A-03-06-36122 - Alternate Format

CONGRESSIONAL RESPONSE REPORT

Monitoring the Use of
Employee Verification Programs

A-03-06-36122

September 2006

Mission

By conducting independent and objective audits, evaluations and investigations, we inspire public confidence in the integrity and security of SSA's programs and operations and protect them against fraud, waste and abuse. We provide timely, useful and reliable information and advice to Administration officials, Congress and the public.

Authority

The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:

Conduct and supervise independent and objective audits and investigations relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems in agency programs and operations.

To ensure objectivity, the IG Act empowers the IG with:

Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.

Vision

We strive for continual improvement in SSA's programs, operations and management by proactively seeking new ways to prevent and deter fraud, waste and abuse. We commit to integrity and excellence by supporting an environment that provides a valuable public service while encouraging employee development and retention and fostering diversity and innovation.

September 26, 2006

The Honorable Jim McCrery
Chairman, Subcommittee on Social Security
Committee on Ways and Means
House of Representatives
Washington, D.C. 20515

Dear Mr. McCrery:

I am pleased to provide you with the enclosed report addressing your April 7, 2006 letter requesting information related to the employee verification programs administered by the Social Security Administration (SSA) and the Department of Homeland Security (DHS). This report contains information related to (1) controls over the employee verification programs to monitor potential abuse by employers and (2) each Agency's experience to date with this monitoring.

Thank you for bringing your concerns to my attention. My office is committed to combating fraud, waste, and abuse in SSA's operations and programs. To ensure SSA and DHS are aware of the information provided to your office, we are forwarding copies of this report to both Agencies.

If you have any questions or would like to be briefed on this issue, please call me or have your staff contact H. Douglas Cunningham, Assistant Inspector General for Congressional and Intra-Governmental Liaison, at (202) 358-6319.

Sincerely,

Patrick P. O'Carroll, Jr.
Inspector General

Background
OBJECTIVE

Our objective was to assess (1) controls over the Social Security Administration (SSA) and Department of Homeland Security (DHS) employee verification programs to monitor potential abuse by employers and (2) each Agency's experience to date with this monitoring.

BACKGROUND

SSA posts wages reported on Wage and Tax Statements (Form W-2) to individuals' earnings records in SSA's Master Earnings File (MEF) only when employers and third party submitters report employee wages under the correct names and Social Security numbers (SSN). The Agency has implemented several verification programs that allow employers and third-party submitters to match the names and SSNs of existing and newly-hired employees with SSA's records to detect mismatches and other anomalies. Further, SSA participates with DHS in a verification program that validates employees' work-authorization. The two on-line verification programs offered to employers include the Social Security Number Verification Service (SSNVS) and the Basic Pilot.

SSNVS is an on-line program that allows employers to validate the names and SSNs of employees. The purpose of SSNVS is to ensure employees' names and SSNs match SSA records prior to the submission of their W-2s to SSA. Employers can either verify up to 10 names and SSNs (per screen) on-line and receive immediate results or upload batch files of up to 250,000 names and SSNs and usually receive results the next Government business day. In 2005, SSNVS processed over 25.7 million verifications for about 12,000 employers. See Appendix C for more information on SSNVS.

The Basic Pilot is an ongoing joint initiative between SSA and DHS. The purpose of the Basic Pilot is to assist employers in verifying the employment eligibility of newly hired employees. Participating employers register on-line with DHS to use the automated system. The information the employer submits to DHS is sent to SSA to verify that the SSN, name, and date of birth (DoB) match SSA's records. SSA also confirms US citizenship, thereby confirming work authorization. DHS confirms the current work-authorization for non-citizens. In 2005, the Basic Pilot processed about 980,000 verifications for approximately 3,700 employers. See Appendix D for more information on the Basic Pilot.

Results of Review
Our review found that SSA has established effective controls over access and use of sensitive data in its SSNVS program. We found SSNVS had controls over the application process to verify (1) the applicant's personal information, (2) the company's Employer Identification Number (EIN), (3) the applicant's authorization to use the service on behalf of the company, and (4) the applicant's employment with the company. SSNVS also had controls to detect anomalies in SSNVS usage and potential misuse of the program. For example, SSA's monitoring resulted in four investigations of misuse of the program as well as the deactivation of one user's access to the program. The Basic Pilot did not have the same level of controls, in part because (1) the application process did not request some of the identifiers used by SSNVS to monitor the applicants, and/or (2) the information provided by the applicant during the registration process was not validated.

