OFFICE
OF
THE INSPECTOR GENERAL
SOCIAL SECURITY ADMINISTRATION
THE SOCIAL
SECURITY ADMINISTRATION'S
INFORMATION RESOURCES MANAGEMENT
STRATEGIC PLAN
September
2007
A-14-07-27133
AUDIT REPORT
Mission
By conducting independent and objective audits, evaluations and investigations,
we inspire public confidence in the integrity and security of SSA's programs
and operations and protect them against fraud, waste and abuse. We provide timely,
useful and reliable information and advice to Administration officials, Congress
and the public.
Authority
The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:
Conduct and supervise independent and objective audits and investigations
relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation
and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems
in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.
Vision
We strive for continual improvement in SSA's programs, operations and management
by proactively seeking new ways to prevent and deter fraud, waste and abuse.
We commit to integrity and excellence by supporting an environment that provides
a valuable public service while encouraging employee development and retention
and fostering diversity and innovation.
MEMORANDUM
Date: September 28, 2007
To: The Commissioner
From: Inspector General
Subject: The Social Security Administration's Information Resources Management Strategic Plan (A-14-07-27133)
OBJECTIVE
The objective of our review was to evaluate the Social Security Administration's (SSA) Information Resources Management (IRM) Strategic Plan (IRM Plan) in comparison to best practices and Federal requirements.
BACKGROUND
Purpose of an IRM Plan
Agencies must develop and maintain an IRM Plan as required by the Paperwork Reduction Act of 1995 (PRA). According to the Office of Management and Budget (OMB), IRM Plans should support an agency's Strategic Plan and provide a description of how IRM activities help accomplish its missions, and ensure that IRM decisions are integrated with organizational planning, budget, procurement, financial management, human resources management, and program decisions.
OMB does not have guidance on the specific contents of an IRM Plan. However, an IRM Plan should be strategic in nature and address the requirements of Federal IRM as expressed in the PRA and OMB Circular A 130.
The Role of Enterprise Architecture
Agencies are also required to create an Enterprise Architecture (EA) Framework to guide strategic IRM planning. An agency's capital planning and investment control (CPIC) process must build from the agency's EA. An EA is the explicit description and documentation of the current and desired relationships among business and management processes and Information Technology (IT). The EA should describe the "current" and "target" architectures. In addition, the EA must provide a strategy that supports the current state of operations and also act as the roadmap for transition to its target environment through effective IRM activities. OMB annually evaluates agencies' EA practices and recently lowered the grades of four agencies' scores on the President's Management Agenda E-gov Scorecard in early 2007 because their EA practices did not meet OMB's expectations.
SSA IRM Strategic Planning
The most recent series of the IRM Plan replaced the Information Technology Architecture Plan (ITAP) that was last published in October 2001. The IRM Plan contains many ITAP features and its content reflects planning decisions made by the Information Technology Advisory Board (ITAB). SSA's 2007 IRM Plan covers Fiscal Years (FY) 2006-2012. At SSA, the Office of the Chief Information Officer (OCIO) is responsible for developing SSA's IRM Plan.
The purpose of SSA's IRM Plan is to:
describe how IRM activities help accomplish SSA's mission, goals and objectives;
ensure IRM decisions are integrated with organizational planning, budget, procurement,
financial management, human resources management, and program decisions;
present an overview of SSA's EA; and
serve as a key component of SSA's IT CPIC process.
RESULTS OF REVIEW
We compared SSA's IRM Plan with other Federal agencies' to identify the best practices with regards to the IRM Plan document, given that OMB does not have guidance on the exact contents of an IRM Plan. We found that each of the agencies' IRM Plans we reviewed had strengths and weaknesses in different areas. We identified and provided examples (Appendices C, D, and E) of some practices used by other agencies that SSA can consider as a part of its IRM process. These practices, although belonging to agencies whose sizes are different from SSA, provide examples of clear presentation, relevant IRM contents, or enhanced structure.
