Date:       November 22, 2006                                                                                      Refer To:
To:          The Commissioner
From:      Inspector General
Subject: Top Issues Facing Social Security Administration Management—Fiscal Year 2007

The Reports Consolidation Act of 2000 requires that we summarize for inclusion in the Social Security Administration’s (SSA) Performance and Accountability Report, our perspective on the most serious management and performance challenges facing SSA.  We have determined that the top management issues facing SSA in Fiscal Year 2007 are:  Social Security Number Protection; Management of the Disability Process; Improper Payments and Recovery of Overpayments; Internal Control Environment and Performance Measures; Systems Security and Critical Infrastructure Protection; and Service Delivery and Electronic Government.
These areas are dynamic, so we encourage continuous feedback and additional areas to evaluate.  Our summary of SSA’s progress in addressing these management issues will be included in the Agency’s Fiscal Year 2007 Performance and Accountability Report.
If you have any questions or need additional information, please call me or have your staff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.

Patrick P. O’Carroll, Jr.



The Reports Consolidation Act of 20001 requires that we summarize, for inclusion in the Social Security Administration’s (SSA) Performance and Accountability Report, our perspective on the most serious management and performance challenges facing SSA.  Since 1997, we have provided our perspective on these management challenges to Congress, SSA and other key decisionmakers.  In developing this year’s list, we considered


1  Pub. L. No. 106-531.


Finally, we prepared a crosswalk to ensure there was no disconnect or gap among those reviewing SSA’s programs and operations.


In Fiscal Year (FY) 2005, SSA issued approximately 18 million original and replacement Social Security number (SSN) cards, and received approximately $588 billion in employment taxes related to earnings under assigned SSNs.  Protecting the SSN and properly posting the earnings reported under SSNs are critical to ensuring eligible individuals entitled to benefits receive the full benefits due them.

Efforts to Protect the Social Security Number

The SSN has become a key to social, legal, and financial assimilation in this country.  Because the SSN is so heavily relied on as an identifier, it is also valuable as an illegal commodity.  Criminals improperly obtain SSNs by (1) presenting false documentation; (2) stealing another person’s SSN; (3) purchasing an SSN; (4) using the SSN of a deceased individual; or (5) contriving an SSN by selecting any nine digits.

To improve controls in its enumeration process, SSA verifies all immigration documents before assigning SSNs to noncitizens.  SSA also requires mandatory interviews for all applicants age 12 or older (lowered from age 18) who request an SSN.  In addition, SSA has established Enumeration Centers in Brooklyn and Queens, New York, and Las Vegas, Nevada, that focus exclusively on assigning SSNs and issuing SSN cards—and it has plans to open several more, as resources permit.  Finally, in FY 2005, SSA implemented new systems enhancements by requiring field office use of software called the SS-5 Assistant.  This program has simplified the interpretation of, and compliance with, SSA’s complex enumeration policies and, unlike the traditional process, will not process an SSN request unless SSA staff obtains and enters all of the applicant’s required information. 

In addition to these improvements, SSA has implemented several enhancements that will better ensure SSN protection.  These endeavors were required by the Intelligence Reform and Terrorism Prevention Act of 2004 and include

We applaud the Agency for these efforts and believe it has made significant strides in providing greater protection for the SSN.  Nevertheless, incidences of SSN misuse continue to occur.  To further protect SSN integrity, we believe SSA should

The Social Security Number and Reported Earnings

Properly posting earnings ensures eligible individuals receive the full retirement, survivor and/or disability benefits due them.  If earnings information is reported incorrectly or not reported at all, SSA cannot ensure all individuals entitled to benefits are receiving the correct payment amounts.  In addition, SSA’s programs depend on earnings information to determine whether an individual is eligible for benefits and calculate the amount of benefit payments.

