 Million Original SSNs Issued to U.S.-Born Children in Fiscal Year 
2004: 

[See PDF for image]

[End of figure]

What GAO Recommends:

GAO recommends that SSA strengthen its SSN processes through increased 
EAB oversight, better coordination with audit agencies, improved EAB 
education, and policy clarification on handling birth certificates. SSA 
disagreed with GAO’s recommendation to increase oversight but agreed 
with the remaining recommendations and outlined planned or ongoing 
efforts to address them.

Since birth certificates are key to SSN issuance, GAO recommends that 
the Congress consider developing a nationwide system to verify birth 
records.

[End of section]

Contents:

Letter:

Results in Brief:

Background:

SSA Has Specific Processes for Issuing SSNs and Replacement Cards To 
Children:

Majority of SSNs Are Issued to Children through SSA's Enumeration at 
Birth Process:

Relatively Few Children Are Enumerated through SSA Field Offices:

Several Weaknesses Could Affect the Integrity and Efficiency of SSA's 
Enumeration Processes:

SSA Lacks Oversight to Assess the Integrity of EAB and Does Not Track 
Relevant Audit Findings of Other Agencies:

Limited Outreach and Education to Hospitals May Limit the Effectiveness 
of the EAB Program:

SSA Lacks a Nationwide Capability to Perform Birth Verifications:

SSA Lacks a Policy to Fully Protect Birth Documents from Misuse:

Previously Reported Enumeration Weaknesses Continue to Expose SSA to 
Fraudulent Enumerations:

Conclusions:

Matter for Congressional Consideration:

Recommendations for Executive Action:

Agency Comments:

Appendix I: Scope and Methodology:

Appendix II: Comments from the Social Security Administration:

Appendix III: GAO Contacts and Staff Acknowledgments:

GAO Contacts:

Staff Acknowledgments:

Tables:

Table 1: Original SSNs and Replacement Social Security Cards Issued in 
Fiscal Year 2004:

Table 2: SSA Requirements--Original SSNs Compared with Replacement 
Cards:

Figures:

Figure 1: Original SSNs Issued to U.S.-Born Children in Fiscal Year 
2004:

Figure 2: SSA's EAB Process for Assigning SSNs to U.S.-Born Children:

Figure 3: SSA's Field Office Process for Assigning SSNs to Children:

Figure 4: Map of Participants in the Electronic Verification of Vital 
Events Pilot:

Figure 5: Electronic Verification of Vital Events Between the Social 
Security Administration Field Offices and States' Vital Statistics 
Agencies:

Abbreviations:

CIRP: Comprehensive Integrity Review Process:

EAB: Enumeration at Birth:

EVVE: Electronic Verification of Vital Events:

HIPAA: Health Insurance Portability and Accountability:

MES: Modernized Enumeration System:

NAPHSIS: National Association for Public Health Statistics and 
Information Systems:

NASACT: National Association of State Auditors, Comptrollers and 
Treasurers:

OIG: Office of the Inspector General:

OSI: Office of Special Investigations:

POMS: Program Operations Manual System:

SR: Service Representative:

SSA: Social Security Administration:

SSN: Social Security Number:

VSA: Vital Statistics Agency:

United States Government Accountability Office:

Washington, DC 20548:

January 31, 2005:

The Honorable Charles E. Grassley: 
Chairman: 
Committee on Finance: 
United States Senate:

Dear Mr. Chairman:

Today, the majority of children born in the United States are assigned 
a Social Security number (SSN) before their first birthday. The Social 
Security Administration (SSA) refers to the assignment of original SSNs 
and replacement SSN cards as "enumeration." In fiscal year 2004, SSA 
issued over 4 million original SSNs to U.S.-born children, of which 
over 90 percent were to children under age 1. The agency also issued 
over 2 million replacement cards to U.S.-born children. SSNs were 
originally created to track workers' employment history and eligibility 
for Social Security benefits. However, today, SSNs are used for a 
myriad of purposes, and even children born as U.S. citizens must have 
SSNs to be claimed as dependents on their parents' tax returns and to 
receive benefits from federal programs. Because SSNs are central to so 
many aspects of American life, children's SSNs, like all SSNs, are 
vulnerable to fraud and financial crimes.

Various news accounts and identity crime experts report that the theft 
of a child's identity may go undetected for years until an event--such 
as an application for a driver's license--reveal that the child's 
identity was stolen. Because of increasing concerns regarding the 
enumeration of children, the Chairman of the Senate Finance Committee 
requested that we (1) document current processes and internal controls 
for issuing SSNs to U.S.-born children under the age of 18 and (2) 
identify any weaknesses that may affect SSA's ability to ensure the 
integrity of the SSN and the efficiency of enumeration processes.

To complete our work, we examined SSA's Program Operations Manual 
System and met with SSA officials to identify the processes used to 
enumerate children. We also documented the roles of select hospitals 
and vital statistics agencies, which facilitate SSA's process for 
enumerating newborns. To identify weaknesses that may affect SSA's 
ability to efficiently enumerate children and ensure the integrity of 
the SSN, we collected and analyzed information on SSA's enumeration 
initiatives, the results of prior internal reviews, and studies 
performed by SSA's Office of the Inspector General (OIG) and Office of 
Quality Assurance and Performance Assessment. In addition, we contacted 
the National Association of State Auditors, Comptrollers and Treasurers 
(NASACT) as well as individual state comptrollers and inspectors 
general to identify and obtain any relevant reviews of their state 
vital statistics agencies' birth registration and certification 
processes. Also, our Office of Special Investigations (OSI) tested 
SSA's practices for issuing replacement cards to children by posing as 
parents of fictitious children and using counterfeit documents in an 
attempt to obtain multiple cards.

We conducted our review at SSA headquarters in Baltimore, Maryland, and 
at four regional offices--Atlanta, New York, Philadelphia, and San 
Francisco--and 10 field offices. We selected the SSA regional and field 
offices based on their geographic location, the volume of enumeration 
activity, and participation in certain enumeration projects. We also 
spoke with officials in vital statistics agencies and medical 
facilities in the states of California, Georgia, Kentucky, and Maryland 
and the city of New York. Our Office of Special Investigations 
conducted its work in 7 SSA field offices in the District of Columbia, 
Maryland, and Virginia. We conducted our work between January and 
December 2004 in accordance with generally accepted government auditing 
standards. Appendix I discusses our scope and methodology in further 
detail.

Results in Brief:

SSA has two processes for issuing SSNs to U.S.-born children--one that 
allows parents to request SSNs through a hospital during birth 
registration and one that permits them to apply through SSA field 
offices--both of which include various internal control mechanisms. 
Today, SSA issues the majority of SSNs to children through its 
Enumeration at Birth (EAB) program. Participating hospitals forward the 
SSN request and other birth registration data to vital statistics 
agencies, which then send pertinent data to SSA. SSA's automated system 
ensures that the data are complete and mails the SSN to the parents. 
Parents may also request SSNs through SSA field offices by mail or in 
person. This process requires parents to fill out an application and to 
present at least two original documents as proof of the child's age, 
identity, and citizenship as well as proof of their own identity. For 
any child over age 1, SSA also requires staff to independently verify 
birth certificates with the issuing vital statistics agency. In 
addition, SSA conducts in person interviews with all children 
applicants age 12 and older, as an additional safeguard against 
identity theft. SSA uses both managerial and automated reviews to 
ensure that SSNs are issued properly. If a child's SSN card is lost or 
stolen, parents may also apply for a replacement card via the field 
office process. To issue a replacement, SSA requires proof of 
identification for both the parent and the child.

Despite SSA's efforts to improve its enumeration processes, weaknesses 
in EAB program oversight and outreach, manual birth verification 
procedures, and other vulnerabilities could adversely affect the 
integrity and efficiency of its processes. Our Standards for Internal 
Control in the Federal Government[Footnote 1] state that federal 
agencies should assess and mitigate risk and promptly evaluate findings 
from audits that could affect the integrity of key operations. However, 
SSA has not conducted such comprehensive integrity reviews to ensure 
that vital statistics agencies and hospitals are properly collecting 
and protecting birth registration data used to enumerate children. 
Although some external audit agencies at both the federal and state 
levels have reviewed vital statistics agencies and identified 
weaknesses, SSA does not coordinate with these agencies and is unaware 
of these reviews. SSA has also provided only limited education and 
outreach to hospitals to ensure they consistently provide information 
to parents regarding the timeframes for processing EAB requests. Thus, 
some parents who opt for EAB may, subsequently, apply a second time at 
a SSA field office because they do not know how long EAB takes to 
process their application and issue a card for their child. Such 
multiple applications can result in the issuance of two distinct SSNs 
for the same child. In addition, SSA currently lacks a nationwide 
electronic capability to efficiently verify birth certificates for 
children whose parents apply through SSA field offices, as well as 
clear policies for securing and tracking of birth certificates once 
manual verification is completed, leaving these documents vulnerable to 
theft and misuse. Finally, SSA's policy on verifying birth certificates 
for children under age 1 and policy for issuing SSN replacement cards 
are weak and could expose the program to fraudulent enumerations. For 
example, SSA's policy does not require field office staff to verify 
birth documents for children under age 1 and allows individuals to 
obtain up to 52 replacement cards annually. To illustrate this, we used 
the same original SSNs we obtained with counterfeit documents for two 
fictitious children during a previous review to apply for replacement 
cards. Our investigators acquired 8 replacement cards in less than 6 
weeks, before SSA field office staff placed a fraud alert on the two 
SSN records, demonstrating that once a person obtains a SSN 
fraudulently, the problem can be quickly expanded with requests for 
numerous replacement cards. Just prior to issuance of this report, 
Congress passed the Intelligence Reform and Terrorism Prevention Act of 
2004, which included provisions to require SSA to verify the birth 
documents of all SSN applicants and limit the number of replacement 
cards an individual may obtain.

