Skip to content
Social Security Online
Office of the Inspector General
OIG Seal image
Blank Spacer Image

Audit Report - A-13-96-51001


Office of Audit

Inspector General`s Report on SSA`s 
Fiscal Year 1996 Financial Statements
A-13-96-51001

The Chief Financial Officers (CFO) Act of 1990, as amended by the Government Management Reform Act (GMRA), requires agencies to report annually to the Congress their financial status and any other information needed to fairly present the agencies` financial position and results of operations. To meet GMRA reporting requirements, the Social Security Administration (SSA) prepares annual financial statements which we audit.

The objectives of our audit were to express an opinion on the fair presentation of SSA`s Fiscal Year (FY) 1996 principal financial statements taken as a whole, test the Agency`s internal control structure, and assess its compliance with applicable laws and regulations that could have a material effect on its annual financial statements. This report presents the results of our audit of SSA`s financial statements, internal controls, and compliance with laws and regulations.

As part of its FY 1996 audit efforts, the Office of the Inspector General (OIG) reviewed SSA’s separation of duties controls for the Modernized Supplemental Security Income Claims System (MSSICS), the Modernized Claims System (MCS), and the Manual Adjustment Credit and Award Data Entry (MACADE) system. These three systems allow SSA workers to process Social Security and Supplemental Security Income (SSI) benefit payments. Based on the collective results of these reviews, we determined that SSA’s primary benefit payment systems lack sufficient compensating controls to accommodate for the lack of separation of duties in the above systems.

As in previous OIG reports, we continue to report the following:

  • the SSA’s title XVI overpayment system still contains systemic weaknesses which prevent its compliance with Federal internal control standards;
  • the SSA is not complying with 20 Code of Federal Regulations (CFR) §416.558(a) to provide title XVI recipients overpayment notification; and
  • the SSA is not performing a sufficient number of continuing disability reviews (CDR) as required by section 221(i) of the Social Security Act.

OPINION ON FINANCIAL STATEMENTS

We have audited the accompanying combined statements of financial position of SSA as of September 30, 1996 and 1995, and the related combined statements of operations and changes in net position, and cash flows for the FYs then ended. These statements are the responsibility of SSA`s management. Our responsibility is to express an opinion on these statements based on our audit.

We conducted our audit in accordance with generally accepted government auditing standards and the Office of Management and Budget (OMB) Bulletin 93-06, "Audit Requirements for Federal Financial Statements." These standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.

In our opinion, the accompanying combined financial statements present fairly, in all material respects, the financial position of SSA at September 30, 1996 and 1995, and the results of its operations, changes in net position, and cash flows for the FYs then ended, in accordance with the accounting principles described in Note 1 to the financial statements.

Our audit was conducted for the purpose of forming an opinion on the financial statements described above. The presentation of the financial statements includes an Overview of SSA and the Supplemental Financial and Management Information, which are the responsibility of SSA`s management. We have reviewed the Overview of SSA and the Supplemental Financial and Management Information to determine that they are not materially inconsistent with the information in the combined financial statements. We also assessed the risk that systems used to produce the performance measures in the Overview did not report actual and complete information. However, such information, including financial estimates, has not been subjected to the auditing procedures applied in the audit of financial statements described above and, accordingly, we express no opinion on the Overview of SSA and the Supplemental Financial and Management Information.

Back to top

REPORT ON INTERNAL CONTROLS

In performing our tests of internal controls as part of our FY 1996 financial statement audit, we identified two weaknesses involving SSA`s internal control structure and operations that we consider to be reportable conditions under standards established by OMB Bulletin 93-06 and/or the Federal Managers` Financial Integrity Act (FMFIA). We have summarized these conditions below. We believe the two weaknesses are material under FMFIA criteria. These weaknesses are not, however, material to the financial statements taken as a whole.

