Major Management Challenges at the Social Security Administration

Overall, the Social Security Administration (SSA) has made some progress in addressing each of the four key management challenges and program risks GAO identified in 2003, but additional actions will be necessary to ensure effective management and continued program integrity to meet the needs of a growing and aging population.

SSA has continued to strengthen the integrity of its Supplemental Security Income (SSI) program. SSA's progress in developing new tools to improve SSI's financial integrity and management warranted removing the program's high-risk designation in 2003. However, as GAO determined then, the agency must still completely implement the reforms it has undertaken and move forward with options to simplify the program's complex policies. In addition, GAO's work shows that weaknesses in SSA's procedures for determining whether beneficiaries actually reside in the United States—which is a condition of SSI eligibility—expose the program to fraud and overpayments. GAO has recommended that SSA reengineer its existing review procedures for beneficiaries and access additional automated tools to better detect residency violations.

Since 2003, SSA has taken steps to improve its programs that provide support for individuals with disabilities , but these steps have not yet addressed pressing and, in GAO's view, high-risk needs to modernize the program. SSA's Commissioner recently proposed significant changes that are intended to help improve the timeliness, accuracy, and consistency of its disability decision-making process. Although SSA has begun to implement some changes, it does not plan to implement other changes until it has successfully implemented its electronic disability system, a system that has not yet been fully tested. Proceeding without effectively identifying and managing the costs, benefits, and risks associated with the system's full development and implementation places SSA at risk of not achieving its desired system performance and associated benefits. To reduce the risks associated with SSA's development of its electronic disability system, GAO previously recommended that before proceeding with a national rollout, SSA, among other steps, ensure that all critical problems have been resolved and that full testing has been performed, expedite completion of risk-mitigation strategies, and validate cost-benefit estimates.

SSA has also continued to implement the Ticket-to-Work Act. It has conducted demonstration projects dealing with vocational rehabilitation and has plans to conduct additional projects that will deal with other issues affecting support for beneficiaries who can return to work. Although SSA plans to consider reassessing its disability program's eligibility criteria based on the results of some of these projects, little has been done to truly modernize the program consistent with the many changes in medical technology and labor market conditions. Moreover, the agency has yet to develop a strategic workforce plan covering the staff who make the disability determinations, even though such a plan is critical to SSA's long-term strategy for improving and modernizing its disability programs. Consequently, GAO recommended that SSA improve its workforce planning by developing a nationwide strategic workforce plan that addresses present and future human capital challenges facing disability examiners, establishes uniform minimum qualifications for examiners, and closes the gaps between current and required examiner skills. In addition, a recent GAO report outlined overpayment vulnerabilities in the Disability Insurance (DI) program that SSA has not yet addressed. To address these vulnerabilities, GAO recommended that SSA explore new tools and more data sources that can be used to more effectively detect and prevent earnings-related overpayments. GAO designated the need to modernize federal disability programs, including those at SSA, as a high-risk area in 2003 to call attention to the already-urgent need for reform that will only grow as the baby boomers enter their disability prone years. Additional information on the challenges of improving SSA's disability programs can be found in High Risk Series: An Update ( GAO-05-207 ).

In response to GAO's previous recommendations for improving its information technology (IT) management to support future service delivery , SSA has made important progress since 2003 in addressing weaknesses in policies, procedures, and practices in key IT areas, which form an essential aspect of SSA's vision for the future. For example, SSA has developed criteria to guide the agency's IT investment management process and completed key elements of its enterprise architecture—a blueprint for systematically and completely defining its current and desired IT environments. SSA also has addressed IT human capital weaknesses by identifying and assessing IT staff skills and requirements and developing a strategic plan to help ensure the adequacy of its future IT workforce. Further, it has made progress in addressing information protection issues raised in prior years by, for example, issuing risk models to standardize platform security configurations, establishing monitoring tools for enforcement of standards, improving firewall controls, and enhancing continuity of operations activities. However, a recent audit by an independent public accounting firm reported that SSA needs to take further actions to strengthen controls to protect its information. For example, SSA needs to complete the development of security configurations for all its servers in use in its distributed processing environment, which represents a key control in ensuring security of the SSA network. SSA's overall success in meeting its service delivery challenge will depend on how effectively it adheres to established criteria and management processes in undertaking its IT initiatives, and links its investments to detailed service delivery goals and performance. Further, as the agency moves forward in implementing electronic systems and other technologies to support new ways of delivering services, a strong program to address threats to the security and integrity of SSA's information and systems will remain essential.

