Social Security Administration:

Significant Progress Made in Year 2000 Effort, But Key Risks Remain

AIMD-98-6: Published: Oct 22, 1997. Publicly Released: Nov 5, 1997.

Additional Materials:

Contact:

Joel C. Willemssen
(202) 512-6253
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the Social Security Administration's (SSA) actions to achieve Year 2000 information systems compliance, focusing on the adequacy of steps taken by SSA to ensure that computing problems related to the year 2000 are fully addressed, including its oversight of state disability determinations services' (DDS) Year 2000 program activities.

GAO noted that: (1) SSA first recognized the potential impact of the Year 2000 problem almost a decade ago, and was able to launch an early response to this challenge; (2) it initiated early awareness activity and has made significant progress in assessing and renovating mission-critical mainframe software that enables it to provide social security benefits and other assistance to the public; (3) because of the knowledge and experience gained through its early Year 2000 efforts, SSA has come to be regarded as a federal leader in addressing this issue; (4) SSA's Assistant Deputy Commissioner for Systems chairs the Chief Information Officers Council's Subcommittee on the Year 2000 and works with other federal agencies to address Year 2000 issues across government; (5) while SSA deserves credit for its leadership, the agency remains at risk that not all of its mission-critical systems--those necessary to prevent the disruption of benefits--will be corrected before January 1, 2000; (6) at particular risk are the systems that have not yet been assessed for the 54 state DDSs that provide vital support to SSA in administering its disability insurance programs; (7) private contractors SSA hired to make 42 of the 54 state DDS systems Year 2000 compliant reported that these offices had at least 33 million additional lines of software code that must be assessed and, where necessary, renovated; (8) given the potential magnitude of this undertaking, SSA could face major disruptions in its ability to process initial disability claims for millions of individuals throughout the country if these systems are not addressed in time for corrective action to be completed before the change of century; (9) SSA also faces the challenge of ensuring that its critical data exchanges with federal and state agencies and other businesses are Year 2000 compliant; (10) it has taken a number of positive steps in this direction, such as identifying incoming and outgoing file exchanges with the external business community and developing a database to maintain information on the status of compliance activities; (11) however, because SSA must rely on the hundreds of federal and state agencies and the thousands of businesses with which it exchanges files to make their systems compliant, SSA faces a definite risk that inaccurate data will be introduced into its databases; and (12) that risk could be magnified if SSA does not develop contingency plans to ensure the continuity of its critical systems and activities should systems not be corrected in time.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: SSA has been actively addressing its year 2000 data exchange issues. The agency has inventoried all of its internal and external data exchanges and has been in contact with all of its trading partners regarding the format and schedule for making these exchanges compliant. SSA also has loaded information about each exchange in its automated data exchange tracking system and is now using this system to report on the progress and coordination of its data exchange compliance activities. SSA completed Year 2000 compliance of all its data exchanges in September 1999.

    Recommendation: In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to require expeditious completion of the agency's Year 2000 compliance coordination with all data exchange partners and of efforts to include specific information on the status of compliance activities in the automated data exchange tracking system. SSA should then use this system to ensure and report on the progress and coordination of its data exchange compliance activities.

    Agency Affected: Social Security Administration

  2. Status: Closed - Implemented

    Comments: In November 1997, SSA began including information on the status of DDS year 2000 activities in its quarterly reports to the Office of Management and Budget.

    Recommendation: In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to include in SSA's quarterly reports to the Office of Management and Budget information on the status of DDS Year 2000 activities.

    Agency Affected: Social Security Administration

  3. Status: Closed - Implemented

    Comments: SSA agreed with the recommendation and subsequently established control points for monitoring and overseeing all state DDS year 2000 activities. A DDS Year 2000 Project Team was established and worked full time on DDS Year 2000 activities. In addition, each SSA regional office assigned a DDS Year 2000 Coordinator for the DDSs in that region. SSA and DDS coordinators monitored and tracked year 2000 activities against project milestones in the DDS Year 2000 plans. The DDS Year 2000 project team monitored all year 2000 contract work conducted for the DDSs, and held biweekly conferences with the contractors, SSA regional office coordinators, and DDS project coordinators. SSA reported that, as of January 31, 1999, all 50 DDS automated systems had been renovated, tested, implemented, and certified year 2000 compliant.

    Recommendation: In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief information Officer, in conjunction with the Deputy Commissioner for Systems, to strengthen SSA's monitoring and oversight of all state DDS Year 2000 activities, including ensuring that all conversion milestones are met and that contractors and independent states submit biweekly reports that identify progress against milestones in renovating all claims processing software, databases, and data interfaces.

    Agency Affected: Social Security Administration

  4. Status: Closed - Implemented

    Comments: SSA and state DDSs completed the assessments of mission-critical systems at state DDS offices. In addition, SSA and the DDSs have developed year 2000 plans for each state DDS. The last of these plans was submitted by the District of Columbia DDS in August 1998. The plans for each state identify specific milestones, resources, and schedules for completing tasks and phases of each DDS' year 2000 conversion.

    Recommendation: In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to require expeditious completion of the assessment of mission-critical systems at all state DDS offices and use the results of this assessment to develop a Year 2000 plan that identifies, for each system, the specific tasks and resources required and specific schedules and milestones for completing all tasks and phases of the conversion for each state system.

    Agency Affected: Social Security Administration

  5. Status: Closed - Implemented

    Comments: SSA has developed a high-level overall plan for business continuity that presents an effective high-level strategy for mitigating risks associated with the year 2000. In addition, SSA has developed local contingency plans for its core business processes, including a plan for its disability claims processing functions. In general, these plans describe the steps the enterprise would take including the activation of manual or contract processes to ensure the continuity of its core business processes in the event of a year 2000-induced system failure.

    Recommendation: In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to develop contingency plans that articulate specific strategies for ensuring the continued operation of core business functions if planned corrections are not completed in time or if systems fail to operate as intended. These plans should fully consider the disability claims processing functions within the DDSs and the development and activation of manual or contract procedures, as appropriate.

    Agency Affected: Social Security Administration

 

Explore the full database of GAO's Open Recommendations »

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Nov 20, 2013

Oct 29, 2013

Sep 25, 2013

Looking for more? Browse all our products here