January 31, 2008

The Honorable Henry Waxman
Committee on Oversight and Government Reform
House of Representatives
Washington, D.C. 20515

Dear Mr Chairman:

In a December 7, 2007 letter, you asked that we provide a list of recommendations we made from January 1, 2001 to the present that have not been implemented by Social Security Administration officials or by Congress.

My office is committed to combating fraud, waste, and abuse in the Social Security Administration's operations and programs. The enclosed report details recommendations we made from January 1, 2001 to the present that have not been implemented. Additionally, we provided a copy of this report to the Social Security Administration.

If you have any questions concerning this matter, please call me or have your staff contact Wade Walters, Assistant Inspector General for Congressional and Intra Governmental Liaison, at (202) 358-6319.


Patrick P. O'Carroll, Jr.
Inspector General


Unimplemented Audit Recommendations Since January 2001


January 2008


By conducting independent and objective audits, evaluations and investigations, we inspire public confidence in the integrity and security of SSA's programs and operations and protect them against fraud, waste and abuse. We provide timely, useful and reliable information and advice to Administration officials, Congress and the public.


The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:

Conduct and supervise independent and objective audits and investigations relating to SSA programs and operations.
Promote economy, effectiveness, and efficiency within the SSA.
Prevent and detect fraud, waste, and abuse in SSA programs and operations.
Review and make recommendations regarding existing and proposed legislation and regulations relating to SSA programs and operations.
Keep the SSA head and the Congress fully and currently informed of problems in SSA programs and operations.

To ensure objectivity, the IG Act empowers the IG with:

Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.


We strive for continual improvement in SSA's programs, operations and management by proactively seeking new ways to prevent and deter fraud, waste and abuse. We commit to integrity and excellence by supporting an environment that provides a valuable public service while encouraging employee development and retention and fostering diversity and innovation.


To provide the Committee on Oversight and Government Reform a list of recommendations made by the Social Security Administration Office of the Inspector General (SSA OIG), Office of Audit, from January 1, 2001 to the present that have not been implemented by the Social Security Administration (SSA).

This report is not an audit but rather the result of a data gathering effort by the SSA OIG. We shared the recommendations with SSA, and they provided us with their status on these recommendations. However, we did not independently verify the status. Also, because this is not an audit, we did not perform this data gathering effort in accordance with Governmental Auditing Standards. The information, however, has been shared with SSA.


The Social Security Administration (SSA) Office of the Inspector General, Office of Audit (OIG OA), performs comprehensive audits, attestation engagements and evaluations of SSA's programs and operations. These audits are performed in accordance with Government Auditing Standards, applicable Office of Management and Budget (OMB) circulars, bulletins and other legal, regulatory and administrative requirements. Audits and attestation engagements are conducted to detect and prevent fraud, waste, and abuse in SSA's programs and operations. The OIG-OA also has responsibility for the comprehensive audit of SSA's annual financial statements. Evaluations are conducted in accordance with Quality Standards for Inspections issued by the President's Council on Integrity and Efficiency (PCIE). OIG-OA also identifies opportunities for savings, better use of funds and improved program management and results through regulatory reform and policy change along with recommendations for corrective action and recovery of funds.

Since December 2001, SSA OIG has issued an annual report on the major management challenges facing the Agency. The inaugural report, issued December 7, 2001, identified 10 Management Challenge Areas. At that time they were:

Critical Information Infrastructure
Earnings Suspense
Fraud Risk
Identity Theft
Service to the Public
Disability Redesign
Government Performance and Results Act
Representative Payees
System Security and Controls

Over the years, we have re-evaluated the list of challenges and, where appropriate, combined, condensed or modified the list to reflect changes in the SSA environment. In our most recent Management Challenges Report which was issued in November 2007, we identified the following Management Challenges:

Social Security Number Protection
Management of the Disability Process
Improper Payments and Recovery of Overpayments
Internal Control Environment and Performance Measures
Systems Security and Critical Infrastructure Protection
Service Delivery and Electronic Government

From January 1, 2001 to January 4, 2008, OIG-OA performed 711 audits of which 2,440 recommendations have been presented to SSA. Our audits addressed occurences of fraud, waste, abuse as well as SSA's major management challenges as identified by SSA OIG. This document provides detailed information on unimplemented audit recommendations made during the period January 1, 2001 to January 4, 2008. The recommendations are categorized by the Major Management Challenges identified in OIG's 2007 Management Challenges Report. Each section contains narratives defining the management challenge and the most significant recommendations. In determining the priority classification of the recommendations, we used our professional judgment and considered other factors, such as dollar impact and criticality.

It should be noted that OIG-OA's goal is to maintain an annual rate of acceptance of at least 85 percent for all audit recommendations. In fiscal year 2007, we surpassed our goal by achieving a 97 percent rate of acceptance.

As evident by the FY 2007 rate of acceptance, OIG has maintained a good working relationship with SSA. The Deputy Commissioner of Budget, Finance, and Management, Audit Management and Liason Staff (AMLS) is responsible for SSA's audit management liasion activities with the Government Accountability Office and the Office of the Inspector General. AMLS plays an important role in facilitating communication between SSA and OIG. The staff also maintains the official record of audit recommendations, responses, and status for SSA.

