Information Technology:

SSA Needs to Address Limitations in Management Controls and Human Capital Planning to Support Modernization Efforts

GAO-14-308: Published: May 8, 2014. Publicly Released: May 8, 2014.

Additional Materials:

Contact:

Valerie C. Melvin
(202) 512-6304
melvinv@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Social Security Administration’s (SSA) selected information technology (IT) projects did not fully adhere to management controls called for by its IT project management guidance, which are essential to effectively oversee and monitor IT investments. Such controls include, among others, a cost-benefit analysis, risk mitigation plan, and project schedule. For the five projects selected, SSA developed the majority of the documents required to demonstrate adherence to management controls; however, most had limitations. One project that was required to complete 11 control documents had developed 5 without limitations, but the remaining 6 had limitations. For example, while certain risks to the project were identified, the documentation did not include risk mitigation plans, which are essential for avoiding, reducing, and controlling the probability of the occurrence of identified risks. Across the five projects, the most common limitations included a lack of traceability (which is needed to track project history and demonstrate that requirements are met) and inaccurate or incomplete information, such as project schedules that had inaccuracies in key milestone dates. The limitations could be attributed to, among other things, IT oversight systems that did not include all needed data or fully support traceability, and a quality assurance process that was not effectively implemented. The agency recently took steps that should help improve its quality assurance process.

Further, while SSA stated that its projects have resulted in improved services, it was not able to demonstrate this. In particular, while three of the five projects identified performance measures, these measures generally were not specific enough to determine projects’ contributions to improved services, and baselines against which to measure improvement were not established. Ensuring that management controls are consistently and effectively implemented would help ensure the efficient use of agency resources.

SSA’s IT human capital program has identified skills and competencies to support certain workforce needs, but lacks adequate planning for the future. The agency has developed IT human capital planning documents, such as its recent Information Resources Management plan and skills inventory gap reports, which identified near-term needs, such as skill sets for the following 2 years. Nevertheless, SSA has not adequately planned for longer-term needs because its human capital planning and analysis are not aligned with long-term goals and objectives and the agency does not have a current succession plan for its IT efforts. The agency has recognized challenges with regard to employee retirements and a recent hiring freeze, which have put constraints on resources for certain investments. While SSA officials stated that an updated human capital operating plan will be completed in June 2014, they could not specify how it would address future IT human capital needs. Until these needs are identified, SSA may lack critical plans for addressing IT resources and skills to support agency-wide IT investment goals.

Why GAO Did This Study

SSA relies on IT for delivering Social Security services to virtually every American. The agency reportedly spent about $1.5 billion for IT in fiscal year 2013, and it plans to continue modernizing its aging systems. Management controls and human capital are critical in helping ensure effective and efficient IT project implementation.

GAO was asked to examine SSA's IT modernization efforts. The study (1) assessed selected IT investments to determine the extent to which they adhere to SSA's investment management controls and are improving services and (2) determined how SSA's IT human capital program, including the identification and implementation of critical skills and competencies, is supporting its current and future modernization efforts. To do so, GAO reviewed key management controls for one project from each of five SSA-defined project types, including one project with the highest resources for its type and four randomly selected projects; compared human capital planning documents with relevant guidance; and interviewed relevant SSA officials.

What GAO Recommends

GAO is recommending that SSA (1) perform effective oversight to ensure control documents are developed, complete, and accurate and that oversight systems include needed data and support traceability; (2) ensure project control documents identify specific performance measures and baselines; and (3) identify long-term IT needs in its updated human capital operating plan. SSA agreed with GAO's recommendations.

For more information, contact Valerie C. Melvin at (202) 512-6304 or melvinv@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address SSA's project management and human capital deficiencies for its IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to perform effective oversight to ensure that key management control documents for ongoing and future projects are developed, complete, accurate, and readily accessible in oversight systems to better support management, traceability, and project analysis of IT investments.

    Agency Affected: Social Security Administration

  2. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address SSA's project management and human capital deficiencies for its IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to assess control documents supporting the selection of investments, such as IT proposals, to ensure that they fully identify specific performance measures and baselines to gauge project success.

    Agency Affected: Social Security Administration

  3. Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To address SSA's project management and human capital deficiencies for its IT modernization efforts, the Commissioner of Social Security should direct the Deputy Commissioner for Systems/Chief Information Officer to identify future IT needs, including skills needed to support long-term goals and priorities, in the agency's updated human capital operating plan and associated analysis.

    Agency Affected: Social Security Administration

 

Explore the full database of GAO's Open Recommendations »

Nov 18, 2014

Sep 2, 2014

Jul 15, 2014

Jun 6, 2014

May 8, 2014

Apr 9, 2014

Mar 4, 2014

Jan 29, 2014

Jul 18, 2013

Jul 8, 2013

Looking for more? Browse all our products here