Recommendation: The Commissioner of the Social Security Administration should (a) establish a plan and time frame for periodically reviewing the predictive model's design; (b) consider additional data sources that would allow for additional screening or modeling of potentially high-risk organizational payees; and (c) ensure that subsequent design decisions are documented in sufficient detail so the development process can be more fully understood and replicated, either by SSA or a knowledgeable third party, with minimal further explanation. (Recommendation 5)

Agency: Social Security Administration
Status: Open
Priority recommendation

Comments: SSA agreed with this recommendation in 2019 and identified actions to address it. The agency stated that it would pursue other data sources to develop additional screening tools and models to identify potentially high-risk organizational payees, but that it is unable to incorporate additional data into the existing model. They reported they cannot use new data to modify the existing model, which was built from cases and transactions that occurred many years ago. We recognize that the current model, which focuses on misuse findings and is based on historical data, presents challenges for both updating and including new data sources. Therefore, as SSA considers additional screening tools and models to identify high-risk, low-volume organizational payees, SSA should develop a plan for revising the existing model that allows for more timely updates and results in documentation of related design decisions. In April 2020, SSA officials reported that the agency is finalizing a plan to revise the existing model and would pursue other data sources to develop additional screening tools and models to identify potentially high-risk organizational payees.

Recommendation: The Commissioner of the Social Security Administration should, as it carries through with its plan to develop a risk assessment for the organizational payee program, ensure that that the plan reflects periodic consideration of findings from onsite reviews and audits. (Recommendation 9)

Agency: Social Security Administration
Status: Open
Priority recommendation

Comments: SSA agreed with this recommendation. In April 2020, SSA officials reported starting its Representative Payee Fraud Risk Assessment. We will consider closing this recommendation when SSA ensures that its risk assessment plan reflects periodic consideration of findings from onsite reviews and audits.

Recommendation: The Commissioner of the Social Security Administration should fully establish and document a process for coordination between cybersecurity risk management and enterprise risk management functions. (Recommendation 58)

Agency: Social Security Administration
Status: Open
Priority recommendation

Comments: SSA concurred with this recommendation. As of January 2020, SSA stated that it has initiated a formal process for coordination between its cybersecurity risk management and enterprise risk management teams and that this process should be fully established by the third quarter of FY 2020. Once SSA has provided evidence of these actions, we plan to verify whether implementation has occurred.

Recommendation: To ensure effective and appropriate recovery of DI overpayments and administration of penalties and sanctions, the Acting Commissioner of the Social Security Administration should adjust the minimum withholding rate to 10 percent of monthly DI benefits to allow quicker recovery of debt.

Agency: Social Security Administration
Status: Open
Priority recommendation

Comments: SSA agreed with this recommendation and in 2017 estimated that this change would result in an additional $213 million in collections over a 5-year period. The fiscal year 2021 President's budget submission contained a legislative proposal to make this change, and budgets since 2017 have contained similar proposals. As of June 2020, SSA reported that it plans to continue to submit similar legislative proposals. SSA also included the proposal in its regulatory agenda, noting that the change can also be implemented via regulatory change. We will close this recommendation once SSA achieves resolution from Congress on its legislative proposal or from its own regulatory efforts.

Recommendation: To improve SSA's ability to detect, prevent, and recover potential DI benefit overpayments due to the concurrent receipt of FECA benefits, the Commissioner of Social Security should strengthen internal controls designed to prevent DI overpayments due to the concurrent receipt of FECA benefits by implementing the alternative that provides the greatest net benefits.

Agency: Social Security Administration
Status: Open
Priority recommendation

Comments: As of January 2020, SSA had taken steps to strengthen internal controls, as GAO recommended in July 2015, but it had not completed its efforts. In January 2020, SSA told GAO that it continues to work with DOL to establish a computer matching agreement to support the FECA data exchange and the agreement is pending at DOL for final review and signature. According to SSA, if the agreement is established, SSA will use the FECA benefit data to improve efficiencies in its ability to offset/reduce DI benefits when an individual is concurrently receiving FECA benefits. GAO will continue to monitor SSA's work in this area. SSA following through with these plans will help the agency identify and prevent potential DI overpayments.