Insufficient Separation of Duties or Compensating Controls in On-line Systems

The SSA’s operating environment is highly automated. Many of the Agency’s systems modernization efforts have resulted in SSA processing claims and/or postentitlement actions on-line without the traditional multiple levels of review. In essence, this reengineering or streamlining of business processes has empowered SSA workers with increased processing capabilities in order to meet the Agency`s goal of providing world-class service. An inherent risk associated with moving to an environment where employees have more on-line access and processing power is that workers will perform incompatible functions which would allow them to perpetrate and conceal errors or irregularities.

The General Accounting Office (GAO) provides that there should be separation of duties between incompatible functions to prevent an individual from introducing an error or irregularity into the system and concealing it. The main purpose for separation of duties is to reduce the risk of fraud and abuse. The extent to which duties are segregated depends on the size of the organization and the risk associated with its facilities and activities. Where separation of duties is not operationally feasible, compensating controls need to be implemented to safeguard operations. However, in an automated environment, separation of duties cannot always be accomplished. Other alternative controls can compensate for lack of separation of duties, if they achieve the same goal.

The OIG’s FY 1996 audit coverage included audits focusing on separation of duties controls for certain functions in three of the on-line systems through which SSA employees can modify a beneficiary’s or recipient’s record. Collectively, the results of our audits indicate that there are insufficient separation of duties or compensating controls to reduce, to an acceptable level, the risk of undetected errors and/or irregularities in MSSICS, MCS, and MACADE systems--the automated systems for processing Social Security and SSI benefit payments.

We recognize that SSA is committed to use the latest on-line technology, increase efficiency, ensure timely claims processing, and use fewer people to perform more tasks. However, the desire to obtain operational efficiency does not negate SSA’s responsibility to design and maintain an internal control structure that provides reasonable, but not absolute assurance that funds, property, and other assets are safeguarded against waste, loss, and unauthorized use or misappropriation. Therefore, where it is not operationally feasible for SSA to implement separation of duties controls, the Agency should implement compensating controls to minimize the risk of undetected errors and/or irregularities.

Summaries of each of the audits are provided below. The results of two of the audits will be issued shortly. The other report was issued on September 23, 1996, but its distribution is limited to authorized officials. We believe the recommendations contained in each report will reduce SSA`s risk of fraud while allowing SSA to achieve its operational and service delivery needs in an efficient manner. Because there may be additional separation of duties concerns in other SSA on-line systems, we plan to conduct additional audits, such as our audit of the Critical Payment System.

MSSICS

The MSSICS is a complex automated system developed to enhance the application process for SSI benefits. One objective of our review of MSSICS focused on separation of duties controls for the claims-taking process. The results of our review indicated that SSA implemented several manual controls. However, these compensating controls could not prevent or timely detect an SSA claims representative from filing an application for a Social Security number (SSN) based on fraudulent, questionable, or nonexistent documentation and subsequently filing a claim for SSI benefits under that same SSN.

According to SSA security personnel, the Agency has developed an enumeration edit check program to prevent the same person from processing an SSN application and filing a claim for benefits. This edit, however, has not yet been implemented.

MCS

The MCS is an automated system which allows a single employee to process initial claims using a series of on-line screens. The objective of our follow-up audit was to evaluate SSA`s progress in implementing recommendations from a previous Department of Health and Human Services/Office of Inspector General (HHS/OIG) report which reviewed separation of duties controls in MCS. The SSA has partially implemented the recommendations suggested in the previous HHS/OIG report. However, weaknesses in SSA procedures remain because sufficient controls do not exist through separation of duties or compensating controls. As a result, SSA employees can add false claims to existing accounts through improper use of existing, unknown/missing, or false SSNs.

Moreover, improper use of SSNs is not likely to be detected by SSA`s Title II Integrity Review. The review`s scope does not adequately focus on potentially fraudulent situations, emphasize verification of claims information to independent sources, or otherwise provide summary management information.

