Social Security Administration:
Effective Planning and Management Practices Are Key to Overcoming IT Modernization Challenges
GAO-16-815T: Published: Jul 14, 2016. Publicly Released: Jul 14, 2016.
What GAO Found
GAO's reports have highlighted various challenges in the Social Security Administration's (SSA) information technology (IT) planning and management. Overall, these reports identified weaknesses in, among other areas, system development practices, IT governance, requirements management, and strategic planning. The reports, collectively, stressed the need for the agency to strengthen its IT management controls. In previously reporting on SSA's implementation of a new electronic disability system in March 2004, GAO noted that the agency had proceeded without (1) conducting testing that was adequate to evaluate the performance of all system components collectively and (2) evidence that it had consistently applied established procedures to guide the system's development. Additionally, GAO's April 2012 review of the agency's IT modernization approach pointed out that SSA did not have an updated IT strategic plan to guide its efforts and its enterprise architecture lacked important content that would have allowed the agency to more effectively plan its investments. Beyond the challenges identified in these previous reports, GAO's May 2016 report on federal agencies' IT legacy systems highlighted the increasing costs that agencies, including SSA, may be faced with as they continue to operate and maintain at-risk legacy systems.
Prior GAO work has shown that effectively managing IT needs depends on federal departments and agencies, including SSA, having key processes in place. Toward this end, GAO has identified and reported on a set of essential and complementary management disciplines that provide a sound foundation for IT management. Among these practices are:
Strategic planning to define what an organization seeks to accomplish and identify the strategies it will use to achieve desired results.
IT investment management that includes instituting an investment board, selecting investments that meet business needs, providing investment oversight, and capturing investment information.
Systems development and acquisition that includes defining requirements, managing project risk, reliably estimating cost, and developing an integrated and reliable master schedule, among other actions.
Information security and privacy which are essential for preventing data tampering, disruptions in operations, fraud, and inappropriate disclosure of sensitive information.
Service management for ensuring that IT services, such as server management and desktop support, are aligned with and actively support the business needs of the organization.
Leadership for driving change, providing oversight, and ensuring accountability for results.
Given the longstanding challenges with IT management and modernization efforts, it is important for SSA to implement a clearly established, rigorous, and disciplined approach for its current efforts to modernize its aging IT systems. Without doing so, challenges like those that the agency experienced with its past initiatives could continue to be an impediment to the agency in achieving the more modernized IT environment that is necessary to support its service-delivery mission.
Why GAO Did This Study
SSA delivers services that touch the lives of almost every American, and the agency relies heavily on IT resources to do so. Its computerized information systems support a range of activities—from processing Disability Insurance and Supplemental Security Income payments, to calculating and withholding Medicare premiums, and issuing Social Security numbers and cards. For fiscal year 2015, the agency reported spending approximately $1.3 billion on hardware and software, computer maintenance, and contractor support, among other things. SSA's IT infrastructure is aging and, thus, increasingly difficult and expensive to maintain. In its fiscal year 2017 budget, the agency has requested $300 million, to be spread over 4 years, to modernize its IT environment.
This statement summarizes challenges that SSA has previously encountered in managing and modernizing its IT, as described in prior GAO reports. It also highlights selected best practices that GAO identified as essential to effectively planning and managing IT modernization efforts.
What GAO Recommends
GAO has made numerous recommendations to SSA to mitigate challenges in planning for and managing its IT. Among other things, GAO has recommended strengthening the roles and responsibilities of the agency's investment board, improving post-implementation reviews, and establishing an enterprise architecture to effectively guide modernization activities. The agency has taken a number of actions intended to address them.
For more information, contact Valerie C. Melvin at (202) 512-6304 or firstname.lastname@example.org.