Social Security Administration's Progress in Modernizing Its Computer Operations
Highlights
Pursuant to a congressional request, GAO reported on the Social Security Administration's (SSA) computer system's flexibility to handle legislative changes promptly and efficiently and its security. There were also concerns about: (1) a shift in emphasis and direction in the SSA Systems Modernization Plan (SMP); (2) whether the existing system was adequately documented to permit development of an improved new system; and (3) SSA failure to assign personal identification numbers to trace particular transactions. In addition, GAO investigated SSA implementation of the 1099 reporting requirement, which requires issuance of reports to beneficiaries and to the Internal Revenue Service on SSA payments to beneficiaries, as a test of the system's legislative flexibility.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Health and Human Services | The Secretary of Health and Human Services should direct SSA to conduct a comprehensive risk analysis of the 1985 changes made in the SMP software engineering program. Such an analysis should: (1) include a discussion about how this redirection will improve the SSA ability to more timely and efficiently complete the SMP software program; and (2) address the possible risks associated with diverting resources away from documenting and improving existing systems and with taking a less structured approach to software development. |
Closed – Not Implemented
GAO analyzed the SSA response and software development approach and reported the findings in a December 1986 report on the SSA Claims Modernization Project.
|
| Department of Health and Human Services | The Secretary of Health and Human Services should direct SSA to implement an audit trail capability in the current operation system that identifies authorizers for all transactions. Further, the system developed to meet this requirement should provide feedback through which transaction authorizers are informed, after transactions have been entered into the system, of all transactions attributed to their personal identification numbers. Finally, those authorizers should be required to certify the accuracy of any transactions attributed to their personal identification number. |
Closed – Not Implemented
SSA has responded that it will not implement this recommendation due to resource limitations since future system features, currently under review by GAO, will be responsive to this need.
|
| Department of Health and Human Services | The Secretary of Health and Human Services should direct SSA to promptly report to the Committee: (1) the results of the SSA risk analysis; and (2) progress on implementing an audit trail. |
Closed – Not Implemented
The Committee requested that SSA do a risk analysis unless it returns to the approach outlined in the 1982 plan. SSA stated that this was not needed because it was following the 1982 plan. GAO does not concur with the SSA position, based on IMTEC-85-16 and work scheduled for completion in the immediate future. SSA deviated in many significant areas from the intent of the original plan.
|