Skip to Highlights
Highlights

Pursuant to a congressional request, GAO reviewed the Social Security Administration's (SSA) final actions to ensure its year 2000 readiness, including the actions it took during the rollover period--December 30,1999, through January 3, 2000, as well as for the February 29 leap year date--to ensure a successful transition to the new century.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Social Security Administration To help ensure the effective management of information technology, the Commissioner of Social Security should direct the Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to capitalize on the lessons learned from SSA's year 2000 initiative by establishing and implementing a plan and cognizant milestones for identifying which of its processes and practices can be applied to the agency's existing approach toward managing information technology.
Closed - Implemented
SSA agreed with our recommendation and took steps to identify and apply lessons learned from its Year 2000 program. For example, in April 2000, SSA reported that it had incorporated its Year 2000 contingency plans into the agency's Continuity of Operations Plans and also reported that it had begun to pilot test the quality assurance validation tool used for its Year 2000 program to determine whether it can help effectively manage the agency's information technology. In addition, SSA later identified lessons learned from its Year 2000 software and validation separation-of-duties procedures that could be capitalized on to strengthen the agency's existing software development practices. Implementation of these lessons learned from the Year 2000 program should help SSA more effectively manage its information technology.
Social Security Administration To help ensure the effective management of information technology, the Commissioner of Social Security should direct the Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to capitalize on the lessons learned from SSA's year 2000 initiative by institutionalizing those processes and practices as part of the agency's implementation of the Clinger-Cohen Act, where appropriate.
Closed - Implemented
SSA agreed with this recommendation and applied several lessons learned from its Year 2000 efforts to help manage its information technology. For example, SSA incorporated its Year 2000 contingency plans into the agency's Continuity of Operations Plan. The plan contains numerous tested procedures that could help facilitate SSA's continued operations in the event of an emergency that negatively affects the agency's ability to perform services electronically. Also, in late 2002, SSA implemented a quality assurance tool, XPEDITER+, that is similar to the Year 2000 quality assurance tool that was used. This has enabled the agency to conduct test coverage and risk analysis of test data against changed lines of code. In addition, in response to our recommendation, SSA institutionalized separation-of-duties procedures that it had implemented for Year 2000 software development and validation. Specifically, in April 2004, the agency issued procedures requiring that validation testing be conducted independently of the group that developed the software. The procedures state that software projects must demonstrate that (1) the preparation of validation test data, (2) the preparation of validation test cases, and (3) the preparation and execution of test procedures are the responsibility of a person or group that did not develop the software under test during the validation test stage of the life cycle. Such procedures are critical to the successful implementation of quality software. The institutionalization of these lessons learned from the Year 2000 initiative should assist SSA in more effectively managing its information technology, including its continuity of operations in the event of an emergency and software development efforts.

Full Report