Skip to content
Social Security Online
Office of the Inspector General
OIG Seal image
Blank Spacer Image

Audit Report - A-04-96-44001


Office of Audit

Follow-Up Review of Internal Controls over the Modernized Enumeration System (A-04-96-44001) 3/5/98 

This final report presents the results of our follow-up review of internal controls over the Modernized Enumeration System (MES) (A-04-96-44001). The objective of our review was to evaluate the Social Security Administration’s (SSA) progress in implementing corrective actions recommended in an April 1993 audit report issued by the Department of Health and Human Services (HHS), Office of Inspector General (OIG), entitled Audit of the System of Internal Controls for the Modernized Enumeration System (A-13-90-00045).

In its report, HHS/OIG acknowledged that automated controls within MES provide reasonable assurance that information entered is generally processed in an accurate and timely manner. Nonetheless, HHS/OIG found that SSA’s field offices (FO) lacked sufficient controls to prevent or detect fraud, errors, and misuse in the Social Security number (SSN) application process. Additionally, the report asserted that FOs needed to improve their procedures for resolving system-generated error messages.

To address the results of its review, HHS/OIG made five recommendations for corrective action with which SSA generally agreed. During our follow-up review, we examined the status of SSA’s planned actions. Our review revealed that SSA had fully implemented one recommendation (number 4) and had planned to complete implementation of three others (numbers 1, 3, and 5) in August 1997. However, SSA will not fully execute corrective action for recommendation number 2 until 1998 or later. In its response to the HHS/OIG report, SSA generally agreed with the final recommendation regarding Immigration and Naturalization Service’s (INS) verification of alien work status, but suggested that the OIG revisit the issue of INS enumeration in 1995.

Subsequent to the completion of our review, SSA informed us that on August 25, 1997, it implemented the largest software release in its history, including the above MES recommendations (numbers 1, 3, and 5).

In summary, SSA has initiated the following actions to strengthen controls over the enumeration process at its FOs: 1) revised FO procedures for processing applications submitted by United States (U.S.) born individuals age 18 or older, 2) increased the FOs’ access to the INS Systematic Alien Verification for Entitlements (SAVE) system, 3) established a system edit for enumeration feedback messages (EFM) vulnerable to erroneous SSN assignment, 4) revised SSA procedures for the resolution of EFMs that indicate an applicant is identified as deceased in Agency records, and 5) established an MES clearance screen to prevent the unauthorized issuance of a replacement card to an applicant who is annotated as deceased in SSA’s records. More detailed information regarding these corrective actions is contained in the body of this report.

Back to top

INTRODUCTION

The most vital element of our Nation’s Social Security system is the SSN. Because the public’s lifetime earnings are catalogued using the SSN as an identifier, accuracy and integrity in the enumeration process is essential. Enumeration refers to SSA’s process for assigning SSNs and issuing original and replacement Social Security cards. Enumeration is sometimes broadly interpreted to include SSN verification activities which include verification of SSNs for employers and other government agencies. Since the Social Security program was enacted in 1935, SSA has assigned approximately 415 million SSNs. During 1996, SSA assigned about 5.6 million new SSNs and issued another 10.3 million replacement cards. The magnitude of the enumeration area and the importance placed on the SSN in today’s society to obtain Government benefits and services requires that SSA have tight controls in place to prevent fraud and error.

MES assigns SSNs and sends Social Security cards to individuals for whom applications are processed. SSNs are used by SSA as identifiers to record earnings information, and by SSA and other Federal and State agencies as authorized by Federal law to administer their programs.

One FO supervisor estimated that about half of all FO time is spent processing applications for original and replacement cards. Newly established SSN records and changes to existing SSN records are maintained on an Alpha Index file and a Numident file. The Alpha file contains the names and SSNs of all SSN holders in alphabetical order, while the Numident file contains the information in numerical sequence. Numident data is sent weekly to the Internal Revenue Service for use in their matching operations. Additionally, SSNs are provided to States for use in administering their welfare and birth certificate issuance programs.

Before assigning an individual an SSN, MES screens existing records based on data entered from the application to determine whether a number has already been assigned to the individual. This screening process attempts to prevent the assignment of multiple SSNs to the same individual. MES performs this search using the Alpha Index file. MES also processes data changes to existing SSN records when those changes are supported by an application with proper evidence supporting the changes. For example, SSA uses MES to issue corrected SSN cards for name changes. An applicant for a corrected card must submit evidence of identity in the most recent name on SSA’s records, as well as evidence of identity in the new name.