Results of Review
From January 1, 2001 to January 4, 2008, there have been 497 (20 percent of the
2,440 recommendations) that have not been implemented by SSA. SSA agreed to 275 of these recommendations. For the remaining 222 recommendations, SSA either disagrees, partially agrees, or a response is still pending . Chart 1 illustrates:


Of the unimplemented recommendations, OIG-OA has identified 60 which represent $2.6 billion in questioned costs, 25 which represent $3.4 billion in funds that could have been put to better use, and 412 which yield non-monetary benefits. Chart 2 and 3 illustrate:


Unimplemented Recommendations with Questioned Costs by Major Management Challenges

Major Management Challenge # of Recommendations Questioned Cost
Internal Control 30 $ 23,108,467
Improper Payments 24 $ 2,563,412,476
Service Delivery 4 $ 409,867
Management Disability 1 $ 2,197,772
Systems Critical Protection 1 $ 43,026,215
SSN Protection 0 $ -
Total 60 $ 2,632,154,797


Unimplemented Recommendations with Funds Put to Better Use by Major Management Challenges

Major Management Challenges # of Recommendations Funds Put to Better Use
Improper Payments 11 $ 2,869,052,447
Service Delivery 5 $ 344,283,926
Internal Control 4 $ 13,884,616
Management Disability 3 $ 217,645,839
SSN Protection 1 $ 6,000,000
Systems Critical Protection 1 $ 1,011,772
Total 25 $ 3,451,878,600

Based on the audit findings and the expected benefit to the SSA, we have ranked each unimplemented recommendation as high, medium, or low. A high-level summary of all high priority recommendations is located below in Chart 4. The corresponding details are highlighted in red throughout the various management challenge sections. The status information was provided by SSA's Audit Management Liaison Staff and was not independently verified by our office.


Unimplemented High Priority Recommendations by Major Management Challenge

Major Management Challenges High Priority Recommendations Total # which with SSA Concurred Total Questioned Cost Total Funds Put to Better Use
Social Security Number Protection 26 19 $ - $ -
Management of the Disability Process 17 14 $ 2,197,772 $ 217,645,839
Improper Payments and Recovery of Overpayments 21 18 $2,398,619,067 $ 2,841,194,767
Internal Controls Environment and Performance Measures 3 0 $ 4,491,286 $ -
Systems Security and Critical Infrastructure Protection 26 13 $ 43,026,215 $ -
Service Delivery and Electronic Government 3 1 $ - $ 344,247,728
Total 96 65 $2,448,334,340 $3,403,088,334


The largest number of high priority recommendations that remain unimplemented relate to Social Security Number and Systems Security and Critical Infrastructure Protection. The most significant SSN related recommendations focus on three areas: proactively seeking to limit the collection, use and disclosure of SSNs; establishing accurate, consistent and effective SSN verification programs for employers and other users; and examining the necessity of assigning SSNs to certain populations of noncitizens. Although many of these recommendations do not have quantifiable dollar savings or funds that could be put to better use, they are important to the integrity of information maintained by SSA; and as such, require management attention. Some of the unimplemented recommendations within systems security and critical infrastructure protection focus on recent Government-wide initiatives for safeguarding personally identifiable information and ensuring safeguards against unauthorized access to sensitive data. Similarly, these recommendations do not have dollar savings, but they address security issues that are of concern to the Government, its stakeholders, and the public.

One other area of interest over the past seven years has been improper payments. In 2004, at the request of Senator Grassely, we conducted an evaluation on improper payments in SSA's disability programs. As a result, we estimated overpayments amounting to $1.2 billion and quesitoned cost of $2.1 billion. Note that these amounts are not included in the summary charts in this document, as SSA has reported that the recommendations in the report have been closed as implemented due to the ongoing continuing disability reviews (CDR) performed by SSA. However, over the past seven years, the volume of CDRs performed by SSA has decreased from approximately 1.7 million in FY 2001 to 765,000 in FY 2007 .

SSA management has agreed with a substantial number of the recommendations made since 2001. In fact, since 2001, we have met or exceeded our performance goal of achieving Agency agreement on 85 percent of our recommendations. Furthermore, the Agency's implementation of approximately 79 percent of our recommendations reflects management's responsiveness and commitment to addressing the management challenges facing the Agency. Like many other Federal agencies, SSA is attempting to provide sustained or improved services with limited resources. To that end, some of the delays surrounding implementation of recommendations are the result of limited resources and management having to make judgment calls on where to use those limited resources.

The details of the management challenges are available upon request.

Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office of Resource Management (ORM). To ensure compliance with policies and procedures, internal controls, and professional standards, we also have a comprehensive Professional Responsibility and Quality Assurance program.

Office of Audit
OA conducts and/or supervises financial and performance audits of the Social Security Administration's (SSA) programs and operations and makes recommendations to ensure program objectives are achieved effectively and efficiently. Financial audits assess whether SSA's financial statements fairly present SSA's financial position, results of operations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA's programs and operations. OA also conducts short-term management and program evaluations and projects on issues of concern to SSA, Congress, and the general public.

Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste, abuse, and mismanagement in SSA programs and operations. This includes wrongdoing by applicants, beneficiaries, contractors, third parties, or SSA employees performing their official duties. This office serves as OIG liaison to the Department of Justice on all matters relating to the investigations of SSA programs and personnel. OI also conducts joint investigations with other Federal, State, and local law enforcement agencies.

Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters, including statutes, regulations, legislation, and policy directives. OCCIG also advises the IG on investigative procedures and techniques, as well as on legal implications and conclusions to be drawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary Penalty program.

Office of Resource Management
ORM supports OIG by providing information resource management and systems security. ORM also coordinates OIG's budget, procurement, telecommunications, facilities, and human resources. In addition, ORM is the focal point for OIG's strategic planning function and the development and implementation of performance measures required by the Government Performance and Results Act of 1993.