Social Security Administration:

Year 2000 Readiness Efforts Helped Ensure Century Rollover and Leap Year Success

AIMD-00-125: Published: Apr 19, 2000. Publicly Released: Apr 19, 2000.

Additional Materials:

Contact:

David L. McClure
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO reviewed the Social Security Administration's (SSA) final actions to ensure its year 2000 readiness, including the actions it took during the rollover period--December 30,1999, through January 3, 2000, as well as for the February 29 leap year date--to ensure a successful transition to the new century.

GAO noted that: (1) overall, SSA demonstrated a strong and consistent commitment to addressing identified concerns about its year 2000 program; (2) the agency completed all of the critical tasks involved in ensuring its readiness prior to the change of century and experienced only minor problems during the rollover weekend; (3) for those problems that did occur, SSA now reports that all have been mitigated by correcting the systems involved; (4) moreover, according to SSA, none of the problems encountered during the rollover weekend adversely affected its ability to serve the public; (5) SSA further reported that its systems processed data without incident during the February 29 leap year date, another potential date for disruptions; (6) like other organizations, SSA must still consider the possibility that additional challenges associated with the year 2000 could occur; (7) there may continue to be minor problems along the way as organizations process data and transactions in the future, such as during quarterly, end-of-year, or other critical periods; (8) while SSA's success so far is a very positive indicator that any potential hurdles will also be overcome, the agency nonetheless must continue its diligence in anticipating and responding to any problems that occur; (9) further, it will be especially important for SSA to consider how practices that it applied in addressing the year 2000 problem can now be used to help ensure the effective management of its broader information technology program; and (10) SSA agreed that such action should be taken, and the Commissioner stated that the agency had already begun to apply lessons learned from its year 2000 experiences.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: SSA agreed with our recommendation and took steps to identify and apply lessons learned from its Year 2000 program. For example, in April 2000, SSA reported that it had incorporated its Year 2000 contingency plans into the agency's Continuity of Operations Plans and also reported that it had begun to pilot test the quality assurance validation tool used for its Year 2000 program to determine whether it can help effectively manage the agency's information technology. In addition, SSA later identified lessons learned from its Year 2000 software and validation separation-of-duties procedures that could be capitalized on to strengthen the agency's existing software development practices. Implementation of these lessons learned from the Year 2000 program should help SSA more effectively manage its information technology.

    Recommendation: To help ensure the effective management of information technology, the Commissioner of Social Security should direct the Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to capitalize on the lessons learned from SSA's year 2000 initiative by establishing and implementing a plan and cognizant milestones for identifying which of its processes and practices can be applied to the agency's existing approach toward managing information technology.

    Agency Affected: Social Security Administration

  2. Status: Closed - Implemented

    Comments: SSA agreed with this recommendation and applied several lessons learned from its Year 2000 efforts to help manage its information technology. For example, SSA incorporated its Year 2000 contingency plans into the agency's Continuity of Operations Plan. The plan contains numerous tested procedures that could help facilitate SSA's continued operations in the event of an emergency that negatively affects the agency's ability to perform services electronically. Also, in late 2002, SSA implemented a quality assurance tool, XPEDITER+, that is similar to the Year 2000 quality assurance tool that was used. This has enabled the agency to conduct test coverage and risk analysis of test data against changed lines of code. In addition, in response to our recommendation, SSA institutionalized separation-of-duties procedures that it had implemented for Year 2000 software development and validation. Specifically, in April 2004, the agency issued procedures requiring that validation testing be conducted independently of the group that developed the software. The procedures state that software projects must demonstrate that (1) the preparation of validation test data, (2) the preparation of validation test cases, and (3) the preparation and execution of test procedures are the responsibility of a person or group that did not develop the software under test during the validation test stage of the life cycle. Such procedures are critical to the successful implementation of quality software. The institutionalization of these lessons learned from the Year 2000 initiative should assist SSA in more effectively managing its information technology, including its continuity of operations in the event of an emergency and software development efforts.

    Recommendation: To help ensure the effective management of information technology, the Commissioner of Social Security should direct the Chief Information Officer, in conjunction with the Deputy Commissioner for Systems, to capitalize on the lessons learned from SSA's year 2000 initiative by institutionalizing those processes and practices as part of the agency's implementation of the Clinger-Cohen Act, where appropriate.

    Agency Affected: Social Security Administration

 

Explore the full database of GAO's Open Recommendations »

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Nov 20, 2013

Oct 29, 2013

Sep 25, 2013

Looking for more? Browse all our products here