Year 2000 Computing Crisis:
Update on the Readiness of the Social Security Administration
T-AIMD-99-90, Feb 24, 1999
Pursuant to a congressional request, GAO discussed the readiness of Social Security Administration's (SSA) computer systems that support key benefits programs to function reliably in the next century, focusing on GAO's previous report and recommendations.
GAO noted that: (1) a previous report and testimony noted that SSA had made significant early progress in its efforts to become year 2000 compliant; (2) SSA initiated early awareness activities and made significant progress in assessing and renovating mission-critical mainframe software that enables it to provide social security benefits and other assistance to the public; (3) while SSA deserves credit for its leadership, GAO's earlier report and testimony pointed out that three key areas of risk nonetheless threatened to disrupt its ability to deliver benefits payments; (4) one major risk concerned year 2000 compliance of mission-critical systems used by the 54 state Disability Determination Services (DDS) that provide vital support to SSA in administering its disability programs; (5) a second major risk in SSA's year 2000 program concerned the compliance of its data exchanges with outside sources, such as other federal agencies, state agencies, and private businesses; (6) third, the risks to SSA's year 2000 program were compounded by the lack of contingency plans to ensure business continuity in the event of systems failure; (7) SSA has enhanced its monitoring and oversight of state DDSs by establishing a full-time DDS project team, designating project managers and coordinators, and requesting biweekly status reports; (8) among SSA's most critical data exchanges are those with the Federal Reserve and the Financial Management Service (FMS) for the disbursement of Title II and Title XVI benefits checks and direct deposit payments; (9) SSA began working with FMS in March 1998 to ensure the compliance of these exchanges, and recently reported that the joint testing of check payment files and the end-to-end testing from SSA, through FMS and the Federal Reserve for direct deposit payments, had been successfully completed; (10) turning to contingency planning, SSA has instituted a number of key elements in accordance with GAO's business continuity and contingency planning guidance; (11) SSA is now in the process of developing local contingency plans to support its core business operations; (12) another key element of a business continuity and contingency plan is the development of a zero-day or day-one risk reduction strategy, and procedures for the period between late December 1999 and early January 2000; (13) SSA has developed such a strategy; (14) there has been significant continuing progress in SSA's efforts to become year 2000 compliant; and (15) it is important to note, however, that SSA still needs to effectively complete certain critical tasks to better ensure the success of its efforts.