Back to top

SCOPE

Our review was performed in accordance with generally accepted government auditing standards. Our objective was to evaluate SSA`s progress in implementing the recommendations resulting from HHS/OIG`s report entitled, Audit of the System of Internal Controls for the Modernized Enumeration System, issued in April 1993.

To accomplish our objective, we performed the following audit steps:

  • reviewed policies and procedures regarding MES and the SSN application process, which SSA outlined in the Program Operations Manual System (POMS) and the Modernized Systems Operations Manual;
  • examined SSA`s "Description of the Functional Requirements for MES" and other information contained in the Integrated Client Data System, release 2; and
  • discussed with SSA Headquarters and FO supervisory and staff personnel MES initiatives and the enumeration process.

We reviewed the internal controls necessary to meet our objective. Audit work was performed at SSA Headquarters in Baltimore, Maryland and the Southeastern Program Service Center and the District Office in Birmingham, Alabama. Our field work began in January 1997 and was completed in March 1997.

RESULTS OF REVIEW

In response to an HHS/OIG report issued in April 1993 and entitled Audit of the System of Internal Controls for the Modernized Enumeration System, SSA has fully implemented four of the recommended corrective actions and partially implemented the remaining recommendation. However, the final corrective action, which involves coordinating and interfacing with INS is not expected to be complete until 1998 or later. We support the systemic changes proposed by HHS/OIG and encourage SSA management to continue in their efforts to strengthen these and other controls within the enumeration process.

In general, the HHS/OIG report acknowledged that automated controls within MES provide reasonable assurance that information entered into the system is processed in an accurate and timely manner. However, the auditors reported that SSA FOs lacked sufficient controls to prevent or detect fraud, error, and misuse in the SSN application process. Specifically, HHS/OIG cited weaknesses in FOs’ separation of duties, detection controls, and compliance with established procedures. The auditors also asserted that FOs needed to improve their procedures for resolving system-generated error messages.

To determine the effect of these weaknesses, HHS/OIG reviewed 1) SSNs assigned to applicants age 18 and over (U.S. and foreign born) and 2) enumeration feedback messages (EFM). In 1993, as a result of their testing, the auditors made the following recommendations to strengthen controls over the enumeration process.

1. SSA should revise procedures for U.S. born applicants age 18 years or older to include management or management designee review of the applications and then authorization for the assignment of an original SSN by input of the reviewer`s personal identification number (PIN) to complete the transaction.

2. SSA should negotiate with INS to certify work eligibility of aliens applying for new SSNs.

3. SSA should establish an MES system edit for those EFMs that are vulnerable to erroneous SSN assignment. The edit should require a management or management designee review of EFM resolutions to ensure the proper action is taken and that the action will not result in an incorrectly assigned SSN. MES should require input of the reviewer`s PIN before the application can be processed.

4. SSA should revise its Modernized System Operations Manual procedures for the resolution of the EFM titled "SSA Record Shows Number Holder Deceased" to refer FO users to POMS section GN 00304.100.B for resolving potentially inaccurate death data.

5. SSA should establish an MES system edit to prevent the issuance of a replacement SSN card without the deletion of the death record from the Numident file. Deletion of the death record should only be done by management authorization through input of the authorizer’s PIN.

SSA implemented recommendation number 4 in March 1993, before the HHS/OIG report was issued in its final form. Accordingly, we did not review the implementation of this corrective action during our follow-up audit. However, the remainder of our report addresses SSAs implementation of recommendations 1, 2, 3, and 5.

Back to top

U.S. BORN APPLICANTS 18 YEARS AND OLDER

Any individual wishing to obtain an SSN is required to submit a signed Form SS-5, Application for a Social Security Card, to SSA and provide evidence of: 1) U.S. citizenship or lawful alien status, 2) identity, and 3) age. Applications for individuals under the age of 18 may be submitted by mail or in person. However, current SSA regulations mandate that any applicant who is age 18 or over must submit to an in-person interview with SSA personnel. This requirement is necessary regardless of whether the applicant is U.S. or foreign born.

In its report, HHS/OIG asserted that the SSN application process for individuals 18 or over was vulnerable to fraud, errors, and misuse. The auditors’ conclusions resulted from tests performed on 237 applications submitted by U.S. and foreign born individuals age 18 or over. In summary, HHS/OIG found that FOs lacked proper separation of duties and integrity reviews for these applications. Additionally, the auditors reported that FO employees did not always follow required procedures while conducting the in-person interviews. For example, FO employees did not always verify through documentation or third-party contacts the applicant’s allegation as to why he or she had never applied for an SSN. As such, the auditors recommended that SSA require FO managers, or their designees, to review all applications submitted by U.S. born individuals who are 18 or over. Further, they recommended that managers authorize their approval of the application by entering their PIN to MES when completing the transaction.