ACCESS CONTROLS

We found the SSNVS program had a number of mechanisms in place to identify and authenticate applicants, as shown in Table 1. Effective access controls can protect data and systems from misuse. The Basic Pilot program did not have similar access controls.

Table 1: Controls over the Application Process

Description of Controls Control Established?
SSNVS Basic Pilot
Verifying applicant's name and SSN Yes No
Validating the company's EIN Yes No
Separately issuing program activation code to the company Yes No
Verifying applicant's employment under the company's EIN in SSA's earnings records Yes No

SSNVS CONTROLS OVER THE APPLICATION PROCESS

We found the SSNVS program had controls to (1) verify the applicant's identity, (2) validate the company's EIN, (3) confirm that the employee is an authorized user for the company, and (4) verify the actual employment of the applicant under the company's EIN. The following controls were established as part of the SSNVS registration process:

Applicant's Personal Information - SSA authenticates the applicant by verifying his or her name, SSN, and DoB against SSA's Numident.
Company's EIN - SSA verifies the submitted company's EIN against the Employer Identification File (EIF) to confirm that the EIN is valid.
Separate Issuance of the Program Activation Code to the Company - SSA mails the activation code directly to the company's address shown in the EIF instead of the address provided by the applicant during the registration process. This control allows a company to confirm an employee's authorization to use the program on its behalf.
Applicant's Employment with the Company - SSA verifies the applicant's employment with the company via the MEF. To do this, the Agency searches the MEF to determine whether wages were posted under the reported EIN for each applicant's SSN.
During the registration process, if the information above could not be validated at any step in the process, SSA advised the applicants to contact the Agency's Employer Customer Service to resolve the potential discrepancy. For example, if SSA could not verify the EIN provided, SSA would send an automated alert to the applicant stating:

We Cannot Match the Information that you Provided

We are sorry for the inconvenience, but we cannot match the information you have provided with our records. Please review the information you have sent us, make any corrections necessary, and resubmit your request. If you were hired by the company you are registering for in the last 6 8 months, it is possible that SSA's records do not reflect your employment with the company for whom you are trying to register. If the information that you provided is correct, then it may be necessary to correct our records. Please call 1 800 772-6270 Monday through Friday, 7:00 a.m. to 7:00 p.m. Eastern Time to speak with Employer Customer Service personnel. For TDD/TTY call 1 800-325-0778.

BASIC PILOT CONTROLS OVER THE APPLICATION PROCESS

Through discussions with DHS and SSA staff, as well as our own use of the Basic Pilot program, we found that the controls over the application process for the program were not as comprehensive as those over SSNVS. Specifically, we found (1) the application process did not request some of the identifiers used by SSNVS to monitor the applicants and (2) the program did not verify applicant and company information obtained during the registration process.

When registering for the Basic Pilot program, an applicant must complete and sign a Memorandum of Understanding (MOU), which requests such information as the applicant and company name, company address, and EIN. However, applicants were not required to provide other relevant data needed to authenticate the applicant's identity, such as the applicant's SSN and DoB. Without this information, the Basic Pilot program was unable to verify key information associated with the applicant against other Government records (i.e. SSA's Numident). We discussed this with DHS staff and they noted that even if their Agency collected the applicant's SSN and DoB, they may not have the authority to verify the relevant data through the Basic Pilot since the applicant is unlikely to be a newly-hired employee. New employees are the only category of employees currently permitted to be verified under the program.

We also found the Basic Pilot was not validating the information provided by the applicant during the registration process. For instance, although the applicant provided the company's EIN, this number was not verified to ensure it was a validly issued EIN. According to DHS staff, the Agency did not have access to the IRS list of assigned EINs, which could have been used to determine the validity of the EIN. Moreover, the Basic Pilot did not have a process in place to confirm whether the applicants had authorization to use the service on behalf of their employers, but instead provided immediate access to the program. Access to the IRS list of assigned EINs would have provided DHS with an independent source for the employer's mailing address to confirm the employee's status with the employer in question.

Furthermore, if the applicants had been required to provide an SSN, the Basic Pilot program could have verified whether applicants received wages from their parent company. However, DHS would need access to earnings records, such as SSA's MEF, to perform this verification. DHS staff said they would need to work with SSA and/or the IRS to obtain such access to earnings records.

MONITORING USE OF THE VERIFICATION SERVICES

The SSNVS program had controls to detect anomalies in SSNVS usage, as shown in Table 2. For example, SSA had processes that (1) identified users who were improperly searching for valid name and SSN combinations and (2) verified whether the employee names and SSNs submitted for verification related to wages recorded in SSA's MEF. SSA's monitoring of user activity resulted in four investigations of program misuse, one of which lead to the deactivation of a user's access to the program. The Basic Pilot did not have similar controls in place at the time of our review, but DHS planned to add such monitoring controls at a future date.

Table 2: Controls over the Monitoring Process

Description of Controls Control Established?
SSNVS Basic Pilot
Identifying multiple submissions of the same employee name and/or SSN Yes No1
Verifying submitted employee data against SSA's earnings records Yes No
Note 1: Although the current Basic Pilot program did not have controls to identify multiple submissions
of names/SSNs, DHS is planning to implement such controls with the potential expansion of the Basic Pilot program.

SSNVS MONITORING CONTROLS

To aid in SSNVS monitoring activities, SSA generated Potential Fraud Identification reports to highlight incidents where (1) users attempted to verify the same name and/or SSN multiple times and (2) submitted employee data did not match earnings information in SSA's records for the EIN in question. SSA also generated various management information reports to assist SSA staff in their monitoring of employer usage. Sufficient monitoring of data is needed to provide assurance that the relevant controls are operating effectively and to identify control weaknesses.

Potential Fraud Identification Reports

At the time of our review, SSA was using two types of reports to assist in detecting improper searching for valid names/SSNs during the data submission process:
Same Name/Different SSN report; and
Same SSN/Different Name report.

The Same Name/Different SSN report identified users who attempted to verify more than 50 combinations for the same name but different SSN, whereas the Same SSN/Different Name report identified users who attempted to verify more than 50 combinations for the same SSN but different name. These reports captured data from both on-line and batch verification attempts and were produced on a weekly basis.

SSA developed an SSNVS Failed MEF Check report to highlight all PINs, EINs, and SSNs for which the MEF did not contain wages related to the employees submitted for verification. The purpose of the report was to identify users who were verifying individuals not employed by the company. The SSNVS Handbook clearly states "Social Security will verify SSNs and names solely to ensure the records of current or former employees are correct for the purpose of completing Internal Revenue Service Form W 2." The Agency plans to generate the SSNVS Failed MEF Check report on an annual basis for all users, including third-party users.

Management Information Reports

SSA also used its management information reports to aid in monitoring employers' use of the SSNVS program. The frequency and content of the reports varied, but they included:

Daily reports on customers who requested access to SSNVS. The information included the company's EIN and name, and the full name, address and telephone number of the individual requesting access to the program.

Weekly reports on the top 50 companies that had the most submissions for verification (called the Top 50 EINs report). This information included the rank order of the company based on the number of submissions, the company's EIN and name, and the submission and verification requests.

Weekly and monthly reports on submission and verification counts.

Monthly reports on year-to-date usage trends.

In addition to the Potential Fraud Identification reports noted above, these management information reports were used by SSA staff to identify potential anomalies. For instance, SSA staff may monitor the usage trends for unexpected high submission volumes since this could be an indicator of possible fraud or misuse of the program.

SSNVS USERS INVESTIGATED FOR POTENTIAL FRAUD

SSA staff informed us that since implementation of the SSNVS program they have investigated four SSNVS users for potential fraud and terminated the access of one of these users. SSA found that although the other three users were inappropriately using the system, their use did not appear to be fraudulent. SSA discovered two of the users through review of the Top 50 EINs report and detected the other two users after reviewing the Potential Fraud Identification reports.

Top 50 EINs Report

In their review of the Top 50 EINs report, SSA staff recognized that a user was requesting a significant number of verifications through the SSNVS on-line process even though the user was submitting verifications for a small company. Upon further investigation, SSA staff suspected that the user was submitting verification requests related to applicants for new mortgages. SSA contacted the user on several occasions to inquire about usage and received either no response or unsatisfactory answers. As a result, SSA staff deactivated the user's access to the SSNVS program in 2005. The staff also notified the Office of the Inspector General, Office of Investigations, but no further action was necessary due to SSA's termination of the user's access.

In our further review of this company, we found that while the company reported 8 W 2s during Calendar Year (CY) 2005, the user submitted approximately 14,000 names/ SSNs for verification. We also determined that the user in question was employed by a company that offered a number of mortgage services on its website, including the processing of IRS Form 4506, Request for Transcript of Tax Return and SSN verification services. The user also attempted to verify more names/SSNs using SSA's telephone service. SSA questioned the user about the number of verifications and terminated the user's telephone access. We found that in late 2005 the user obtained access to the Basic Pilot program. However, as of August 2006, the user had not submitted any verification requests to the Basic Pilot.

SSA staff also found through review of its Top 50 EINs report another user who was submitting a significant number of employee names/SSNs for verification, though the company's reported payroll did not support such a large volume of submissions. SSA staff contacted the user and learned that the user owned a construction company and was using SSNVS to verify the names and SSNs of subcontractors. SSA staff informed the user that this was an inappropriate use of the program, and the user ceased this inappropriate verification activity.

Potential Fraud Identification Reports

SSA staff identified two additional user issues through their review of the Same Name/Different SSNs report. In the first instance, SSA staff found that one user tried to use SSNVS to determine the correct digits in an SSN shown on an illegible, hand-written document provided by an employee. In the second instance, SSA staff found that the user submitted a test file of names and SSNs through SSNVS to determine if all fictitious SSNs came back as unverified. SSA informed both of these users that such use of the SSNVS program was inappropriate, and the users ceased their inappropriate verification activity.

BASIC PILOT MONITORING CONTROLS

In our discussions with DHS staff, they noted that while the Basic Pilot does not currently verify applicant data or continuously monitor user activity, the Agency is planning to initiate similar efforts in the future. At the time of our review, DHS had assigned one staff person to monitor Basic Pilot activity on a part-time basis. However, DHS staff informed us that the potential expansion of the Basic Pilot would necessitate additional staff to perform a variety of duties, including monitoring day to day use of the program as well as verifying applicant information. For example, one task for the new compliance staff could be to follow up on anomalies with program users, including users that submit no queries or submit only the SSNs of noncitizens. Compliance officers could contact employers to ensure they are not misusing the program. At a congressional hearing on July 25, 2006, the Associate Director of U.S. Citizenship and Immigration Services (USCIS) at DHS noted the Agency's position on controls over the Basic Pilot:

The current Basic Pilot is not fraud proof and was not designed to detect identity fraud. In fact, a recent analysis of Basic Pilot systems data found multiple uses of certain I-94 numbers, A-numbers, and SSNs in patterns that could suggest fraud. As currently envisioned, the Employment Verification Program will include robust processes for monitoring and compliance that will help detect and deter the use of fraudulent documents, imposter fraud, and incorrect usage of the system by employers (intentionally and unintentionally). USCIS will forward enforcement leads to [Immigration and Customs Enforcement (ICE)] Worksite Enforcement in accordance with referral procedures developed with ICE. The monitoring unit will scrutinize individual employers' use of the system and conduct trend analysis to detect potential fraud. Findings that are not likely to lead to enforcement action (e.g., user has not completed training) will be referred to USCIS compliance officers for follow-up. Findings concerning potential fraud (e.g., SSNs being run multiple times in improbable patterns, employers not indicating what action they took after receiving a final nonconfirmation) will be referred to ICE Worksite Enforcement investigators.

DHS officials noted that they have met with officials from SSA and the IRS to discuss potential enhancements to the Basic Pilot as well as avenues for greater cooperation. DHS officials also stated that future meetings will discuss some of the monitoring and applicant verification activities already being performed under SSNVS.

Conclusion
We found the SSNVS program had application and monitoring controls in place to protect the program, safeguard data, and prevent unauthorized access. Although our review of the Basic Pilot program was limited, we did not find the same level of access or monitoring controls in place at the time of our review. For example, key identifiers such the applicant's SSN and DoB were not captured as part of the registration process so the applicant's identity could be authenticated. Furthermore, the Basic Pilot program was not validating the information it obtained from applicants, such as the EIN. Due to the lack of access and monitoring controls over the Basic Pilot, the program would not be able to detect someone who used an assumed name and fabricated EIN from gaining access to sensitive data. We believe continued coordination between DHS, SSA, and IRS would lead to more effective controls to minimize the potential misuse of the Basic Pilot.

Appendices
APPENDIX A - Acronyms
APPENDIX B - Scope and Methodology
APPENDIX C - Social Security Number Verification Service
APPENDIX D - Basic Pilot Program

Appendix A
Acronyms
BSO Business Service Online
CBSV Consent Based Social Security Number Verification
CY Calendar Year
DHS Department of Homeland Security
DoB Date of Birth
EIF Employer Identification File
EIN Employer Identification Number
ICE Immigration and Customs Enforcement
IRS Internal Revenue Service
MEF Master Earnings File
MOU Memorandum of Understanding
OIG Office of the Inspector General
PIN Personal Identification Number
SSA Social Security Administration
SSN Social Security Number
SSNVS Social Security Number Verification Service
USCIS U.S. Citizenship and Immigration Service
U.S.C. United States Code

Forms
Form 1040 U.S. Individual Income Tax Return
Form I-9 Employment Eligibility Verification Form
Form I-94 Arrival/Departure Record
Form SS-5 Application for a Social Security Number
Form W-2 Wage and Tax Statement
"A" Number Alien Registration Number
I-94 Number Arrival/Departure Number
Form I-551 Alien Registration Receipt Card
Forms I-766 and I-688B Employment Authorization Document
Form 4506 Request for Transcript of Tax Return

Appendix B
Scope and Methodology

To accomplish our objective, we:

Reviewed pertinent sections of the Social Security Administration's (SSA) policies and procedures as well as other relevant Federal laws and regulations.

Reviewed Office of the Inspector General, Government Accountability Office, and Department of Homeland Security (DHS) reports, and other relevant documents.

For SSA's Social Security Number Verification Service (SSNVS) and the Basic Pilot program, we:

obtained a current list of registered users;
obtained user feedback data;
obtained sample submission data;
identified the number of registered employers using the service in Calendar Years (CY) 2004-2005; and
identified the number of verifications submitted in CYs 2004-2005.
" Discussed the following with SSA and DHS staff:

controls in place under SSNVS and the Basic Pilot to ensure employers are taking appropriate actions related to feedback;
controls in place under SSNVS and the Basic Pilot to ensure employers are not misusing programs;
each Agency's experience to date monitoring programs; and
whether any employers had been terminated from SSNVS or the Basic Pilot.
Established accounts with SSNVS and the Basic Pilot to (1) gain an understanding of the registration process and (2) verify sample data.

We did not perform a full review of internal controls and data reliability due to the limited timeframe of our review. The entities audited were the Office of Earnings, Enumeration and Administrative Systems under the Deputy Commissioner for Systems, the Office of Central Operations under the Deputy Commissioner for Operations, and the Employer Wage Reporting and Relations Staff under the Deputy Commissioner of Budget, Finance, and Management. We conducted the audit between April and August 2006 in Philadelphia, Pennsylvania. We conducted our audit in accordance with generally accepted government auditing standards.

Appendix C
Social Security Number Verification Service

The Social Security Number Verification Services (SSNVS) is a free on-line program that is available to employers and third-party submitters to verify employees' names and Social Security numbers (SSN). The purpose of SSNVS is to ensure employees' names and SSNs match the Social Security Administration's (SSA) records prior to the submission of their wage reports to SSA. Employers and third-parties must first register on-line at SSA's Business Services Online (BSO) website to use this service. Following registration, SSA will mail an activation code, which is a code needed to gain access to SSNVS, directly to the company's address shown in SSA's Employer Identification File (EIF). Once the registered users activate SSNVS using their Personal Identification Number (PIN) and the activation code, they can start submitting verifications. Registered users can:
Submit up to 10 employee names and SSNs (per screen) via the on-line SSNVS and receive immediate results; and
Upload files containing up to 250,000 employee names and SSNs and usually receive verification results the next government business day. This bulk procedure allows employers to verify an entire payroll database or verify at one time the names and SSNs of a large number of newly hired workers.

SSA will return a verification code to the employer for each employee whose information does not match SSA's record. In addition to the verification code, SSA provides a death indicator if the employee's Numident record includes a date of death. Table C-1 provides descriptions for the SSNVS verification codes.

Table C-1: SSNVS Verification Codes Provided to Users
SSNVS Code Description of Code
1 SSN not in file (never issued to anyone)
2 Name and date of birth match; gender code does not match
3 Name and gender code match; date of birth does not match
4 Name matches; date of birth and gender code do not match
5 Name does not match; date of birth and gender code not checked
Y Death indicator

Appendix D
Basic Pilot Program

The Basic Pilot is an ongoing joint initiative between the Social Security Administration (SSA) and the Department of Homeland Security (DHS). The purpose of the Basic Pilot is to assist employers in verifying the employment eligibility of newly-hired employees. The President signed The Basic Pilot Program Extension and Expansion Act of 2003 (Public Law Number 108-156) into law on December 3, 2003. This law extended the operation of the Basic Pilot for an additional 5 years (to a total of 11 years) and expanded the operation to all 50 States not later than December 1, 2004.

As discussed with SSA and DHS staff, the Basic Pilot involves using the information in Government databases (SSA databases and, if needed, DHS databases) to determine the employment eligibility of new hires. The Social Security number (SSN) and Alien Registration Number ("A" Number) or I-94 Number (Admission Number) are used for these checks. The employer must complete the DHS-issued Employment Eligibility Verification Form (Form I-9) for each employee and then enter elements of this data into the Basic Pilot within 3 days of hiring, including the employee's SSN, name, date of birth (DoB), and whether the new-hire indicated he or she was a United States (U.S.) citizen and, if not, the "A" Number or I 94 Number.

The system first checks the information entered against SSA's database to verify the name, SSN, and DoB of newly-hired employees, regardless of citizenship. When the Numident shows the U.S. as the place of birth for the newly-hired employee or a code indicating the number holder is a U.S. citizen and the new hire indicated that he/she is a U.S. citizen, the Basic Pilot automated system confirms employment eligibility. If the Basic Pilot system cannot confirm employment eligibility based on the information in SSA's database or an "A" Number or I-94 Number was entered, the Basic Pilot system checks the data against DHS' database.

The employer will receive notification of "SSA tentative non-confirmation" of employment eligibility when the SSN, name, or DoB does not match the information in SSA's database or if a death indicator is present. Also, employers will receive an "SSA tentative non-confirmation" if the new-hire indicated he or she was a U.S. citizen and SSA's records did not show that the person was a U.S. citizen. The employer will receive notification of "DHS tentative nonconfirmation" of employment eligibility when DHS' database does not show the new hire as authorized for employment. In these cases, the employer asks the employee whether he or she wishes to contest the tentative non-confirmation. If contested, the employee must contact SSA or DHS within eight Government working days of the notification. After the employee contacts SSA or DHS to correct the record, the employer resubmits the query through the Basic Pilot system. If the system does not confirm employment eligibility after the employer resubmits the query, the employer may terminate the new-hire.

Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office of Resource Management (ORM). To ensure compliance with policies and procedures, internal controls, and professional standards, we also have a comprehensive Professional Responsibility and Quality Assurance program.

Office of Audit
OA conducts and/or supervises financial and performance audits of the Social Security Administration's (SSA) programs and operations and makes recommendations to ensure program objectives are achieved effectively and efficiently. Financial audits assess whether SSA's financial statements fairly present SSA's financial position, results of operations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA's programs and operations. OA also conducts short-term management and program evaluations and projects on issues of concern to SSA, Congress, and the general public.

Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste, abuse, and mismanagement in SSA programs and operations. This includes wrongdoing by applicants, beneficiaries, contractors, third parties, or SSA employees performing their official duties. This office serves as OIG liaison to the Department of Justice on all matters relating to the investigations of SSA programs and personnel. OI also conducts joint investigations with other Federal, State, and local law enforcement agencies.

Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters, including statutes, regulations, legislation, and policy directives. OCCIG also advises the IG on investigative procedures and techniques, as well as on legal implications and conclusions to be drawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary Penalty program.

Office of Resource Management
ORM supports OIG by providing information resource management and systems security. ORM also coordinates OIG's budget, procurement, telecommunications, facilities, and human resources. In addition, ORM is the focal point for OIG's strategic planning function and the development and implementation of performance measures required by the Government Performance and Results Act of 1993.