SSA's 2007 IRM Plan provides a description of the Agency's IRM strategic objectives, its current major IT investments, the IT CPIC process, and project management practices. Among the numerous Federal agency IRM Plans we reviewed, SSA's plan has the broadest coverage. It included areas that some other agencies did not cover such as security, privacy, information dissemination, records management and IT human resources management. It also discussed SSA's efforts in developing its own versions of Federal Enterprise Architecture (FEA) reference models to demonstrate how SSA supports the goals of FEA.
However, SSA's IRM Plan needs to be more strategic and provide a better description of how the Agency's information resources management activities will help accomplish the Agency's mission, goals and objectives. The IRM Plan would also be more useful if it informed the reader of the Agency's present position and what it sees as its future IT architecture. This can best be accomplished through a description of SSA's existing and target EA. Finally, the IRM Plan should be structured in a way to better support the Agency's Strategic Plan while providing possible solutions to its future challenges and constraints.
SSA is already in the process of taking steps to resolve these issues.
SSA's IRM PLAN SHOULD BE MORE STRATEGIC
SSA's FY 2007 IRM Plan needs to be more strategic and support the Agency's Strategic Plan. The Agency's IRM Plan is not strategic in the following areas:
IRM activities and the underlying EA only span 2 years into the future, even
though the IRM Plan states that it covers FYs 2006 through 2012. According to
OMB, an IRM Plan should support the Strategic Plan, which must cover a minimum
of 5 years. However, SSA's IT planning process, where IT resources are allocated
to projects, and the Agency's performance goals cover only 2 years. Some of
the IT projects approved by ITAB have life spans that are expected to go beyond
2 years; however, SSA's IT Systems Plan does not have IT projects that will
start 2 years in the future. We found examples of other Federal agencies, which
show longer range IRM planning activities, such as the Farm Credit Administration's
IRM Plan, as shown in Appendix C and the Bureau of Land Management's IRM Plan
as shown in Appendix D. These IRM Plans include long-term planning for their
system development projects. Although these are smaller agencies, we believe
a similar practice could be adopted by SSA.
Some challenges are not fully addressed. SSA's IRM Plan does not have a sufficient
description about how the Agency plans to address its biggest challenge: an
increased workload due to disabled and retiring baby boomers. One SSA goal is
to maintain an average annual productivity improvement rate of 2 percent. However,
the IRM Plan does not address if the 2 percent increase in productivity, due
in part to systems enhancements, will be sufficient to allow SSA to effectively
serve the baby boomers in the future, without an increase in staff. SSA needs
to establish long-range strategies to fully address these and other critical
challenges.
Because SSA's IRM strategic planning does not go beyond 2 years, its IRM Plan
does not provide a clear strategic vision of what the Agency needs or plans
to do over the next few years to address its critical challenges. For SSA's
IRM Plan to serve its strategic purpose, SSA needs to establish a long-range
IRM strategic planning process that covers a period consistent with the Agency's
Strategic Plan.
PRESENTATION OF ENTERPRISE ARCHITECTURE COULD BE IMPROVED
EA is the blueprint that guides the Agency's IRM strategic planning and is instrumental to the Agency's CPIC process. An EA is considered the blueprint because it provides both the "current architecture" and "target architecture." Thus, these two descriptions enable an agency to support its current state and also act as the roadmap for transition to its target environment through IRM activities. As a result, EA can establish a clear line of sight from investments to measurable performance improvements.
The current EA section of SSA's IRM Plan focuses on SSA's EA process description and its effort of developing FEA reference models. It does not provide a description of SSA's existing and target EA as the roadmap for reaching the Agency's mission and goals. In 2002, SSA developed a document with the Agency's existing and target architecture. SSA's April 2003 IRM Plan included the Agency's then existing and target architecture; however, they have not been included in the Agency's IRM Plan since that time.
