OFFICE OF
THE INSPECTOR GENERAL
SOCIAL SECURITY ADMINISTRATION
STATUS OF THE
SOCIAL SECURITY ADMINISTRATION’S
IMPLEMENTATION OF FISCAL YEAR 2000
MANAGEMENT
LETTER ISSUES
September
2002
A-15-02-12046
AUDIT REPORT
MissionWe improve SSA programs and operations and protect them against fraud, waste, and abuse by conducting independent and objective audits, evaluations, and investigations. We provide timely, useful, and reliable information and advice to Administration officials, the Congress, and the public.
Authority
The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:
Conduct and supervise independent and objective audits and investigations relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.
Vision
By conducting independent and objective audits, investigations, and evaluations, we are agents of positive change striving for continuous improvement in the Social Security Administration's programs, operations, and management and in our own office.
MEMORANDUM
Date: September 20, 2002 :
To: The Commissioner
From: Inspector General
Subject: Status of the Social Security Administration’s Implementation of Fiscal Year 2000 Management Letter Issues (A-15-02-12046)
OBJECTIVE
This is a follow-up audit to the PricewaterhouseCoopers LLP (PwC), "FY 2000 Management Letter – Part 2, Recommendations to Improve Management Controls and Operations Resulting from the Fiscal Year 2000 Financial Statement Audit," dated November 30, 2000. The objective of this follow-up audit was to determine the status of corrective action on selected findings and recommendations in the management letter referred to above.
BACKGROUND
In Fiscal Year (FY) 2000, PwC, an independent Certified Public Accounting firm, performed an audit of the consolidated financial statements of the Social Security Administration (SSA) as of and for the year ending September 30, 2000. PwC issued its Report of Independent Accountants, dated November 30, 2000, which is included in SSA’s Performance and Accountability Report for FY 2000. The Office of the Inspector General (OIG) monitored the work of PwC.
The primary objectives of the financial statement audit were to:
The audit of SSA’s financial statement also identified conditions that did not have a material impact on the financial statements. To report these conditions, PwC issued Management Letters – Part 1 and Part 2 to SSA addressing areas in need of management attention. Management Letter, Part 1, conveys details of a sensitive nature to SSA and is, therefore, restricted in its use. It is considered a limited distribution report. Management Letter – Part 2, contains issues of a general nature and is not limited in its distribution, but is intended as information for management and the Inspector General of SSA. In accordance with applicable standards, the Management Letter issues were not considered by PwC to be material weaknesses or reportable conditions. Nonetheless, the letters contain both findings and recommendations requiring management action.
SCOPE AND METHODOLOGY
We performed follow-up audit work on 22 of the 58 recommendations published in PwC’s FY 2000 Management Letter – Part 2. We selected recommendations from the FY 2000 report that, in our opinion, were the most important for SSA to implement. Because the original audit was SSA-wide, the findings and recommendations covered various offices within SSA. For the specific findings we reviewed, see Appendix A.
To accomplish our objective, we:
We conducted our review from December 2001 through March 2002, at SSA Headquarters in Baltimore, Maryland. Our audit was conducted in accordance with generally accepted government auditing standards.
RESULTS OF REVIEW
Of the 22 recommendations we selected, SSA reported that it completed work on 11 recommendations. SSA agreed with, but had not fully completed corrective actions on the remaining 11 recommendations.
OIG’s Evaluation of SSA Corrective Actions
We evaluated SSA’s progress and corrective actions by: interviewing the responsible SSA contact officials; reviewing PwC’s work conducted during the FY 2001 financial statement audit; and performing audit tests where necessary. In some cases, we relied on the audit work performed by PwC during the FY 2001 financial statement audit. The results of our review are as follows:
|
Audit Results
|
Findings/Recommendations
|
|
OIG agrees with SSA’s reported status |
19 |
|
OIG disagrees with SSA’s reported status |
3 |
|
Total |
22 |
Summary of OIG’s Findings
CONCLUSION AND RECOMMENDATIONS
Based on our work, we determined that SSA has implemented 8 of the 22 recommendations we selected for examination from PwC’s FY 2000 Management Letter – Part 2. SSA has not fully implemented the remaining 14 recommendations, although some actions have been taken to begin addressing these issues. Of the 14 recommendations not fully implemented, only 4 were new recommendations made during the FY 2000 financial statement audit.
|
YEAR RECOMMENDATIONS WERE FIRST REPORTED |
NUMBER OF RECOMMENDATIONS WHERE CORRECTIVE ACTION IS INCOMPLETE |
|
1997 |
7 |
|
1998 |
2 |
|
1999 |
1 |
|
2000 |
4 |
|
TOTAL INCOMPLETE |
14 |
Since PwC has already made these recommendations in the FY 2000 Management Letter – Part 2, we will not include duplicate recommendations in this report. However, SSA should continue to work to bring all of the issues identified by PwC to closure within the next audit cycle. In addition, in April 2002, PwC issued the FY 2001 Management Letter – Parts 1 and 2, which makes further recommendations for some of the issues discussed in this report.
AGENCY COMMENTS AND OIG RESPONSE
SSA did not disagree with our findings presented in the formal draft report, but stated that it has completed work or will shortly complete work on the four recommendations where OIG disagreed with SSA’s reported status. SSA stated that finding 1 under the "Results of Review" section of this report will be completed in 6 weeks. SSA stated that finding 2 was completed on May 6, 2002. However, based on our discussions with PwC, FY 2002 testing found individuals who had left SSA’s Office of Finance, but still had access to FACTS. With respect to finding 3, we agree that SSA has completed as much as it can at this time. Based on SSA’s comments to our formal draft report, we have reconsidered our position and agree to close this finding. However, we believe trust fund tax revenue estimation is a critical process, and we encourage SSA to monitor Treasury’s efforts to complete an MOU. Lastly, SSA stated that the LAE accounting policies and procedures discussed in finding 4 are now complete. However, OIG did not conduct further testing to validate the new accounting procedures.
James
G. Huse, Jr.
Appendices
APPENDIX
A – Audit Results: FY 2000 Management Letter Part 2
Appendix A
Audit Results
– FY 2000 Management Letter – Part 2
Report Section/Area Application
Development and Change Control – Scope of Application Programmer Duties
Report Section/Area Service
Continuity Finding/Rec
Number III.2.