MACADE

The MACADE is an on-line data entry input system designed to enter transactions into the Manual Adjustment Credit and Award Process (MADCAP) system. Prior to MACADE, transactions were originated in paper form and batch processed. The MADCAP and MACADE are used in program service centers (PSC) but not field offices. The objective of our review of MACADE was to identify control weaknesses which allow misappropriations to occur and remain undetected. The results of our audit efforts at the Northeastern Program Service Center (NEPSC) indicated control weaknesses within MACADE which allow PSC workers to enter and conceal erroneous data. Specifically, a benefit authorizer at NEPSC was able to execute multiple actions in MACADE/MADCAP to generate payments of approximately $332,000 into various bank accounts controlled by himself and his accomplices between April 1994 and March 1995.

In a May 15, 1995 memorandum, we alerted SSA of the need to implement control procedures to prevent the recurrence of this type of fraudulent activity. The SSA responded with both interim and long-term solutions which we support. However, in our September 23, 1996 report on MACADE, we recommended additional system modifications to further strengthen internal controls to deter and prevent fraud. The nature of the additional recommended corrective actions is sensitive and confidential. For security reasons, specific details describing how the fraud was perpetrated and the recommended preventive measures are not provided. In general, SSA agreed with the recommendations.

Summary

The pervasive occurrence of the lack of separation of duties and/or compensating controls where employees can enter and conceal errors or irregularities in SSA’s on-line systems leads us to believe that this condition is reportable as a material weakness under FMFIA reporting criteria. Under FMFIA, a material weakness is a deficiency that the agency head determines to be significant enough to be reported outside of the agency. As provided in OMB Circular A-123, it is management`s prerogative to report management control deficiencies based on the citation`s use of the term "material weakness."

In each of the above reports, we have recommended or plan to recommend actions to strengthen SSA`s separation of duties controls and/or to implement compensating controls. We make no additional recommendations on resolving separation of duties issues in this report, but affirm our support of the recommendations we are making in the other reports. Also, the conditions described above may not be limited to MSSICS, MCS, and MACADE, since many of SSA`s benefit payment programs are on-line.

Back to top

Recommendation

We recommend that SSA:

1. report this condition as a material weakness under FMFIA.

SSA Comments and OIG Response

In its written response to our draft report (see APPENDIX), SSA disagreed with our identification of the separation of duties issue as a material weakness. The SSA comments cited that while millions of transactions were processed by the 3 identified systems, only 23 of the 65,000 SSA employees were referred to OIG for investigation of fraud. The SSA also identified controls it felt compensated for the lack of separation of duties--the Audit Trail System (ATS), periodic reviews by the regional security staffs, and publicizing the detection and prosecution of fraud cases.

We agree that there have not been a large number of employee cases referred to OIG for fraud investigation. However, the number of referred cases represents only the detected cases. We believe the actual incidence of fraud within SSA is higher than the detected cases. Also, our determination that the lack of separation of duties was a material weakness under FMFIA was based on the risk of loss--not the actual known losses. We believe it is in the best interest of SSA to implement preventive measures now rather than to risk accumulating actual losses before enacting necessary controls.

We also disagree with SSA`s assessment of the compensating controls it cited. The ATS neither prevents nor detects fraud, but rather allows investigators to determine the extent of the fraud by permitting the identification of the transactions processed by an individual after the fraud is uncovered. The reviews conducted by the regional security staffs were not designed to detect employee fraud nor were they sufficiently routine to act as an effective deterrent. Lastly, the publicizing of fraud cases which have been detected and prosecuted, in our opinion, has only minimal effect as a deterrent.

Accounts Receivable

As previously reported, SSA has reported its Debt Management System (DMS) as a material weakness under FMFIA reporting criteria since FY 1991. The SSA disclosed that the underlying systems which generate accounts receivable did not permit the Agency to identify how much is owed or how much has been collected. Since the initial reporting, SSA has undertaken an extensive project to reengineer and modernize its DMS. In its debt management transition plans, SSA identified eight corrective measures for the title II system and five for the title XVI system. Each of the planned corrective actions required numerous systems revisions and upgrades.

As part of our review of SSA’s status of correcting this material weakness, we reviewed the Agency’s title II transition plan and systems validation documentation to determine what corrective measures were planned for FY 1996 and what measures were placed in operation. Our inquiries indicated that by the end of September 1996, SSA had implemented three additional systems corrections that allowed the overpayment systems to:

  • store actual monthly withholding amounts;
  • capture source document, indebtedness, and cash collection details; and
  • ensure data elements are consistent with accounting guidelines.

