To: The Commissioner
From: Inspector General
Subject: Top Management Challenges—Fiscal Year 2004
The Reports Consolidation Act of 2000 requires that we summarize for inclusion
in the Social Security Administration’s (SSA) Performance and Accountability
Report, our perspective on the most serious management and performance challenges
facing SSA. The challenges in Fiscal Year (FY) 2004 have not changed substantially
from FY 2003. However, we consolidated several related areas to more effectively
cover these areas. The top management issues facing SSA in FY 2004, as determined
by the Office of the Inspector General, are: Social Security Number Integrity
and Protection, Management of the Disability Process, Improper Payments,
Budget Performance and Integration, Critical Infrastructure Protection and
Systems Security, and Service Delivery.
These areas are dynamic, so we encourage continuous feedback and additional
study suggestions. This flexibility enables us to meet emerging and critical
issues evolving in the upcoming year. Our summary of SSA’s progress in
addressing these challenges (see attached) will be included in the Fiscal Year
2004 Performance and Accountability Report.
If you have any questions or need additional information, please call me or
have your staff contact Steven L. Schaeffer, Assistant Inspector General for
Audit, at (410) 965-9700.
James G. Huse, Jr.
The Reports Consolidation Act of 2000 requires that we summarize, for inclusion
in the Social Security Administration’s (SSA) Performance and Accountability
Report, our perspective on the most serious management and performance challenges
facing SSA.
The challenges facing SSA management in Fiscal Year (FY) 2004 have not changed
substantially from FY 2003. However, we consolidated several related areas to
more effectively cover these areas. For example, Social Security Number Integrity
and Protection now covers the former areas of Homeland Security, Social Security
Number (SSN) Integrity and Misuse, and Integrity of the Earnings Reporting Process.
Our Service Delivery issue area now includes Human Capital, E-Government, and
representative payee issue areas. We also eliminated the Fraud Risk issue area
since potentially there are elements of fraud risk in each management challenge.
The Office of the Inspector General (OIG) believes the management challenges
facing SSA in FY 2004 are as follows.
Since 1997, we have provided our perspective on these management challenges
to Congress, SSA and other key decisionmakers. In developing this year’s
list, we considered the four initiatives the Commissioner has identified as
priorities: Service, Stewardship, Solvency, and Staff.
We also reviewed
• the most significant issues as outlined in the President’s Management
Agenda (PMA),
• SSA’s progress in responding to the Office of Management and Budget’s
(OMB) Scorecard,
• the Inspector General’s Strategic Plan,
• the high-risk list prepared by the General Accounting Office (GAO),
and
• our body of audit and investigative work.
Finally, we prepared a crosswalk to ensure there was no disconnect or gap among
those reviewing SSA’s programs and operations.
SOCIAL SECURITY NUMBER INTEGRITY AND PROTECTION
In FY 2002, SSA issued about 18 million original and replacement SSN cards,
and SSA received approximately $524 billion in employment taxes related to earnings
under issued SSNs.
The SSN is the single most widely used identifier for Federal and State governments
as well as the private sector. In FY 2002, SSA issued about 18 million original
and replacement SSN cards, and SSA received approximately $524 billion in employment
taxes related to earnings under issued SSNs. Protecting the SSN and properly
posting the wages reported under SSNs are critical to ensuring eligible individuals
receive the full retirement, survivor and/or disability benefits due them.
Unfortunately, the SSN is often misused. And identity theft is not just about
individuals. While being the immediate victim of identity theft and SSN misuse
can cause individuals years of difficulty, it also brings cost to financial
and commercial institutions, which is ultimately passed on to consumers. Worse
yet, SSN misuse can disguise a dangerous felon or a would-be terrorist as a
law-abiding citizen. That de facto national identifier can provide a criminal
the identification and seeming legitimacy he or she needs to go about nefarious
business, perhaps putting dozens, hundreds, or even thousands of lives in jeopardy.