Without a proper description of SSA's current and future EA in its IRM Plan, readers are not informed of the Agency's present and target IT environment. Thus the reader is left without the knowledge of what SSA plans or needs to achieve over the next few years to meet the strategic mission and goals that should be integrated in a target EA. SSA is required to architect first and then use the architecture to guide its IT investment planning. SSA's EA should describe its existing and target EA and provide a strategy that acts as the roadmap for transition to its target environments.
The Office of Systems will include the following information in the next IRM Plan:
the existing and target EA diagrams;
a verbal description of the fundamental differences between the current and
future diagrams; and
a transition strategy that documents the EA segmentation as well as the projects
to manage the orderly transition from the current to the future state.
We commend the Office of Systems for its proactive approach to updating the Agency's IRM Plan.
THE IRM PLAN COULD BE BETTER STRUCTURED TO ADDRESS ITS RESOURCE NEEDS, CHALLENGES AND CONSTRAINTS
IRM Plan Structure and Agency Strategic Plan Structure
SSA's IRM Plan chapter 3, in discussing its IT initiatives, should be structured to better support the Agency's Strategic Plan. SSA's Strategic Plan is organized using the Agency's four strategic goals with the strategic objectives related to each of the four goals. For each of the strategic objectives, SSA's Strategic Plan includes the expected long-term outcomes, and a discussion of possible issues, external factors, and SSA's means and strategies for reaching its objectives.
The IRM Plan includes a chapter where it discusses its 15 major IT initiatives and related strategies. However, this chapter does not discuss these initiatives and strategies in a manner which creates a vision of how SSA uses IT projects to achieve its goals and objectives as defined in its Strategic Plan. An example of an IRM formatting structure that provides such a structure is used by the Department of the Interior's, Fish & Wildlife Service. We have included an example of a section of its IRM Plan in Appendix E, where its goal, objective, target results, performance measures, annual performance goals, and responsible parties, for the future years are all linked together in a one page document. SSA's IRM Plan needs to better support the Agency's Strategic Plan as required in OMB Circular A-130, and provide a description of how IRM activities will help accomplish the Agency's mission.
IRM Should Provide More Information About SSA's Resource Needs and Discuss the Agency's Challenges, Constraints and Projections
SSA's IRM Plan does not sufficiently include the information resources the Agency will need to achieve its IT initiatives and strategies. It does not adequately discuss internal and external challenges and constraints that could hinder the IT initiatives and strategies from achieving its goals. Furthermore, the IRM Plan does not include information, such as projections of various initiatives, or how SSA's IT strategies and initiatives impact the achievement of certain measurable goals. Therefore, readers cannot easily form a realistic expectation about what results can be achieved, what IT activities need to be achieved, and what challenges and constraints SSA might face in achieving its goals in the future.
OMB states an IRM Plan should be strategic in nature and address the information resources management of the agency. OMB defines that an IRM "…encompasses both information itself and the related resources, such as personnel, equipment, funds and information technology." SSA's IRM Plan needs to discuss challenges, constraints and projections to provide a strategic view for the audience.
To address these issues, we recommend that Chapter 3 of SSA's IRM Plan, where SSA discusses its major IT initiatives, adopt the general structure of the Agency's Strategic Plan for each of SSA's Strategic Objectives. SSA should provide the audience with a clear roadmap of how the Agency plans to reach the goals and objectives it defined by discussing areas such as the following:
strategic goals and objectives;
performance measures with results;
information resources management activities (IT projects and strategies);
major functionality targets and time frames;
funding, technology, and IT staffing needs; and
challenges, constraints, possible solutions, and related projections if available.
The OCIO is already taking steps to restructure Chapter 3 of SSA's IRM Plan with a focus on including more strategic information, covering a 5-year period, to tie the information to the Agency's Strategic Plan. We commend the OCIO for its proactive approach to updating the Agency's IRM Plan.