We are making several recommendations to SSA that are intended to 
strengthen SSA's processes and internal controls over the issuance of 
SSNs for children. We are also asking Congress to consider authorizing 
the development of a cost-effective system to enable SSA to 
electronically verify birth documents with vital statistics agencies 
for all SSN applicants. In response to our draft report, SSA disagreed 
with our recommendation that it increase EAB oversight to ensure the 
reliability of enumeration data it receives from vital statistics 
agencies. SSA noted that it is not within its purview to ensure the 
reliability of state agency or hospital birth data. We continue to 
believe that SSA has a responsibility under internal control standards 
for federal agencies to ensure that the data it receives are reliable 
and we believe the contracts between SSA and vital statistics agencies 
provide a mechanism to ensure more effective oversight. SSA agreed with 
our recommendations for better coordination with audit agencies, 
improved EAB outreach and education, and policy clarification on 
handling birth certificates obtained for verification purposes and 
provided information on planned or current actions to address them. 
SSA's comments are reproduced in appendix II.

Background:

The Social Security Act of 1935 authorized SSA to establish a record- 
keeping system to help manage the Social Security program, which 
resulted in the creation of the Social Security number.[Footnote 2] SSA 
uses the SSN as a means to track workers' earnings and eligibility for 
Social Security benefits and assigns a unique number to every person 
and uses this number to create a work and retirement benefit record for 
the individual. SSA issues SSNs to most U.S. citizens, and they are 
also available to non-U.S. citizens with permission to work from the 
Department of Homeland Security. Also, in certain cases, SSA issues 
SSNs to non-U.S. citizens without permission to work who require a SSN 
to receive federal benefits or to lawfully admitted non-U.S. citizens 
to receive state or local public assistance benefits. Due to the 
number's unique nature and broad applicability, the SSN has become the 
identifier of choice for government agencies and private businesses and 
is used for numerous non-Social Security purposes, such as opening bank 
accounts and filing taxes. Today, even young children need a SSN to 
obtain medical coverage, be claimed on their parents' income tax 
return, or establish eligibility for other government or financial 
benefits.

In fiscal year 2004, SSA issued approximately 5.5 million original SSNs 
and 12.4 million replacement cards, of which roughly 4.2 million 
originals and 2.3 million replacements were for U.S.-born children 
under age 18, as shown in table 1. SSA's headquarters, in conjunction 
with its 1,333 field offices, issued these SSNs and cards to U.S. and 
noncitizen applicants. The primary guidance SSA uses to carry out its 
enumeration processes is the Program Operations Manual System 
(POMS).[Footnote 3] Under this guidance, SSA field offices are 
responsible for interviewing applicants for both original and 
replacement Social Security cards, reviewing evidentiary documents, 
verifying immigration and work status of applicants, and keying 
information into SSA's automated enumeration system. Due to the burden 
on field offices from the increased demand for SSNs, SSA implemented 
its Enumeration at Birth program nationally in 1989 to provide parents 
with a convenient opportunity to request SSNs for their newly born 
children without visiting a field office. To facilitate this program, 
SSA contracts with state and jurisdictional vital statistics agencies 
to obtain specific information required to issue SSNs to newborns. As 
of March 2004, SSA had EAB contracts with 50 states and 3 independent 
registration jurisdictions, for a total cost of approximately $8.2 
million.[Footnote 4]

Table 1: Original SSNs and Replacement Social Security Cards Issued in 
Fiscal Year 2004:

Numbers in millions: 

Original SSNs issued; 
U.S. citizens: 4.30[A]; 
Noncitizens: 1.17; 
Total: 5.47.

Replacement Social Security cards issued; 
U.S. citizens: 11.50; 
Noncitizens: 0.87; 
Total: 12.37.

Total; 
U.S. citizens: 15.80; 
Noncitizens: 2.04; 
Total: 17.84.

Source: SSA.

[A] Of the 4.30 million original SSNs issued for U.S. citizens, 
approximately 4.22 million were for U.S.-born children under age 18. 
Also, of the roughly 11.50 million replacement cards issued to U.S. 
citizens, approximately 2.32 million were for U.S.-born children under 
age 18.

[End of table]

Hospital personnel, sometimes referred to as birth registrars or 
clerks, generally have overall responsibility for gathering and 
forwarding the birth certificate information and SSN requests to state 
or local vital statistics agencies.[Footnote 5] In instances when a 
baby is born outside a hospital, the responsibility for filing the 
birth information typically rests on the midwife or other person in 
attendance, one of the parents, or the person in charge of the place 
where the birth occurred.

State vital statistics agencies are usually found within a state or 
jurisdiction's department of health. According to the National 
Association for Public Health Statistics and Information Systems 
(NAPHSIS),[Footnote 6] vital statistics for the United States are 
obtained from the official records of live births, deaths, fetal 
deaths, marriages, divorces, and adoptions. The official recording of 
these events is the responsibility of individual states and independent 
registration areas, such as the District of Columbia and New York City. 
Governments at all levels--federal, state, and local--use vital records 
for statistical purposes through cooperative arrangements with the 
respective state agency. At the time of our audit work, most states 
restricted access to birth records, but according to NAPHSIS, 11 states 
allowed "open" access to birth records, meaning that no identification 
requirements or relationship is needed to obtain a certified copy of a 
birth certificate.[Footnote 7]

Identity theft is one of the fastest growing crimes in the United 
States. In 2004, the Federal Trade Commission reported that in recent 
years some 10 million people--or 4.6 percent of the adult population-- 
discovered that they were victims of some form of identity theft. These 
numbers translate into estimated losses exceeding $50 billion, but the 
extent to which these statistics represent children is not well 
documented. However, various news accounts and identity crime experts 
report that the theft of a child's identity may go undetected for 
several years until an event--such as an application for a driver's 
license--reveals that the child's identity was stolen. Furthermore, 
children may also face future financial consequences if their SSN and 
name are used years before they first establish credit.

SSA Has Specific Processes for Issuing SSNs and Replacement Cards To 
Children:

SSA has two primary processes for issuing SSNs and replacement cards to 
children born in the United States. Today, most SSNs are issued to 
children through SSA's EAB program, while the parents of a much smaller 
number of children receive SSNs through SSA's field office application 
process. To ensure that SSNs are issued properly, SSA monitors data on 
EAB processing times and error rates and performs various integrity 
checks for those SSNs issued by field office staff. SSA also has 
specific policies for issuing replacement cards to children.

Majority of SSNs Are Issued to Children through SSA's Enumeration at 
Birth Process:

In 2004, SSA issued roughly 90 percent of SSNs to children through its 
EAB program. As shown in figure 1, the majority of SSA's enumeration 
workload involves U.S.-born children who generally receive their SSNs 
via states' and jurisdictions' birth registration process facilitated 
by hospitals. Under this process, SSA accepts birth registration data 
from vital statistics agencies as evidence of a child's age, identity, 
and citizenship. In fiscal year 2004, SSA issued approximately 3.9 
million SSNs through EAB.

Figure 1: Original SSNs Issued to U.S.-Born Children in Fiscal Year 
2004:

[See PDF for image]

[End of figure]

Hospital participation in EAB is voluntary. While SSA and state vital 
statistics agencies have strongly encouraged participation in the EAB 
program, the extent of nationwide hospital participation is unknown. 
However, SSA officials believe that most hospitals participate in EAB.

Under EAB, parents in the hospitals we visited could request a SSN for 
their newborn child via the hospital's birth registration worksheet. 
This worksheet was typically a standardized state-issued form used to 
capture the demographic and medical information required for the 
child's birth certificate. For those parents choosing to participate in 
the program, SSA guidance states that hospital representatives should 
provide parents with a receipt as proof of their SSN request.[Footnote 
8]

Of the nine medical facilities we visited, all provided parents with 
the opportunity to request SSNs through EAB. However, each had 
established its own unique policies, procedures, and internal controls 
for collecting, maintaining, and transmitting birth information, 
including the SSN request, in accordance with federal and state 
statutes. For example, one state required that its hospitals submit all 
birth information directly to the state vital statistics agency within 
72 hours of the birth, while in another state, the law required that 
birth information be submitted to the local registrar within 10 days of 
the birth.

