Skip to main content

How Social Security is Working to Overcome its IT Management Challenges

Posted on June 07, 2019

The Social Security Administration relies on its IT systems to provide monthly payments to over 64 million Americans. Even with such an important mission, the agency has a history of struggling to manage its IT effectively.

However, SSA has been making significant improvements in IT management recently. Today’s WatchBlog takes a closer look at both SSA’s progress and some of its remaining challenges.

Smarter IT management

From 2011 to 2018, SSA made improvements in IT management in:

  • Incremental development. Incremental development is a collaborative process that delivers IT programs in small, bite-sized segments over time instead of all at once.


    • In November 2017, we reviewed 10 SSA programs and found that the administration’s chief information officer only certified 3 of them as using adequate incremental development methods.
    • Since we issued that report, SSA has improved its incremental development policies and processes, making it more likely that the agency will see benefits such as reduced risk and easier adoption of emerging technologies.
  • Software license management. Software licenses are agreements that allow organizations to use software in accordance with specified terms and conditions. Effective software license management can help prevent an agency from wasting money by either purchasing too many licenses or too few.
    • In May 2014, we reported that SSA did not follow leading software license management practices. For example, SSA was not keeping track of all of its software licenses in one place.
    • Since then, however, SSA has significantly improved how it manages its software licenses. The agency now has a comprehensive software license inventory, which should help the agency purchase the correct number of licenses for its needs.

Continuing challenges: CIO responsibilities

Despite these improvements, we found that SSA’s policies do not give the CIO all of the responsibilities that federal CIOs are required to have. In August 2018, we reported that the CIO’s responsibilities were particularly lacking in 2 main areas of responsibility:

  • IT workforce. Each year, CIOs are required to assess whether their agency’s IT staff has the skills and knowledge to meet the agency’s IT needs. If not, the CIO must come up with a solution to address any uncovered skill gaps or issues. SSA’s policies did not address this area of CIO responsibility.
  • IT strategic planning. CIOs are required to lead the strategic planning for all IT management functions. In other words, CIOs are in charge of defining organizational IT goals and outlining the ways to reach them. Each year, the CIO is charged with reporting on the agency’s progress towards achieving those goals. We found that SSA’s policies only minimally addressed this area. While SSA does require the CIO to establish IT goals, the policies do not require the annual progress report.


a chart depicting the changes in SSA policy over 2018


SSA agreed that it should address these weaknesses. Doing so would both strengthen the role of its CIO and help SSA continue to overcome its longstanding IT management issues. To learn more, read our full report.

Comments on GAO’s WatchBlog? Contact

Related Products

About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to