Social Security Administration:
Technology Modernization Needs Improved Planning and Performance Measures
GAO-12-723T: Published: May 9, 2012. Publicly Released: May 9, 2012.
What GAO Found
Since 2001, SSA has reported spending more than $5 billion on the development, modernization, and enhancement of its IT systems and capabilities. SSA officials identified 120 initiatives undertaken from 2001 to 2011 that the agency considered to be key investments in modernization. These comprise a subset of the hundreds of projects and modernization activities SSA undertakes yearly, which vary greatly in level of effort, scope, and cost. These initiatives affected all of the agencys main program areas:
According to managers within SSAs Office of Disability Systems, in an effort to reduce backlogs of disability hearings, the agency implemented a process for creating electronic folders for each applicant, to replace the existing paper-based process. This initiative included capabilities for electronically viewing an applicants folder, electronic screening for faster disability determinations, and Internet access to information on disability hearings and determinations.
The Office of Retirement and Survivors Insurance Systems took steps to improve outdated legacy systems and respond to legislation or other mandates requiring new system functionality. These efforts included integrating stand-alone post-entitlement processes, facilitating online application for benefits, and conversion of a key database to a more modern, industry-standard one.
Managers from the Office of Applications and Supplemental Security Income described initiatives to modernize large legacy databases and facilitate data sharing to streamline the claims process. These included enhancements to the electronic death registration process and the development of a Web application enabling access to data from multiple systems.
SSA officials described initiatives in the area of electronically exchanging data with external partners, including states and private-sector partners such as banks and credit bureaus.
SSA also noted efforts to streamline the process for administering Social Security cards, such as introducing safeguards against counterfeiting and replacing its legacy printers.
Comprehensive strategic planning is essential for successfully carrying out large-scale efforts such as SSAs IT modernizations. Key elements of such planning include developing an IT strategic plan and an enterprise architecture that, together, outline modernization goals, measures, and timelines.
An IT strategic plan serves as an agencys vision and helps align its information resources with its business strategies and investment decisions. As such, it provides a high-level perspective of the agencys goals and objectives, enabling the agency to prioritize how it allocates resources; proactively respond to changes; and communicate its vision and goals to management, oversight bodies, and external parties. The enterprise architecture helps to implement the strategic vision by providing a focused blueprint of the organizations business processes and technology that supports them. It includes descriptions of how the organization operates today, how it intends to operate in the future, and a plan for transitioning to the target state. It further helps coordinate the concurrent development of IT systems to limit unnecessary duplication and increase the likelihood that these systems will inter-operate.
SSA developed an IT strategic plan in 2007 to guide its modernization efforts; however, the plan is outdated and may not be aligned with the agencys overall strategic plan. Specifically, because it has not been updated since 2007, the plan contains elements that are no longer relevant to SSAs ongoing modernization efforts.
As mentioned earlier, in 2011, SSA realigned the functions of its Office of the CIO, consolidating major responsibilities for the management and oversight of IT in its Office of Systems. Federal law, specifically the Clinger-Cohen Act of 1996, requires the heads of executive branch agencies to designate a CIO with key responsibilities for managing an agencys IT resources. As we have previously reported, to carry out these responsibilities effectively, CIOs require sufficient control over IT investments, including control over the IT budget and workforce.
Under the realignment, key responsibilities of the CIO and Deputy Commissioner for Systems were merged into the Office of Systems. Specifically, this arrangement gave the Office for Systems responsibility for, among other things,
oversight and management of IT budget formulation;
systems acquisition, development, and integration;
the IT capital planning and investment control process;
workforce planning and allocation of resources to IT projects;
IT strategic planning;
IT security; and
Why GAO Did This Study
This hearing is on the Social Security Administrations (SSA) efforts to modernize its information technology (IT) systems and environment. As you know, SSA is responsible for delivering services that touch the lives of virtually every American, and the agency relies heavily on IT to do so. Its computerized information systems support a range of activities, from the processing of Disability Insurance and Supplemental Security Income payments to the calculation and withholding of Medicare premiums, and the issuance of Social Security numbers and cards. Last fiscal year, the agency spent nearly $1.6 billion on IT.
As SSAs systems have aged and its workload has increased, the agency has committed to investing in the capacity and modern technologies needed to update its strained IT infrastructure. In addition, the agency has recently undertaken a realignment of its IT governance structure, including the responsibilities of its Chief Information Officer (CIO).
At your request, over the past year, we have been examining SSAs modernization efforts. The specific objectives of our study were to (1) determine SSAs progress in modernizing its IT systems and capabilities; (2) evaluate the effectiveness of SSAs plans and strategy for modernizing its systems and capabilities; and (3) assess whether the realignment of the agencys CIO responsibilities allows for effective oversight and management of the systems modernization efforts.
For more information, please contact Valerie C. Melvin at (202) 512-6304 or firstname.lastname@example.org.