SSA must use its limited resources to resolve incorrect earnings data reported by employers.  The Earnings Suspense File (ESF) is the Agency’s record of annual wage reports for which wage earners’ names and SSNs fail to match SSA’s records.  As of October 2005, the ESF had accumulated about $520 billion in wages and 255 million wage items for Tax Years (TY) 1937 through 2003.  For TY 2003, SSA posted approximately 8.8 million wage items, representing about $58 billion in wages. 
While SSA has limited control over the factors that cause erroneous wage reports submitted each year, there are still areas where the Agency can improve its processes.  SSA can improve wage reporting by educating employers on reporting criteria, identifying and resolving employer reporting problems, and encouraging greater use of the Agency’s SSN verification programs.  SSA also needs to coordinate with other Federal agencies with separate, yet related, mandates.  For example, the Agency works with the Internal Revenue Service to achieve more accurate wage reporting.  We have also encouraged greater collaboration with DHS on some of these employer issues.

SSA has taken steps to reduce the size and growth of the ESF.  For example, in June 2005, SSA expanded its voluntary Social Security Number Verification Service (SSNVS) to all interested employers nationwide.  SSNVS allows employers to verify the names and SSNs of employees before reporting their wages to SSA.  SSA also participates in the Basic Pilot program with DHS, which verifies the names and SSNs of employees as well as their citizenship and authorization to work in the United States.  In December 2004, the Basic Pilot program was made available to employers nationwide.

The Agency is modifying the information it shares with employers.  Under the Intelligence Reform and Terrorism Prevention Act of 2004, SSA is required to add both death and fraud indicators to the SSN verification systems for employers, State agencies issuing drivers’ licenses and identity cards, and other verification routines, as determined appropriate by the Commissioner of Social Security.
The Social Security Number and Unauthorized Work

SSA assigns nonwork SSNs to noncitizens who are (1) legally in the United States without authorization to work and are entitled to a State or local general assistance benefit that, by law, requires an SSN or (2) entitled to federally financed benefits that, by law, require an SSN.  In either case, the noncitizen must meet all requirements for the benefit other than having an SSN.  SSA tracks earnings reported under a nonwork SSN and reports this information to DHS. 

Nonetheless, our audits have noted several issues related to nonwork SSNs, including the (1) type of evidence provided to obtain a nonwork SSN, (2) reliability of nonwork SSN information in SSA’s records, (3) significant volume of wages reported under nonwork SSNs, and (4) payment of benefits to noncitizens who qualified for their benefits, in part, as a result of unauthorized work in the United States. 

In March 2004, Congress placed new restrictions on the receipt of SSA benefits by noncitizens who are not authorized to work in the United States.  Under the Social Security Protection Act of 2004, if a noncitizen worker was first assigned an SSN on or after January 1, 2004, Title II benefits are precluded based on his/her earnings unless the noncitizen was ever assigned an SSN for work purposes or admitted to the United States as a visitor for business or as an alien crewman.  SSA’s implementation of this new law will require increased coordination with DHS to ensure SSA has the correct work status information in its records. 


SSA administers the Disability Insurance (DI) and Supplemental Security Income (SSI) programs, which provide benefits based on disability.  Most disability claims are initially processed through a network of Social Security field offices and State Disability Determination Services (DDS).  SSA representatives in the field offices are responsible for obtaining applications for disability benefits, disability report forms and authorization for disclosure of information forms as well as verifying non-medical eligibility requirements, which may include age, employment, marital status, or Social Security coverage information.  After initial processing, the field office sends the case to a DDS to develop medical evidence and evaluate the disability. 

Once SSA establishes an individual is eligible for disability benefits under either the DI or SSI program (or both), the Agency turns its efforts toward ensuring the individual continues receiving benefits only as long as SSA’s eligibility criteria are met.  For example, a continuing disability review (CDR) may show the individual no longer meets SSA’s disability criteria or has demonstrated medical improvement.

