OFFICE
OF
THE INSPECTOR GENERAL
SOCIAL SECURITY ADMINISTRATION
THE SOCIAL
SECURITY ADMINISTRATION'S
INFORMATION TECHNOLOGY MAINTENANCE
AND LOCAL AREA NETWORK
RELOCATION CONTRACT
May 2007
A-14-07-17022
AUDIT REPORT
Mission
By conducting independent and objective audits, evaluations and investigations,
we inspire public confidence in the integrity and security of SSA's programs
and operations and protect them against fraud, waste and abuse. We provide timely,
useful and reliable information and advice to Administration officials, Congress
and the public.
Authority
The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:
Conduct and supervise independent and objective audits and investigations
relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation
and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems
in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.
Vision
We strive for continual improvement in SSA's programs, operations and management
by proactively seeking new ways to prevent and deter fraud, waste and abuse.
We commit to integrity and excellence by supporting an environment that provides
a valuable public service while encouraging employee development and retention
and fostering diversity and innovation.
MEMORANDUM
Date: May 21, 2007
To: The Commissioner
From: Inspector General
Subject: The Social Security Administration's Information Technology Maintenance and Local Area Network Relocation Contract (A-14-07-17022)
OBJECTIVE
The objective of our review was to determine whether the Social Security Administration (SSA) has adequate controls in place for the administration, oversight and accountability of its contract for information technology maintenance and local area network (LAN) relocation.
BACKGROUND
In July 2002, SSA awarded TFE Technology Holdings LLC (TFE) a performance-based
contract to maintain and relocate Government-owned LANs, also known as computer
networks, and associated peripheral equipment. TFE was acquired by Diebold,
Incorporated in 2004 and the company's name changed to Diebold Information and
Security Systems LLC (Diebold-ISS) effective May 18, 2005. A typical SSA computer
network includes equipment such as workstations, LAN cabinets, file servers,
bridges, routers, switches, and printers with stands. LAN equipment is a critical
part of SSA's operating environment, and is used daily by SSA and Disability
Determination Services employees nationwide. A recent article in Government
Computer News aptly stated: "Networks…form a critical part of the
infrastructure of all agencies. Without a working network, most agency activity
would quickly grind to a complete halt."
Diebold ISS performs the following tasks under the contract:
1. Task Orders, indefinite delivery and quantity orders, to repair and modify
LANs, install components, analyze networks, and provide advice about efficient
network usage. Diebold ISS bills SSA based on fixed hourly rates.
2. Relocation Services to deinstall, pack, ship and reinstall LANs; bring equipment
back up to working order; and dispose of packing material. Diebold ISS bills
SSA a fixed price per call based on the number of components relocated.
3. Maintenance services to repair and replace broken computer workstations and
peripherals. Diebold ISS bills SSA a fixed price per call based on the equipment
type. In an effort to cut contract costs, SSA added drop shipment maintenance
repairs to the Statement of Work in February 2004. The drop shipment pricing
includes the cost of a component device, such as a mouse or a keyboard, and
the cost of overnight shipping. The equipment is replaced by the end-user or
the Agency's site LAN coordinator.
The contract term is 1 year beginning on September 1, 2002, with 4 1-year options to renew. The fifth contract year began on October 1, 2006. The maximum contract amount is $75 million. As of the end of our field work in October 2006, $51.8 million was obligated under the contract. The SSA project officer in the Office of Telecommunications and Systems Operations (OTSO) and the SSA Contracting Officer in the Office of Acquisition and Grants (OAG) are authorized to place task orders/delivery orders under the contract.
RESULTS OF REVIEW
SSA generally has adequate controls in place for the administration, oversight
and accountability of its contract for information technology maintenance and
LAN relocation. Some of the controls are:
separation of duties between (1) procurement and contract administration,
(2) program oversight, (3) finance and accounting, and (4) contractor suitability
determination;
invoices must be certified before payment;
obligation transactions flow electronically from the procurement administration system to the accounting system;
maintenance transactions are comprehensively tracked from the date the problem is reported to SSA's Network Customer Service Centre to the date the problem is resolved; and
maintenance invoices include the contract line item number and key information regarding the services rendered.
There are areas of contract management that need to be addressed, including:
suitability determinations were not performed for all Diebold ISS staff with
access to SSA buildings and equipment;
some paid invoices were not sufficiently supported;
information was not recorded in the accounting system to distinguish payments
made against specific order numbers;
internal control weakness existed in contract oversight; and
contractor's reports on the destruction of hard drives were not made as required.