Our follow-up audit revealed that SSA had taken steps to address weaknesses noted by HHS/OIG. SSN applications for U.S. born individuals 18 or over are only processed using the on-line interview mode. SSA developed a new screen within MES containing questions that the FO employee should ask the applicant to ensure that he or she has never before applied for an SSN. Also, the screen used to process applications for U.S. born individuals 18 years and older has been edited to print the message "OPERATIONS SUPERVISOR OR ABOVE IS REQUIRED TO CLEAR THIS APPLICATION." When MES presents this message, the application will not "clear" or process unless a second PIN assigned to a member of management or a management designee has also been entered into the system. Subsequent to the completion of our review, SSA informed us that full implementation of these changes was accomplished on August 25, 1997.

INS CERTIFICATION OF ALIENS’ WORK ELIGIBILITY STATUS

During its audit, HHS/OIG determined that controls within the enumeration process were not sufficient to preclude the assignment of SSNs to aliens not authorized to work in the U.S. Aliens who require SSNs must apply for the card at an SSA FO and must present documentary evidence of age, identity, lawful alien status, and work authorization, if applicable. However, as reported by HHS/OIG and as acknowledged by SSA, the practice of counterfeiting INS documents is widespread in the U.S. As a result, SSA employees must be familiar with a variety of INS documents and determine whether those presented are valid.

HHS/OIG’s audit report recognized SSA’s efforts to more thoroughly verify alien status by gaining access to the INS "Alien Status Verification Index" data base. This data base is part of INS’ SAVE program and allows FOs to verify INS documents presented by aliens during the SSN application process. Nevertheless, HHS/OIG reported that, although the SAVE program was more effective than previous verification procedures, INS had a significant time lag in annotating information to the system. For example, information on aliens who enter the U.S. may not be annotated to the SAVE program for up to 60 days after entry. Accordingly, HHS/OIG recommended SSA negotiate with INS to certify the work eligibility status of aliens applying for new SSNs.

SSA generally agreed with the report recommendation; however, SSA suggested that OIG revisit the issue of INS enumeration in 1995. Specifically, the Agency stated that, although INS’ operating circumstances prevented it from accepting additional workloads at that time, future initiatives called for the possibility that INS may assist SSA by enumerating aliens.

Since 1995, we have been monitoring SSA’s progress, and this follow-up review reveals that the Agency has made strides in negotiating with INS and the Department of State (State) to gather enumeration data. In fact, SSA recently proposed a major regulation that would provide authorization for elements of State and INS to obtain, as a part of the immigration process, enumeration information for SSA to assign SSNs to aliens. The State would collect enumeration data as part of the immigrant visa process. INS would electronically forward enumeration data for these aliens to SSA after they enter the U.S. By having State and INS collect and forward this information, SSA asserts that it will reduce the potential of inadvertently accepting inappropriate or counterfeit documents, thus improving the integrity of the enumeration process. Additionally, SSA representatives have stated that this process will eliminate duplicate collection of data already collected by State and INS for immigration purposes, thereby providing overall Government efficiency.

We are encouraged by SSA’s efforts to transfer the responsibility of alien documentation verification to State and INS. We agree with SSA’s assertions that this process would reduce the number of SSNs erroneously assigned to aliens and would enable the Agency to meet its goal of world-class service. Additionally, as shown in the following table, we estimate that more than one million applications could be eliminated from the FO workload when State and INS systems are in place and capturing SSN enumeration data.

Back to top

Table: Estimate of SSN Applications Eliminated From FO Workload

Category

Original

Replacement

Total

Immigrants

400,000

100,000

500,000

Aliens Issued Employment Authorization

375,000

25,000

400,000

Aliens Adjusting Status to Permanent Residence

0

350,000

350,000

Source: OIG analysis of SSA Tactical Plan Profile-Initiative Profile & Schedule, dated 2/96.

SSA management does not anticipate that this recommendation will be fully implemented until 1998 or later. As such, we will continue to monitor the Agency’s progress toward implementing this initiative during future audit assignments.