If an individual disagrees with the Agency’s decision on his/her claim or CDR, the claimant can appeal to SSA’s Office of Disability Adjudication and Review (ODAR).  ODAR’s field structure consists of 10 regional and 140 hearing offices.  ODAR’s administrative law judges (ALJ) hold hearings and issue decisions.  In FY 2005, hearing offices processed 519,359 cases.  ODAR’s average processing time has increased significantly from 308 days in FY 2001 to 443 days in FY 2005.  Further, the pending workload was 708,164 cases on September 30, 2005, whereas it was 392,387 cases on September 30, 2001.  Within ODAR, we have focused our attention on issues such as the backlog of cases, case management procedures, safeguards for sensitive information in case files, and physical security at ODAR hearing sites. 

GAO added modernizing Federal disability programs—including SSA’s—to its 2003 high-risk list due, in part, to outmoded concepts of disability, lengthy processing times, and decisional inconsistencies.  To address improvements needed in SSA’s disability programs, on March 28, 2006, the Commissioner of Social Security presented the final rule establishing a new disability determination process that was published in the Federal Register.  The final rule provides for the following.

In addition to the Commissioner’s improvements, the Agency is transitioning to the electronic disability folder.  The electronic disability folder will allow for disability claims information to be stored and transmitted electronically among field offices, DDSs, the Office of Quality Performance, and ODAR.

SSA is working to ensure individuals with disabilities who want to work have the opportunity to do so.  The Comprehensive Work Opportunity Initiative represents the Agency’s overarching strategy to assist individuals with disabilities in attaining economic self-sufficiency and breaking through potential barriers to employment.  The Ticket to Work program, which provides beneficiaries with disabilities expanded options for access to employment, vocational rehabilitation, and other support services to help them work, is one element of SSA’s Comprehensive Work Opportunity Initiative.

Disability Fraud

Fraud is an inherent risk in SSA’s disability programs.  Some unscrupulous people view SSA’s disability benefits as money waiting to be taken.  A key risk factor in the disability program is individuals who feign or exaggerate symptoms to become eligible for disability benefits.  Another key risk factor is the monitoring of medical improvements for disabled individuals to ensure those individuals who are no longer disabled are removed from the disability rolls.

We are working with SSA to address the integrity of the disability programs through the Cooperative Disability Investigation program.  The Cooperative Disability Investigation program’s mission is to obtain evidence that can resolve questions of fraud in SSA’s disability programs.  The Cooperative Disability Investigation program is managed in a cooperative effort between SSA’s Office of Operations, the Office of the Inspector General (OIG), and the Office of Disability Programs.  There are 19 Cooperative Disability Investigation units operating in 17 States.  In FY 2005, the Cooperative Disability Investigation units saved SSA almost $124 million by identifying fraud and abuse related to initial and continuing claims in the disability program. 


In FY 2005, SSA issued about $550 billion in benefit payments to about 52 million people.  Improper payments are defined as any payment that should not have been made or was made in an incorrect amount.  Examples of improper payments include inadvertent errors, payments for unsupported or inadequately supported claims, or payments to ineligible beneficiaries.  Furthermore, the risk of improper payments increases in programs with a significant volume of transactions, complex criteria for computing payments, and an overemphasis on expediting payments. 

SSA and the OIG have discussed such issues as detected versus undetected improper payments and avoidable versus unavoidable overpayments that are outside the Agency's control and a cost of doing business.  OMB issued specific guidance to SSA to only include avoidable overpayments in its improper payment estimate because those payments can be reduced through changes in administrative actions.  Unavoidable overpayments that result from legal or policy requirements are not to be included in SSA’s improper payment estimate.

The President and Congress have expressed interest in measuring the universe of improper payments in the Government.  In August 2001, OMB published the PMA, which included a Government-wide initiative for improving financial performance, including reducing improper payments.  The Improper Payments Information Act of 2002 was enacted in November 2002, and OMB issued guidance in May 2003 on implementing this law.  Under the Improper Payments Information Act of 2002, SSA must estimate its annual amount of improper payments and report this information in its annual Performance and Accountability Report.  OMB will then work with SSA to establish goals for reducing improper payments in its programs. 

