Social Security Administration:

Improved Planning and Performance Measures Are Needed to Help Ensure Successful Technology Modernization

GAO-12-495: Published: Apr 26, 2012. Publicly Released: May 9, 2012.

Additional Materials:

Contact:

Valerie C. Melvin
(202) 512-6304
melvinv@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Social Security Administration (SSA) has undertaken numerous modernization efforts, but it lacks effective measurement tools to determine progress. Since 2001, SSA has reported spending about $5 billion on the modernization of its systems. Specifically, the agency has undertaken hundreds of modernization projects each year from 2001 to 2011, and officials identified 120 such initiatives that they considered to be key investments in modernization. About two-thirds of these projects were for modernizing and enhancing existing systems, while other efforts were aimed at moving from manual to electronic processes and online access, and the development of new or redesigned system software. These efforts also enhanced work processes, automated notices to beneficiaries, and modified systems to accommodate legislation, among other things. Nonetheless, SSA still has major efforts under way to transition from its aging systems to a more modernized IT environment. Specifically, in order to help meet the agency’s key strategic goal of strengthening its infrastructure and further enhancing its online services, SSA intends to streamline its operations and reduce duplication in databases to allow for more efficient maintenance. The agency also intends to complete its conversion to a modern database; support the increasing demands to store, process, and share data with public- and private-sector partners; and transition to Web-based online access for its data and services. While the Office of Management and Budget requires agencies to establish performance measures to gauge modernization progress, SSA has not fully established quantifiable performance measures for all its modernization projects or performed post-implementation reviews, which GAO has previously recommended and which would enable the agency to effectively measure its progress.

SSA lacks updated and comprehensive plans to guide its modernization efforts. Strategic planning is essential for an organization to define what it seeks to accomplish, identify strategies to achieve the desired results, and measure progress. SSA developed an IT strategic plan in 2007 to guide its modernization efforts, but that plan has not been updated to reflect the agency’s revised strategic goals. In addition, the agency has an enterprise architecture, which is important for guiding the execution of IT strategic goals, but it is missing important elements, such as performance milestones and a road map to guide the agency. Consequently, SSA has been making investments in modernization without the guidance of long-term plans and risks that these investments may not align with the agency’s priorities.

The agency’s realignment of its Chief Information Officer (CIO) responsibilities, if appropriately implemented, could allow for effective oversight and management of the agency’s IT systems, as required by the Clinger-Cohen Act. Specifically, the major functions and responsibilities of the CIO were transferred to the Office of Systems, including oversight of the agency’s entire IT budget and workforce and responsibility for IT strategic planning and the development and implementation of an enterprise architecture. However, SSA did not conduct an analysis of this significant organizational change, including goals and strategies for an effective transition and clarification of roles and responsibilities, as called for by best practices. In addition, the agency has not updated its guidance for IT oversight to reflect the realignment.

Why GAO Did This Study

Services provided by the Social Security Administration (SSA) touch the lives of virtually every American. To support the delivery of these services, the agency uses information technology (IT) systems that are increasingly costly and difficult to maintain. To meet these challenges, SSA has committed to modernizing its IT environment. In addition, SSA recently realigned most of the responsibilities of its Chief Information Officer (CIO) to its Office of Systems. GAO was asked to (1) determine SSA’s progress in modernizing its IT systems and capabilities, (2) evaluate the effectiveness of the agency’s plans and strategy for modernizing its systems and capabilities, and (3) assess whether the realignment of the agency’s CIO responsibilities allows for effective oversight and management of the systems modernization efforts. To accomplish these objectives, GAO evaluated relevant agency program plans and documentation and interviewed agency officials.

What GAO Recommends

GAO is recommending, among other things, that SSA develop comprehensive metrics to effectively gauge modernization progress; complete comprehensive strategic planning, including its enterprise architecture; and define the new roles and responsibilities of the Office of Systems to help ensure effective oversight. SSA neither agreed nor disagreed with GAO’s recommendations, but described steps it is taking that would address elements of the recommendations related to planning, enterprise architecture, and IT oversight.