At the end of our fieldwork, we shared our findings and recommendations with SSA employees responsible for managing the contract. The Agency's contracting, program, accounting, and suitability offices have subsequently taken steps to address most of our findings.
SUITABILITY DETERMINATIONS WERE NOT PERFORMED FOR ALL DIEBOLD ISS STAFF WITH ACCESS TO SSA BUILDINGS AND EQUIPMENT
A number of the Diebold ISS employees and its subcontractor staff involved in office relocations we reviewed did not receive background checks and should not have been allowed to work on-site at an SSA facility or have access to Agency programmatic or sensitive information. As a result, SSA is exposing its sensitive data to possible compromise.
We did a two-step review of the contractor's compliance with the Agency's Protective
Security Clause found in the Diebold ISS contract. Through interviews and the
review of SSA and Diebold ISS documentation, we found that four Diebold ISS
staff working under the contract did not receive a background check as required
by the Protective Security Clause. One of the four nonapproved Diebold ISS staff
received SSA's replaced computer hard drives for destruction. Additionally,
a Diebold ISS contract administrator informed us that its staff no longer request
suitability approvals for movers. However, SSA's suitability office informed
us that the suitability determination requirement for the movers was not waived.
As a result of the initial findings, we reviewed documentation from four Agency
relocations that took place in October and November 2006. According to Agency
suitability records, 4 of the 9 Diebold ISS staff involved in the moves and
all 27 subcontractor staff did not receive background checks and should not
have been permitted to work on-site at an SSA facility or have access to Agency
programmatic or sensitive information.
We recommend SSA strengthen internal controls to ensure that contractor personnel performing under contracts have obtained the appropriate background checks prior to beginning work on a contract. Additionally, we expect that full implementation of Homeland Security Presidential Directive 12 (HSPD-12) by SSA will help ensure that background checks are conducted on all contract employees working on contracts of this nature. HSPD-12 requires that mandatory common identification standards for Federal employees and contractors be implemented to ensure that secure and reliable forms of identification are issued by the Federal Government to its employees and contractors, including contractor employees.
SOME INVOICES WERE NOT SUFFICIENTLY SUPPORTED
We selected a sample of Diebold ISS task order, relocation and maintenance transactions for testing (see Appendix B for the details of the sampling methodology). We reviewed 340 of the 83,616 requests for services initiated over the first 4 contract years. The table on page 5 reflects the results of our review:
Task Orders
We reviewed 100 task orders and found that 63 were billed and paid according to the agreed-upon prices detailed in the contract and 2 were not. Additionally, 32 transactions did not have enough support with the invoice to determine whether the services were billed and paid according to agreed-upon prices. For task orders billed at fixed hourly rates, the vendor did not always indicate the number of hours for which SSA was being billed or the hourly rate charged. Three task orders were erroneously paid in excess of the amount certified by the program office. The overpaid amounts were recovered in December 2005.
Relocation Orders
We reviewed 100 LAN relocation orders and found that 76 were billed and paid according to agreed-upon prices detailed in the contract and 7 were not. Additionally, 17 did not have enough support with the invoice to determine if the services were billed and paid according to agreed-upon prices. Additionally, the vendor did not always update the supporting documentation to reflect changes in the number of LAN equipment moved after the original purchase order was created. The original order is typically prepared many months ahead of the scheduled move date. Without this information, it was difficult to accurately determine, by looking at the invoice and its support, whether the Agency was billed the correct amount.
Maintenance
We reviewed 140 maintenance transactions. With the exception of one transaction, the billed maintenance services were all billed and paid according to agreed-upon prices detailed in the contract. Four requests for services were not billed by the vendor because they were either resolved by the user or the vendor reported the equipment was not covered under the contract. The maintenance invoices showed the corresponding SSA problem management (PM) number and enough information about the specific work performed to confirm whether the appropriate amounts were billed and paid.
TRANSACTION TEST RESULTS
Type Total Task Order Relocation Maintenance
Number of transactions reviewed 340 100 100 140
Paid according to agreed upon prices 274 63 76 135
Not paid according to agreed upon prices 10 2 7 1
Not billed/Not paid 4 - - 4
Not enough support provided with invoice to determine if paid according to agreed
upon prices 49 32 17 -
Paid in excess of certified amount 3 3 - -
According to Federal Acquisition Regulation (FAR), contract payment will be
based on receipt of a proper invoice and satisfactory contract performance.