SSA issues billions of dollars in benefit payments under the Old-Age, Survivors and Disability Insurance (OASDI) and SSI programs—and some improper payments are unavoidable.  Since SSA is responsible for issuing timely benefit payments for complex entitlement programs to millions of people, even the slightest error in the overall process can result in millions of dollars in over- or underpayments.  In FY 2005, SSA reported that it detected over $4.2 billion in overpayments.  SSA also noted in its Performance and Accountability Report for FY 2005 that it recovered over $2 billion in overpayments. 

In January 2005, OMB issued a report Improving the Accuracy and Integrity of Federal Payments that noted that seven Federal programs—including SSA’s OASDI and SSI programs—accounted for approximately 95 percent of the improper payments in FY 2004.  However, this report also noted that SSA had reduced the amount of SSI improper payments by over $100 million since levels reported in FY 2003.

SSA has been working to improve its ability to prevent over- and underpayments by obtaining beneficiary information from independent sources sooner and using technology more effectively.  For example, the Agency is continuing its efforts to prevent payments after a beneficiary dies through Electronic Death Registration information.  Also, the Agency’s CDR process is in place to identify and prevent beneficiaries who are no longer disabled from receiving payments.  Additionally, in FY 2005, SSA implemented eWork—a new automated system to control and process work-related CDRs—which should strengthen SSA’s ability to identify and prevent improper payments to disabled beneficiaries. 

In April 2006, we issued a report on overpayments in SSA’s disability programs where we estimated that SSA had not detected about $3.2 billion in overpayments for the period October 2003 through November 2005 as a result of conditions that existed as of October 2003 or earlier.  We also estimated that SSA paid about $2.1 billion in benefits annually to potentially ineligible beneficiaries.  We will continue to work with SSA to identify and address improper payments in its programs.  SSA has taken action to prevent and recover improper payments based on several OIG reviews. 

We have helped the Agency reduce improper payments to prisoners and improper SSI payments to fugitive felons.  However, our work has shown that improper payments—such as those related to workers’ compensation—continue to occur. 


Sound management of public programs includes effective internal control and performance measurement.  Internal control comprises the plans, methods, and procedures used to meet missions, goals, and objectives.  SSA’s management is responsible for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.  Similarly, SSA management is responsible for determining, through performance measurement and systematic analysis, whether the programs it manages achieve intended objectives. 

OMB Circular A-123 requires that the Agency and its managers take systematic and proactive measures to develop and implement appropriate, cost-effective internal control for results-oriented management.  One of the main work processes SSA manages is the development of disability claims under the DI and SSI programs.  Accordingly, SSA management is responsible for establishing appropriate controls over this process.  Disability determinations under DI and SSI are performed by DDSs in each State in accordance with Federal regulations.  Each DDS is responsible for determining claimants’ disabilities and ensuring adequate evidence is available to support its determinations.  SSA reimburses the DDS for 100 percent of allowable expenditures up to its approved funding authorization. 
From FY 2000 through May 2006, we conducted 46 DDS administrative cost audits, identifying over $82 million in questioned costs and/or funds that could be put to better use.  In 25 of the 46 audits, we identified internal control weaknesses.  For example, we reported that improvements were needed to ensure Federal funds were properly drawn and payments to medical providers were in accordance with Federal regulations.  The lack of effective internal controls can result in the mismanagement of Federal resources and increase the risk of fraud.  We will conduct multiple audits of State DDSs in FY 2007 to ensure the costs claimed by the DDSs are allowable and the DDSs have proper internal controls over the accounting and reporting of the administrative costs SSA reimburses. 

