The Social Security Administration relies on its IT systems to provide monthly payments to over 64 million Americans. Even with such an important mission, the agency has a history of struggling to manage its IT effectively.
However, SSA has been making significant improvements in IT management recently. Today’s WatchBlog takes a closer look at both SSA’s progress and some of its remaining challenges.
Smarter IT management
From 2011 to 2018, SSA made improvements in IT management in:
- Incremental development. Incremental development is a collaborative process that delivers IT programs in small, bite-sized segments over time instead of all at once.
- In November 2017, we reviewed 10 SSA programs and found that the administration’s chief information officer only certified 3 of them as using adequate incremental development methods.
- Since we issued that report, SSA has improved its incremental development policies and processes, making it more likely that the agency will see benefits such as reduced risk and easier adoption of emerging technologies.
- Software license management. Software licenses are agreements that allow organizations to use software in accordance with specified terms and conditions. Effective software license management can help prevent an agency from wasting money by either purchasing too many licenses or too few.
- In May 2014, we reported that SSA did not follow leading software license management practices. For example, SSA was not keeping track of all of its software licenses in one place.
- Since then, however, SSA has significantly improved how it manages its software licenses. The agency now has a comprehensive software license inventory, which should help the agency purchase the correct number of licenses for its needs.
Continuing challenges: CIO responsibilities
Despite these improvements, we found that SSA’s policies do not give the CIO all of the responsibilities that federal CIOs are required to have. In August 2018, we reported that the CIO’s responsibilities were particularly lacking in 2 main areas of responsibility:
- IT workforce. Each year, CIOs are required to assess whether their agency’s IT staff has the skills and knowledge to meet the agency’s IT needs. If not, the CIO must come up with a solution to address any uncovered skill gaps or issues. SSA’s policies did not address this area of CIO responsibility.
- IT strategic planning. CIOs are required to lead the strategic planning for all IT management functions. In other words, CIOs are in charge of defining organizational IT goals and outlining the ways to reach them. Each year, the CIO is charged with reporting on the agency’s progress towards achieving those goals. We found that SSA’s policies only minimally addressed this area. While SSA does require the CIO to establish IT goals, the policies do not require the annual progress report.
SSA agreed that it should address these weaknesses. Doing so would both strengthen the role of its CIO and help SSA continue to overcome its longstanding IT management issues. To learn more, read our full report.
Comments on GAO’s WatchBlog? Contact firstname.lastname@example.org.