Invoices should include the description, quantity, unit of measure, unit price,
and extended price of supplies delivered or services performed. SSA should ensure
that invoices submitted by the vendor are properly supported to make certain
a sufficient review can be made before certification and payments occur. Based
on our recommendation, the Agency contacted Diebold ISS representatives who
informed the Agency that it is now taking steps to improve the support provided
with invoices. Additionally, we recommend the Agency resolve the incorrectly
billed payments made to Diebold ISS. SSA contract managers contacted Diebold
ISS representatives and are now working with Diebold-ISS to resolve any incorrectly
billed amounts.
INFORMATION IS NOT RECORDED IN THE ACCOUNTING SYSTEM TO DISTINGUISH PAYMENTS MADE AGAINST SPECIFIC ORDER NUMBERS
The accounting system did not contain enough detailed information about the Diebold ISS task and relocation invoices paid to easily query the system to locate actions related to a specific order number. For example, there was not enough information in the accounting system to easily determine whether three of the invoices we reviewed, which were paid in excess of the certified amounts, had already been recovered by the Agency. Without the specific invoice number, it is difficult to retrieve the payment information and activity concerning a particular relocation or task order transaction on the Diebold ISS contract. When SSA payment processing staff members contacted Diebold ISS in November 2006 to report the three payments made in excess of the certified amounts, they were informed that SSA had already recovered the funds by reducing the amount paid on another invoice in December 2005. Transactions should be promptly recorded, properly classified and accounted for to prepare timely accounts and reliable financial and other types of reports. The documentation for transactions, management controls, and other significant events must be clear and readily available for examination.
During the first few contract years, relocation and task order numbers were recorded in the description field in the financial accounting system when the invoices were paid. However, the Office of Finance has subsequently discontinued capturing this information. To allow for more management information concerning the orders against the contract, we recommend recording relocation and task order numbers in the financial accounting system.
INTERNAL CONTROL WEAKNESS EXISTS IN CONTRACT OVERSIGHT
The Diebold-ISS contract does not indicate that an alternate project officer is assigned. As a result, no one is officially designated in the contract as a back-up to represent the project officer in the technical phases of the contract. Also, allowing a single individual to manage a contract with no alternate available places too much control in the hands of a single individual with insufficient oversight of the project officer's role. SSA's practice is to assign a project officer and an alternate project officer to every contract.
According to the Diebold-ISS contracting officer, the project officer did not want an alternate assigned. However, an alternate project officer would improve checks and balances in contract oversight. Additionally, by being available to help manage and resolve contract issues, the alternate would provide an independent view of the contract activities. Therefore, to support best practices and improve internal controls, we recommend that the program office designate an alternate project officer in the contract.
CONTRACTOR REPORTS ON THE DESTRUCTION OF HARD DRIVES WERE NOT MADE AS REQUIRED
The contractor did not issue required monthly reports to SSA about hard drive destruction until sometime in 2006, after we requested them for review during our audit field work. Without the reports, the Agency did not have formal documentation to monitor whether the hard drives were wiped per SSA standards and to identify the disposition of the equipment. The contract was modified in August 2004 to require Diebold ISS to document and issue monthly certification reports to the Agency on hard drive replacements and disposition. According to the contract modification, the report should include a statement describing the method or methods used for destruction of the replaced hard drive(s). The contractor shall also provide on each report the SSA PM number, contractor case number, drive model and serial number, and the date destroyed.
SSA did not have formal ongoing hard drive destruction verification process for the hard drives disposed of by Diebold-ISS. However, in March 2006, the project officer received the results of an independent contractor's review which found that two hard drives destroyed by Diebold-ISS were effectively wiped clean of data. Additionally, in May 2006 the project officer performed an in-house test of several hard drives and found Diebold-ISS had properly wiped or destroyed data from the hard drives.
In discussions with the vendor, we learned that not all SSA hard drives were destroyed using the same methodology. The contractor informed auditors that its staff documented the destruction of the hard drives but failed to make the monthly reports to SSA. Based on our review of hard drive destruction reports for August, September and October 2006, the contractor has taken steps to report the required monthly information.
We recommend SSA ensure that future hard drive destruction reports are made timely and include the required information. We also recommend SSA ensure it receives reports for all equipment replaced and destroyed by Diebold ISS since August 2004 with the required information concerning disposition. This will help ensure an appropriately documented chain of custody of the SSA equipment. Finally, we recommend SSA continue to periodically ask for a sample of replaced hard drives to test to determine whether Diebold-ISS erased or otherwise destroyed all data on the units as required.