Protecting the Social Security Number
To ensure the integrity of the SSN, SSA must focus on three stages of protection:
(1) when the SSN card is issued, (2) during the life of the SSN cardholder,
and (3) upon the SSN cardholder’s death. Furthermore, SSA must employ
effective front-end controls in its enumeration process. Likewise, additional
techniques, such as data mining, biometrics, and enhanced systems controls,
are critical in the fight against SSN misuse.
To effectively combat SSN misuse, we believe SSA should
• establish a reasonable threshold for the number of replacement SSN cards
an individual may obtain during a year and over a lifetime,
• expedite systems controls that would interrupt SSN assignment when SSA
mails multiple cards to common addresses or when parents claim an improbably
large number of children,
• continue to address identified weaknesses within its information security
environment to better safeguard SSNs, and
• continue to educate SSA staff about counterfeit documents.
Integrity of the Earnings Process
The integrity of the SSN is also related to SSA’s process for posting
workers’ earnings. The proper posting of earnings ensures that eligible
individuals receive the full retirement, survivor and/or disability benefits
due them. If earnings information is reported incorrectly or not reported at
all, SSA cannot ensure all eligible individuals are receiving the correct payment
amounts. In addition, SSA’s disability programs under the Disability Insurance
(DI) and Supplemental Security Income (SSI) provisions depend on this earnings
information to determine (1) whether an individual is eligible for benefits
and (2) the size of the disability payment.
SSA spends scarce resources trying to correct the earnings data when incorrect
information is reported. The Earnings Suspense File (ESF) is the Agency’s
record of annual wage reports for which wage earners’ names and SSNs fail
to match SSA’s records. Between 1937 and 2000, the ESF grew to represent
about $374 billion in wages, which included approximately 236 million wage items
with an invalid name and SSN combination. As of July 2002, SSA had posted 9.6
million wage items to the ESF for Tax Year 2000, representing about $49 billion
in wages.
While SSA has limited control over the factors that cause the volume of erroneous
wage reports submitted each year, there are still areas where SSA can improve
its processes. SSA can improve wage reporting by educating employers on reporting
criteria, identifying and resolving employer reporting problems, and encouraging
greater use of the Agency’s SSN verification programs. SSA also needs
to improve coordination with other Federal agencies with separate, yet related,
mandates. For example, SSA’s ability to improve wage reporting is related
to the Internal Revenue Service’s failure to sanction employers for submitting
invalid wage data. It is also related to the complicated employer procedures
the Bureau of Citizenship and Immigration Services uses to verify eligible employees.
Social Security Number Integrity Protection Team
Finally, pending funding, we will be establishing an SSN Integrity Protection
Team (Team) to address the escalating issue of SSN misuse. The Team is an integrated
approach that combines the talents of our auditors, investigators, computer
specialists, analysts, and attorneys. In addition to supporting homeland security
initiatives, the Team will focus its efforts on
• identifying patterns and trends of SSN misuse;
• locating systemic weaknesses that contribute to SSN misuse, such as
in the enumeration and earnings-related processes;
• recommending legislative or other corrective actions to ensure the SSN’s
integrity; and
• pursuing criminal and civil enforcement provisions for individuals misusing
SSNs.
This Team will also partner with external private and public sector organizations
not only to educate, but to pursue mutually beneficial activities to prevent
and detect fraudulent use of SSNs.
MANAGEMENT OF THE DISABILITY PROCESS
SSA has tested several improvements to the disability claims process. To date,
these initiatives have not resulted in significant improvement. In January 2003,
GAO added the modernizing of Federal disability programs, to include SSA’s
disability programs, to its high-risk list.
SSA administers the DI and SSI programs that provide benefits based on disability.
Most disability claims are initially processed through a network of Social Security
field offices and State Disability Determination Services (DDS). SSA representatives
in the field offices are responsible for obtaining applications for disability
benefits and verifying non-medical eligibility requirements, which may include
age, employment, marital status, or Social Security coverage information. After
initial processing, the field office sends the case to a DDS for evaluation
of disability. |
The DDSs, which SSA fully funds, are State agencies responsible for developing
medical evidence and rendering the determination of whether the claimant is
disabled or blind. After the DDS makes the disability determination, it returns
the case to the field office for appropriate action depending on whether the
claim is allowed or denied. In FY 2002, over 2 million initial disability claims
were processed, and the average processing time was 104 days.