The remaining corrective measures are aging of debt and month-to-month accounting--the ability to identify the accounting month to which a particular overpayment amount relates. The SSA developed software for aging debt and anticipates producing the first aging report in December 1996. The SSA does not anticipate providing month-to-month accounting until the Year 2000 because of the high degree of dependence on other SSA initiatives to modernize its title II programmatic systems.

As a result of the three 1996 enhancements and SSA’s prior implementation of three additional corrective measures, SSA management believes it has sufficiently corrected the title II overpayment system’s material weakness. Although SSA contends that it has made systems enhancements to address most of the internal control deficiencies in the title II system, the timing of the systems enhancements did not provide us sufficient time to test the effectiveness of these controls. Accordingly, we can neither concur nor take exception with SSA’s determination.

The title XVI overpayment system, however, remains a material weakness under FMFIA because it cannot generate reliable accounts receivable data. Most of SSA’s corrective action has focused on the title II system with little attention being given to the title XVI systems. The five corrective measures for the title XVI system remain unaddressed and many of the planned enhancements remain unscheduled.

In the past, we recommended that SSA continue to address systems deficiencies and accounting issues in the implementation of both the title II and title XVI DMS. Accordingly, we make no recommendations regarding the title II system, but reaffirm our prior recommendations regarding the title XVI system.

SSA Comments

The SSA generally concurred with our finding.

Other Matters

Under OMB Bulletin 93-06, we are not responsible for auditing the information presented in the Overview and Supplemental Information sections of the Accountability Report. Our responsibilities are limited to assessing the risk that systems used to produce performance measures in the Overview did not report actual and complete information. A recent SSA report entitled, "The Report of the Management Information Partnership Team," indicated that some of the data on which performance measures are based may have been inappropriately manipulated in SSA field offices to indicate better operating efficiency than actually occurred. The report listed 57 allegations of inappropriate practices designed to distort management information. We believe these allegations raise doubt about the accuracy of certain performance measures. The affected performance measures are limited to those measures reported under (1) SSA`s goal to provide world-class public service in the Overview and (2) the Supplemental Financial and Management Information.

The SSA`s management believes that the allegations do not materially affect the accuracy of the performance measures at the national level. We were informed by SSA management that they had performed an analysis of the five most prevalent allegations to support this conclusion. The SSA, however, was unable to provide us with the analysis.

The report contained a number of recommendations to address the inappropriate practices identified in the study. The SSA is currently studying the report and is developing a number of workgroups to address the identified inappropriate practices. The SSA`s management has not, as yet, formally responded to the report issued in June 1996.

We have not determined the validity of the report`s allegations or the extent of the effect the inappropriate practices may have on SSA`s performance measures. We plan to perform audit work in this area in FY 1997.

Back to top

REPORT ON COMPLIANCE WITH LAWS AND REGULATIONS

Our review found that SSA had complied with the terms and provisions of relevant laws and regulations for the tested transactions that could materially affect SSA`s principal financial statements. We noted the following nonmaterial but reportable matters.

Noncompliance with Legal Requirements to Notify Beneficiaries of Due Process Rights

Our FY 1995 Management Letter detailed SSA’s noncompliance with legal requirements (20 CFR §416.558(a)) to notify certain title XVI recipients of new overpayments and collection decisions when there is an existing overpayment in collection status on their records. The SSA estimated there were as many as 3 million instances of voided overpayment collection transactions where recipients had not been notified of approximately $345 million of overpayments posted to their records since 1983.

We previously recommended that SSA modify its system to properly generate notices, and that SSA implement a manual control to properly notify SSI recipients of such decisions. The SSA has implemented a programmatic change to eliminate the voiding problem and prevent future incidents of recipients not receiving the requisite overpayment notification. Notwithstanding these corrective measures, we have identified no SSA efforts to contact those title XVI recipients already affected by voiding. We do not believe that successfully modifying the title XVI systems to notify future recipients eliminates SSA’s obligation to inform title XVI recipients who did not previously receive proper notification.