CONCLUSION AND RECOMMENDATIONS
SSA generally has adequate controls in place for the administration, oversight and accountability of its contract for information technology maintenance and LAN relocation. However, there are areas of contract management that need to be improved. A number of Diebold-ISS staff did not have suitability approval to perform under the contract. Additionally, the support Diebold-ISS provides with invoices should be improved to ensure enough information is available to confirm whether services were billed according to agreed-upon prices detailed in the contract. Finally, several weaknesses in controls over contract oversight and information recording need to be addressed.
We recommend SSA:
1. Strengthen internal controls to ensure that contractor personnel performing under contracts have obtained the appropriate suitability determinations.
2. Continue to work with Diebold ISS to improve the support provided with invoices for task and relocation orders.
3. Resolve the incorrectly billed payments made to Diebold ISS, as appropriate.
4. Assess the feasibility of recording relocation and task order numbers in the Agency's financial accounting system.
5. Designate an alternate project officer in the Diebold ISS contract.
6. Ensure future hard drive destruction reports are made timely and include the required information.
7. In cases where incomplete hard drive destruction reports were provided to SSA after August 2004, request that Diebold ISS provide updated reports where necessary.
8. Continue to periodically ask for a sample of replaced hard drives to test
to determine whether Diebold-ISS erased or otherwise destroyed all data on the
units as required.
AGENCY COMMENTS
SSA agreed with our recommendations (see Appendix C).
Patrick P. O'Carroll, Jr.
Appendices
APPENDIX A - Acronyms
APPENDIX B - Scope, Methodology and Test Results
APPENDIX C - Agency Comments
APPENDIX D - OIG Contacts and Staff Acknowledgments
Appendix A
Acronyms
Diebold ISS Diebold Information and Security Systems LLC
FAR Federal Acquisition Regulation
HSPD-12 Homeland Security Presidential Directive -12
LAN Local Area Network
OAG Office of Acquisition and Grants
OIG Office of the Inspector General
OTSO Office of Telecommunications and Systems Operations
PM Problem Management
SSA Social Security Administration
SSN Social Security Number
TFE TFE Technology Holdings LLC
Appendix B
Scope, Methodology and Test Results
We conducted our audit field work between June and November 2006 in Baltimore,
Maryland.
The principal entities audited were the Social Security Administration's (SSA):
Office of Acquisition and Grants, the contracting office; and
Office of Telecommunications and Systems Operations, the program office.
We also reviewed records and interviewed staff in the Agency's:
Deputy Commissioner for Budget, Finance and Management (DCBFM), Office of Finance;
and
DCBFM, Office of Personnel, Center for Personnel Security and Project Management.
We conducted our audit in accordance with generally accepted government auditing
standards. To meet our objective, we:
reviewed applicable Federal laws and regulations and applicable SSA policies
and procedures;
reviewed the contract for Information Technology Maintenance and Local Area
Network Relocation, number 0600-02-60007;
interviewed Agency and Diebold Information and Security Systems LLC (Diebold
ISS) staff;
reviewed and observed Agency contract management processes;
tested task order, relocation and maintenance transactions in September and
October 2006;
reviewed Agency contractor suitability records; and
reviewed documentation from four Agency relocations which took place in October
and November 2006 to determine if Diebold-ISS staff were approved suitable to
work on-site at an SSA facility or have access to Agency programmatic or sensitive
information.
Table 1: Diebold ISS Contract Statistical Sampling Information
Description Totals Task Orders (Excludes Cancelled Orders) Relocation Requests
(Excludes Cancelled Orders) Maintenance Service Requests (Excludes Cancelled
Orders)
Universe Count 83,616 603 433 82,580
Sample Items 340 100 100 140
Sample Dollars $ 2,726,132 $ 459,992 $ 2,170,083 $ 96,057
Further, we determined that the Agency's computerized data used to record relocation
orders, task orders and maintenance calls made to the vendor and the suitability
records pertaining to Diebold-ISS staff were sufficiently reliable given the
audit objective and intended use of the data and should not lead to incorrect
or unintentional conclusions.
Testing Methodology and Results
For testing, we selected a sample of task order, relocation and maintenance
requests for Diebold-ISS services made by SSA during the first 4 contract years.
We reviewed 340 transactions totaling $2.7 million from the sampling universe
reflected in Table 1. The total universe was 83,616 transactions.
