Information Technology: SSA Has Improved Acquisitions and Operations, but Needs to Fully Address the Role of Its Chief Information Officer

What GAO Found

The Social Security Administration (SSA) has improved its management of information technology (IT) acquisitions and operations by addressing 14 of the 15 recommendations that GAO has made to the agency. For example,

Incremental development. The Office of Management and Budget (OMB) has emphasized the need for agencies to deliver IT investments in smaller increments to reduce risk and deliver capabilities more quickly. In November 2017, GAO reported that agencies, including SSA, needed to improve their certification of incremental development. As a result, GAO recommended that SSA's CIO (1) report incremental development information accurately, and (2) update its incremental development policy and processes. SSA implemented both recommendations.

Software licenses. Effective management of software licenses can help avoid purchasing too many licenses that result in unused software. In May 2014, GAO reported that most agencies, including SSA, lacked comprehensive software license policies. As a result, GAO made six recommendations to SSA, to include developing a comprehensive software licenses policy and inventory. SSA implemented all six recommendations.

However, SSA's IT management policies have not fully addressed the role of its CIO. Various laws and related guidance assign IT management responsibilities to CIOs in six key areas. In August 2018, GAO reported that SSA had fully addressed the role of the CIO in one of the six areas (see table). Specifically, SSA's policies fully addressed the CIO's role in the IT leadership and accountability area by requiring the CIO to report directly to the agency head, among other things.

In contrast, SSA's policies did not address or minimally addressed the IT workforce and IT strategic planning areas. For example, SSA's policies did not include requirements for the CIO to annually assess the extent to which personnel meet IT management skill requirements or to measure how well IT supports agency programs. GAO recommended that SSA address the weaknesses in the remaining five key areas. SSA agreed with GAO's recommendation and stated that the agency plans to implement the recommendation by the end of this month.

Extent to Which Social Security Administration Policies Addressed the Role of the Agency's Chief Information Officer, as of August 2018

Source: GAO analysis of Social Security Administration policies. | GAO-18-703T

Why GAO Did This Study

SSA delivers services that touch the lives of almost every American, and relies heavily on IT resources to do so. Its systems support a range of activities, such as processing Disability Insurance payments, to calculating and withholding Medicare premiums, and issuing Social Security numbers and cards. For fiscal year 2018, the agency planned to spend approximately $1.6 billion on IT.

GAO has previously reported that federal IT projects have often failed, in part, due to a lack of oversight and governance. Given the challenges that federal agencies, including SSA, have encountered in managing IT acquisitions, Congress and the administration have taken steps to improve federal IT, including enacting federal IT acquisition reform legislation and issuing related guidance.

This statement summarizes GAO's previously reported findings regarding SSA's management of IT acquisitions and operations. In developing this testimony, GAO summarized findings from its reports issued in 2011 through 2018, and information on SSA's actions in response to GAO's recommendations.