PwC
Finding At the time of our fieldwork, SSA had not yet completed documenting
a business continuity plan for the FACTS application. Management represented
that appropriate business continuity procedures had been developed, but this
did not include documenting and distributing to affected staff a list of IT
personnel and users responsible for action during operational failure. In addition,
no documentation was available confirming that any existing informal procedures
had been kept up to date and adequately tested.
Without
a formally documented business continuity plan that is comprehensive, updated
regularly, and periodically tested, management cannot be assured that necessary
FACTS processing can be accomplished during an emergency.
PwC
Recommendation SSA should expedite completion of a formally documented
business continuity plan for FACTS, ensuring that it is:
-
Sufficiently comprehensive, addressing both short term and long term interruption
to normal processing and providing for such actions as the preparation and distribution
of a list of IT personnel and users responsible for action during operational
failure;
-
Updated regularly; and
-
Periodically tested.
SSA
Management Response We agree. Building upon the existing emergency response
procedures for FACTS, SSA will develop a business continuity plan outlining
the accounting process and responsible personnel in the event of short and long-term
operational failure. We anticipate preparation of the plan by May 1, 2001.
Cross
Reference New
SSA
Action Plan See management response.
Current
Status per SSA The business continuity plan for OFPO systems has been
drafted and is undergoing review and revision.
SSA
Target Date Ongoing
End
Date – OIG Review 3/1/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
SSA developed a business continuity plan for FACTS in August 2001. However,
this plan needs to be tested before OIG will consider this recommendation closed.
As of the end of our fieldwork, no dates had been set up for testing.
Report
Section/Area Programmatic Systems – Title II
Finding/Rec
Number IV.A.1.
PwC Finding SSA has accepted specified levels of access granted to
individuals in the field as being excessive in order to provide a high level
of customer service. Compensating controls have been implemented to control
this access such as the integrity review process. During the FY 2000 audit,
PwC noted that the access granted to supervisors allows them to initiate and
adjudicate claims. This is a separation of duties weakness that is not compensated
for through inclusion in the integrity review process as required in SSA’s "Behind
the Scenes" Policy.
PwC
Recommendation SSA should implement a process that would include the
independent review of initial claims that are also adjudicated by the same individual,
especially if that individual is performing the duties of a supervisor.
SSA
Management Response We agree and are addressing this issue through an
alternative approach. SSA has a formal systems life cycle process for the development
of all of its applications. The life cycle integrates security into the development
of each application and ensures that compensating controls to mitigate opportunity
for fraud are put in place before applications move to production.
The
Enumeration process, a crucial first step for attaining Title II benefits, is
subject to variety of compensating controls that include systems access, system
enforced separation of duties through a 2-PIN procedure and reviews performed
by management, such as CIRP and the Enumeration Sample Review. Moreover, Enumeration
is also subjected to oversight by independent organizations, such as OIG, quality
reviews and audit trail tracking.
Compensating
controls also are incorporated into the Title II claims initiation and adjudication
processes, significantly reducing opportunity for fraud. Controls specific to
Title II claims processes include the Integrated Client Data Base, which provides
death alerts from the Numident. SSA’s claims procedure requires documentary
review and are subjected to quality assurance reviews. As with Enumeration,
Title II claims are also subjected to the system enforced 2-PIN procedure. In
addition, claims are checked against the Numident for date of death and are
subjected to integrity reviews and audit tracking.
Finally,
when implemented, CIRP Release 4 will provide for a review of claims where an
employee processed an initial enumeration and adjudicated the same claim. CIRP
also ensures an independent review by preventing an individual from reviewing
actions which they processed.
Cross
Reference New
SSA
Action Plan See management response.
Current
Status per SSA Selection criteria is under development jointly by DCFAM,
OISS; DCO, OPSOS; AND DCS, OSA.
SSA
Target Date To be determined.
Updated
Target Date Complete
End
Date – OIG Review 2/12/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is complete.
PwC was able to test 19 of 22 compensating controls over initial and adjudicated
claims and determined that these controls are effective. OIG reviewed PwC’s
documentation and agrees that these controls are effective. In addition, SSA
has scheduled CIRP release 4 for implementation in June 2003. Therefore, OIG
believes that SSA has taken appropriate steps to complete work on this recommendation.
Report
Section/Area Programmatic Systems – Title II
Finding/Rec
Number IV.A.2.
PwC
Finding PwC performed on-line and batch testing of the Title II application
as part of its FY 2000 audit. This testing included entering transactions in
both MCS and MACADE to ensure adequate editing and data validation checks were
performed to ensure data integrity and reduce the risk of fraud. As a result
of our work the following situations were identified:
-
MCS should have provided (but did not) an alert or error message when:
-
An individual filing for a claim was dead.
-
A child was filing for a claim, but was married.
-
The date of adoption of a child was after the numberholder’s date of death.
-
MACADE should have provided (but did not) an alert or error message when:
-
The sex code is not validated when entering claim information.
-
The Primary Insurance Amount (PIA) is not validated to ensure that it is <=$3,000.
PwC
Recommendation SSA needs to enhance its edits and data validation checks
for Title II applications, thereby improving data integrity and reducing the
risk of fraud. Additionally, the batch process should produce alerts for transactions
that are inaccurate or questionable but have not resulted in a surface, inter-screen
or intra-screen error message being displayed during on-line data entry.
SSA
Management Response We agree and are evaluating PwC’s findings. Corrective
actions will be incorporated into future Title II redesign initiatives.
Cross
Reference New
SSA
Action Plan See management response.
Current
Status per SSA SSA provided PwC with additional information regarding
the MACADE findings and it was agreed that these situations were valid and no
action was necessary by SSA.
Regarding
MCS findings, we agree and expect to schedule changes for a future release.
SSA
Target Date Ongoing
Updated
Target Date Complete
End
Date – OIG Review 1/29/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is complete.
PwC was not able to test all MCS edits in the online environment. However, for
the edits that were tested, PwC found no exceptions. In addition, a MCS release
was completed in September 2001 that includes corrections made to the edits
PwC was not able to test. PwC was able to test MACADE edits online with no exceptions.
SSA should continue to ensure that alerts are working correctly in the situations
described in PwC’s finding, as PwC will be testing these again for FY 2002.
Report
Section/Area Programmatic Systems – Earnings Record Maintenance System
(ERMS)
Finding/Rec
Number IV.B.1.