CONCLUSION AND RECOMMENDATIONS
SSA's IRM Plan provides a balanced and comprehensive coverage of its IRM and activities. However, SSA can improve in a few areas to fully address the purpose of the Agency's IRM Plan and meet Federal requirements. SSA's IRM Plan needs to be more strategic and provide a better description of how IRM activities will help accomplish the Agency's mission, goals and objectives.
For issues related to SSA as a whole, we recommend SSA:
1. Establish a long range IRM strategic planning process that covers a period consistent with the Agency's Strategic Plan.
For issues specific to SSA's IRM Plan, we recommend SSA:
2. Continue plans to include conceptual diagrams and a supplemental description of SSA's existing and target EA.
3. Adopt the general structure of the Agency's Strategic Plan, in IRM Plan
Chapter 3, where SSA discusses its major IT initiatives. To provide the audience
with a clear roadmap of how SSA plans to achieve the goals and objectives it
defined, for each of SSA's Strategic Objective Portfolios, SSA should discuss
areas such as the following:
strategic goals and objectives;
performance measures with results;
information resources management activities (IT projects and strategies);
major milestones and time frames;
funding, technology, and IT staffing needs; and
challenges, constraints, possible solutions and related projections if available.
AGENCY COMMENTS
SSA agreed with our recommendations. The Agency's comments are included in Appendix F.
Patrick P. O'Carroll, Jr.
Appendices
APPENDIX A - Acronyms
APPENDIX B - Scope and Methodology
APPENDIX C - Farm Credit Administration, Information Resources Management, IRM
Plan, Fiscal Years 2007-2012
APPENDIX D - United States Department of Interior, Bureau of Land Management
Information Resources Management Strategic Plan, 2002-2005
APPENDIX E - U.S. Fish & Wildlife Service Information Resources and Technology
Management Strategic Plan - Version 1.0, 09/30/2005
APPENDIX F - Agency Comments
APPENDIX G - OIG Contacts and Staff Acknowledgments
Appendix A
Acronyms
CPIC Capital Planning and Investment Control
EA Enterprise Architecture
FEA Federal Enterprise Architecture
FY Fiscal Year
IRM Information Resources Management
IRM Plan IRM Strategic Plan
IT Information Technology
ITAB Information Technology Advisory Board
ITAP Information Technology Architecture Plan
NARA National Archives and Records Administration
OCIO Office of Chief Information Officer
OMB Office of Management and Budget
PRA Paperwork Reduction Act
SSA Social Security Administration
U.S. United States
U.S.C. United States Code
Appendix B
Scope and Methodology
The objective of our review was to evaluate the Social Security Administration's
(SSA) Information Resources Management (IRM) Strategic Plan (IRM Plan) in comparison
to best practices and Federal requirements.
To meet the objective of this audit, we reviewed relevant Federal laws, regulations and guidance. We reviewed SSA's documents related to IRM, SSA's Information Technology capital planning and investment control process with a focus on IRM strategic planning, and SSA's Enterprise Architecture process. We also conducted interviews to obtain an understanding for areas critical to SSA's IRM strategic planning.
We reviewed the IRM Plans of several Federal agencies. We compared SSA's IRM Plan with other Federal agencies' to identify the best practices with regards to the IRM Plan document, given that the Office of Management and Budget (OMB) does not have guidance on the exact contents of an IRM Plan. We found that for the agencies we reviewed, each has its strengths and weaknesses in different areas. We have identified and provided examples (Appendices C, D, and E) of some practices used by other agencies that could help SSA to better meet its IRM purposes. These practices, although belonging to agencies whose sizes are different from SSA, provide clearer presentation, more relevant IRM contents, or better structure.
We reviewed the following Federal laws, regulations, and guidance:
Clinger Cohen Act of 1996.
Paperwork Reduction Act of 1995.
Government Performance and Results Act of 1993.
OMB Circular A-130, Management of Federal Information Resources.
OMB Circular A-11, Preparation, Submission, and Execution of the Budget.