Recommendation

We recommend that SSA:

2. in consultation with the Office of the General Counsel, take such action as is necessary to rectify its continuing noncompliance with laws and regulations in this regard.

SSA Comments and OIG Response

In its response, SSA stated it believes the implementation of the systems changes eliminates its continuing noncompliance problem. However, SSA agreed to investigate relevant statutory requirements and pursue notification accordingly for the previously affected SSI population.

We continue to believe that a noncompliance exists for the previously affected SSI population.

Continuing Disability Reviews

As previously reported, SSA still does not fully comply with section 221(i) of the Social Security Act, which requires that SSA perform periodic reviews to determine beneficiaries` continued eligibility for title II disability benefits. These reviews were traditionally accomplished by referring nearly all disabled beneficiaries to State disability determination services (DDS). The DDSs conduct medical CDRs to reexamine the medical conditions of disabled beneficiaries and determine their continued eligibility. However, resource limitations and increased workloads in claims processing resulted in a substantial backlog of CDRs not yet performed.

To address the backlog problem, SSA began using a mailer process which profiles beneficiaries as to the likelihood of their medical improvement and refers those most likely to improve to a State DDS for a medical CDR. We believe SSA is taking the right approach in addressing the title II backlog.

In the past, we expressed concern about requirements extending SSA`s CDR responsibility to cover title XVI recipients. Section 208(a) of the Social Security Independence and Program Improvements Act of 1994 requires CDRs for at least 100,000 title XVI cases annually from FY 1996 to FY 1998. Because of the extensive backlog that existed prior to SSA’s responsibility for title XVI CDRs, we were concerned that the additional mandate would further exacerbate the backlog. As such, we recommended that SSA obtain additional funding to perform CDRs.

Upon SSA’s request for funding to limit growth of the CDR backlog, the Congress approved legislation (Public Law (P.L.) 104-121) that allows an increase in discretionary spending caps for FYs 1996 through 2002 to fund the cost of processing additional CDRs. The Congress added $60 million and $160 million to the base amount of $200 million for FYs 1996 and 1997, respectively.

In our assessment of SSA`s compliance with the Social Security Act and the Social Security Independence and Program Improvements Act of 1994, we reviewed SSA`s status in reducing its backlog of title II cases and the Agency`s compliance with title XVI CDR requirements. In FY 1996, SSA performed 355,000 title II CDRs (an increase of 151,000 from the FY 1995 figure of 204,000). The number of title XVI CDRs performed in FY 1996 was 163,000. Despite the increase in the number of CDRs performed by SSA, a substantial backlog of approximately 1.8 million title II CDRs remains. According to SSA, it is unlikely that the Agency will perform 400,000 of the 1.8 million backlogged CDRs because it would not be cost-effective. In regard to title XVI CDRs, SSA met and exceeded the 100,000 CDRs required by P.L. 103-296. Therefore, the only noncompliance issue with CDR requirements is for title II disability cases.

As in prior audit reports, we reaffirm our support of SSA’s continued use of the CDR mailer process which aids in the identification of individuals due a CDR, and our suggestion to expand the mailer process to include all beneficiaries overdue a CDR. We make no additional recommendations in this report, but continue to support our previous recommendations.

SSA Comments

The SSA agreed with our finding.

Back to top

MANAGEMENT`S RESPONSIBILITIES

Pursuant to the reporting guidance developed by the President`s Council on Integrity and Efficiency and the American Institute of Certified Public Accountants, the following is a discussion of the responsibilities of both management and auditor under the CFO Act as amended.

The SSA`s management is responsible for designing and maintaining an internal control structure that provides reasonable, but not absolute, assurance that the following objectives are met:

  • obligations and costs are in compliance with applicable laws and regulations;
  • funds, property, and other assets are safeguarded against waste, loss, and unauthorized use or misappropriation;
  • assets, liabilities, revenues, and expenditures applicable to Agency operations are properly recorded in order to maintain accountability and to permit the preparation of reliable financial and statistical reports; and
  • data that support related performance measures are properly recorded and accounted for to permit preparation of reliable and complete performance information.