PwC
Finding SSA has developed a key initiative tactical plan and schedule
entitled "Reduce Earnings Suspense File’s Future Growth and Current Size"
to address the suspense file and reconciliation issue identified in 1997. This
plan, initially drafted in July 1998, is currently being revisited for changes,
which SSA had hoped to complete by December 1999. During the FY 2000 audit,
a contract was awarded to a third party to provide assistance and guidance in
reducing the suspense file and implement a process that would maintain future
suspense postings at a manageable level.
PwC
Recommendation SSA should await the results of the contractor’s efforts
on the suspense file project and then use them to implement a solution to reduce
the suspense file and improve the process for handling future suspense postings.
SSA
Management Response SSA is still waiting on the contractor’s final report.
When the report is received, SSA will assess the results and determine what
actions are appropriate.
Cross
Reference FY99 Management Letter - Part 2, III.2.A; FY98 Management Letter
- Part 2, III.3.A; FY97 Management Letter - Part 2, V.3.A.1.
SSA
Action Plan A final action plan will be developed based on the outcome
of the contractor’s efforts.
Current
Status per SSA SSA recently received the contractor’s final report and
is in the process of evaluating its findings and recommendations.
SSA
Target Date To be determined.
End
Date – OIG Review 2/25/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
SSA has not yet selected an approach option from the contractor’s final report.
The Office of Quality Assurance (OQA) is evaluating the report and expects to
complete their evaluation by October 31, 2002.
Report
Section/Area Programmatic Systems – Death Alert, Control and Update System
(DACUS)
Finding/Rec
Number IV.D.2.
PwC
Finding As PwC has noted in prior audits, SSA’s current practice of obtaining
death data does not ensure that this data is entered into DACUS accurately,
timely, and only once. External entities under contract to SSA to supply death
data are paid 60 cents per transaction. SSA could pay more than once for the
same death data because DACUS contains no edit routine to identify instances
where two or more data providers submit the same death notice. These data providers
are contractually required to submit death notices within 3 months of the month
of death. The majority of these entities are still preparing this data manually
prior to transmission, accounting for the extended time period allowed for data
submission. SSA is moving forward with the implementation of electronic death
certificates to reduce the timeframe for submission. Upon the completion of
the pilot program for this process, SSA expects to deliver final contract standards
to the states by March 2001 and to phase in all states over the next five to
ten years.
PwC
Recommendation SSA should look for ways to expedite its initiatives for
reducing the amount of time required by outside sources to submit death notifications,
such as use of the electronic death certificate.
SSA
Management Response We agree. We concur with the recommendation to explore
initiatives to obtain death data more timely from outside agencies. SSA is providing
support for the Electronic Data Registration (EDR) pilot activities now being
developed by partially funding the States to develop and implement their electronic
systems. Under EDR, SSA will receive a death report from the States within 24
hours or within 5 days of the filed certificate.
Cross
Reference FY99 Management Letter - Part 2, III.4.B; FY98 Management Letter
- Part 2, III.5.B.
SSA
Action Plan See management response.
Current
Status per SSA SSA plans to award contracts to some of the States in
September 2001. Under EDR, SSA will receive a death report from the States within
24 hours or within 5 days of the person’s death. Part of SSA’s requirement is
to obtain a verified SSN at the first point of collection in the EDR process.
For those verified SSN’s, SSA will take immediate action on those death reports.
DCS
recently received from DCDISP two new Initiative Information Documents outlining
a permanent Internet-based solution and changes that would designate an EDR
as a first priority report. Meetings/discussions to schedule the Initiative
Information Documents began on July 19, 2001 and the Plan Chairs for the affected
5 Year Plans are working to determine timeframes for the planning and analysis
on this project.
SSA
Target Date To be determined.
End
Date – OIG Review 1/29/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
SSA has made considerable progress towards closing this recommendation. It awarded
two contracts to New Hampshire and Washington, D.C. to begin receiving electronic
death reports and plans to eventually award contracts to all states. In addition,
SSA is planning a pilot for Electronic Death Registration to begin in August
2002.
Report
Section/Area Programmatic Systems – Computer Assisted Audit Techniques
Finding/Rec
Number IV.F.Overview
PwC
Finding Overview
Our
2000 work confirmed that data reliability/integrity weaknesses still exist within
SSA’s automated files and records. While such problems can result from application
change control weaknesses or application design weaknesses, they can also be
the result of minimal effort made to remove incorrect data remaining on files
after identified software code weaknesses have been corrected. These data anomalies
could impact future processing or add to SSA’s workload by requiring extra effort
to resolve incorrect data.
We
performed selected tests, using audit software, on some of SSA’s primary data
files. This testing was restricted to the eleventh segment of the Numident,
MBR, and SSR files, and to the 1999 earnings data posted for persons in that
segment. A projected total for all segments is presented in parenthesis for
each test listed.
Although
SSA has shown some improvement in this area, examples of the data integrity
weaknesses we identified during our 2000 testing are discussed below.
PwC
Recommendation General Recommendations
SSA
should:
-
Analyze its automated databases to identify key data integrity conditions that
should apply within and across databases.
-
Design and implement data integrity checking programs for the full production
databases to identify the total population of records with potential data integrity
problems.
-
Investigate, identify, and rectify the root causes of data integrity problems.
-
Ensure appropriate automated and manual controls are in place to prevent problems
from recurring, including periodically running the data integrity checking programs
as a detective control.
-
Investigate and correct instances of invalid data on individual records that
may affect payment status. Refer any suspicious transactions to the OIG for
investigation.
-
Improve data administration for systems with regard to applying consistent definitions
and formats for commonly used data elements.
For
those instances where the data integrity problems noted may be the result of
historical problems now prevented by recent SSA modernization efforts, the agency
should ensure that the existence of this data will not adversely affect the
payment status of any individual.
SSA
Management Response We agree. However, there are no major changes planned
for Client between now and the end of the calendar year (2001) that would impact
this recommendation. With all available resources devoted to high priority initiatives
in the TII and TXVI areas, not to mention legislation and Internet, there are
none available to work on Client-related enhancements.
Long-range plans exist to develop the Client system to strengthen data integrity.
Automated database clean-up efforts, whenever technically feasible, are included
in these plans. One example is the planned posting of proven dates of birth
on the MBR and SSR to the Numident. This will not only reduce date of birth
discrepancies, but also facilitate future postings of dates of death since there
will be fewer non-match situations. This activity is currently unscheduled in
the Enumeration/Client 5-Year Plan; resource issues may or may not impact the
originally anticipated implementation target date of late 2001; we will know
more by March 2001.
