Social Security Administration: Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization
Highlights
What GAO Found
The Social Security Administration (SSA) has undertaken numerous modernization efforts, but it lacks effective measurement tools to determine progress. Since 2001, SSA has reported spending about $5 billion on the modernization of its systems. Specifically, the agency has undertaken hundreds of modernization projects each year from 2001 to 2011, and officials identified 120 such initiatives that they considered to be key investments in modernization. About two-thirds of these projects were for modernizing and enhancing existing systems, while other efforts were aimed at moving from manual to electronic processes and online access, and the development of new or redesigned system software. These efforts also enhanced work processes, automated notices to beneficiaries, and modified systems to accommodate legislation, among other things. Nonetheless, SSA still has major efforts under way to transition from its aging systems to a more modernized IT environment. Specifically, in order to help meet the agency’s key strategic goal of strengthening its infrastructure and further enhancing its online services, SSA intends to streamline its operations and reduce duplication in databases to allow for more efficient maintenance. The agency also intends to complete its conversion to a modern database; support the increasing demands to store, process, and share data with public- and private-sector partners; and transition to Web-based online access for its data and services. While the Office of Management and Budget requires agencies to establish performance measures to gauge modernization progress, SSA has not fully established quantifiable performance measures for all its modernization projects or performed post-implementation reviews, which GAO has previously recommended and which would enable the agency to effectively measure its progress.
SSA lacks updated and comprehensive plans to guide its modernization efforts. Strategic planning is essential for an organization to define what it seeks to accomplish, identify strategies to achieve the desired results, and measure progress. SSA developed an IT strategic plan in 2007 to guide its modernization efforts, but that plan has not been updated to reflect the agency’s revised strategic goals. In addition, the agency has an enterprise architecture, which is important for guiding the execution of IT strategic goals, but it is missing important elements, such as performance milestones and a road map to guide the agency. Consequently, SSA has been making investments in modernization without the guidance of long-term plans and risks that these investments may not align with the agency’s priorities.
The agency’s realignment of its Chief Information Officer (CIO) responsibilities, if appropriately implemented, could allow for effective oversight and management of the agency’s IT systems, as required by the Clinger-Cohen Act. Specifically, the major functions and responsibilities of the CIO were transferred to the Office of Systems, including oversight of the agency’s entire IT budget and workforce and responsibility for IT strategic planning and the development and implementation of an enterprise architecture. However, SSA did not conduct an analysis of this significant organizational change, including goals and strategies for an effective transition and clarification of roles and responsibilities, as called for by best practices. In addition, the agency has not updated its guidance for IT oversight to reflect the realignment.
Why GAO Did This Study
Services provided by the Social Security Administration (SSA) touch the lives of virtually every American. To support the delivery of these services, the agency uses information technology (IT) systems that are increasingly costly and difficult to maintain. To meet these challenges, SSA has committed to modernizing its IT environment. In addition, SSA recently realigned most of the responsibilities of its Chief Information Officer (CIO) to its Office of Systems. GAO was asked to (1) determine SSA’s progress in modernizing its IT systems and capabilities, (2) evaluate the effectiveness of the agency’s plans and strategy for modernizing its systems and capabilities, and (3) assess whether the realignment of the agency’s CIO responsibilities allows for effective oversight and management of the systems modernization efforts. To accomplish these objectives, GAO evaluated relevant agency program plans and documentation and interviewed agency officials.
Recommendations
GAO is recommending, among other things, that SSA develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities of the Office of Systems to help ensure effective oversight. SSA neither agreed nor disagreed with GAOs recommendations, but described steps it is taking that would address elements of the recommendations related to planning, enterprise architecture, and IT oversight.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Social Security Administration | To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to ensure that performance measures in each of OMB's four measurement areas are defined for ongoing IT modernization initiatives and, as appropriate, (1) identify how each investment is to contribute to expected benefits; (2) measure the effectiveness in meeting the goals, requirements, and mission results; and (3) provide a means for measuring projects' progress in meeting modernization goals. |
Closed – Not Implemented
The Social Security Administration (SSA) has not fully established IT investment performance measures that comply with the Office of Management and Budget's (OMB) capital planning guidance. Specifically, on September 6, 2016, we reviewed the performance measures associated with the agency's major IT investments that utilized operations and maintenance funding for both FY 2015 and FY 2016. Of the seven investments we reviewed, only one investment followed the capital planning guidance developed by OMB. As of September 27, 2016, the agency stated that it could not provide any additional information on how it plans to comply with the guidance. Thus, we are closing this recommendation as not implemented.
|
| Social Security Administration | To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to, in updating the IT strategic plan to support the 2013-2016 Agency Strategic Plan, include key elements-such as results-oriented goals, strategies, milestones, performance measures, and an analysis of interdependencies among projects and activities-and use this plan to guide and coordinate IT modernization projects and activities. |
Closed – Implemented
The Social Security Administration (SSA) has updated its IT Strategic Plan to include the key elements. For example, in updating the plan, SSA included five high-level strategic goals that the agency used to guide its planning and decision making. SSA then aligned each of the agency's strategic IT portfolios with the five goals. In addition, SSA included in the plan, strategies to guide the agency's modernization efforts for databases, applications, and IT infrastructure.
|
| Social Security Administration | To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to establish an enterprise architecture plan that includes key components called for by federal guidelines and GAO's enterprise architecture management framework, to effectively guide modernization activities. The plan should include (1) development of a service-oriented architecture road map that guides modernization activities and helps ensure the agency achieves its stated service-oriented architecture goals, such as better business agility and reduced systems development and maintenance costs; (2) development of an enterprise gap analysis that identifies the differences between the current and target environment in all related architecture products; (3) performance targets for the future environment, including interim milestones; and (4) descriptions of relationships among the business processes in terms of information. |
Closed – Not Implemented
While the Social Security Administration (SSA) has taken several actions toward implementing this recommendation, additional actions are needed to effectively respond to the recommendation. Specifically, in May 2015, SSA developed an enterprise road map to guide its modernization efforts that included enterprise architecture performance targets. Further, in July 2016, SSA stated that it was in the process of updating the enterprise data model that would include the descriptions of relationships among the business processes. Nevertheless, in August 2016, the agency stated that it had not yet performed a comprehensive gap analysis to identify the differences between the current and target environment in all related architecture products. Further, in September 2016, the agency stated that it could not provide any additional information on how it intends to fully establish its enterprise architecture plan for guiding IT modernization activities. Accordingly, we are closing this recommendation as not implemented.
|
| Social Security Administration | To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to, as appropriate, define roles and responsibilities of realigned staff and develop and clearly document updated investment review guidance and procedures to ensure that oversight reviews will be effective in evaluating and controlling investments. |
Closed – Implemented
In January 2016, the Social Security Administration (SSA) updated its capital planning and investment control guide, which includes various oversight mechanisms for evaluating and controlling information technology (IT) investments. For example, among other things, the guide requires periodic integrated baseline reviews that are intended to determine the validity of the program's baseline and the health of a project from a cost, schedule, management, resource, and technical perspective. The guide also requires an architecture review board to manage and enforce compliance with the agency's enterprise architecture by reviewing, approving, and providing guidance to IT projects. In addition to these oversight requirements, the guide also identifies the roles and responsibilities of personnel associated with the selection, control, and evaluation of the agency's IT investments.
|