OMB FEA Practice Guidance.
We reviewed the following SSA documents:
SSA Information Resources Management Strategic Plans for Fiscal Years 2002
through 2007.
SSA Strategic Plan FY 2006-FY 2011.
SSA Annual Performance Plan for Fiscal Year 2008.
SSA Target Information Technology (IT) Capital Planning and Investment Control
Process (CPIC) Guide.
SSA Information Technology Advisory Board meeting materials and minutes.
SSA Enterprise Architecture artifacts.
We contacted or interviewed SSA staff in the following components:
Office of the Chief Information Officer and its Office of Information Technology
Systems Review;
Office of Systems, Office of Enterprise Support, Architecture and Engineering;
and
Office of Strategic Management.
We also reviewed IRM Plans of other Federal agencies, including the following:
1. United States (U.S.) Department of the Interior,
Bureau of Land Management, Information Resources Management Strategic Plan 2002-2005,
May, 2002.
U.S. Fish & Wildlife Service, Information Resources and Technology Management
Strategic Plan, version 1.0, 09/30/2005.
Minerals Management Service, Information Technology Strategic Plan and Information
Guide, 2005 - 2007.
2. NASA Information Resources Management (IRM) Strategic Plan, September 2006.
3. U.S. Department of Transportation FY 2006-FY 2011 Information Resources Management
Plan, September 2006.
4. U.S. Department of Energy Information Resources Management Strategic Plan
FY 2007-2009.
5. Department of Justice IT Strategic Plan Fiscal Years 2006-2011.
6. Farm Credit Administration Information Resources Management IRM Plan Fiscal
Years 2007-2012.
This audit was performed in accordance with generally accepted government auditing
standards. We conducted our field work at the SSA Headquarters in Baltimore,
Maryland from January through May 2007.
Appendix C
Farm Credit Administration, Information Resources Management, IRM Plan Fiscal
Years 2007-2012
C. Development Projects
New system development projects further our goal of encouraging innovative uses of technology geared toward improving Agency information collection, retrieval, and distribution. This encompasses projects such as developing new or custom-designed client/server applications, providing the capacity to conduct business electronically internally and externally, assuring public access to Federal information, providing government-wide e-mail, and developing workflow applications.
New system development projects in Fiscal Year 2007 are projected to require
1,034 staff days, which is a 558-day increase from the previous year. There
are 22 proposed new development projects. The dollar costs reflected for each
project include Farm Credit Administration (FCA) resource costs as well as any
externally purchased resources.
1. Infrastructure Review - Office of Management Services (OMS)
With the client/server architecture at the end of its life cycle at FCA, this
project will re-evaluate the method of delivering Information Technology (IT)
services at FCA to ensure delivery is effective and provided at the best cost-value.
The improvements in technology, including the ability to secure information,
use the Internet as a reliable highway for delivering information, and the increased
need for portability and flexibility of technology delivery to FCA staff are
drivers of this initiative. Newer architectures, including Web-based and Web-enabled,
may offer the ability to reduce operating costs, accelerate the delivery of
applications, and further empower our clients by providing them the ability
to more easily access information necessary to support their decision-making
processes. This project will undertake the evaluation of client/server as well
as Web-based and Web-enabled architectures and their applicability to the delivery
of IT services in the FCA environment.
This project will (1) evaluate the effectiveness and efficiency of delivering IT services using the client/services model, and include a review of Lotus Notes; (2) analyze other architectures including web-based and web-enabled architectures using web services; (3) evaluate the costs and benefits of moving to another architecture; (4) make a recommendation on the appropriate architecture for FCA's IT delivery; (5) evaluate and select new user and development tools to support the appropriate architecture; (6) select new tools and begin migration of legacy applications to new architecture; and (7) design architecture infrastructure to support and optimize the selected architecture (possible infrastructure centralization).