SSA Action
Plan See management response.
Current
Status per SSA Recent and upcoming Client activity to improve data integrity
and system communication includes:
·
With the 9/2001 T2R2.1 release, certain miscellaneous data corrections coming
in through the MONET system will also update Client and the Numident. This includes
corrections to claimants own SSN plus changes to DOB, DOB proof and SEX.
·
Also with the 9/2001 T2R2.1 release, the T2R batch process will update Client
with language preference changes.
·
A service request has been submitted to OSDD to clean up certain data anomalies
remaining on Client after software changes had been incorporated. Due to higher
priority initiatives, OSDD resources have not yet been available to institute
the cleanup activity.
·
A contractor review of SSA death processing is currently being done with an
eye toward a future overhaul of such processing. The Client database and/or
screens will be integral to any resulting new process and will help to enable
sharing and integrity of death data.
·
Client is slated to play an important role in the proposed Customer Service
Record (CSR) project. This system also is intended to interface with SSA's application
systems and promote data sharing and hence, greater data integrity.
SSA Target Date Ongoing
OIG Comment See
Finding/Rec Numbers IV.F.1., IV.F.2., and IV.F.4. for specific findings, management
response, and OIG conclusions. The Overview is not considered a separate recommendation
by OIG.
Report
Section/Area Programmatic Systems – Computer Assisted Audit Techniques
Finding/Rec
Number IV.F.1.
PwC Finding In
1997, a comparison of the MBR and Numident identified 819 records (projected
total 16,380) where the individual was alive and in a current pay status on
the MBR but listed as dead on the Numident.
In 1998,
the comparison yielded similar results, with 944 records (projected total 18,880)
identified.
In
1999, our comparison again yielded similar results, with 867 records (projected
total of 17,340) identified.
The
2000 comparison showed a slight improvement, with a yield of 706 records (projected
total of 14,120).
PwC Recommendation Refer
to the General Recommendations in the Overview above.
SSA Management
Response F.1 and F.2. We agree. In November 2000, we implemented a DACUS
change that will automatically delete the Numident death posting when a person
is reinstated to benefit status on the MBR and/or SSR after having been erroneously
terminated for death. The former second input needed to DACUS was the primary
cause of these inconsistencies. We are currently developing a program to identify
all records on the MBR where payment has been reinstated and the Numident retains
the death information. We will then delete the erroneous death. We expect to
complete this by March. We will then develop a similar matching and update for
the SSR; we do not yet have a target date. We expect that this will eliminate
the problem.
Cross Reference FY99 Management Letter - Part 2, III.6.A; FY98 Management Letter - Part 2, III.6.Overview and A.-D.; FY97 Management Letter - Part 2, III.6.A. and A1. - A4.
SSA Action Plan See management response.
Current Status per SSA Actions to identify MBR records where payment was reinstated but the Numident retained the death information was completed for one segment of the Numident in March 2001. The results of this match are being analyzed and will be presented to management. Actions to address SSR/Numident inconsistencies remain in development.
SSA Target
Date To be determined.
End Date – OIG Review 1/29/02
OIG Confirmation of Status Agree. SSA’s work on this recommendation
is incomplete. Progress has been made, as PwC found only eight discrepant cases
after the date of the DACUS change in the MBR segment it tested. In addition,
SSA now has several projects under way to help decrease the number of discrepancies
encountered. In the future, PwC plans to address the cause of these discrepancies
in a new recommendation that is being developed. SSA is still completing work
to manually correct MBR/Numident discrepancies where the date of death is 1990
or later.
Report Section/Area Programmatic Systems – Computer Assisted Audit
Techniques
Finding/Rec Number IV.F.2.
PwC Finding In 1997, a comparison of the SSR and Numident identified
60 records (projected total 1200) where the individual was alive and in a current
pay status on the SSR but listed as dead on the Numident.
In 1998, the comparison yielded similar results, with 66 records (projected total 1320) being identified.
In our 1999 testing we identified 49 (projected total 980) records meeting this test criteria.
In 2000, the comparison identified 79 (projected total of 1580) individuals that were alive and in current pay status on the SSR, but listed as dead on the Numident.
PwC Recommendation Refer to the General Recommendations in the Overview above.
SSA Management Response F.1 and F.2. We agree. In November 2000, we implemented a DACUS change that will automatically delete the Numident death posting when a person is reinstated to benefit status on the MBR and/or SSR after having been erroneously terminated for death. The former second input needed to DACUS was the primary cause of these inconsistencies. We are currently developing a program to identify all records on the MBR where payment has been reinstated and the Numident retains the death information. We will then delete the erroneous death. We expect to complete this by March. We will then develop a similar matching and update for the SSR; we do not yet have a target date. We expect that this will eliminate the problem.
Cross
Reference FY99 Management Letter - Part 2, III.6.B; FY98 Management Letter
- Part 2, III.6.Overview and A.-D.; FY97 Management Letter - Part 2, III.6.A.
and A1. - A4.
SSA
Action Plan See management response.
Current
Status per SSA Actions to identify MBR records where payment was reinstated
but the Numident retained the death information was completed for one segment
of the Numident in March 2001. The results of this match are being analyzed
and will be presented to management. Actions to address SSR/Numident inconsistencies
remain in development.
SSA
Target Date To be determined.
End
Date – OIG Review 1/29/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
PwC found discrepancies after the date of the DACUS change in the SSR segment
it tested. SSA now has several projects under way to help decrease the number
of discrepancies encountered. SSA is still completing work to manually correct
SSR/Numident discrepancies where the date of death is 1990 or later.
Report
Section/Area Programmatic Systems – Computer Assisted Audit Techniques
Finding/Rec
Number IV.F.4.
PwC
Finding In 1997, a comparison of the MBR, SSR, and Numident identified
a large number of corresponding records with significant differences in dates
of birth. Using a tolerance of >3 years for comparison purposes, we noted
13,998 differences between the MBR and the Numident, and 20,254 between the
SSR and Numident.
The
number of discrepancies improved in 1998; however, we still identified 6,433
differences between the MBR and the Numident, and 711 between the SSR and Numident.
In
1999 the numbers improved some more with 6,078 differences between the MBR and
the Numident, and 579 between the SSR and Numident.