Another area that requires sound management and effective internal controls is the selection and oversight of contractors that assist the Agency in meeting its mission.  Contracting is increasingly seen as an effective way to support Federal agencies in managing increasing workloads with diminished levels of staff.  The volume of Federal contract spending—$328 billion in FY 2004, up 87 percent from FY 1997—demonstrates the importance of developing and managing Federal contracts in ways that will ensure the best contract outcomes and the best return on the taxpayers’ dollars.  In FY 2005, SSA spent over $848 million on contracts.  We will review multiple contracts in FY 2007 to ensure SSA is getting the services it is paying for and that SSA has proper internal controls in place to ensure effective oversight of contractors. 

The Government Performance and Results Act requires that SSA develop multi-year strategic and annual performance plans that establish the Agency’s strategic and annual performance goals.  The performance plans also contain the Agency’s annual performance measures used to determine whether SSA is achieving its goals.  In addition to legislation calling for greater accountability in the Government, the PMA has focused on the integration of the budget and performance measurement processes.  The PMA calls for agencies to identify high quality outcome measures, accurately monitor programs’ performance, and integrate this presentation with associated costs.  Also, SSA managers, Congress, external interested parties, and the general public need sound data to monitor and evaluate SSA’s performance.  In FY 2007, we will continue to assess the reliability of SSA’s performance data and the meaningfulness of SSA’s performance measures to ensure that SSA has the information needed to effectively manage its programs and track progress towards meeting its goals. 


The vulnerability of critical infrastructures and the unique risks associated with networked computing have been recognized for some time.  In a global information society, where information routinely travels through cyberspace, the importance of security is widely accepted.  In addition, information and the infrastructures that deliver the information are pervasive throughout organizations—from the user's platform to local and wide area networks to servers to mainframe computers.  The growth in computer interconnectivity brings a heightened risk of the disruption of the operation of critical information systems and exposure of sensitive data.  The Government must continually strive to secure information systems and the data contained therein. 

SSA’s information security challenge is to understand and mitigate system vulnerabilities.  At SSA, this means ensuring the security of its critical information infrastructure and sensitive data.  A recent incidence of the massive loss of personal information by a Federal agency demonstrates the importance of data security.  The public will be reluctant to use electronic access to SSA services if it does not believe its systems and data are secure.  Without due diligence, sensitive information can become available to those who should not have it and may use it for personal gain.  To address increasing workloads and a changing work environment, SSA constantly introduces new technologies, such as IPv6 and Voice Over Internet Protocol.  New technology often brings advantages but also security challenges.  The Agency needs to understand and address potential risks before such technology is implemented.

SSA addresses critical information infrastructure and systems security in a variety of ways.  For example, it has created a Critical Infrastructure Protection work group that works toward compliance with various directives, such as the Homeland Security Presidential Directives (HSPD) and the Federal Information Security Management Act of 2002 (FISMA).  SSA routinely releases security advisories to its employees and has hired contractors to provide expertise in assessing and addressing security vulnerabilities.  In addition, SSA plans to minimize the risks associated with a single, national computing facility by acquiring a second fully functional, co-processing data center.

HSPD 12 mandates the development of a common identification standard for all Federal employees and contractors.  Federal Information Processing Standard 201, Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12.  The Agency created a work group that coordinates with other agencies and OMB to address HSPD 12.  SSA expects to meet the October 27, 2006 date for compliance with PIV I, which addresses the verification of suitability of Federal employees and contractors, and is making progress on PIV II, which addresses the technical aspects of implementing HSPD 12.  The Agency has 2 years to become fully compliant.  We plan to evaluate SSA’s efforts to comply with HSPD 12.

Under FISMA, we annually evaluate SSA’s security program.  FISMA requires that Agencies institute a sound information security program and framework.  Since FISMA’s inception, we have worked with the Agency to ensure prompt resolution of security issues.  The House Government Reform Committee rated the Agency “A+” in 2005 on computer security based on its compliance with FISMA.
We continuously monitor the Agency’s efforts to protect its valuable information as well as its implementation of new technology, such as IPv6 and Voice Over Internet Protocol to ensure its information security program is operating effectively.