For more information, contact Valerie C. Melvin at (202) 512-6304 or melvinv@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: The Social Security Administration has not yet established IT investment performance measures that comply with OMB capital planning guidance. In September 2016, we reviewed the performance measures associated with the agency's major IT investments that utilized operations and maintenance funding for both FY 2015 and FY 2016. Of the 7 investments we reviewed, only 1 investment followed the guidance developed by the Office of Management and Budget on capital planning. On September 6, 2016, we asked the agency to provide additional information on their plans for implementing the recommendation.

    Recommendation: To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to ensure that performance measures in each of OMB's four measurement areas are defined for ongoing IT modernization initiatives and, as appropriate, (1) identify how each investment is to contribute to expected benefits; (2) measure the effectiveness in meeting the goals, requirements, and mission results; and (3) provide a means for measuring projects' progress in meeting modernization goals.

    Agency Affected: Social Security Administration

  2. Status: Closed - Implemented

    Comments: The Social Security Administration (SSA) has updated its IT Strategic Plan to include the key elements. For example, in updating the plan, SSA included five high-level strategic goals that the agency used to guide its planning and decision making. SSA then aligned each of the agency's strategic IT portfolios with the five goals. In addition, SSA included in the plan, strategies to guide the agency's modernization efforts for databases, applications, and IT infrastructure.

    Recommendation: To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to, in updating the IT strategic plan to support the 2013-2016 Agency Strategic Plan, include key elements-such as results-oriented goals, strategies, milestones, performance measures, and an analysis of interdependencies among projects and activities-and use this plan to guide and coordinate IT modernization projects and activities.

    Agency Affected: Social Security Administration

  3. Status: Open

    Comments: While the Social Security Administration (SSA) has taken several actions towards implementing this recommendation, additional actions are needed to effectively respond to the recommendation. Specifically, in May 2015, SSA developed an enterprise road map to guide its modernization efforts that included enterprise architecture performance targets. Further, in July 2016, SSA stated that it was in the process of updating the enterprise data model that would include the descriptions of relationships among the business processes. Nevertheless, in August 2016, the agency stated it had not yet performed a comprehensive gap analysis to identify the differences between the current and target environment in all related architecture products.

    Recommendation: To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to establish an enterprise architecture plan that includes key components called for by federal guidelines and GAO's enterprise architecture management framework, to effectively guide modernization activities. The plan should include (1) development of a service-oriented architecture road map that guides modernization activities and helps ensure the agency achieves its stated service-oriented architecture goals, such as better business agility and reduced systems development and maintenance costs; (2) development of an enterprise gap analysis that identifies the differences between the current and target environment in all related architecture products; (3) performance targets for the future environment, including interim milestones; and (4) descriptions of relationships among the business processes in terms of information.

    Agency Affected: Social Security Administration

  4. Status: Closed - Implemented

    Comments: In January 2016, the Social Security Administration (SSA) updated its capital planning and investment control guide, which includes various oversight mechanisms for evaluating and controlling information technology (IT) investments. For example, among other things, the guide requires periodic integrated baseline reviews that are intended to determine the validity of the program's baseline and the health of a project from a cost, schedule, management, resource, and technical perspective. The guide also requires an architecture review board to manage and enforce compliance with the agency's enterprise architecture by reviewing, approving, and providing guidance to IT projects. In addition to these oversight requirements, the guide also identifies the roles and responsibilities of personnel associated with the selection, control, and evaluation of the agency's IT investments.

    Recommendation: To address the challenges facing SSA's IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to, as appropriate, define roles and responsibilities of realigned staff and develop and clearly document updated investment review guidance and procedures to ensure that oversight reviews will be effective in evaluating and controlling investments.

    Agency Affected: Social Security Administration

 

Explore the full database of GAO's Open Recommendations »

Sep 23, 2016

Sep 21, 2016

Sep 7, 2016

Aug 30, 2016

Aug 11, 2016

Jul 22, 2016

Jul 21, 2016

Jul 6, 2016

Looking for more? Browse all our products here