While submission timeframes varied among the states we visited, 
generally all hospitals transmitted birth information both 
electronically and manually to their respective vital statistics 
agencies. Birth registrars or clerks were typically responsible for 
entering the birth certificate information into an electronic birth 
registration computer system, which in some cases, was directly linked 
to the state vital statistics agency. Though system software varied 
among states, it tended to capture the same information and was 
generally equipped with the same security features. For example, in 
almost every hospital we visited, each birth registrar or clerk had a 
personal identification password and sign-on to access the system.

Hospital personnel, in locations we visited that submitted data 
electronically, were required to make corrections to the electronic 
certificate prior to submitting it to their vital statistics office, 
because the computer system locked the record once the information was 
downloaded. This security feature prevented staff from making changes 
once the data were transmitted. However, if an error was discovered, 
hospital personnel could correct it with assistance from their 
respective vital statistics agency. For example, one state's vital 
records office issued a single-use pass code to the responsible birth 
registrar for re-entry into the electronic registration system.

In all the states in which we conducted interviews, we also found that 
once the vital statistics agency received the birth information, state 
officials reviewed the birth data submitted. These vital statistics 
agencies reviewed the data to ensure that the demographic and medical 
information was complete. In addition, officials from one location told 
us that they had also implemented other quality assurance measures, 
such as cross-referencing birth and death records and validating births 
that occur outside the presence of a physician or midwife. 
Subsequently, each office extracted and transmitted to SSA the 
information necessary to issue SSNs, including the name of the child, 
the date of birth, the parents' names, and mailing address.

SSA's data showed that the average EAB processing times varied among 
vital statistics agencies and ranged anywhere from 3 weeks to 12 weeks. 
An SSA official told us that some of the main reasons for the variation 
in the processing time was due to the technological capabilities of 
vital statistics agencies to transmit information and personnel issues. 
For example, not all vital statistics agencies were electronically 
connected to each of their EAB reporting hospitals. Therefore, staff 
had to key the birth information into an electronic format, which 
increased the processing time. Figure 2 shows SSA's EAB process.

Figure 2: SSA's EAB Process for Assigning SSNs to U.S.-Born Children:

[See PDF for image]

Note: In addition to hospitals, birthing centers may provide parents 
with the opportunity to participate in SSA's EAB program.

[End of figure]

Once SSA receives the data, its automated system ensures that the EAB 
data are complete and scans for keying errors. If no errors are 
detected, SSA issues a SSN card to the parents' mailing address. 
Throughout the EAB process, SSA also serves as a technical adviser, 
assisting vital statistics agencies with systems clarification and 
advice. Through its EAB contracts, SSA also establishes timeliness and 
accuracy requirements for EAB data and maintains this data. According 
to its contracts, SSA will not pay vital statistics agencies for any 
EAB data received more than 4 months after the month a birth 
occurs.[Footnote 9] However, SSA will accept such data for up to 11 
months after the month a birth occurs. SSA also will not process any 
EAB submissions with an error rate greater than 5 percent.

Relatively Few Children Are Enumerated through SSA Field Offices:

While the majority of U.S. children receive SSNs through the EAB 
program (3.9 million), the parents of a much smaller number apply for 
SSNs at SSA field offices. In fiscal year 2004, SSA issued 
approximately 294,000 SSNs to children through this process. SSA and 
hospital officials told us that some parents elect not to participate 
in the EAB program due to reasons related to religion or privacy. 
Consequently, parents of children not enumerated through EAB can apply 
for their child's SSN by mail or in person at a local SSA field office.

To apply for the SSN, parents complete a SSN application and submit at 
least two documents as evidence of their child's age, identity, and 
citizenship as well as evidence of their own identity. Documents that 
SSA accepts as evidence of age, identity, and citizenship for a child 
include, but are not limited to, a birth certificate; a record from a 
doctor, clinic, or hospital; or a religious record. SSA requires that 
all evidentiary documents be either originals or copies certified by 
the issuing agency. Figure 3 highlights SSA's field office process for 
assigning SSNs to children.

Figure 3: SSA's Field Office Process for Assigning SSNs to Children:

[See PDF for image]

[End of figure]

In recent years, SSA has taken additional steps to strengthen its field 
office enumeration process to prevent identity theft. For example, in 
June 2002, SSA began requiring field office staff to verify the 
authenticity of certified birth certificates for any person age 1 or 
older applying for an original SSN.[Footnote 10] To obtain this third- 
party verification, SSA field offices generally mail or fax a photocopy 
of the original document to the pertinent vital statistics agency or in 
some limited cases query an electronic system linked directly to the 
vital statistics agency's database.[Footnote 11] SSA must also send a 
fee to most state vital statistics agencies to cover the cost of this 
service.

In September 2003, SSA also changed its evidence requirements to 
enhance its ability to verify the accuracy of SSN applications for 
children. For example, SSA lowered the requirement for a mandatory in 
person interview from age 18 to age 12. SSA field staff told us that 
they rarely have U.S.-born children over age 12 applying for an 
original SSN, and generally such applications receive closer scrutiny. 
In such instances, the interviews are used as an additional safeguard 
against identity theft to (1) establish that the child applicant 
actually exists and (2) corroborate the parent-child relationship.

SSA also performs in-house reviews of its enumeration processes, 
including those for children. For example, field office managers use 
SSA's Comprehensive Integrity Review Process (CIRP) to monitor specific 
systems activity for potential fraud or misuse by employees. In 
addition, SSA also requires field staff to review a SSN applicant's 
supporting evidence and input it into SSA's Modernized Enumeration 
System (MES), the computer system used to assign SSNs. Once entered, 
the applicant's information undergoes numerous automated edits and is 
flagged if found suspicious. For example, MES suspends the processing 
of SSN applications for parents applying for new SSNs for numerous 
children in a 6-month period.

In addition to processing original SSNs, SSA field offices also issue 
replacement SSN cards if a card is lost or stolen. To obtain a 
replacement card for a child, parents must complete a SSN application 
and indicate the SSN previously issued to the child. SSA requires that 
the applicant provide only proof of identity for both the parent and 
the child. A wide range of documents will satisfy the proof of identity 
requirement. For example, parents could use a daycare center record to 
prove their child's identity and a church membership record as proof of 
their own, provided that the record includes key information required 
by SSA such as the person's name, date of birth, and physical 
description. See table 2 for a comparison of SSA requirements for 
original SSNs and those for replacement SSN cards.

Table 2: SSA Requirements--Original SSNs Compared with Replacement 
Cards:

Original SSN requirements (any one of the following documents for each 
category): Proof of identity; 
* Driver's license; 
* Passport; 
* School ID card; 
* School report card; 
* Marriage or divorce record; 
* Adoption record; 
* Health insurance card (except Medicare card); 
* Life insurance policy; 
* Clinic, hospital, or doctor records; 
* Church membership or confirmation record; 
Replacement card requirements: Proof of identity; 
Required for both parent and child and can be met with any proof of 
identity document used in applying for an original SSN, i.e., school ID 
card.

Original SSN requirements (any one of the following documents for each 
category): Proof of age; 
* Birth certificate; 
* Religious record established before age 5 showing age; 
* Notification of birth registration; 
Replacement card requirements: Proof of age; 
Only required if there is a discrepancy between the date of birth on 
the application and the evidence presented with the application.

Original SSN requirements (any one of the following documents for each 
category): Proof of U.S. citizenship; 
* Passport; 
* Birth certificate; 
* Religious record recorded in the United States within 3 months after 
birth; 
* Certificate of naturalization; 
* Certificate of citizenship; 
* Adoption finalization papers; 
* Other documents that establish a U.S. place of birth or U.S. 
citizenship; 
Replacement card requirements: Proof of U.S. citizenship; 
Not required for U.S.-born children.

Source: GAO's analysis of SSA's enumeration procedures.

Note: The above list is not all-inclusive.

[End of table]

Several Weaknesses Could Affect the Integrity and Efficiency of SSA's 
Enumeration Processes:

Despite SSA's efforts in recent years to improve its enumeration 
processes, several weaknesses persist, including a lack of EAB program 
oversight and outreach, inefficient birth verification procedures, and 
other vulnerabilities that could adversely affect the integrity and 
efficiency of SSA's processes. Our Standards for Internal Control 
provide a framework to help agencies address such weaknesses. However, 
SSA has not fully incorporated some of these controls into its 
enumeration processes. For example, SSA has not undertaken action to 
assess the integrity of the EAB process and to keep informed of 
pertinent findings of other audit agencies that have reviewed states' 
birth registration and certification processes. Furthermore, we found 
that previously reported enumeration weaknesses concerning SSA's lack 
of a policy to require birth verifications for children under age 1 and 
a policy to further limit replacement cards continues to expose SSA to 
risks of fraudulent enumerations.