One of SSA’s goals is to deliver high-quality, “citizen-centered” service.  This goal encompasses traditional and electronic services to applicants for benefits, beneficiaries and the general public.  It includes services to and from States, other agencies, third parties, employers, and other organizations, including financial institutions and medical providers. 
This area includes the challenges of the Medicare Prescription Drug Program, Representative Payee Process, Electronic Government and Managing Human Capital.

Medicare Prescription Drug Program

The Medicare Prescription Drug, Improvement and Modernization Act of 2003 requires that SSA undertake several Medicare-related responsibilities.  This includes making low-income subsidy determinations, notifying individuals of the availability of these subsidies, and withholding premiums from monthly benefits for eligible beneficiaries who request such an arrangement.  By April 30, 2006, SSA had rendered over 3.9 million subsidy eligibility decisions. 

Representative Payee Process

When SSA determines a beneficiary cannot manage his or her benefits, it selects a representative payee who must use the payments for the beneficiary’s needs.  SSA has reported there are about 5.3 million representative payees who manage benefit payments for approximately 7 million beneficiaries.  While representative payees provide a valuable service for beneficiaries, SSA must provide appropriate safeguards to ensure they meet their responsibilities to the beneficiaries they serve. 
Our audits have identified

The Social Security Protection Act of 2004 provides several new safeguards for those individuals who need a representative payee.  In addition, it presents significant challenges to SSA to ensure representative payees meet beneficiaries’ needs.  For example, it requires that SSA conduct periodic on-site reviews of representative payees and a statistically valid survey to determine how payments made to representative payees are used.  It also authorizes SSA to impose civil monetary penalties for offenses involving misuse of benefits received by a representative payee. 

Electronic Government

E-Government has changed the way Government operates and the way citizens relate to Government.  Within the next
5 years, SSA expects to provide cost-effective, e-Government services to citizens, businesses and other government agencies that will allow them to easily and securely conduct most of their business with SSA electronically.  SSA has five goals to support this vision.

SSA’s e-Government strategy is based on the deployment of high-volume, high-payoff applications, for both the public and the Agency’s business partners.  To meet increasing public demands, SSA has pursued a portfolio of services that include on-line and voice-enabled telephone transactions to increase opportunities for the public to conduct SSA business electronically in a private and secure environment.  As of June 30, 2006, SSA had scored “green” for “Current Status” and “red” for “Progress in Implementing the President’s Management Agenda” on the Executive Branch Management Scorecard.

Managing Human Capital

SSA, like many other Federal agencies, is being challenged to address its human capital shortfalls.  As of February 2005, GAO continued to identify strategic human capital management on its list of high-risk Federal programs and operations.  GAO initially identified human capital management as high-risk in January 2001.  In addition, Strategic Management of Human Capital is one of five Government-wide initiatives contained in the PMA. 

By the end of 2012, SSA projects its DI rolls will increase by 35 percent.  Further, by FY 2015, 54 percent of current SSA employees will be eligible to retire.  This retirement wave will result in a loss of institutional knowledge that will affect SSA’s ability to deliver quality service to the public.  Along with the workload increase, the incredible pace of technological change will have a profound impact on both the public’s expectations and SSA’s ability to meet those expectations. 
The critical loss of institutional skills and knowledge, combined with greatly increased workloads at a time when the baby-boom generation will require its services must be addressed by succession planning, strong recruitment efforts, and the effective use of technology.  As of June 30, 2006, SSA had maintained “green” in “Current Status” and “Progress in Implementing the President’s Management Agenda” in Human Capital on the Executive Branch Management Scorecard.  The scorecard tracks how well the departments and major agencies are executing the five Government-wide management initiatives.