AUDITOR`S RESPONSIBILITIES AND METHODOLOGIES

Our responsibilities are to:

  • express an opinion as to the fair presentation of SSA`s principal financial statements;
  • report the results of our review of SSA`s internal control structure, and the extent to which its weaknesses may materially affect the financial statements taken as a whole;
  • report the results of our related tests of SSA`s compliance with applicable laws and regulations that could materially affect the principal financial statements; and
  • obtain an understanding of SSA`s internal control structure related to performance measurement data, assess related risks, but not test the underlying data, and report significant internal control weaknesses.

We performed tests of applicable internal controls and compliance with laws and regulations to determine the extent of our auditing procedures necessary for expressing an opinion on SSA`s principal financial statements, and to report our findings resulting from our controls and compliance testing and not to express, and we do not express, separate opinions about the adequacy of the internal control structure or compliance with laws and regulations. Our work was performed from March 1996 to November 1996 in accordance with generally accepted government auditing standards and OMB Bulletin 93-06, "Audit Requirements for Federal Financial Statements."

Because of inherent limitations in any internal control structure, losses, noncompliance, or misstatements may, nevertheless, occur and not be detected. Also, projection of any evaluation of the internal control structure to future periods is subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with controls may deteriorate. Our consideration of the internal control structure would not necessarily identify all matters in the internal control structure that might be considered a reportable condition.

To fulfill these responsibilities, we:

  • reviewed the appropriate GAO, SSA, OIG, and other reports relative to the scope of our financial statement audit;
  • reviewed financial management systems reports prepared by independent auditors for SSA`s reporting requirements under FMFIA;
  • classified significant internal control policies and procedures into six categories corresponding to SSA`s accounting systems:
  • Accounts Receivable;
  • Investment Activities;
  • Land, Building, and Equipment;
  • Revenues (Financing);
  • Benefit Payments; and
  • Expenses;
  • obtained an understanding of the design of relevant policies and procedures and whether they had been placed in operation;
  • assessed control risk;
  • erformed control tests on each of the categories listed above on a selected basis;
  • tested compliance with selected provisions of the following laws and regulations which may materially affect the financial statements or are specified in OMB Bulletin 93-06:
  • the CFO Act of 1990, as amended by GMRA;
  • Computer Security Act of 1987;
  • the FMFIA;
  • the OMB Bulletin 94-01;
  • Social Security Act, as amended; and
  • Public Laws 93-66, 94-241, 99-643, 103-296 and 104-134; and
  • reviewed internal controls pertaining to the existence and completeness assertions for systems producing performance measures in the Overview of SSA.

David C. Williams

Inspector General
Social Security Administration
November 22, 1996

Back to top

SOCIAL SECURITY

 

Memorandum

Date: November 8, 1996                                                                                                                                                         Refer To: S1J-1

To: David C. Williams
Inspector General

From: Shirley S. Chater
Commissioner of Social Security

Subject: Office of Inspector General Draft Report, "Inspector General`s Report on the Social Security Administration`s Financial Statements" (A-13-96-51001)--INFORMATION

Attached are our comments on the subject report.

Attachment:SSA Response

COMMENTS ON THE OFFICE OF INSPECTOR GENERAL DRAFT REPORT, "INSPECTOR GENERAL`S REPORT ON THE SOCIAL SECURITY ADMINISTRATION`S FINANCIAL STATEMENTS" (A-13-96-51001)

We appreciate the efforts of the Office of Inspector General (OIG) to review the Social Security Administration`s (SSA) financial statements for fiscal year (FY) 1996. Our comments on the respective report sections are included below.