SSA Lacks Oversight to Assess the Integrity of EAB and Does Not Track 
Relevant Audit Findings of Other Agencies:

SSA does not conduct periodic internal control or comprehensive 
integrity reviews to assess the integrity of procedures used to collect 
and protect EAB data at vital statistics agencies and hospitals, nor 
does it take advantage of available audit findings of other state 
agencies. SSA's EAB contracts permit the agency to conduct on-site 
reviews of vital statistics agencies' procedures for protecting 
confidential information. However, SSA's Project Officer for the EAB 
program told us that the agency has not conducted such comprehensive 
reviews because of a lack of resources. The same official also told us 
that SSA has never used its EAB contracts to require that vital 
statistics agencies conduct similar reviews of participating hospitals. 
Our Internal Control Management and Evaluation Tool states that federal 
agencies should have adequate mechanisms in place to identify key 
programmatic risks arising from external factors, including a 
consideration of risks posed by major suppliers and contractors. 
Identified risks should then be analyzed for their potential effect and 
an approach devised to mitigate them.[Footnote 12] However, because SSA 
has not conducted reviews of entities involved in the EAB process, it 
lacks important information to develop a clearer picture of areas in 
the EAB process that may be vulnerable to error or fraud.

A September 2001 SSA Office of the Inspector General (OIG) report on 
the EAB program suggested that more systematic oversight and management 
was needed. The OIG review identified serious internal control 
weaknesses in birth registration processes at selected hospitals that 
could compromise the integrity of EAB data.[Footnote 13] For example, 
the OIG found that hospital birth registration units often lacked 
adequate segregation of duties for clerks involved in the registration 
process. Our internal control standards state that key duties and 
responsibilities should be divided or segregated among different people 
to reduce the risk of error, waste, or fraud. Because clerks were 
generally involved in all phases of the birth registration process at 
the hospitals included in the SSA OIG review, the OIG said that the 
clerks could potentially generate birth certificates for nonexistent 
children. The OIG also found that the hospitals did not have controls 
in place to provide for periodic, independent reconciliations of birth 
statistics with the total number of birth registrations they reported, 
which could allow fictitious births to go undetected. During our visits 
to eight hospitals and one birthing center, we found similar internal 
control weaknesses. For example, some hospital birth units lacked the 
resources to segregate various job duties among its staff. While we 
found that birth registration staff in seven hospitals reconciled birth 
statistics with the total number of births, the staff performing these 
reconciliations were not independent of the birth registration process, 
which could expose the process to fictitious birth registrations. In 
light of the vulnerabilities that the OIG identified, SSA's Project 
Officer for EAB told us that SSA and NAPHSIS have met to discuss an 
audit plan to review hospitals in each state.

Some state audit agencies have conducted reviews of vital statistics 
agencies that have produced findings of potentially critical importance 
to SSA.[Footnote 14] However, due to a lack of coordination between SSA 
and state audit agencies, SSA was unaware of these audits and their 
findings, according to the EAB Project Officer. Our internal control 
standards require that federal managers promptly evaluate findings from 
audits and other reviews that could have an impact on their operations. 
Over the last several years state audit agencies have identified 
deficiencies in vital statistics agencies' operations that could have 
negative implications for SSA's EAB program and field office 
enumeration processes. For example:

* An August 2004 Maryland Office of Legislative Affairs audit report 
found that the controls at the state's vital records agency were 
inadequate to ensure that birth certificates were issued to individuals 
authorized by law.[Footnote 15] Specifically, the report stated that 
Maryland applicants were not required to provide sufficient 
identification when requesting birth certificates, birth records for 
deceased individuals were not always marked as such, and adequate 
oversight of the local health departments regarding the issuance of 
birth and death certificates generally did not occur. Additionally, the 
audit found that controls over birth certificate forms and related 
blank stock certificates were inadequate to safeguard against 
fraudulent certificates being obtained for illegal purposes. 
Furthermore, the audit found that access to the vital records automated 
system was not adequately restricted.

* A November 2001 Florida Auditor General report disclosed that 
controls over the vital statistics program at selected county health 
departments were inadequate and not in compliance with vital statistics 
laws and rules.[Footnote 16] For example, the Auditor General found 
that the state registrar and several county health departments had not 
established effective controls to require documentation to show that 
certified copies of vital records were issued only to authorized 
recipients. The review also showed that controls over vital records 
security paper at selected county health departments were not adequate.

* A May 2000 State of New York Office of the State Comptroller audit 
report found several weaknesses in the New York City Office of Vital 
Record's controls over the reporting, registering, and processing of 
vital records that could increase the risk that the reported number of 
birth and death records in New York City may not be accurate or 
complete. The audit also identified weaknesses in safeguarding vital 
records at two vital records sites. As of December 2002, the State 
Comptroller reported that New York City had made progress in 
implementing its recommendations.[Footnote 17]

In discussing SSA's oversight role relative to EAB and the vital 
statistics agencies, SSA's EAB Project Officer told us that the EAB 
office had tried for the last 2 fiscal years to obtain funding for 
vital statistics agencies to review hospitals. Recently, the EAB office 
submitted a proposal for the fiscal year 2005 budget request, which 
included a measure to have vital statistics agencies review hospitals' 
birth registration processes and about 30,000 EAB cases 
nationwide.[Footnote 18] However, according to SSA's EAB Project 
Officer, the agency decided not to fund this initiative in fiscal year 
2005 due to reduced budgetary resources and items determined as higher 
priorities. The EAB Project Officer also acknowledged that there is no 
formal or informal coordination between the EAB component and state 
Comptrollers and Inspectors General offices that may conduct reviews of 
vital statistics agencies. Because SSA does not have direct contact 
with such entities, the official said that SSA does not hear about 
special studies in states and that vital statistics agencies do not 
normally share these studies with SSA.

Limited Outreach and Education to Hospitals May Limit the Effectiveness 
of the EAB Program:

SSA has provided only limited education and outreach to hospitals to 
ensure they consistently provide information to parents regarding the 
timeframes for processing EAB requests. Thus, some parents who opt for 
EAB, but may need an SSN sooner than is possible under the process, may 
apply a second time at a SSA field office; increasing the likelihood 
that their child will be issued two distinct SSNs.

Our internal control standards require that management ensure that 
adequate means are in place to communicate with external stakeholders 
that may have a significant impact on an agency achieving its goals. 
However, SSA's EAB Project Officer acknowledged that, beyond initial 
contacts with hospitals when EAB was first implemented in 1989, SSA has 
done little follow-up education and outreach to ensure that hospitals 
have up-to-date information necessary to effectively implement the 
program.

SSA maintains information on EAB processing times for individual 
states, which is available via its Web site. The agency also developed 
Form 2853, for distribution to parents by hospital staff that lists the 
processing times for their state and serves as a receipt documenting 
the EAB request. However, during our fieldwork, we found that SSA has 
conducted no formal training or information sharing initiatives on 
these resources. Thus, hospital birth registration personnel were often 
unaware of the available processing time information, and staff at one 
hospital provided parents with information based on their own estimates 
or the prior experiences of other parents. We also found that only a 
few of the hospitals we visited were aware of Form 2853 and were 
providing it to parents. Thus, parents were not consistently receiving 
information from the hospitals on the time it takes to receive a SSN 
under the EAB process.

Because parents do not always receive consistent or comprehensive 
information on EAB processing times, they may opt for the service even 
though they may need a SSN for their child sooner than is possible 
under the current process. In such instances, parents may later decide 
to apply for a SSN in a SSA field office, which could increase the 
likelihood that their child could be issued two different SSNs. In a 
September 2001 report,[Footnote 19] SSA's OIG identified 67,206 
instances nationwide in which parents submitted a second SSN 
application when they did not receive a SSN card for their children 1- 
year old or younger within 30 days of the child's date of 
birth.[Footnote 20] In reviewing these applications, the OIG identified 
178 instances in which SSA issued multiple SSNs to the same child. The 
report noted that SSA's system edits do not always recognize SSNs 
previously assigned to children, especially if there are minor 
variances in the names provided on the two applications. The OIG noted 
that the assignment of more than one SSN to an individual creates the 
opportunity for SSN misuse.

SSA's EAB Project Officer acknowledged that SSA does not do as much 
education and outreach in the field as it did initially because of 
budget constraints, but that the agency is currently working with the 
National Association for Public Health Statistics and Information 
Systems (NAPHSIS) to strengthen its efforts to ensure hospitals have 
essential information to help parents make more informed decisions as 
to whether EAB will meet their needs. For example, SSA is seeking 
NAPHSIS' assistance to distribute information on the EAB program and 
EAB processing times.

