Social Security Administration: Significant Progress Made in Year 2000 Effort, But Key Risks Remain
AIMD-98-6
Published: Oct 22, 1997. Publicly Released: Nov 05, 1997.
Skip to Highlights
Highlights
Pursuant to a congressional request, GAO reviewed the Social Security Administration's (SSA) actions to achieve Year 2000 information systems compliance, focusing on the adequacy of steps taken by SSA to ensure that computing problems related to the year 2000 are fully addressed, including its oversight of state disability determinations services' (DDS) Year 2000 program activities.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Social Security Administration | In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to require expeditious completion of the assessment of mission-critical systems at all state DDS offices and use the results of this assessment to develop a Year 2000 plan that identifies, for each system, the specific tasks and resources required and specific schedules and milestones for completing all tasks and phases of the conversion for each state system. |
Closed – Implemented
SSA and state DDSs completed the assessments of mission-critical systems at state DDS offices. In addition, SSA and the DDSs have developed year 2000 plans for each state DDS. The last of these plans was submitted by the District of Columbia DDS in August 1998. The plans for each state identify specific milestones, resources, and schedules for completing tasks and phases of each DDS' year 2000 conversion.
|
| Social Security Administration | In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief information Officer, in conjunction with the Deputy Commissioner for Systems, to strengthen SSA's monitoring and oversight of all state DDS Year 2000 activities, including ensuring that all conversion milestones are met and that contractors and independent states submit biweekly reports that identify progress against milestones in renovating all claims processing software, databases, and data interfaces. |
Closed – Implemented
SSA agreed with the recommendation and subsequently established control points for monitoring and overseeing all state DDS year 2000 activities. A DDS Year 2000 Project Team was established and worked full time on DDS Year 2000 activities. In addition, each SSA regional office assigned a DDS Year 2000 Coordinator for the DDSs in that region. SSA and DDS coordinators monitored and tracked year 2000 activities against project milestones in the DDS Year 2000 plans. The DDS Year 2000 project team monitored all year 2000 contract work conducted for the DDSs, and held biweekly conferences with the contractors, SSA regional office coordinators, and DDS project coordinators. SSA reported that, as of January 31, 1999, all 50 DDS automated systems had been renovated, tested, implemented, and certified year 2000 compliant.
|
| Social Security Administration | In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to include in SSA's quarterly reports to the Office of Management and Budget information on the status of DDS Year 2000 activities. |
Closed – Implemented
In November 1997, SSA began including information on the status of DDS year 2000 activities in its quarterly reports to the Office of Management and Budget.
|
| Social Security Administration | In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to require expeditious completion of the agency's Year 2000 compliance coordination with all data exchange partners and of efforts to include specific information on the status of compliance activities in the automated data exchange tracking system. SSA should then use this system to ensure and report on the progress and coordination of its data exchange compliance activities. |
Closed – Implemented
SSA has been actively addressing its year 2000 data exchange issues. The agency has inventoried all of its internal and external data exchanges and has been in contact with all of its trading partners regarding the format and schedule for making these exchanges compliant. SSA also has loaded information about each exchange in its automated data exchange tracking system and is now using this system to report on the progress and coordination of its data exchange compliance activities. SSA completed Year 2000 compliance of all its data exchanges in September 1999.
|
| Social Security Administration | In light of the importance of SSA's function to most Americans and the risks associated with its Year 2000 program, the Commissioner of Social Security should direct SSA's Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to develop contingency plans that articulate specific strategies for ensuring the continued operation of core business functions if planned corrections are not completed in time or if systems fail to operate as intended. These plans should fully consider the disability claims processing functions within the DDSs and the development and activation of manual or contract procedures, as appropriate. |
Closed – Implemented
SSA has developed a high-level overall plan for business continuity that presents an effective high-level strategy for mitigating risks associated with the year 2000. In addition, SSA has developed local contingency plans for its core business processes, including a plan for its disability claims processing functions. In general, these plans describe the steps the enterprise would take including the activation of manual or contract processes to ensure the continuity of its core business processes in the event of a year 2000-induced system failure.
|
Full Report
Office of Public Affairs
Topics
Claims processingContingency plansDatabasesMission critical systemsDisability benefitsFederal social security programsstate relationsInformation resources managementInformation systemsSoftwareSystems conversionsY2K