Report on Internal Controls

Separation of Duties or Compensating Controls in On-line Systems

We agree that it is important to take all reasonable measures to prevent the occurrence of fraud with regard to the programs administered by SSA. The agency has zero tolerance regarding employee fraud, and has, and continues to take, proactive steps to prevent employee fraud and misconduct. We recognize that the internal controls for our operational systems can always be improved, and we are working to make significant improvements to the controls in our systems.

We are concerned about any suggestion of reporting the internal control matters presented in this report section as a material weakness. We do not believe the facts presented in this report, or the three prior reports discussed, support such a recommendation. The three systems discussed in the report processed over 10 million transactions in FY 1996. Over 99.9 percent of those transactions were processed without any security violations. Approximately 7.2 million initial claims were processed through these systems in FY 1995, and of those, only 410 cases of fraud were found. This represents less than six thousandths of one percent. With respect to employee fraud, in FY 1996 SSA employed about 65,000 employees, however, only 23 cases of employee fraud were referred to OIG for investigation. This represents less than four one-hundredths of one percent of SSA`s employees. These figures clearly demonstrate that our internal controls are reasonable.

About compensating controls, we agree that in today`s automated environment, such controls are necessary to reduce the risk of fraud. Each of the systems mentioned in this report writes records to our Audit Trail System (ATS). As a result, SSA employees know that actions taken through these systems are attributed to them. We believe this ATS process constitutes a significant compensating control.

We also believe effective compensating controls must include controls outside the automated environment. Our regional security staffs conduct periodic reviews of SSA offices, during which staff data entries are checked for accuracy and appropriateness. This manual control has a deterrent effect. We have also implemented several initiatives that help to deter fraud as part of our tactical plan item, Combating Fraud. These initiatives include increased communication that fraud is being detected, perpetrators are being successfully prosecuted, and resources dedicated to combat fraud, including the provision for additional OIG investigative staff, are being increased. Such compensating controls, including an active, dedicated OIG investigative presence, may constitute a greater fraud deterrence than available automated controls.

Other Matters Relating to Separation of Duties and Compensating Controls In On-line Systems

The report refers to an enumeration edit check program to prevent an SSA employee from processing a fraudulent application for a Social Security Number (SSN), and then processing a fraudulent supplemental security income (SSI) claim under the fraudulent SSN. Such an edit program has not been planned for the enumeration system. Instead, the needed fraud deterrence and identification will be built into the Comprehensive Integrity Review Process, which will compare audit trails from the enumeration and SSI claims systems for certain cases.

OIG Note

Material was deleted from SSA`s comments relating to a recommendation in the draft report that was changed in the final report.

Accounts Receivable

As indicated in the OIG report, actions are underway at SSA to enhance the ability of the Debt Management System to generate reliable accounts receivable data for both Title II and Title XVI. OIG does not offer any new recommendations in this area. The report does note additional Title II debt system corrective measures recently implemented by SSA. We also continue to implement accounting improvements to the Title XVI debt management systems, and have formed an intercomponent team to resolve all remaining Title XVI debt management weaknesses.

Report on Compliance With Laws and Regulations

Legal Requirements to Notify Beneficiaries of Due Process Rights

OIG Recommendation

We recommend that SSA, in consultation with the Office of the General Counsel, take such action as is necessary to rectify its continuing noncompliance with laws and regulations in this regard.

SSA Comment

As noted in the OIG report, we recently implemented a systems change to eliminate the continuance of the noncompliance problem and assure proper overpayment notification in the future. We, therefore, are not in continuing noncompliance with the applicable laws and regulations. With regard to notification of those members of the previously affected Title XVI population, we plan to investigate the relevant statutory requirements relating to due process rights notification, and the options available to the Agency to appropriately notify these individuals.

OIG Note

Material was deleted from SSA`s comments relating to information in the draft report which was changed in the final report.

Continuing Disability Reviews (CDR)

OIG indicates that SSA`s CDR mailer process is the right approach for addressing CDR case backlogs. OIG does not offer any new recommendations, and we have no additional comments on processing of the backlogs.

  Link to FirstGov.gov: U.S. Government portal Privacy Policy | Website Policies & Other Important Information | Site Map
Need Larger Text?
  Last reviewed or modified