SSA Lacks a Nationwide Capability to Perform Birth Verifications:

SSA currently lacks a nationwide capability to quickly and efficiently 
perform required birth verifications for children whose parents apply 
for a SSN through an SSA field office, although a prior SSA pilot 
project proved successful in providing enhanced verification 
capabilities. As noted earlier, SSA currently uses a predominantly 
manual process to perform birth certificate verifications that is labor-
intensive and time-consuming. For example, SSA staff may submit birth 
verification requests directly to vital statistics offices via the 
mail, fax, or in some locations, electronically. In several other 
locations, this process involves SSA staff manually completing the 
verifications at local vital statistics offices, which is another 
option for performing the verification.

Our internal control standards state that control activities should be 
effective and efficient in accomplishing the agency's control 
objectives. However, according to some field office staff that we spoke 
with, the current birth certificate verification process significantly 
prolongs the time required to process SSN applications, resulting in a 
backlog of verification requests in some locations. Field office staff 
in several offices cited examples of birth certificate verifications 
taking up to 6 months. Staff in one field office reported that they 
frequently encounter long waiting periods when they request birth 
verifications from some states. To expedite the verification process in 
this office, staff told us that they allow parents to obtain a 
certified copy of their child's birth certificate from the issuing 
vital statistics agency and submit the document in a sealed envelope. 
Once SSA staff unseal the envelope and review the birth certificate, 
they continue processing the SSN application. In their view, this 
satisfied SSA's requirement for independent verification. However, SSA 
policy officials told us that this action would not meet SSA's 
requirement. We agree and believe that allowing parents to obtain and 
submit certified copies of birth certificates without independent 
verification exposes SSA to the potential for fraud.

A recent SSA pilot with NAPHSIS, known as the Electronic Verification 
of Vital Events (EVVE) project, demonstrated that SSA field offices 
could perform vital records verifications in a quicker and more 
efficient manner than the current manual process. EVVE was piloted in 
eight states (California, Colorado, Hawaii, Iowa, Minnesota, 
Mississippi, Missouri, and Oklahoma) and local SSA offices in 26 states 
and territories. Figure 4 identifies all of the states and territories 
that participated in the EVVE pilot.

Figure 4: Map of Participants in the Electronic Verification of Vital 
Events Pilot:

[See PDF for image]

Note: American Samoa and Guam also participated in the EVVE pilot.

[End of figure]

Although EVVE was primarily established to expedite the processing of 
SSA retirement and disability claims filed by older SSA customers, it 
was also used to conduct required birth certificate verifications for 
children. EVVE processed two types of electronic queries: birth 
verifications and birth certifications. Birth verification queries were 
generally performed when SSA customers possessed a certified copy of 
their birth certificate. Conversely, birth certification queries were 
generally performed when customers did not present their birth 
certificate, technical problems arose with EVVE, or records were 
incompatible and prevented a successful online verification. 
Ordinarily, SSA policy requires that all individuals age 1 or older or 
their parents/guardians present a copy of a birth certificate or other 
acceptable documents to apply for a SSN, but SSA made an exception to 
this requirement for customers in the pilot states.[Footnote 21] Thus, 
even if a person could not produce his or her birth certificate, SSA 
would still process the application and query the system for an EVVE 
certification based on information orally obtained from the applicant. 
After receiving the query from SSA, the vital statistics agency would 
run it against its automated search system and return a "match" or "no 
match" response through EVVE's messaging hub to the requesting SSA 
office. SSA, and not the applicant, assumed the costs for both types of 
transactions. The EVVE process is depicted in figure 5.

Figure 5: Electronic Verification of Vital Events Between the Social 
Security Administration Field Offices and States' Vital Statistics 
Agencies:

[See PDF for image]

[End of figure]

Although SSA and NAPHSIS agreed that EVVE was a technical success 
because it demonstrated the capability to electronically verify vital 
documents, they did not move forward in implementing the system because 
of a breakdown in negotiations over the price of the service. During 
the pilot, SSA paid $5 for each birth verification query and $5 to $15 
for each birth certification query.[Footnote 22] At the conclusion of 
the pilot, SSA attempted to negotiate a reduced price per query, but 
according to SSA officials in the Division of Electronic Service 
Delivery, Office of Automation Support, neither SSA nor the states 
could agree on what the price should be. To resolve this matter, SSA 
contracted with KPMG LLP (KMPG) to conduct a fair price assessment for 
the EVVE service. KPMG determined that SSA should pay a national price 
of $6.42 per query. In addition, KPMG stated that SSA would have to pay 
$.48 per query to cover the administrative costs of maintaining the 
EVVE messaging hub. However, at this price, state officials believed 
that they would lose revenue because SSA's policy did not require 
applicants to present a birth certificate at the time of application. 
Thus, clients would likely purchase fewer birth certificates from vital 
records offices as a result. Unless SSA agreed to offset this potential 
revenue loss by paying more for each query, the states were reluctant 
to move forward. KPMG's analysis concurred that for on-line birth 
queries, the majority of which were certifications during the EVVE 
pilot, the seven states included in its study (four of which were EVVE 
pilot states) would indeed realize revenue shortfalls.[Footnote 23] 
According to a SSA official, negotiations stalled.

After the termination of the EVVE pilot in December 2003, SSA launched 
new negotiations with individual states to obtain access to their vital 
records. As of November 2004, SSA had negotiated individual agreements 
with six of the eight EVVE pilot states--Florida, Kentucky, Montana, 
Rhode Island, Tennessee, and Texas--which allow SSA offices in those 
states querying capabilities for vital statistics data, and four of 
these states allow browsing capabilities. While this access to some 
state vital records will help to expedite the birth certificate 
verification process in those states, it will not provide the 
capability for SSA offices to verify birth certificates nationwide, 
which could potentially be offered by EVVE or some other nationwide 
verification system. As a result, SSA field offices in states that do 
not allow access to vital records may still be subjected to long 
waiting periods to perform birth certificate verifications.

SSA Lacks a Policy to Fully Protect Birth Documents from Misuse:

In the absence of a nationwide electronic verification process, most 
SSA field offices are using paper-driven verification processes that 
involve the handling, storage, and disposal of birth certificates for 
which SSA has few controls. Once SSA requests and pays for birth 
certificate verifications, the servicing vital statistics office then 
mails a certified copy of the birth certificate to the SSA field 
office. During our fieldwork, we found considerable uncertainty among 
staff and various inconsistencies in the methods field offices used to 
collect, maintain, and dispose of these certified birth certificates. 
For example, after using the birth certificate to clear the SSN 
application, some offices shredded the document. However, in other 
offices, staff told us that they gave or mailed the document to the 
child's parent, while other staff told us that they kept copies of the 
birth certificates in a personal desk file at their workstation.

Our internal control standards require that agencies have appropriate 
policies and procedures to ensure appropriate documentation of 
transactions, maintain control over vulnerable assets, limit access to 
certain records, and assign accountability for their custody. In 
response to our discussion with SSA policy officials regarding such 
weaknesses in controls over birth certificates, SSA revised its policy 
on how to handle documents purchased for evidence in November 2004 to 
direct staff to shred birth certificates after processing the SSN 
application. However, this policy does not address how staff are to 
track the number of birth certificates received and record who handles 
them prior to their disposal, which could still make the documents 
vulnerable to theft or inappropriate disclosure misuse.

Previously Reported Enumeration Weaknesses Continue to Expose SSA to 
Fraudulent Enumerations:

SSA has not addressed two areas of its enumeration process that 
continue to expose the agency to fraud and abuse: the assignment of 
original SSNs to children under age 1 and the replacement of Social 
Security cards. In October 2003, we reported that SSA staff responsible 
for issuing SSNs relied on visual inspections of birth certificates to 
determine the identity of children under age 1 and did not 
independently verify this information with state or local vital 
statistics agencies.[Footnote 24] During our fieldwork, we documented a 
case where an individual had submitted a counterfeit birth certificate 
in applying for a SSN for a nonexistent child. We also demonstrated the 
ease with which individuals could obtain SSNs by exploiting SSA's 
current processes. Working in an undercover capacity and posing as 
parents of newborns, our investigators used counterfeit documents to 
obtain original SSNs for two fictitious children. We subsequently 
recommended that SSA establish processes to independently verify the 
birth records of all children. In response, SSA said that it would 
conduct a study to determine the extent of the problem and the 
potential for fraud in the enumeration of children through field 
offices. Since that time however, in response to a July 2004 OIG 
report,[Footnote 25] SSA stated that due to privacy restrictions for 
birth data arising from the Health Insurance Portability and 
Accountability Act (HIPAA)[Footnote 26] and staff resource constraints, 
it would not conduct the study. In place of the study, SSA stated that 
it would review and evaluate the OIG's work before making a final 
decision regarding this issue. In the same GAO report, we also noted 
that SSA's policy for replacing Social Security cards, which allows 
individuals to obtain up to 52 per year; as well as its limited 
documentation requirements, also increased the potential for misuse of 
SSNs. Of the 18 million cards issued by SSA in fiscal year 2004, nearly 
70 percent were replacement cards. We recommended that SSA reassess its 
policies in this area and develop options for deterring fraud and 
abuse. As we began this review, a SSA policy official told us that the 
agency was still assessing options.

