General Accountability Office GAO

The Social Security Administration (SSA) has undertaken numerous modernization efforts, but it lacks effective measurement tools to determine progress. Since 2001, SSA has reported spending about $ 5 billion on the modernization of its systems. Specifically, the agency has undertaken hundreds of modernization projects each year from 2001 to 2011, and officials identified 120 such initiatives that they considered to be key investments in modernization. About two-thirds of these projects were for modernizing and enhancing existing systems, while other efforts were aimed at moving from manual to electronic processes and online access, and the development of new or redesigned system software. These efforts also enhanced work processes, automated notices to beneficiaries, and modified systems to accommodate legislation, among other things. Nonetheless, SSA still has major efforts under way to transition from its aging systems to a more modernized IT environment. Specifically, in order to help meet the agency’s key strategic goal of strengthening its infrastructure and further enhancing its online services, SSA intends to streamline its operations and reduce duplication in databases to allow for more efficient maintenance. The agency also intends to complete its conversion to a modern database; support the increasing demands to store, process, and share data with public- and private-sector partners; and transition to Web-based online access for its data and services. While the Office of Management and Budget requires agencies to establish performance measures to gauge modernization progress, SSA has not fully established quantifiable performance measures for all its modernization projects or performed post- implementation reviews, which GAO has previously recommended and which would enable the agency to effectively measure its progress.

SSA lacks updated and comprehensive plans to guide its modernization efforts. Strategic planning is essential for an organization to define what it seeks to accomplish, identify strategies to achieve the desired results, and measure progress. SSA developed an IT strategic plan in 2007 to guide its modernization efforts, but that plan has not been updated to reflect the agency’s revised strategic goals. In addition, the agency has an enterprise architecture, which is important for guiding the execution of IT strategic goals, but it is missing important elements, such as performance milestones and a road map to guide the agency. Consequently, SSA has been making investments in modernization without the guidance of long-term plans and risks that these investments may not align with the agency’s priorities.

The agency’s realignment of its Chief Information Officer (CIO) responsibilities, if appropriately implemented, could allow for effective oversight and management of the agency’s IT systems, as required by the Clinger- Cohen Act. Specifically, the major functions and responsibilities of the CIO were transferred to the Office of Systems, including oversight of the agency’s entire IT budget and workforce and responsibility for IT strategic planning and the development and implementation of an enterprise architecture. However, SSA did not conduct an analysis of this significant organizational change, including goals and strategies for an effective transition and clarification of roles and responsibilities, as called for by best practices. In addition, the agency has not updated its guidance for IT oversight to reflect the realignment.