In
2000, the number of records with a date of birth difference > 3 years between
the MBR and the Numident continued to improve, dropping to 5,389. However, we
also identified 1,041 records with a date of birth difference > 3 years between
the SSR and Numident, a significant increase over the 1999 results.
PwC
Recommendation Refer to the General Recommendations in the Overview above.
SSA
Management Response We agree with this recommendation. We continue to
plan to resolve the condition by updating the Numident with the proven MBR and
SSR dates of birth. However, higher priority workloads continue to keep this
project as Unscheduled in the 5 Year Plan.
Cross
Reference FY99 Management Letter - Part 2, III.6.D; FY98 Management Letter
- Part 2, III.6.Overview and A.-D.; FY97 Management Letter - Part 2, III.6.A.
and A1. - A4.
SSA
Action Plan See management response.
Current
Status per SSA No change.
SSA
Target Date To be determined.
End
Date – OIG Review 1/29/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
SSA indicated that there has been no status change since the last update. Clean
up of discrepant cases is still unscheduled in the 5-Year Plan.
Report
Section/Area Administrative Systems – Financial Accounting System (FACTS)
Finding/Rec
Number V.A.2.
PwC
Finding Past audits determined that additional changes in the front-end
edit criteria are required to reduce the number of suspense items. Without these
changes, the number of suspense items would grow to a level that would impair
SSA’s ability to clear items in a timely manner. This, in turn, would increase
the risk of inaccurate data and inflated dollar values in suspense.
SSA
implemented four fixes during FY 1999 to address this issue. During FY 2000
the agency also implemented a Third Party Draft vendor table in the field offices
that is to reduce the number of rejections by providing valid EINs that will
be used to edit input prior to transmission to Headquarters.
Release
1.1 of the Third Party Draft system has been received by 1300 field offices.
About 435 offices have already converted to the new system. The field offices
can now update the FACTS vendor tables using a manual process. Release 2.0,
which was expected in October 2000, will allow a more direct link to the FACTS
vendor tables.
At
the time of our follow-up work, the implementation of the Third Party Draft
vendor table had little impact on the volume of suspense transactions. We acknowledge,
however, that this initiative probably had not been in place long enough to
fairly assess its effectiveness.
PwC
Recommendation SSA should monitor the volume of suspense file transactions
to ensure that the changes in the edit criteria required to improve suspense
processing, along with the addition of a Third Party Draft vendor table, meet
the expected results of reducing the number of suspense items.
SSA
Management Response We agree. In mid-December, Release 2.0 of TPPS occurred
with completion of the rollout by early February 2001. With TPPS release 2.0,
a Vendor Maintenance Form (VMF) is generated when a new payee is entered in
the payee table. While it is expected this software release will substantially
reduce the number of TPPS errors, it is too premature to make that assessment.
Cross
Reference FY99 Management Letter - Part 2, IV.1.B; FY98 Management Letter
- Part 2, IV.1.B.; FY97 Management Letter - Part 2, V.3.E.
SSA
Action Plan See management response.
Current
Status per SSA Completed
SSA
Target Date Completed
End
Date – OIG Review 1/28/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is complete.
SSA has improved the processing for third party draft suspense items and demonstrated
that the number of third party draft suspense errors continues to be low.
Report
Section/Area Administrative Systems – Financial Accounting System (FACTS)
Finding/Rec
Number V.A.3.
PwC
Finding There is a need for more complete tracking and reporting on the
activities related to resolving open obligations. Past audits identified that
open obligations were not being de-obligated in a timely manner and de-obligated
obligations were not adequately documented. Consequently, funding levels may
be incorrectly stated, resulting in the potential for inappropriate use of valuable
resources.
In
FY 1999, SSA implemented procedures to document liquidated obligations. However,
per the Open Obligation Report, a significant number of long standing unliquidated
obligations remain outstanding, including numerous obligations from fiscal years
1994, 1995, 1996, and 1997. Open obligations are not being de-obligated in a
timely manner in part because current procedures do not address the timely liquidation
of obligations.
PwC
Recommendation SSA should enhance current policies and procedures to
ensure that the de-obligation process is operating effectively and timely. An
overall aged balance should be established as of the end of the fiscal year
and all activities by the Office of Finance should be accumulated into the monthly
Report of Validations to ensure that management has a complete picture of the
status of open obligations and the activity related to resolving them.
SSA
Management Response We agree. Additional research demonstrates that large
portions of prior fiscal year open obligations are Reimbursable Work Authorizations
(RWA's) with the General Services Administration (GSA). To that end, we now
receive from GSA an electronic feed of open RWA's to enhance the validation
process. In addition, beginning January 2001, SSA developed an accounting system
query to produce an aging report for open obligations. This report is produced
and analyzed on a monthly basis.
In
addition, based upon our experience of validating RWA's with GSA, we plan to
look at other categories of obligations to improve the validation process.
Cross
Reference FY99 Management Letter - Part 2, IV.1.E; FY98 Management Letter
- Part 2, IV.1.F.
SSA
Action Plan See management response.
Current
Status per SSA Completed
SSA
Target Date Completed
End
Date – OIG Review 3/1/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is complete.
PwC found that statistics are being reported for open obligations acted on and
cleared and that the validation and reduction of open obligations are being
tracked. SSA was able to provide evidence that it is making definite progress
in validating open obligations. By the end of November 2001, SSA had reviewed
all Headquarters reimbursable work authorizations and all interagency agreements
for FY 1997. However, OIG may revisit this issue in the future to ensure open
obligations continue to be addressed in a timely manner.
Report
Section/Area Administrative Systems – Financial Accounting System (FACTS)
Finding/Rec
Number V.A.5.
PwC
Finding The current FACTS re-certification process used to validate an
individual’s access to the system needs to be enhanced. Of 39 FACTS user profiles
sampled, 12 had access that was not necessary for the performance of their duties.
There were some indications that access had been retained from a prior position.
The FACTS re-certification process needs to ensure that access is only granted
to those with a need.
PwC
Recommendation SSA should enhance their current re-certification process
by implementing the following:
-
A standard profile for each position requiring access to FACTS and a requirement
that access be requested in terms of the standard profile.
-
A re-certification listing showing the access of each person and a requirement
that each supervisor justify access that is not consistent with the standard
profile.
SSA
Management Response We agree. SSA has begun to develop standard profiles
for each position that accesses FACTS. In addition, a re-certification listing
will be developed as described in the recommendation.