First, we selected 120 transactions, consisting of the 5 largest and 5 smallest
dollar transactions for each of the first 4 contract years, for each of the
3 service types (task order, relocation and maintenance).
Second, we randomly selected 220 transactions through a statistical sampling
methodology by contract year and type, as follows:
1. Task Orders: 15 transactions per contract year,
2. Relocation Orders: 15 transactions per contract year, and
3. Maintenance: 25 transactions per contract year.
Testing results are reflected in tables 2 through 4, which follow.
Table 2: Diebold ISS Contract Testing Review Results - Review of 100 Task Order
Transactions
TASK ORDER Total YR 1 YR 2 YR 3 YR 4
100 25 25 25 25
Paid according to agreed upon prices 63 10 16 17 20
Not paid according to agreed upon prices 2 - 1 1 -
Not enough support provided with invoice to determine if paid according to agreed
upon prices 32 15 8 4 5
Paid in excess of certified amount 3 - - 3 -
Paid Invoice Certified by Program Office 100 25 25 25 25
Paid transactions recorded in accounting system 100 25 25 25 25
The attributes we considered to evaluate whether the test transactions were processed correctly were:
1. For the service rendered, was the amount billed and paid in accordance with
the agreed upon prices detailed in the contract;
2. Was the paid invoice certified by the program office; and
3. Was a corresponding payment recorded in the accounting system.
Table 3: Diebold ISS Contract Testing Review Results - Review of 100 Relocation
Transactions
RELOCATION Total YR 1 YR 2 YR 3 YR 4
100 25 25 25 25
Paid according to agreed upon prices 76 21 18 22 15
Not paid according to agreed upon prices 7 - 6 1 -
Not enough support provided with invoice to determine if paid according to agreed
upon prices 17 4 1 2 10
Paid invoice certified by program office 99 25 25 24
certified/ (1 not located) 25
Paid transactions recorded in accounting system 100 25 25 25 25
Table 4: Diebold ISS Contract Testing Review Results - Review of 140 Maintenance
Transactions
MAINTENANCE Total YR 1 YR 2 YR 3 YR 4
140 35 35 35 35
Paid according to agreed upon prices 135 34 33 33 35
Not paid according to agreed upon prices 1 0 1 0 0
Not billed 4 1 1 2 0
Paid Invoice Certified by Program Office 136 34 34 33 35
Paid transactions recorded in accounting system 136 34 34 33 35
Appendix C
Agency Comments
MEMORANDUM
Date: April 30, 2007
To: Patrick P. O'Carroll, Jr.
Inspector General
From: Larry W. Dye
Thru: OEO_____________
Subject: Office of the Inspector General (OIG) Draft Report, "Review of the Social Security Administration's Information Technology Maintenance and Local Area Network Relocation Contract" (A-14-07-17022)--INFORMATION
We appreciate OIG's efforts in conducting this review. Our comments on the draft report content and recommendations are attached.
Please let me know if we can be of further assistance. Staff inquiries may be directed to Ms. Candace Skurnik, Director, Audit Management and Liaison Staff, at (410) 965-4636.
Attachment:
SSA Response
COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL (OIG) DRAFT REPORT, "REVIEW
OF THE SOCIAL SECURITY ADMINISTRATION'S INFORMATION TECHNOLOGY MAINTENANCE AND
LOCAL AREA NETWORK RELOCATION CONTRACT" (A-14-07-17022)
Thank you for the opportunity to review and comment on the draft report. We appreciate your conducting this audit of SSA's information technology maintenance and local area network relocation contract.
Recommendation 1
SSA should strengthen internal controls to ensure that contractor personnel performing under contracts have obtained the appropriate suitability determinations.
Comment
We agree. On April 3, 2007, SSA received a list from Diebold Information and
Security Systems LLC (Diebold-ISS) with the names of approximately 540 Diebold-ISS
employees. As of April 5, 2007, SSA sent Relocation and Task Order letters to
Diebold-ISS that contained the requirements set forth in Addendum D-20 of the
contract. Addendum D-20 states the contractor and subcontractors are required
to submit a copy of their suitability letters to the project officer 10 days
prior to a Relocation or Task Order activity.
However, one-time visits require a waiver. The waiver consists of all security
clearance forms with the exception of fingerprint cards. This waiver is for
a one time visit to any SSA building. If the same contractor/subcontractor needs
to make another visit to any SSA building in the future, they will have to meet
the full requirements of the suitability regulations.
Recommendation 2
SSA should continue to work with Diebold ISS to improve the support provided with invoices for task and relocation orders.