Since 2003, SSA has strengthened some of its controls to protect the personal information it develops and maintains in the course of administering its benefits programs, but key areas remain vulnerable to those seeking to use Social Security numbers (SSN) fraudulently. Although, SSA now requires that the immigration and work status of every non-citizen SSN applicant be verified with the Department of Homeland Security before a number is issued, additional systems improvements are needed and agencywide compliance with new policies and procedures must be ensured. GAO recommended requiring independent verification of birth records for children under age one and tightening controls over the issuance of replacement social security cards, and these became law in 2004. Given the potential homeland security implications associated with identity theft at the point of driver licensing, GAO has also recommended that the Congress consider authorizing the development of a national data sharing system for all driver records.

Related GAO Products

Integrity of SSI Program

Supplemental Security Income: Sustained Management Attention Needed To Address Residency Violations. GAO-04-789T . Washington, D.C.: May 20, 2004.

Supplemental Security Income: Social Security Administration Could Enhance the Ability to Detect Residency Violations . GAO-03-724 . Washington, D.C.: January 29, 2004.

Programs for Individuals with Disabilities

S SA's Disability Programs: Improvements Could Increase the Usefulness of Electronic Data for Program Oversight . GAO-05-100 . Washington, D.C.: December 10, 2004.

Social Security Disability: Improved Processes for Planning and Conducting Demonstrations May Help SSA More Effectively Use Its Demonstration Authority. GAO-05-19 . Washington, D.C.: November 10, 2004.

TANF and SSI: Opportunities Exist to Help People with Impairments Become More Self-Sufficient. GAO-04-878 . Washington, D.C.: September 15, 2004.

Disability Insurance: SSA Should Strengthen its Efforts to Detect and Prevent Overpayments. GAO-04-929 . Washington, D.C.: September 10, 2004.

Social Security Administration: More Effort Needed to Assess Consistency of Disability Decisions . GAO-04-656 . Washington, D.C.: July 2, 2004.

Social Security Disability: Commissioner Proposes Strategy to Improve the Claims Process, but Faces Implementation Challenges . GAO-04-552T . Washington, D.C.: March 29, 2004.

Electronic Disability Claims Processing: SSA Needs to Address Risks Associated With Its Accelerated Systems Development Strategy. GAO-04-466 . Washington, D.C.: March 26, 2004.

Social Security Administration: Strategic Workforce Planning Needed to Address Human Capital Challenges Facing the Disability Determination Services. GAO-04-121 . Washington, D.C.: January 27, 2004.

SSA Disability Decision Making: Additional Steps Needed to Ensure Accuracy and Fairness of Decisions at the Hearings Level. GAO-04-14 . Washington, D.C.: November 12, 2003.

Supporting Future Service Delivery

Electronic Disability Claims Processing: SSA Needs to Address Risks Associated with Its Accelerated Systems Development Strategy. GAO-04-466 . Washington D.C.: March 26, 2004.

Electronic Disability Claims Processing: Social Security Administration's Accelerated Strategy Faces Significant Risks . GAO-03-984T . Washington D.C.: July 24, 2003.

Information Technology Management: Social Security Administration Practices Can Be Improved. GAO-01-961 . Washington D.C.: August 21, 2001.

Protecting Personal Information

Social Security Numbers: Governments Could Do More to Reduce Display in Public Records and on Identity Cards. GAO-05-59 . Washington D.C.: November 9, 2004.

Social Security Numbers: Use Is Widespread and Protections Vary in Private and Public Sectors . GAO-04-1099T . Washington D.C.: September 28, 2004.

Social Security Numbers: Use Is Widespread and Protections Vary. GAO-04-768T . Washington, D.C.: June 15, 2004.

Social Security Numbers: Private Sector Entities Routinely Obtain and Use SSNs, and Laws Limit the Disclosure of This Information. GAO-04-11 . Washington, D.C: January 22, 2004.

Social Security Administration: Actions Taken to Strengthen Procedures for Issuing Social Security Numbers to Noncitizens, but Some Weaknesses Remain. GAO-04-12 . Washington, D.C.: October 15, 2003.

Social Security Numbers: Improved SSN Verification and Exchange of States' Driver Records Would Enhance Identity Verification. GAO-03-920 . Washington, D.C.: September 15, 2003.

Social Security Numbers: Ensuring the Integrity of the SSN. GAO-03-941T . Washington, D.C.: July 10, 2003.