Cross
Reference New
SSA
Action Plan See management response.
Current
Status per SSA FACTS Standard Profiles are near completion. Once complete,
a recertification of the profiles will occur and is targeted for 8/31/01.
SSA
Target Date August 31, 2001
End
Date – OIG Review 2/28/02
OIG
Confirmation of Status Disagree. SSA’s work on this recommendation is
incomplete. SSA has created standard profiles for all of the FACTS users. However,
as of April 5, 2002 a re-certification had not been completed. It is important
that the re-certification process is completed to ensure that the level of access
currently held by FACTS users matches their standard profiles.
Report
Section/Area Other – Title 2/Title 16 Issues
Finding/Rec
Number VI.A.1.
PwC
Finding SSA has established preventive and detective controls to ensure
accurate payments to beneficiaries. Two of the main detective controls are the
Index of Dollar Accuracy (IDA) review and the Stewardship review. Through these
reviews, SSA successfully confirms the accuracy, and in certain cases, the inaccuracy
of benefit payments. When payment discrepancies are identified, the appropriate
Program Service Center (PSC) or Field Office (FO) is notified to follow-up on
the matter. Our testing confirmed that these notifications were being sent.
However, our testing also indicated that the PSCs/FOs inconsistently resolve
these payment discrepancies. Furthermore, we noted current SSA policy does not
provide a mechanism to reasonably assure that the noted discrepancies are ultimately
resolved by the PSCs/FOs.
PwC
Recommendation We recommend that SSA update its current policies related
to the IDA and Stewardship reviews to provide a means of ensuring that all payment
discrepancies noted during these reviews are resolved by the PSCs/FOs in a timely
manner.
SSA
Management Response We agree. Existing Quality Review Manual (Title II)
and Quality Review Manual System (Title XVI) procedures call for the quality
reviewers to obtain master beneficiary/supplemental security record queries
30 days after sending a payment error feedback report to the PSCs/FOs to determine
if the corrections have been made. If the corrections have not been made, the
reviewers are to follow up with PSC/FO. If there is no response to the followup
request in 15 days, the Regional Director for Quality Assurance and Performance
Assessment (ROQA) is to request the assistance of the Assistant Regional Commissioner
for Management, Operations and Systems to have the PSC or FO correct the case.
These procedures can also be found in POMS (the Title XVI procedure in DG 16590.040
and the Title II procedure in DG 16073.047). We believe that the procedures
are adequate for ensuring that payment errors are corrected; however, these
procedures have not been followed in all instances. We are sending a reminder
to all ROQA directors emphasizing the importance of closely following the established
QRM and QRMS procedures for ensuring that payment errors are corrected by the
PSCs and FOs.
Cross
Reference New
SSA
Action Plan See management response.
Current
Status per SSA In January 2001, a reminder was sent to all ROQA Directors
emphasizing the importance of closely following the established QRM and QRMS
procedures for ensuring that payment errors are corrected by the PSCs and FOs.
SSA
Target Date Completed
End
Date – OIG Review 3/1/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is complete.
In FY 2001, no cases were found where OQA failed to ensure that the PSC or FO
corrected a payment error found by OQA. In addition, OQA has instituted periodic
monitoring of ROQA adherence to Quality Review Manual and Quality Review Manual
System procedures regarding correction of payment errors.
Report Section/Area Other – Title 2/Title 16 Issues
Finding/Rec Number VI.A.6.Report
Section/Area Other – Title 2/Title 16 Issues
Finding/Rec
Number VI.A.8.
PwC
Finding During previous audits, we noted that the four balancing reports
generated from the Time Share Option (TSO) system by the Division of Benefit
Certification Branch (DBCA) indicated an out-of-balance condition. During fiscal
year 2000, SSA reset the balances on the Group Totals report and temporarily
the reports balanced. However, because the exact cause of the out-of-balance
condition was not determined, the reports currently indicate a continued out-of-balance
condition at September 30, 2000. Specifically, the Group Totals report indicated
that 11,275 fewer payments totaling $4,012,972.99, were made than payments reported
on the other three reports. DBCA believes that they have identified the reason
for this out-of-balance condition. Our review disclosed that SSA created a task
group to identify the cause of and solution to the out-of-balance condition,
but actions to fully resolve this matter have not been taken. Failing to properly
balance the reports from the TSO system could cause inaccurate payments to be
made to recipients.
PwC
Recommendation SSA should continue its efforts to identify the exact
cause for this out-of-balance condition, modify the system as needed, so out-of-balance
conditions are reconciled in a timely manner.
SSA
Management Response We agree. Currently we have formed a cross-functional
workgroup and are in the Planning and Analysis (P&A) stage of evaluating
the problem. P&A should be completed in March 2001. Since Group Totals do
not produce any transactions, only summary totals, it has been impossible to
perform the type of reconciliation recommended when an out-of-balance condition
exists. A record-level database needs to be established to perform this validation.
Evaluation of the various options the Office of Systems may need to pursue (e.g.,
possibly a rewrite of the entire system) based on the workgroup's recommendation
will occur after P&A is completed.
Cross
Reference FY99 Management Letter - Part 2, V.7; FY98 Management Letter
- Part 2, V.H.; FY97 Management Letter - Part 2, V.2.G.
SSA
Action Plan See management response.
Current
Status per SSA DBCA formed a cross-functional workgroup to evaluate the
problem. While in the Planning and Analysis (P&A) stage the group was temporarily
suspended in January 2001 because the Office of Systems Design and Development
(OSDD) was forced to allocate its resources to a Modernized Overpayment/Underpayment
Reporting System (MOURS)-related project.
SSA
Target Date To be determined
End
Date – OIG Review 1/10/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
SSA has submitted an IT proposal to correct the out-of-balance condition for
the SSI payment files. Corrections are still needed for other files that feed
into the Group Totals report.
Report
Section/Area Other – Title 2/Title 16 Issues
Finding/Rec
Number VI.A.10.
PwC
Finding During our testing of the Index of Dollar Accuracy (IDA) and
Stewardship reviews performed by the Office of Quality Assurance (OQA) we noted
the following weaknesses which impair the effectiveness of the reviews.
-
OQA needs to update its RSDI Quality Review Manual (QRM) to include detailed
guidance related to performing Index of Dollar Accuracy (IDA) and Stewardship
reviews. During our testing we noted that the lack of detailed guidance has
resulted in inconsistencies among regions in the way that the reviews are performed.