OVERSIGHT FOR RESOLUTION OF ENUMERATION FEEDBACK MESSAGES

During the processing of an SSN application, MES sends an EFM when an application requires further development. EFMs typically occur when information transmitted through MES conflicts with data previously established in SSA’s records. For example, MES issues an EFM if it detects that an individual has applied for multiple SSNs. Additionally, if an individual presents an incorrect SSN when applying for a replacement card and the SSN actually belongs to another individual, MES issues an EFM for the FO to resolve.

In its report, HHS/OIG concluded that FO controls are inadequate to ensure that EFM resolutions are appropriate. Specifically, the auditors found that because FOs have the ability to override EFMs, inappropriate or incorrect SSNs were assigned. Accordingly, HHS/OIG recommended that SSA establish an MES edit for those EFMs vulnerable to erroneous SSN assignment. HHS/OIG suggested that the edit require management or management designee review of EFM resolutions to ensure that the appropriate action is taken. Further, the report recommended that MES require input of the reviewer’s PIN before the application can be processed.

SSA concurred with the recommendation and stated that it would develop an automated data processing (ADP) plan that produces a system edit for those EFMs deemed vulnerable to erroneous SSN assignment and allows input of a reviewer’s PIN to complete the resolution process. During our follow-up review, we determined that SSA had identified five vulnerable EFM indicators. These messages pertain to verification problems, suspect or fraudulent documentation, and records with other special indicators. Additionally, SSA made improvements in the MES screen for processing the EFM resolution. Specifically, the screen now displays the following message for those EFMs defined by the agency as vulnerable: "OPERATIONS SUPERVISOR OR ABOVE IS REQUIRED TO CLEAR THIS APPLICATION." MES will not allow the application to "clear" or process unless a second PIN assigned to a member of management or a management designee has also been entered into the system. Subsequent to the completion of our review, SSA informed us that SSA’s corrective action was fully operational on August 25, 1997.

DELETION OF DEATH DATA FROM THE NUMIDENT

Information submitted by SSN applicants may be entered into MES in two ways. First, the FO may enter application information using the on-line interview mode, whereby SSA employees enter the data directly into MES as the applicant supplies it. Secondly, the FO may use the batch mode in which data is entered into the system without the presence of the applicant based on a Form SS-5 submitted either in person or through the mail. If MES detects conflicting or similar information on its existing data base records while in the interview mode, MES will not let the FO employee complete processing of the application until the discrepancy is resolved. For example, if MES finds that an applicant’s current record contains a death indicator, the system awaits resolution of this item before proceeding to accept the application. However, HHS/OIG reported that, as with other EFMs, the feedback message could be overridden by FO personnel and an SSN card issued.

In its report, HHS/OIG recommended that SSA establish another MES edit to prevent the issuance of a replacement SSN card without deletion of the death record from the Numident file. Additionally, the recommendation specified that the deletion of death records should only be done by management authorization through input of the authorizer’s PIN. SSA concurred with the recommendation and stated that it would issue an ADP plan to address the system edit.

Based on our review, we found that SSA had established the recommended MES edit. Specifically, a new screen has been added to MES that will alert FO employees that an applicant’s SSN record contains a death indicator. Additionally, a message appears on the screen stating the following: "OPERATIONS SUPERVISOR OR ABOVE IS REQUIRED TO CLEAR THIS APPLICATION." This message will not allow the application to "clear" or process unless a second PIN assigned to a member of management or a management designee has also been entered into the system. However, if an application is being entered to MES in the batch mode, processing of the application does not have to be cleared by an Operations Supervisor or above. Instead, SSA relies on an EFM to be generated and printed in the FO for resolution the following business day. The EFM requires a management PIN for resolution. Again, SSA’s corrective action was fully implemented on August 25, 1997.

Back to top

CONCLUSIONS

In summary, SSA has completed or is in the process of implementing all recommendations made in HHS/OIG’s April 1993 report. We commend SSA for its efforts in executing these corrective actions and strengthening the controls within the enumeration process. As such, at this time, we are not making any further recommendations. We do, however, plan to perform other audits in which we will further examine controls within the enumeration process.

Agency Comments

SSA agreed with our conclusions and made several technical comments that have been reflected in the report.  

APPENDICES 

  APPENDIX B

MAJOR REPORT CONTRIBUTORS

 Office of the Inspector General
Gary Kramer, Director, Program Audits (East)
Betty Alexander, Deputy Director, Enumeration
Ellen Justice, Auditor

  Link to FirstGov.gov: U.S. Government portal Privacy Policy | Website Policies & Other Important Information | Site Map
Need Larger Text?
  Last reviewed or modified