The evaluation and selection of an appropriate IT architecture, configuration and tools improves future capacity of the Agency's IT investment to meet the changing needs of the Agency. The IT architecture hosts and delivers all applications, both critical and non critical, and is essential to efficiently providing the tools customers need to perform their duties.
FY
2007 FY
2008 FY
2009 FY
2010 FY
2011 FY
2012 Total
Total Cost 232,050 452,420 150,850 44,150 140,050 153,950 1,173,470
OMS Hours 2,490 2,524 2,120 200 200 500 8,034
2. Examination Workflow Integration - Office of Examination (OE)
This project and its various components represent a significant investment in
building the new OE, and as such may require substantial resources and emphasis.
In fact, various components have already been discussed and resources allocated
through the OE Strategic Plan initiatives. This OE Workflow Integration project
takes things one step further by integrating all the various components into
a common technology platform/system. There are likely other similar examples
of processes that could be better integrated. It is important that as OE teams
evaluate existing processes/systems or develop new ones, that the technology
platform and approach used can result in easy integration with other systems,
either immediately or at a later date.
The goal of this project is to improve our examination processes, risk supervision,
and communications, both internally and externally. The project is focused on
integrating key aspects of OE workflow using technology solutions, creating
an application that will provide a central "launch pad" (i.e., graphical
user interface) which seamlessly integrates disparate information and systems.
The integration of these systems will allow OE to replace manual processes with
more automated processes, thereby greatly increasing our efficiency, effectiveness,
and consistency. We believe this will be a critical cornerstone for the "new
OE." This project will involve a number of parties within and outside OE
(particularly OMS), and needs to be closely coordinated through the OE IRM Operations
Committee representative.
FY
2007 FY
2008 FY
2009 FY
2010 FY
2011 FY 2012 Total
Total Cost 105,500 105,500 55,500 35,500 35,500 35,500 373,000
OMS Hours 100 100 100 100 100 100 600
3. Electronic Recordkeeping-Knowledge Management - OMS
This project is to explore and recommend an electronic recordkeeping and knowledge (ERK) management system to manage the Agency's official records and institutional knowledge within appropriate legal and regulatory requirements.
An ERK capability will impact the FCA at all levels by providing timely electronic (desktop) access to Agency records for all staff members. ERK will provide an enterprise-wide strategy through which official FCA records can be managed throughout their lifecycle of document creation, management, distribution, storage, retrieval, destruction and/or transmittal to the National Archives and Records Administration (NARA). It will also enable the Agency to implement a program to manage and retain its critical institutional, technical, and operational knowledge. When implemented, a knowledge management mechanism will also negate the impact of anticipated staff retirements.
In the short-term, ERK will require a significant investment of FCA resources but will result in the realization of long-term benefits. In order for the Agency to successfully develop and implement an ERK system, it is imperative the initiatives receive visible and consistent support from senior and executive management. Any ERK system adopted by the FCA must be compliant with the Department of Defense Standard 5015.2 (DoD 5015.2), which is the current NARA-endorsed system for Federal recordkeeping.
FY
2007 FY
2008 FY
2009 FY
2010 FY
2011 FY
2012 Total
Total Cost 183,700 187,200 107,200 99,200 99,200 191,700 868,200
OMS Hours 2,220 880 880 880 880 2,220 7,960
Appendix D
United States Department of the Interior, Bureau of Land Management, Information
Resources Management Strategic Plan, 2002-2005
Goal 3: Support the Bureau's Mission by increasing the Effectiveness and Timeliness
of Service
Delivery and Effectiveness of its Human Capital
Objective 2: Recruit and/or retain skilled IRM personnel that are competent
in both current and
emerging technologies.