Comment
We agree. In November 2006, the Agency sent a letter to Diebold-ISS requesting
more detailed billing information in support of invoices being submitted for
payment. As a result, Diebold-ISS is now providing additional information with
its invoices.
Recommendation 3
SSA should resolve the incorrectly billed payments made to Diebold ISS, as appropriate.
Comment
We agree. The Agency is reviewing the invoices in question. We note that during the review SSA contract managers contacted Diebold ISS representatives and are now working with Diebold-ISS to resolve any incorrectly billed amounts and to immediately recover any payments made in error.
Recommendation 4
SSA should assess the feasibility of recording relocation and task order numbers in the Agency's financial accounting system.
Comment
We agree. The Agency has developed and implemented new procedures to ensure that relocation and task order numbers are correctly recorded in the Agency's financial accounting system. These new procedures were implemented in March 2007 and employees have been informed and trained on the new procedures.
Recommendation 5
SSA should designate an alternate project officer in the Diebold ISS contract.
Comment
We agree. The Agency is in the process of modifying the existing contract to add an alternate project officer.
Recommendation 6
SSA should ensure future hard drive destruction reports are made timely and include the required information.
Comment
We agree. The November 2006 letter sent to Diebold-ISS addressed this recommendation. Diebold-ISS is to submit a monthly report on the certification/report of hard drive replacement and disposition. The reports are to be submitted to the project officer timely and should contain all of the information that is outlined in the contract.
Recommendation 7
In cases where incomplete hard drive destruction reports were provided to SSA after August 2004, SSA should request that Diebold ISS provide updated reports where necessary.
Comment
We agree. In April 2007, Diebold-ISS provided SSA with updated destruction reports.
Recommendation 8
SSA should continue to periodically ask for a sample of replaced hard drives to test to determine whether Diebold-ISS erased or otherwise destroyed all data on the units as required.
Comment
We agree. On March 16, 2007, the Agency requested that Diebold-ISS send at least 2 hard drives that have been destroyed for our inspection. Since then, we have received 2 hard drives that were degaussed. Also, On March 27, 2007 Task Order number 0797 was issued to send the hard drives to a Data Recovery Facility to attempt to recover the data. The Data Recovery Facility will prepare a report of findings upon completion of the task order.
Appendix D
OIG Contacts and Staff Acknowledgments
OIG Contacts
Kitt Winter, Director, Data Analysis and Technology Audits Division, (410) 965-9702
Al Darago, Audit Manager, Application Controls Branch, (410) 965-9710
Acknowledgments
In addition to those named above:
Deborah Kinsey, Auditor-in-Charge
Anita McMillan, Senior Auditor
For additional copies of this report, please visit our web site at www.socialsecurity.gov/oig
or contact the Office of the Inspector General's Public Affairs Specialist at
(410) 965-3218. Refer to Common Identification Number A-14-07-17022.
Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations
(OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General
(OCCIG), and Office of Resource Management (ORM). To ensure compliance with
policies and procedures, internal controls, and professional standards, we also
have a comprehensive Professional Responsibility and Quality Assurance program.
Office of Audit
OA conducts and/or supervises financial and performance audits of the Social
Security Administration's (SSA) programs and operations and makes recommendations
to ensure program objectives are achieved effectively and efficiently. Financial
audits assess whether SSA's financial statements fairly present SSA's financial
position, results of operations, and cash flow. Performance audits review the
economy, efficiency, and effectiveness of SSA's programs and operations. OA
also conducts short-term management and program evaluations and projects on
issues of concern to SSA, Congress, and the general public.
Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste,
abuse, and mismanagement in SSA programs and operations. This includes wrongdoing
by applicants, beneficiaries, contractors, third parties, or SSA employees performing
their official duties. This office serves as OIG liaison to the Department of
Justice on all matters relating to the investigations of SSA programs and personnel.
OI also conducts joint investigations with other Federal, State, and local law
enforcement agencies.
Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters,
including statutes, regulations, legislation, and policy directives. OCCIG also
advises the IG on investigative procedures and techniques, as well as on legal
implications and conclusions to be drawn from audit and investigative material.
Finally, OCCIG administers the Civil Monetary Penalty program.
Office of Resource Management
ORM supports OIG by providing information resource management and systems security.
ORM also coordinates OIG's budget, procurement, telecommunications, facilities,
and human resources. In addition, ORM is the focal point for OIG's strategic
planning function and the development and implementation of performance measures
required by the Government Performance and Results Act of 1993.