We recognize that the replacement card issue applies to all SSN holders 
and is not unique to children's SSNs. However, there is a critical 
relationship between SSA's policies for enumerating children under age 
1 and issuing replacement cards that could be targeted by those seeking 
to fraudulently obtain valid SSNs. We are particularly concerned that 
individuals could first obtain original valid SSNs for fictitious 
children by exploiting weaknesses in SSA's current verification 
process. These individuals could then take advantage of SSA's 
replacement card policies to obtain excessive amounts of cards for 
resale to persons seeking to establish new identities, apply for state 
and local benefit programs, and/or work illegally in the United States. 
Such SSNs and replacement cards would be a valuable commodity to 
perpetrators of fraud because they are considered valid numbers in 
SSA's records and would receive an affirmative match response in the 
event that an employer queried SSA's system to verify the name and SSN.

Field tests we conducted during this engagement underscore the urgent 
need to address this issue. Using the same original SSNs we obtained 
last year for two fictitious children under age 1, our investigators 
obtained numerous replacement cards over a relatively short period. By 
posing as parents of these children, two investigators obtained eight 
replacement cards in less than 6 weeks, before SSA field office staff 
placed an alert on the two SSN records indicating a suspicion of fraud, 
which restricted our investigators from receiving additional 
replacement cards. In particular, our investigators obtained seven SSN 
cards by applying in person at various SSA field offices and one card 
by mail using either a counterfeit baptismal record or an immunization 
record as evidence of the children's identity, as well as counterfeit 
driver licenses as proof of identity for themselves. For the mail-in 
application, they submitted a baptismal record and an expired driver's 
license and still received the card. This effort revealed 
inconsistencies in staff acceptance of baptismal records, which are a 
valid proof of a child's identity under SSA's current guidelines. Some 
staff accepted these certificates, while others rejected them. We 
found, however, that staff consistently accepted immunization records, 
which contain less identifying information about the child than 
baptismal records. This effort demonstrates that once a person obtains 
a SSN fraudulently, the problem can be perpetuated and exacerbated 
through the request for numerous replacement cards. It also shows that 
visual inspections alone are often insufficient to detect fraudulent 
documents.

Recognizing the weaknesses in SSA's enumeration processes, just prior 
to the issuance of this report, the Congress passed the Intelligence 
Reform and Terrorism Prevention Act of 2004. This act gave SSA 1 year 
to implement regulations for independently verifying the birth 
documents of all SSN applicants except for EAB and limited the issuance 
of SSN replacement cards to 3 annually and 10 over an individual's 
lifetime.

Conclusions:

SSNs are essential for functioning in our society, and as a 
consequence, they are highly vulnerable to misuse. Safeguarding the 
integrity of children's SSNs is particularly important, since the theft 
of a child's SSN may go unnoticed for years.

While SSA has taken steps to strengthen its enumeration processes, 
several vulnerabilities remain. Because SSA does not conduct 
comprehensive integrity reviews of vital statistics agencies or require 
that these agencies conduct similar reviews of hospitals, SSA lacks 
information to assess its potential exposure to error or fraud, 
identify aspects of the birth registration process that are most 
problematic, and develop safeguards to ensure the integrity of the data 
it relies on to enumerate millions of children. This situation is 
compounded by the fact that SSA has never coordinated with state audit 
agencies that have reviewed vital statistics offices in recent years 
and identified serious management and internal control weaknesses. In 
addition, SSA's limited approach to education and outreach to hospitals 
transmitting SSN requests could be a factor in some parents submitting 
multiple applications and receiving more than one SSN for their child-
-ultimately increasing the program's vulnerability to fraud.

While enhanced oversight and management is key to SSA's efforts, having 
an efficient mechanism to assist field staff in verifying the birth 
information of child SSN applicants is equally important. However, 
SSA's field office verification process is generally labor-intensive, 
slow, and requires manual handling of paper birth certificates, with 
few controls over these sensitive documents. As the EVVE pilot 
demonstrated, viable technological options currently exist to enhance 
the exchange of vital statistics data between SSA and the states. We 
recognize that potential barriers, such as system implementation, may 
be difficult to overcome without congressional intervention. However, 
we continue to believe that better coordination and data sharing 
between SSA and vital statistics agencies nationwide could further 
strengthen SSA's processes and address many of the factors that allow 
identity theft to occur.

Finally, as our audit work and previous engagements show, SSA's 
processes for verifying the birth records of children under age 1 and 
its policies for issuing replacement cards expose the agency to fraud. 
The recently passed Intelligence Reform and Terrorism Prevention Act of 
2004 includes specific requirements to address these weaknesses. It is 
imperative that SSA act promptly in developing clear regulations and 
timeframes for the implementation of these additional program integrity 
provisions.

Matter for Congressional Consideration:

In light of the key role certified birth certificates play in SSA's 
enumeration processes and the potential for identity thieves to use 
fraudulent birth documents to obtain SSNs, the Congress should consider 
authorizing the development of a cost-effective nationwide system to 
electronically verify these documents.

Recommendations for Executive Action:

To strengthen the integrity of SSNs issued to children, we recommend 
that the Commissioner of Social Security:

* Explore options for improving internal control mechanisms to ensure 
the reliability of enumeration data from vital statistics agencies and 
hospitals. This could include conducting periodic integrity reviews of 
vital statistics agencies and requiring these agencies to perform 
periodic audits of hospitals and birthing centers.

* Establish a mechanism to better coordinate with external audit 
agencies that periodically conduct reviews of states' birth 
registration and certification processes. Monitor the findings and 
recommendations of such reviews to mitigate risks to SSA's enumeration 
processes.

* Provide additional education and outreach to hospitals to ensure they 
provide consistent information to parents to decide which process best 
meets their needs and to minimize second-time requests that might cause 
the issuance of multiple SSNs.

* Establish procedures for handling, securing, and tracking birth 
certificates obtained for verification purposes to fully protect 
against potential fraud and abuse.

Agency Comments:

We obtained written comments on a draft of this report from the 
Commissioner of SSA. SSA's comments are reproduced in appendix II. SSA 
also provided additional technical comments, which have been 
incorporated in the report as appropriate. SSA agreed with three of 
four recommendations we made to the Commissioner to strengthen SSA's 
processes and internal controls over the issuance of SSNs for children.

SSA disagreed with our recommendation that it explore options for 
improving internal control mechanisms to ensure the reliability of 
enumeration data from vital statistics agencies and hospitals. SSA 
noted that it is not within its purview to ensure the reliability of 
state agency or hospital enumeration data. However, we continue to 
believe that such actions are needed because the agency uses these data 
to assign SSNs for over 90 percent of U.S. citizens it enumerates. We 
believe that as the agency charged with issuing SSNs, SSA bears a 
responsibility for ensuring that vital statistics agencies have 
adequate procedures, and internal controls to ensure that the data 
hospitals provide are reliable and protected against fraud. 
Accordingly, we believe that SSA could include a provision in its EAB 
contracts to allow SSA to conduct periodic reviews of the reliability 
of EAB information at vital statistics agencies. Similarly, we believe 
that SSA could also encourage vital statistics agencies to conduct such 
reviews at hospitals.

SSA agreed with our recommendation and fully supported EAB outreach 
efforts to hospitals, and noted that they are currently supplying SSA 
field offices with materials for distribution to their service area 
hospitals. However, as our report shows, field office officials we 
spoke to were often unaware of this effort. Therefore, SSA should take 
sufficient steps to ensure that field office staffs are supplied with 
appropriate EAB materials and that hospitals actually receive these 
materials.

SSA also agreed with our recommendation to better coordinate with audit 
agencies and stated that the agency will encourage state auditing 
agencies to share report results so that SSA can monitor the findings 
and recommendations to mitigate risks to the enumeration process.

Finally, SSA agreed with our recommendation that it establish 
procedures for handling, securing and tracking birth certificates 
obtained for verification purposes, and stated that recently 
implemented procedures adequately addressed our concern. While we 
commend SSA for implementing procedures for disposing of birth 
certificates after they are verified, we found no procedures in the 
materials provided with SSA's response that addressed how birth 
certificates are to be tracked and secured from the time of receipt 
through disposal. We encourage SSA to establish or better define 
procedures in existing POMS regulations in these areas to protect birth 
certificates against theft or inappropriate disclosure and misuse.

As agreed with your office, unless you publicly announce its contents 
earlier, we plan no further distribution of this report until 30 days 
after its issue date. At that time, we will send copies of this report 
to the Commissioner of SSA, the Secretary of Homeland Security, the 
states and three jurisdictions' vital statistics offices, and other 
interested parties. Copies will also be made available to others upon 
request. In addition, the report will be available at no charge on 
GAO's Web site at http://www.gao.gov. If you have questions concerning 
this report, please call me on (202) 512-7215. Key contributors to this 
report are listed in appendix III.