As part of managing IT assets, BLM must invest in timely, appropriate, and industry-standard
education and
training to ensure technical staffs in national and field offices understand
and can apply current and future
technologies. This strategy involves both a commitment to recruit, train, and
retain talented BLM personnel
as well as collaborating with other agencies and organizations to fully utilize
their talented individuals and
share resources wherever possible. Arrangements with other agencies will also
be used to share technical
personnel in an era of diminishing budgets. BLM will also stay abreast of emerging
trends through an ongoing
program of technology evaluation. New technologies will be introduced through
pilot projects where both
the automation and its business benefits and costs can be evaluated prior to
any Bureau-wide adoption or
full-scale deployment occurs.
FY FY FY FY
Outcome Performance Measure 2002 2003 2004 2005
goal goal goal goal
Increased availability of IT Avg percentage of time that 2% 1.75% 1.5% 01.25%
resources national systems are unavailable
Increased customer Customer feedback increases in - base +10% +10%
confidence value section line
Improved performance of IT Percentage of times IT problems base- +10% +10%
resources are resolved in one service call. line +10%
Length of time to resolve problem. -20% -20% -20% -20%
Skilled IRM support staff to Average length of service once base- +5% +5% +5%
manage and maintain the employees are considered 'skilled' line
Bureau's systems
Product Action/Method Responsible Party Date
Baseline IT performance Conduct a study of common IT AD-500 FY02
statistics performance statistics to be
collected annually
Implementation of Conduct a study of incentives and AD-500 FY03
Innovative Personnel other new alternative management AD-700
Management Practices for practices for use in BLM
IRM staff
Development of Cross- Participate in Department-wide AD-500 On-
agency sharing and other teams that are charged with going
IRM efforts Interior-wide responsibilities
Appendix E
U.S. Fish & Wildlife Service Information Resources and Technology Management
Strategic Plan - Version 1.0, 09/30/2005
Goal 3: Enhance IRTM Skills of Service Employees. Through planning, assessment,
and education efforts, establish and maintain an adequately skilled workforce
to optimize the productive use of IRTM. Continue to partner closely with the
National Conservation Training Center (NCTC) to ensure that IRTM information
is incorporated in the appropriate classes.
Objective 3.1: Recruit and retain sufficient skilled IT personnel, competent
in current and emerging technologies, to optimize the productive use of IT.
Ensure that the Service has an adequate number of sufficiently skilled IT personnel
on an ongoing basis to realize the potential benefits from the use of IT by
all employees.
Target Results Responsible Parties Date
All regions, programs, and offices assess existing IT staff, skills, workload,
organization and future needs and develop workforce plans to meet those needs.
IRTM, CTO Council 2006
Improved outreach to support IT skills. Required actions include:
o Partnerships with programs, regions, and NCTC to improve outreach and education.
o Partnership with NCTC to ensure that current IT initiatives and polices are
incorporated in appropriate training classes.
o Partnerships with DOI IT Training Team to take advantage of global training
requirements and not duplicate or compete same technology among bureaus.
IRTM, NCTC, CTOs 2006
Performance Measures FY
2005 goal FY
2006 goal FY
2007 goal FY
2008
goal
Number of Regions and programs in compliance with policy on IT skill sets. -
Base-line
Regions and Offices with IT workforce plans in effect - All All All
Appendix F
Agency Comments
MEMORANDUM
Date: September 14, 2007
To: Patrick P. O'Carroll, Jr.
Inspector General
From: Larry W. Dye
Subject: Office of the Inspector General (OIG) Draft Report, "The Social Security Administration's Information Resources Management Strategic Plan" (A-14-07-27133)--INFORMATION
We appreciate OIG's efforts in conducting this review. Our comments on the draft report content and recommendations are attached.
Please let me know if we can be of further assistance. Staff inquiries may be directed to Ms. Candace Skurnik, Director, Audit Management and Liaison Staff, at extension 54636.
SSA Response
COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL DRAFT REPORT, "THE SOCIAL
SECURITY ADMINISTRATION'S INFORMATION RESOURCES MANAGEMENT STRATEGIC PLAN "(A-14-07-27133)
Thank you for the opportunity to review and comment on the draft report. We appreciate your conducting this audit of the Social Security Administration's (SSA) information resources management strategic plan.