-
OQA needs to update the QRM to include new existing policies and procedures.
During our testing we noted that the QRM does not include the new policies and
procedures regarding the use of the SSA-2930, RSI/DI Quality Review Case Analysis
– Sampled Number Holder or the SSA 2931, RSI/DI Quality Review Case Analysis
– Auxiliaries/Survivors. In addition, our testing disclosed several instances
where OQA reviewers improperly excluding cases from review based on the existence
of the "dual entitlement stratum", which has not been in place since
FY 1996.
-
OQA does not have written policies or procedures in place to reasonably assure
that cases are excluded from the IDA and Stewardship reviews based on valid
programmatic/business reasons. During our audit we noted several instances where
OQA reviewers improperly excluded sample items from review. The lack of such
policies and procedures increases the risk that errors could go undetected because
sample items were improperly excluded from testing.
PwC
Recommendation We recommend that SSA update the RSDI QRM to reflect current
policies and procedures and to include detailed guidance for performing IDA
and Stewardship reviews. We further recommend that SSA establish and implement
written policies and procedures to reasonably assure the propriety of IDA and
Stewardship cases excluded from review.
SSA
Management Response We agree. To the extent possible, exclusion criteria
are written into the Automated Sample Selection Process (ASSP). Where manual
exclusions occur, they are made in accordance with established guidelines. Should
situations outside the guidelines occur, regional staffs consult with central
office before excluding a case.
Cross
Reference FY99 Management Letter - Part 2, V.2; Various.
SSA
Action Plan See management response.
Current
Status per SSA The current effort to replace the IDA reviews with a transaction
analysis review procedure to make the process a more useful tool for Operations
to improve accuracy has deferred our plans to completely overhaul the QRM procedures.
Instead of a complete overhaul, we are now planning a QRM release to cover key
changes, once the revised transaction review procedures are finalized after
testing and piloting. The planned QRM release is not expected before mid to
late FY 2002.
SSA
Target Date Late FY 2002
End
Date – OIG Review 2/7/02
OIG
Confirmation of Status Agree. SSA’s work on this recommendation is incomplete.
The transaction analysis review to replace IDA reviews was approved by Acting
Commissioner Massanari. SSA still plans to have a QRM release covering key procedural
changes completed during FY 2002.
Report Section/Area Other – Title 2/Title 16 Issues
Finding/Rec Number VI.A.15.Appendix B
Table of Acronyms
ASSP Automated Sample Selection Process
AWG Administrative Wage Garnishment
CDR Continuing Disability Review
CIRP Comprehensive Integrity Review Process
CSR Customer Service Record
DACUS Death Alert, Control and Update System
DBCA Division of Benefit Certification Branch
DCDISP Deputy Commissioner for Disability and Income Security Programs
DCFAM Deputy Commissioner for Finance, Assessment and Management
DCIA Debt Collection Improvement Act
DCO Deputy Commissioner for Operations
DCS Deputy Commissioner for Systems
DI Disability Insurance
DOB Date of Birth
EDR Electronic Death Registration
EIN Employer Identification Number
ERMS Earnings Record Maintenance System
FACTS Financial Accounting System
FO Field Office
FY Fiscal Year
GSA General Services Administration
IDA Index of Dollar Accuracy
IT Information Technology
LAE Limitation on Administrative Expenses
MACADE MADCAP Direct Data Entry
MADCAP Manual Adjustment Credit and Award Process
MBR Master Beneficiary Record
MCS Modernized Claims System
MONET Miscellaneous Online Edited Transaction
MOURS Modernized
Overpayment/Underpayment Reporting System
NUMIDENT A
query using the SSN to obtain the name of the number’s owner
OASDI Old
Age, Survivors and Disability Insurance
OCACT Office
of the Chief Actuary
OFPO Office
of Financial Policy and Operations
OISS Office
of Information Systems Security
OMB Office of Management and Budget
OPSOS Office of Public Services and Operations Support
OIG Office of the Inspector General
OSA Office of Systems Analysis
OQA Office of Quality Assurance
OSDD Office of Systems Design and Development
P&A Planning
and Analysis
PC Personal
Computer
PIA Primary
Insurance Amount
PIN Personal
Identification Number
POMS Program Operations Manual System
PSC Program Service Center
PUPS Prisoner Update Processing System
PwC PricewaterhouseCoopers LLP
QA Quality Assurance
QRM Quality Review Manual
QRMS Quality
Review Manual System
ROQA Regional
Office of Quality Assurance and Performance Assessment
RSDI Retirement and Survivors Disability Insurance
RSI Retirement Survivors Insurance
RWA Reimbursable Work Authorization
SRCOL System Release Certification Online
SSA Social Security Administration
SSI Supplemental Security Income
SSN Social Security Number
SSR Supplemental Security Record
TII Title II of the Social Security Act
TPPS Third Party Payment System
TSO Time Share Option
TXVI Title XVI of the Social Security Act
VMF Vendor Maintenance Form
Appendix C
Agency Comments
SOCIAL SECURITY
|
MEMORANDUM |
|
Date: |
September 4, 2002 Refer |
|
|
To: |
James
G. Huse, Jr. |
|
From: |
Larry
Dye |
|
Subject: |
Office of the Inspector General (OIG) Draft Report, "Status of the Social Security Administration’s Implementation of Fiscal Year 2000 Management Letter Issues" (A-15-02-12046)—INFORMATION |
We appreciate the OIG’s efforts in conducting this review. Our comments on the report are attached.
Staff questions can be referred to Mark Welch on extension 50374.
SSA Comments
COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL’S (OIG) DRAFT REPORT, "STATUS OF THE SOCIAL SECURITY ADMINISTRATION’S IMPLEMENTATION OF FISCAL YEAR 2000 MANAGEMENT LETTER ISSUES" (A-15-02-12046)
Thank you for performing this review of Social Security Administration (SSA) actions to resolve issues presented in prior PricewaterhouseCoopers LLP (PwC) reports relating to SSA management controls and operations. The annual PwC audit of our financial statements is an important component in the overall management of the programs administered by SSA, and we are working to resolve issues presented by PwC as soon as possible.