Sincerely yours,

Signed by: 

Barbara D. Bovbjerg: 
Director, Education, Workforce, and Income Security Issues:

[End of section]

Appendix I: Scope and Methodology:

The Chairman of the Senate Committee on Finance asked us to document 
the Social Security Administration's (SSA) current processes and 
internal controls for issuing Social Security numbers (SSN) and 
replacement cards to U.S.-born children under the age of 18 and 
identify any weaknesses that may affect SSA's ability to ensure the 
integrity of the SSN and the efficiency of enumeration processes. To 
address the Chairman's questions, we examined SSA's enumeration 
policies, procedures, and internal controls and obtained information on 
key initiatives planned and undertaken to strengthen SSA's processes. 
To document SSA's current processes and internal controls, we examined 
SSA's Program Operations Manual System (POMS) for applicable 
requirements and held structured interviews with SSA headquarters 
officials to discuss the processes used to enumerate U.S.-born 
children. We also reviewed SSA's current processes for enumerating 
children to identify areas where existing and recent changes to POMS 
were not being followed, or where POMS guidance was not sufficient to 
ensure the integrity of the identified enumeration processes.

We identified two processes--Enumeration at Birth (EAB), a program set 
up to let parents request their child's SSN through hospitals and vital 
statistics agencies, and another that requires application through SSA 
field offices. For the EAB process, we reviewed EAB contracts for 
individual states and information on timeliness and accuracy for 
enumerating children. We also documented the policies and procedures 
for select hospitals and vital statistics agencies that facilitate 
SSA's process for enumerating newborns. We contacted the National 
Association for Public Health Statistics and Information Systems 
(NAPHSIS), which represents vital statistics agencies, to gain a better 
understanding of their role in EAB. We selected vital statistics 
agencies, in part, based on best practices identified by SSA's EAB 
Project Officer and the Executive Director of NAPHSIS, and in some 
cases, based on the agencies' lengthy timeframes for submitting EAB 
information to SSA. In addition, we worked with the vital statistics 
agencies and SSA to identify hospitals with relationships to the 
selected vital statistics agencies that had a high volume of births and 
that participated in the EAB program. In one jurisdiction, we also 
visited an organized birthing center to better understand any 
differences between a high-volume physician-based hospital and a 
midwife-based birthing facility's birth registration process. From both 
the vital statistics agencies and hospitals, we collected and reviewed 
information related to the required birth registration process as well 
as examined policies and procedures related to the electronic birth 
certificate software to better understand the variances between 
individual states and jurisdictions.

To identify weaknesses that may affect SSA's ability to efficiently 
enumerate children and ensure the integrity of the SSN, we collected 
and examined information on SSA's enumeration initiatives, the results 
of prior internal reviews, and studies performed by SSA's Office of the 
Inspector General (OIG) and the Office of Quality Assurance and 
Performance Assessment. We documented these officials' perspective on 
SSA's enumeration initiatives and identified areas where 
vulnerabilities and gaps exist in SSA's implementation of these 
policies through interviews. In addition, we examined external reviews 
conducted by individual state comptrollers and inspectors general to 
determine existing weaknesses and concerns regarding state vital 
statistics agencies' birth registration and certification processes. To 
identify these reports, we worked with the National Association of 
State Auditors, Comptrollers and Treasurers (NASACT) to contact each of 
their membership, which consists of the offices of state auditor, state 
comptroller, or state treasurer in the 50 states, the District of 
Columbia, and U.S. territories. In addition, we contacted state 
auditing and inspectors general divisions in states and jurisdictions 
that we visited. After receipt of specific audit and investigative 
reports from responsive states, we examined each report for the 
adequacy of its methodology and the validity of its conclusions. We 
also contacted NAPHSIS to identify weaknesses and recommended areas of 
improvement for an electronic verification pilot project it had with 
SSA called the Electronic Verification of Vital Events (EVVE). We 
examined the EVVE evaluation study, which highlighted analysis of 
EVVE's error rates, query types, and records of no-matches. Also, our 
Office of Special Investigations tested SSA's enumeration practices to 
illustrate how SSA's policy on replacing Social Security cards can be 
abused. By posing as parents of the two fictitious children we 
previously had enumerated by SSA, and reported on in October 2003, our 
investigators used these SSNs and counterfeit documents to obtain SSN 
replacement cards through visits to local SSA field offices.[Footnote 
27] In addition, we also solicited replacement cards through the mail.

We conducted our review at SSA headquarters in Baltimore, Maryland, and 
at four regional offices--Atlanta, New York, Philadelphia, and San 
Francisco--and 10 field offices. We selected the SSA regional and field 
offices based on their geographic location, the volume of enumeration 
activity, and participation in certain enumeration projects. We also 
spoke with officials in vital statistics agencies and medical 
facilities in the states of California, Georgia, Kentucky, and Maryland 
and the city of New York. For our work on replacement cards, our Office 
of Special Investigations conducted its work in seven SSA field offices 
located in the District of Columbia, Maryland, and Virginia. We 
performed our work between January and December 2004 in accordance with 
generally accepted government auditing standards.

[End of section]

Appendix II: Comments from the Social Security Administration:

SOCIAL SECURITY:

The Commissioner:

January 11, 2005:

Ms. Barbara D. Bovbjerg: 
Director, Education, Workforce, and Income Security Issues: 
Room 5968:
U.S. Government Accountability Office: 
Washington, D.C. 20548:

Dear Ms. Bovbjerg:

Thank you for the opportunity to review and comment on the draft report 
"Social Security Administration: Actions Needed to Strengthen Processes 
for Issuing Social Security Numbers to Children" (GAO-05-115). Our 
comments on the draft report content and recommendations are enclosed.

If you have any questions, please contact Candace Skumik, Director, 
Audit Management and Liaison Staff, at (410) 965-4636.

Sincerely,

Signed by: 

Jo Anne B. Barnhart: 

Enclosure:

COMMENTS ON THE GOVERNMENT ACCOUNTABILITY OFFICE (GAO) DRAFT REPORT 
"SOCIAL SECURITY ADMINISTRATION: ACTIONS NEEDED TO STRENGTHEN PROCESSES 
FOR ISSUING SOCIAL SECURITY NUMBERS TO CHILDREN" (GAO-05-115):

Thank you for the opportunity to review and comment on the draft report 
contents and recommendations. We agree that the integrity of the 
enumeration process is an issue of high importance given that the 
Social Security number (SSN) is central to many aspects of American 
life and is used extensively by Government, the private sector and the 
financial community. Over the past several years, SSA has emphasized 
strengthening our enumeration processes by establishing the Enumeration 
Response Team (ERT). The ERT is responsible for identifying steps the 
Agency can take to improve the enumeration process and for enhancing 
the integrity of the SSN. Since that team was established in 2001, we 
have enhanced our policies to ensure that SSNs are assigned only to 
individuals entitled to receive them, and to minimize fraud. In his 
June 15, 2004 Statement for the Record on Enhancing Social Security 
Number Privacy, our Inspector General (IG) applauded the Agency for our 
strong commitment to improving SSN integrity through the establishment 
of this team.

As you are aware, the Social Security Administration (SSA) has changed 
its policies concerning verification of birth records for children age 
one or older. We also require an interview for applicants over age 12 
prior to assigning an SSN. In addition, since GAO first reported on the 
two areas of weakness in October 2003 (replacement card and document 
verification), we have studied the issues involved with implementing 
restrictions on the issuance of multiple replacement Social Security 
number (SSN) cards and independently verifying birth records for 
children under age one.

As you know, the Intelligence Reform and Terrorism Prevention Act of 
2004 (P.L. 108-458) requires SSA to independently verify any birth 
record submitted by an individual to establish eligibility for an SSN 
(other than Enumeration at Birth), and to restrict the issuance of 
multiple replacement SSN cards to any individual to 3 per year and 10 
for the life of the individual. We are evaluating and reviewing other 
options on how best to implement these provisions. We believe this act 
provides an excellent opportunity for us to address the weaknesses in 
this area.

Finally, we agree with the conclusion that a cost-effective nationwide 
system to electronically verify birth documents will strengthen the 
integrity of our enumeration process. Our efforts in this area have 
demonstrated the value of such a system. However, the report accurately 
acknowledges the resource constraints that have precluded 
implementation of a nationwide system. We will continue to work with 
individual States to enhance the automation of birth registration and 
verification processes where it is not cost prohibitive. It should be 
noted that Congress, in the Intelligence Reform and Terrorism 
Prevention Act of 2004, gave the Secretary of Health and Human Services 
authority to award grants to States to assist them in computerizing 
their birth and death records, developing the capability to match birth 
and death records within and among States, and annotating the fact of 
death on the birth certificate of deceased persons. We believe this is 
an important step toward developing a cost-effective nationwide 
electronic verification system.

Our response to the specific recommendations and some technical 
comments are provided below.

Recommendation 1:

SSA should explore options for improving internal control mechanisms to 
ensure the reliability of enumeration data from vital statistics 
agencies and hospitals.