Recommendation 1
For issues related to SSA as a whole, SSA should establish a long range Information Resources Management (IRM) strategic planning process that covers a period consistent with the Agency's Strategic Plan.
Comment
We agree to establish a long range IRM strategic planning process that covers a period consistent with the Agency's Strategic Plan.
Recommendation 2
For issues specific to SSA's IRM Plan, SSA should continue plans to include conceptual diagrams and a supplemental description of SSA's existing and target Enterprise Architecture (EA).
Comment
We agree and have plans to include the following information in the 2008 IRM
Strategic Plan:
o the existing and target EA diagrams;
o a verbal description of the fundamental differences between the current and
future diagrams; and
o a transition strategy that documents the EA segmentation as well as the projects
to manage the orderly transition from the current to the future state.
Recommendation 3
SSA should adopt the general structure of the Agency's Strategic Plan, in IRM
Plan Chapter 3, where SSA discusses its major information technology (IT) initiatives.
To provide the audience with a clear roadmap of how SSA plans to achieve the
goals and objectives it defined, for each of SSA's Strategic Objective Portfolios,
SSA should discuss areas such as the following: 1) strategic goals and objectives;
2) performance
measures with results; 3) information resources management activities (IT projects
and strategies); 4) major milestones and time frames; 5) funding, technology,
and IT staffing needs; and 6) challenges, constraints, possible solutions and
related projections if available.
Comment
We agree and have begun taking steps to restructure Chapter 3 of SSA's 2008 IRM Strategic Plan (to be published in 2007) with a focus on including more strategic information, covering a 5-year period, to tie the information to the Agency's Strategic Plan.
Appendix D
OIG Contacts and Staff Acknowledgments
OIG Contacts
Kitt Winter, Director, Data Analysis and Technical Audits Division, (410) 965-9702
Albert Darago, Audit Manager, Application Controls Branch, (410) 965-9710
Acknowledgments
In addition to those named above:
Grace Chi, Senior Auditor
For additional copies of this report, please visit our web site at www.socialsecurity.gov/oig or contact the Office of the Inspector General's Public Affairs Specialist at (410) 965-3218. Refer to Common Identification Number A 14 07 27133.
Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations
(OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General
(OCCIG), and Office of Resource Management (ORM). To ensure compliance with
policies and procedures, internal controls, and professional standards, we also
have a comprehensive Professional Responsibility and Quality Assurance program.
Office of Audit
OA conducts and/or supervises financial and performance audits of the Social
Security Administration's (SSA) programs and operations and makes recommendations
to ensure program objectives are achieved effectively and efficiently. Financial
audits assess whether SSA's financial statements fairly present SSA's financial
position, results of operations, and cash flow. Performance audits review the
economy, efficiency, and effectiveness of SSA's programs and operations. OA
also conducts short-term management and program evaluations and projects on
issues of concern to SSA, Congress, and the general public.
Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste,
abuse, and mismanagement in SSA programs and operations. This includes wrongdoing
by applicants, beneficiaries, contractors, third parties, or SSA employees performing
their official duties. This office serves as OIG liaison to the Department of
Justice on all matters relating to the investigations of SSA programs and personnel.
OI also conducts joint investigations with other Federal, State, and local law
enforcement agencies.
Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters,
including statutes, regulations, legislation, and policy directives. OCCIG also
advises the IG on investigative procedures and techniques, as well as on legal
implications and conclusions to be drawn from audit and investigative material.
Finally, OCCIG administers the Civil Monetary Penalty program.
Office of Resource Management
ORM supports OIG by providing information resource management and systems security.
ORM also coordinates OIG's budget, procurement, telecommunications, facilities,
and human resources. In addition, ORM is the focal point for OIG's strategic
planning function and the development and implementation of performance measures
required by the Government Performance and Results Act of 1993.