We have the following comments on the status of SSA actions relating to the four prior PwC findings highlighted in this OIG report:
Finding II.B.2. (pages 3-4 of Appendix A)
PwC recommended SSA complete the drafting and implementation of program service center (PSC) change control procedures and consider assigning the production environment to non-programmers. SSA agreed with this recommendation and reported that work on this recommendation was complete. OIG determined that corrective action is not complete. SSA has developed standardized change control procedures for the PSCs. However, a systems change still needs to be made to limit programmer access to the production environment at the PSCs. SSA stated that it expected to complete this change by the end of April 2002. However, as of April 2, 2002, this was not completed.
Comment
The requirement to implement the creation of profiles to establish the appropriate separation of duties for the PSCs is under review by SSA systems security staff. Once approved, implementation should occur within 6 weeks.
Finding V.A.5. (pages 28-29 of Appendix A)
PwC recommended SSA enhance the current re-certification process by implementing a standard profile for each position requiring access to the Financial Accounting System (FACTS), and a requirement that access be requested in terms of the standard profile. SSA agreed with this recommendation and reported that work on this recommendation would be completed by
August 31, 2001. OIG determined that corrective action was not completed by August 31, 2001. SSA has created standard profiles for all of the FACTS users. However, as of April 5, 2002, a re-certification had not been completed. It is important that the re-certification process is completed to ensure that the level of access currently held by FACTS users matches their standard profiles.
Comment
Recertification of FACTS profiles was completed on May 6, 2002. The FACTS standard profiles were completed on April 11, 2002. Therefore, we believe SSA has satisfied this audit finding.
Finding VI.B.1. (pages 40-41 of Appendix A)
PwC recommended SSA document the process which should be followed regarding possible disputes with Treasury and determine that Treasury is in agreement with all aspects of SSA’s procedures of estimating the tax revenues and for resolving discrepancies. SSA agreed with this recommendation and reported that procedures would be in place by August 31, 2001. OIG determined that corrective action was not complete as of March 1, 2002. SSA did issue its accounting manual chapter; however, Treasury has not yet met with SSA to establish a Memorandum of Understanding (MOU). This is scheduled to take place sometime during FY 2002. We feel that SSA should change its target date for completion of work on this recommendation to "To be determined – pending action by Treasury." Although SSA has completed all work that it can at this time, SSA still has a responsibility to ensure that Treasury’s MOU encompasses all aspects of SSA’s procedures.
Comment
We are pleased that the OIG recognizes that SSA has fulfilled its portion of this audit finding. However, we do not agree that SSA should be held responsible for actions pending by an outside entity, in this instance the Department of the Treasury. We recently learned that Treasury has once again delayed development of user agreements with the 15 trust fund managed agencies (including SSA) until FY 2003, focusing instead on agencies that maintain their own investments. Treasury plans to conduct a survey of the trust fund managed agencies prior to development of any agreements. However, if Treasury development of the various agency agreements is once again re-prioritized by Treasury, SSA will be unfairly held responsible in the meantime. Since the roles and responsibilities of SSA and Treasury are already documented and will be subsumed in Treasury's agreement, we see no need for this audit finding to remain open.
Finding VI.C.2. (pages 44-45 of Appendix A)
PwC recommended that SSA develop and document a comprehensive set of policies and procedures regarding the Limitation on Administrative Expenses (LAE) program to outline how transactions are processed, allocated, and reported. SSA agreed with the recommendation and stated that the documentation would be complete by August 31, 2001. OIG determined that corrective action on this recommendation was not complete as of January 30, 2002. SSA had drafted LAE Accounting and Reporting procedures in August 2001. SSA recently revised the draft procedures, but has not completed this effort.
Comment
The accounting policies and procedures for the LAE program have been completed and implemented.
Appendix D
OIG Contacts and Staff Acknowledgments
OIG Contacts
Frederick
C. Nordhoff, Director, Financial Audit Division, (410) 966-6676
Victoria
Vetter, Deputy Director, Financial Audit Division, (410) 966-9081
Acknowledgments
In addition to those named above:
Kristen
Schnatterly, Auditor-in-Charge
Cheryl
Robinson, Writer/Editor
For additional copies of this report, please visit our web site at www.socialsecurity.gov/oig or contact the Office of the Inspector General’s Public Affairs Specialist at (410) 966-1375. Refer to Common Identification Number A-15-02-12046.
Overview of the Office of the Inspector General
Office of Audit
The Office of Audit (OA) conducts comprehensive financial and performance audits of the Social Security Administration’s (SSA) programs and makes recommendations to ensure that program objectives are achieved effectively and efficiently. Financial audits, required by the Chief Financial Officers' Act of 1990, assess whether SSA’s financial statements fairly present the Agency’s financial position, results of operations and cash flow. Performance audits review the economy, efficiency and effectiveness of SSA’s programs. OA also conducts short-term management and program evaluations focused on issues of concern to SSA, Congress and the general public. Evaluations often focus on identifying and recommending ways to prevent and minimize program fraud and inefficiency, rather than detecting problems after they occur.
Office of Executive Operations
The Office of Executive Operations (OEO) supports the Office of the Inspector General (OIG) by providing information resource management; systems security; and the coordination of budget, procurement, telecommunications, facilities and equipment, and human resources. In addition, this office is the focal point for the OIG’s strategic planning function and the development and implementation of performance measures required by the Government Performance and Results Act. OEO is also responsible for performing internal reviews to ensure that OIG offices nationwide hold themselves to the same rigorous standards that we expect from SSA, as well as conducting investigations of OIG employees, when necessary. Finally, OEO administers OIG’s public affairs, media, and interagency activities, coordinates responses to Congressional requests for information, and also communicates OIG’s planned and current activities and their results to the Commissioner and Congress.
Office of Investigations
The Office of Investigations (OI) conducts and coordinates investigative activity related to fraud, waste, abuse, and mismanagement of SSA programs and operations. This includes wrongdoing by applicants, beneficiaries, contractors, physicians, interpreters, representative payees, third parties, and by SSA employees in the performance of their duties. OI also conducts joint investigations with other Federal, State, and local law enforcement agencies.
Counsel to the Inspector General
The Counsel to the Inspector General provides legal advice and counsel to the Inspector General on various matters, including: 1) statutes, regulations, legislation, and policy directives governing the administration of SSA’s programs; 2) investigative procedures and techniques; and 3) legal implications and conclusions to be drawn from audit and investigative material produced by the OIG. The Counsel’s office also administers the civil monetary penalty program.