Response:

We disagree, as it is not in SSA's purview to ensure the reliability of 
State agency or hospital enumeration data. The Enumeration at Birth 
(EAB) process is voluntary and we cannot compel either the State 
agencies or the reporting institutions to participate, nor should we 
become involved with their internal control mechanisms. However, SSA 
will, of course, do whatever it can with its own internal control 
mechanisms to ensure the timeliness and accuracy of the information 
transmitted in the EAB process.

Recommendation 2:

SSA should establish a mechanism to better coordinate with external 
audit agencies to periodically conduct reviews of States' birth 
registration and certification processes.

Response:

We agree. We, too, believe that coordination and sharing of information 
is very important. While it is not within SSA's scope of review to 
audit a State's birth registration process we will encourage State 
auditing agencies to share report results so that we can monitor the 
findings and recommendations to mitigate risks to our enumeration 
process.

Recommendation 3:

SSA should provide additional education and outreach to hospitals to 
ensure they provide consistent information to parents to decide which 
process best meets their needs and to minimize second-time requests 
that might cause the issuance of multiple SSNs.

Response:

We agree and fully support outreach efforts to hospitals to ensure that 
parents receive accurate and complete information about the EAB 
process. Our field office (FO) management staffs are supplied with 
outreach material to be given to the parents of newborns via the 
hospitals in their service area, and the hospitals are provided with 
information that explains the timeframes for processing SSNs. However, 
it remains the responsibility of the hospitals to provide this 
information to the parents.

Recommendation 4:

SSA should establish procedures for handling, securing and tracking 
birth certificates obtained for verification purposes to fully protect 
against potential fraud and abuse.

Response:

We agree. We believe we have adequately addressed the concern by 
establishing procedures for handling, securing and tracking birth 
certificates obtained during the verification process. As stated in the 
report, current policies, issued in November 2004, in the Program and 
Operations Manual System (POMS) GN 00301.210, RM00202.237D and RM 
00203.110H, provide instructions for securing and handling birth 
certificates after they are used to process SSN applications. The 
policy differs whether the document is verified or not verified with 
the issuing agency. SSA policy requires the birth registration document 
to be shredded if verified with the issuing agency. If not verified, 
the document is considered fraudulent and is placed in a locked file to 
await disposition instructions from the SSA Office of Inspector 
General. 

[End of section]

Appendix III: GAO Contacts and Staff Acknowledgments:

GAO Contacts:

Barbara Bovbjerg, (202) 512-7215; 
Daniel Bertoni, (202) 512-5988;
Jacqueline Harpp, (202) 512-8380:

Staff Acknowledgments:

The following team members made key contributions to this report: 
Richard Burkard, Jean Cook, Mary Crenshaw, Paul Desaulniers, Jason 
Holsclaw, Corinna Nicoloau, Andrew O'Connell, and Roger Thomas.

FOOTNOTES

[1] See GAO, Standards for Internal Control in the Federal Government, 
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999). 

[2] The Social Security Act of 1935 created the Social Security Board, 
which was renamed the Social Security Administration in 1946. 

[3] POMS is the single repository of all operational information 
whether issued by SSA's central office, a program service center, or a 
regional office. As such, POMS not only contains operating procedures 
and policies for administering SSA`s programs, but is also replete with 
procedures for handling situations where fraud is suspected or 
detected. 

[4] Independent registration jurisdictions include New York City, 
Washington, D.C., and Puerto Rico. Because some New York City 
Department of Health statutes supersede those of New York State, that 
city's office is recognized as its own jurisdiction, making New York 
the only state with two jurisdictions for vital records.

[5] Birthing centers may also provide parents with the opportunity to 
participate in SSA's EAB program. For example, the Brooklyn Birthing 
Center in Brooklyn, New York, provides this service to parents. 
Typically, a birthing center is an independent facility, though some 
are housed inside hospitals, where a certified nurse-midwife provides 
most of the care. 

[6] NAPHSIS is a national association of state vital records and public 
health statistics offices, which is based in the Washington, D.C. area. 
The association was formed in 1933 to provide a forum for the study, 
discussion, and solution of problems related to these programs in the 
respective members' health departments. 

[7] The recent passage of the Intelligence Reform and Terrorism 
Prevention Act of 2004 directs the Secretary of Health and Human 
Services, in consultation with state vital statistics agencies and 
certain federal agencies, to establish additional security measures for 
issuing birth certificates to a person who is not the applicant. 

[8] According to SSA's POMS, hospital representatives are to provide 
Form SSA-2853 to the parent as proof that he or she elected that a SSN 
be assigned to his or her child through the EAB process. The form 
specifies the expected timeframes for receiving the SSN card in the 
particular state from which it was processed. Form SSA-2853 is 
available in both English and Spanish. 

[9] Under the contracts with states, SSA also will not pay for 
duplicates of records already received.

[10] For children under age 1, SSA's policy does not require 
independent verification of certified birth certificates. Staff may 
visually inspect the documents submitted, and if they appear genuine, 
process the application. Just prior to issuance of this report, 
Congress passed the Intelligence Reform and Terrorism Prevention Act of 
2004, which requires SSA to independently verify birth records for all 
SSN applicants, other than for purposes of EAB. The act requires SSA to 
implement this requirement within 1 year from the date of enactment.

[11] SSA has online access to state birth certificate databases in 
certain states, such as Florida, Tennessee, and Kentucky. While SSA has 
free access in Kentucky, the other states charge a fee per record. 

[12] See GAO, Internal Control Management and Evaluation Tool, GAO-01-
1008G (Washington, D.C.: August 2001).

[13] Social Security Administration, Office of the Inspector General, 
Audit of Enumeration at Birth Program, A-08-00-10047, (September 2001). 

[14] We worked with the National Association of State Auditors, 
Comptrollers and Treasurers (NASACT), to identify state audit agencies 
that have conducted reviews of their respective vital statistics 
agencies. We identified four such reviews or audits. 

[15] Office of Legislative Audits, Department of Legislative Services, 
Maryland General Assembly Audit Report: Department of Health and Mental 
Hygiene, Office of the Secretary and Other Units (August 2004). 

[16] Florida Auditor General, Operational Audit of Vital Statistics 
Program at County Health Departments for the Period July 1, 1999, 
Through December 31, 2000, Report No. 02-087, (November 2001). 

[17] State of New York Office of the State Comptroller Division of 
Management Audit and State Financial Services, New York City Department 
of Health Controls Over Vital Records, Report 99-N-6 (May 25, 2000) and 
follow-up review, Report 2002-F-34 (December 5, 2002).

[18] SSA's Office of the Deputy Commissioner, Operations, directs and 
manages SSA's central office and its geographically dispersed 
operations installations and is also responsible for managing and 
overseeing the EAB program. 

[19] Social Security Administration. Office of the Inspector General. 
Audit of Enumeration at Birth Program. A-08-00-10047. September 2001. 

[20] SSA's EAB contracts with state and local vital statistics agencies 
require that SSA receive birth records within 30 days of the child's 
date of birth. 

[21] Other acceptable documents that could be used to apply for a SSN 
include a religious record established before the age of 5 and a 
hospital record of birth. 

[22] Except for Minnesota, where the state statute requires a price of 
$8 for each verification. 

[23] The seven states included in the KPMG Fair Price Assessment were 
Alaska, Colorado, Florida, Iowa, Kansas, Missouri, and Washington.

[24] See GAO, Social Security Administration: Actions Taken to 
Strengthen Procedures for Issuing Social Security Numbers to 
Noncitizens, but Some Weaknesses Remain, GAO-04-12 (Washington, D.C.: 
Oct. 15, 2003). 

[25] Social Security Administration, Office of the Inspector General, 
Enumeration of Children Under Age 1: Opportunity to Reduce the Risk of 
Improper Social Security Number Attainment, A-08-04-14043 (July 2004).

[26] HIPAA requires health care organizations and providers to meet 
certain privacy standards with respect to personal health information, 
such as having appropriate safeguards in place to protect the 
information. 

[27] See GAO, Social Security Administration: Actions Taken to 
Strengthen Procedures for Issuing Social Security Numbers to 
Noncitizens, but Some Weaknesses Remain, GAO-04-12, (Washington, D.C.: 
Oct. 15, 2003). 

GAO's Mission:

The Government Accountability Office, the investigative arm of 
Congress, exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony:

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone:

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:

U.S. Government Accountability Office

441 G Street NW, Room LM

Washington, D.C. 20548:

To order by Phone:

	

Voice: (202) 512-6000:

TDD: (202) 512-2537:

Fax: (202) 512-6061:

To Report Fraud, Waste, and Abuse in Federal Programs:

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470:

Public Affairs:

Jeff Nelligan, managing director,

NelliganJ@gao.gov

(202) 512-4800

U.S. Government Accountability Office,

441 G Street NW, Room 7149

Washington, D.C. 20548: