MANAGEMENT
OF ALLEGATIONS
BY THE SOCIAL SECURITY
ADMINISTRATION'S
OFFICE OF SYSTEMS
October
2004
A-13-04-14047
EVALUATION REPORT
Mission
We improve SSA programs and operations and protect them against fraud, waste, and abuse by conducting independent and objective audits, evaluations, and investigations. We provide timely, useful, and reliable information and advice to Administration officials, the Congress, and the public.
Authority
The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:
Conduct and supervise independent and objective audits and investigations
relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation
and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems
in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.
Vision
By conducting independent and objective audits, investigations, and evaluations,
we are agents of positive change striving for continuous improvement in the
Social Security Administration's programs, operations, and management and in
our own office.
MEMORANDUM
Date: October 15, 2004 :
To: Bill Gray
Deputy Commissioner for Systems
From: Assistant Inspector General for Audit
Subject: Management of Allegations by the Social Security Administration's Office of Systems (A-13-04-14047)
OBJECTIVE
Our objectives were to evaluate the Social Security Administration's (SSA) Office of Systems' (OS) management of allegations and determine whether all allegations that should have been referred to the Office of the Inspector General (OIG) were, in fact, referred.
BACKGROUND
SSA receives various types of allegations related to its programs, employee conduct, and the misuse of Social Security numbers. SSA receives allegations from a number of sources: employees, the general public, other Agencies, or the OIG.
SSA has established policies and procedures for managing allegations. For example,
Agency policy states that SSA offices shall report cases of potential criminal
violations to the OIG as quickly and efficiently as possible. SSA policy also
states that allegations against SSA employees concerning non-criminal types
of potential violations, such as, ethics or equal employment opportunity issues,
are generally referred to the component responsible for addressing the specific
issue.
In determining the validity of allegations constituting potential criminal violations,
SSA policy requires that "…each potential violation and allegation
must be developed…to the point where enough evidence has been secured to
either remove suspicion…or substantiate the violation."
OS guides and manages the development, acquisition, and use of SSA's information technology resources that support the Agency's programmatic and business functions. Because of the potential impact on SSA's information system infrastructure and programs, we believe allegations of potential criminal violations concerning OS employees or operations require documentation of their development and timely resolution.
RESULTS OF REVIEW
We were unable to determine whether all allegations that should have been referred to OIG were in fact referred. OS did not have a system to record the receipt, development, and disposition of allegations about OS employees or operations detected within or received by OS. As a result, OS was unable to provide evidence to document its management of allegations.
SYSTEM TO DOCUMENT ALLEGATIONS
OS lacked a system to record the receipt, development, and disposition of allegations about OS employees or operations detected within or received by OS. SSA policies and Federal law indicate that documentation should be created and retained.
SSA policies and procedures require, "…when an allegation is received, sufficient evidence be obtained to support or remove suspicion that a criminal violation may have occurred." Federal agencies' records creation, management, and disposal duties are set out in a collection of statutes known as the Federal Records Act (FRA). Records are defined as,
All books, papers, maps, photographs, machine readable [i.e., electronic] materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency…as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of data in them.
SSA has discretion in determining whether a document received or created by the Agency is properly considered an agency record. However, at least one court has indicated that it would be improper as a matter of law for an Agency to characterize an entire class of records as not Agency records.
Agency officials stated that some SSA managers retain initial employee allegation development documentation. This documentation is stored with other short-term projects or issues the manager may be addressing during the same period. After the initial development process, substantiated allegations that indicate possible criminal activity are referred to the OIG for further action. These allegations are retained by OIG. Substantiated allegations that do not indicate criminal activity are placed in the appropriate personnel file, and retained accordingly. Unsubstantiated allegations are destroyed following development. We believe SSA should document management activities sufficient to permit OIG to assure that SSA is making appropriate referrals of suspected criminal activity and that record destruction is carried out in accordance with the FRA.
During our review, we determined that OS did not have a system to record the receipt, development, and disposition for the 8 allegations referred by the OIG during our audit period of Fiscal Years (FY) 2000 through 2002. Specifically, OS did not maintain documentation to verify that "…enough evidence has been secured to either remove suspicion…or substantiate the violation." Moreover, OS did not maintain documentation for allegations received from sources other than the OIG. Office of System's management stated that it does not have a system to monitor and track the receipt and resolution of allegations.
Since OS did not maintain allegation documentation, we attempted to obtain
data on OS related allegations from other sources, such as OIG's Office of Investigations
(OI) and SSA's Office of Human Resources (OHR). We obtained information from
OI records, which indicated that OI had referred a total of 8 allegations to
OS for development during FYs 2000 through 2002. The OI records indicated OS
reported developing 6 of the 8 allegations. Subsequently, this development led
to the allegations being closed by OI. The OI records also indicate that 2 allegations
remain open.
OS provided information that the 2 remaining allegations were developed and
closed. However, there was no documentation indicating that this information
was communicated to the OI. We requested that OS provide documentation for the
8 allegations supporting or removing suspicion that a criminal violation may
have been committed. OS was unable to provide us with the requested data.
In addition, we requested information from OHR for adverse actions taken against OS employees. The information is maintained in SSA's Human Resources Management Information System. OHR identified 10 adverse administrative actions taken against OS employees during FYs 2000 through 2002.
We reviewed the adverse action files. Our review indicated 8 employee suspensions and 2 terminations. None of the cases were referred to OIG. Our OI evaluated the documentation pertaining to the adverse action files and determined that OS appropriately exercised its discretion in deciding that these matters were not required to be referred to OI.
CONCLUSION AND RECOMMENDATIONS
All SSA components, including OS, are required to obtain, "…enough evidence to either remove suspicion…or substantiate that an alleged criminal violation may have been committed." OS does not record the receipt, development, and disposition of allegations. As a result, OS management is unable to document that appropriate and consistent actions are taken.
During FYs 2003 and 2004, the OIG initiated or completed reviews concerning the management of employee-related allegations in most SSA Regional Offices. We found that policies and procedures for maintaining records and retaining documentation varied between Regions. Some had region-specific policies and procedures to supplement SSA-wide criteria, which does not appear to specifically address employee allegations. As of July 2004, we have issued reports to the Regional Commissioners in New York, Atlanta, Dallas, Denver, and San Francisco. The reports contain recommendations similar to those discussed within this report. The Regional Commissioners generally agreed with our recommendations.
We recommend OS:
1. Develop and implement a control system that documents the receipt, development, and disposition of all allegations.
2. Develop and implement written policies and procedures to ensure appropriate information is recorded in the control system.
3. Clarify retention periods for documents maintained in the control system.
AGENCY COMMENTS
In response to our report, the Deputy Commissioner for Systems (DCS) in coordination with staff in the Office of Human Resources did not concur with our recommendations. The Agency stated, "Any control system as described in the OIG recommendations would have to be part of a system of records established under the provisions of the Privacy Act." In addition the Agency stated, "Any system of records would have to be consistent with existing and future collective bargaining agreements."
OIG RESPONSE
We are sensitive to the Agency's concerns. However, based on the existence of allegation control logs in SSA's regional offices and the Agency's acceptance of similar recommendations in those Regions, we believe the issues raised in this audit should be addressed at the national level to ensure uniformity throughout the Agency.
Steven L. Schaeffer
Appendices
APPENDIX A - Acronyms
APPENDIX B - Scope and Methodology
APPENDIX C - Agency Comments
APPENDIX D - OIG Contacts and Staff Acknowledgments
Appendix A
Acronyms
DCS Deputy Commissioner for Systems
FRA Federal Records Act
FY Fiscal Year
NARA National Archives and Records Administration
OHR Office of Human Resources
OI Office of Investigations
OIG Office of the Inspector General
OS Office of Systems
POMS Program Operations Manual System
SSA Social Security Administration
U.S.C. United States Code
Appendix B
Scope and Methodology
To accomplish our objective, we:
Interviewed Office of System's (OS) personnel to obtain an understanding of how OS manages allegations and the policies and procedures it uses when a potential violation is detected in OS or referred to it for development.
Reviewed the Social Security Administration's Program Operations Manual System (POMS), General Record Schedules, and Annual Personnel Reminders to understand SSA policies regarding ethical standards of conduct.
Requested OS to provide records of allegations it has managed during Fiscal Years (FYs) 2000 through 2002.
Reviewed documentation for allegations referred by Office of the Inspector General to OS during FYs 2000 through 2002.
Reviewed documentation of adverse actions taken against OS employees during FYs 2000 through 2002.
We performed our evaluation from October 2003 through January 2004 in Baltimore, Maryland. We were unable to assess the internal controls because of the lack of documentation. The entity reviewed was the SSA's Office of Systems. We performed our evaluation in accordance with the Quality Standards for Inspections issued by the President's Council on Integrity and Efficiency.
Appendix C
Agency Comments
From: ^DCS Audit
Sent: Thursday, August 26, 2004 6:02 PM
To: ^OIG Audit
Cc: Todd, Shirley; ^DCHR Audit; ^OPLM Audit; ^HQ OGC Audit; ^DCS Controls
Subject: FW: 22004002, OIG Draft Report, "Management of Allegations by
the Social Security Administration's Office of Systems"
ICN: 34212-9-4307 DCS Correspondence: Please close the control for DCHR, DCFAM
(OPLM) and OGC. Thx Jackie
From the Office of the Deputy Commissioner for Systems
Thank you for the opportunity to respond formally to your report. Your recommendations
are:
1. Develop and implement a control system that documents the receipt, development,
and disposition of all allegations.
2. Develop and implement written policies and procedures to ensure appropriate information is recorded in the control system.
3. Clarify retention periods for documents maintained in the control system.
Many discussions concerning this topic have taken place among staff (DCS, OIG,
DCHR, OGC and OPLM). DCS's position, with support from our counterparts, remains
unchanged. Adopting the system of records that you recommend is outside of DCS's
purview. Our concern, however, is the report's suggestion that DCS does not
follow established guidance.
We believe, and DCHR supports, that our actions are appropriate when we do not
retain evidence or permanently record investigative activity of a probe that
reveals an allegation is unfounded. The report infers we are taking inappropriate
action by citing various SSA policies and Federal regulations. What is missing
in each citing is the requirement to retain evidence or record investigative
activity. What the report does reveal--for allegations received through OIG
and adverse actions--is that DCS appropriately[1] forwards information to the
proper custodian of records, either OIG or DCHR, for action. The report also
indicates that of those investigative cases that were appropriately retained
in DCHR and reviewed by OIG, DCS properly developed the allegations and took
appropriate action.
We believe the report, throughout, should indicate that DCS's recordkeeping
for unsubstantiated allegations is appropriate under the policies/regulations
that exist. Regarding changing that policy, we have attached DCHR's response
as it is the Agency designated authority on these issues. Any decisions to establish
the subject recordkeeping fall under DCHR's responsibility. Therefore, we recommend
that you direct your final report to DCHR.
Staff may direct questions concerning DCS's position to Ellen Currotto at 5-6071.
Questions concerning DCHR's response may be directed to Scott Mason at 5-7030.
William E. Gray
[1][1] With the exception of two items where allegations originated through
OIG (this is the only instance where DCS must provide its findings to OIG),
but OIG records did not contain resolution information. At this point, it is
unverifiable if DCS did not respond or OIG did not process the information from
DCS. Apparently, OIG does not have a follow-up interval in its processes as
the missing responses only came to light during this review.
August 17, 2004
TO : Ellen Currotto
FROM : Scott Mason /S/
SUBJECT: ICN: 34212-9-4307 Request for Comment, OIG Draft Report, "Management
of Allegations by the Social Security Administration's Office of Systems"
(A-13-04-14047)-REPLY
The OIG draft report questions whether SSA components, which have the responsibility to initially investigate allegations of wrongdoing against individual employees, are thoroughly evaluating and referring to OIG all cases deserving of further legal review and, possibly, prosecution. OIG's concerns stem from the current lack of a complete audit trail for such investigations, since components are not maintaining records for cases they have investigated but found to be without merit. To enable OIG to selectively verify the correctness of component decisions not to refer certain cases, OIG's first recommendation is that the Office of Systems (OS) "develops and implements a control system that documents the receipt, development and disposition of all allegations."
Any control system as described in the OIG recommendations would have to be part of a system of records established under the provisions of the Privacy Act. It is unclear if the Report or recommendation appreciate the applicability of the Privacy Act. A system of this nature would have to be published in the Federal Register and, presumably, it would have safeguards against unauthorized disclosure as stipulated by the Privacy Act.
However, even if the system were properly established in accordance with the Privacy Act, OHR has serious reservations about maintaining official files on allegations that have been determined to be unsubstantiated. It would put SSA in the dubious position of maintaining, on the record, what could be unfair, unfounded and, potentially, injurious information on its employees. We have serious concerns that knowledge gleaned from these records could become the basis for innuendo and unintended consequences that could unnecessarily adversely impact the lives and careers of the employees involved. Hopefully, that would never happen, but the perception that it could is problematic.
In addition to the Privacy Act provisions, any system of records would have to be consistent with existing and future collective bargaining agreements. The expired National Agreement between SSA and the American Federation of Government Employees allows for the maintenance of records pertaining to employees, but specifically requires in Article 3, Section 4.A. 3. that:
An employee has the right to be informed about records that are maintained about him or her and are filed, in a system of records that is personally identifiable. Upon request, an employee may also see such records and have a copy made of them. The Employer will provide an annual notice to each employee regarding these rights.
Accordingly, if a system of records was created pursuant to the OIG recommendation, the Agency would be required to inform the employee about the existence of those records and allow the employee to review and receive a copy of materials in any such file upon request. In addition, if the Agency initiated a disciplinary action as a result of the allegations, any documents that the Agency relies upon must be placed in the SF 7-B file and given to the employee.
Furthermore, the report defines allegations as "assertions or suspicions that are unproven." By requiring OS to create a system to track "all" allegations, OIG does not distinguish between a serious allegation of fraud, waste and abuse and an allegation over very minor misconduct that would not warrant discipline. This definition has very broad implications since, it in essence, would require the maintenance of "dirt files" which are never acted on by the Agency. Maintenance of such files may trigger a bargaining obligation under the Federal Service Labor-Management Relations Statute.
During the audit, OIG requested that OS provide documentation for eight allegations that were referred to OIG's Office of Investigations (OI) as, "supporting or removing suspicion that a criminal violation may have been committed." OIG was critical of OS for being unable to provide the documentation. Since these matters were previously referred to OI by OS, it would appear to be duplicative for OS, or any other component where OI is conducting a follow-up investigation, to maintain the same information. This is especially significant since OI evaluated the documentation pertaining to the adverse action files and determined that OS appropriately exercised its discretion in deciding that these matters were not required to be referred to OI. Also, maintenance of allegations that were determined not to be true may be unfair to the employee against whom the unfounded allegation was made and could cast unfair suspicion on the employee.
Further, while the current report applies only to OS, a recommendation to adopt could become Agency-wide and may prove to be extremely burdensome. In addition, such a requirement would create a separate system of records in each component to track all kinds of allegations, regardless of their validity. There are systems of records in place, both Agency-wide and within the components, to maintain information when disciplinary action is proposed.
For the above reasons, we disagree with OIG's first recommendation that OS "develop and implement a control system that documents the receipt, development and disposition of all allegations."
The second and third recommendations assume the establishment of a control system for the "Management of Allegations" and contain the protocol for its establishment. As we recommend against the need for such a system, there is no need to further develop the remaining recommendations.
Appendix D
OIG Contacts and Staff Acknowledgments
OIG Contacts
Shirley E. Todd, Director, General Management Division, (410) 966-9365
Brian Karpe, Audit Manager, (410) 966-1029
Acknowledgments
In addition to those named above:
Jerry Hockstein, Senior Analyst
Cheryl Robinson, Writer-Editor
For additional copies of this report, please visit our web sit at www.ssa.gov/oig or contact the OIG's Public Affairs Specialist at (410) 965-3218. Refer to Common Identification Number A-13-04-14047.
Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations
(OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General
(OCCIG), and Office of Executive Operations (OEO). To ensure compliance with
policies and procedures, internal controls, and professional standards, we also
have a comprehensive Professional Responsibility and Quality Assurance program.
Office of Audit
OA conducts and/or supervises financial and performance audits of the Social
Security Administration's (SSA) programs and operations and makes recommendations
to ensure program objectives are achieved effectively and efficiently. Financial
audits assess whether SSA's financial statements fairly present SSA's financial
position, results of operations, and cash flow. Performance audits review the
economy, efficiency, and effectiveness of SSA's programs and operations. OA
also conducts short-term management and program evaluations and projects on
issues of concern to SSA, Congress, and the general public.
Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste,
abuse, and mismanagement in SSA programs and operations. This includes wrongdoing
by applicants, beneficiaries, contractors, third parties, or SSA employees performing
their official duties. This office serves as OIG liaison to the Department of
Justice on all matters relating to the investigations of SSA programs and personnel.
OI also conducts joint investigations with other Federal, State, and local law
enforcement agencies.
Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters,
including statutes, regulations, legislation, and policy directives. OCCIG also
advises the IG on investigative procedures and techniques, as well as on legal
implications and conclusions to be drawn from audit and investigative material.
Finally, OCCIG administers the Civil Monetary Penalty program.
Office of Executive Operations
OEO supports OIG by providing information resource management and systems security.
OEO also coordinates OIG's budget, procurement, telecommunications, facilities,
and human resources. In addition, OEO is the focal point for OIG's strategic
planning function and the development and implementation of performance measures
required by the Government Performance and Results Act of 1993.