Once SSA establishes an individual is eligible for disability benefits under
either the DI or SSI program, the Agency turns its efforts toward ensuring the
individual continues to receive benefits only as long as SSA’s eligibility
criteria are met. Disability benefits will not continue if any of the following
occur:
• legislation or Federal regulations rescind a prior disabling condition
from qualifying for benefits,
• a child turns 18 years old and is no longer considered disabled under
adult criteria,
• an individual returns to work and has income over SSA’s allowable
amount, or
• a continuing disability review shows the individual is no longer disabled.
SSA’s Office of Hearings and Appeals (OHA) is responsible for holding
hearings and issuing decisions in SSA’s appeals process. OHA’s field
structure consists of 10 regional offices and 140 hearing offices. Administrative
law judges (ALJ) hold hearings and issue decisions in hearing offices nationwide.
In FY 2002, hearing offices processed over 500,000 cases, and the average processing
time was 336 days.
The Appeals Council is the final level of administrative review for claims filed
under SSA’s disability programs. The Appeals Council reviews ALJ decisions
and dismissals upon the claimant’s timely request for review. In FY 2002,
the Appeals Council processed 115,467 cases, and the average processing time
was 412 days.
Over the last several years, SSA has tested improvements to the disability claims
process as a result of concerns about the timeliness and quality of customer
service. The disability improvements combine initiatives that have been tested
and piloted and include all levels of eligibility determination—beginning
with State DDSs and going through the hearings and appeals processes.
To date, these initiatives have not resulted in significant improvements in
the disability claims process, and, in January 2003, GAO added the modernizing
of Federal disability programs, including SSA’s, to its 2003 high-risk
list. The Commissioner recently announced several decisions on the future of
SSA’s disability process. This included the Commissioner’s decisions
to
• pursue the expansion of the Single-Decision Maker authority nationwide,
• end the requirements for the claimant conference in sites testing the
prototype disability process,
• evaluate the elimination of the reconsideration level of the claims
process nationwide,
• make additional improvements to the hearings process, and
• implement an Electronic Disability System by 2004.
SSA reports that its short-term initiatives have improved the hearings process.
The short-term initiatives include expedited techniques for the review of cases
and technology enhancements designed to improve the timeliness of decisions.
Furthermore, SSA expects the electronic disability system to provide OHA a more
efficient and effective case processing system when implemented.
Disability Fraud
Fraud is an inherent risk in SSA’s disability programs. Some unscrupulous
people view SSA’s disability benefits as money waiting to be taken. A
key risk factor in the disability program is individuals who feign or exaggerate
symptoms to become eligible for disability benefits. Another key risk factor
is the monitoring of medical improvements for disabled individuals to ensure
those individuals who are no longer disabled are removed from the disability
roles.
SSA, in conjunction with our office, has taken an active role in addressing
the integrity of the disability programs through the Cooperative Disability
Investigations (CDI) program. The CDI program’s mission is to obtain evidence
that can resolve questions of fraud in SSA’s disability programs. SSA’s
Offices of Operations, Disability Programs, and Disability Determinations along
with the OIG manage the CDI program. There are 17 CDI units operating in 16
States. From October 1, 2002 through March 31, 2003, the CDI units saved SSA
about $44 million by identifying fraud and abuse in the disability program before
benefits were paid.
IMPROPER PAYMENTS
Determining and paying accurate and timely program benefits are primary commitments
of SSA, along with good stewardship of the trust fund and the General Revenue
fund.
SSA is responsible for issuing benefit payments under the Old-Age, Survivors,
and Disability Insurance (OASDI) and SSI programs. In FY 2002, SSA issued $483
billion in benefit payments to 53.1 million beneficiaries. Considering the volume
and amount of payments SSA makes each month, even the slightest error in the
overall process can result in millions of dollars in over- or underpayments.
Improper payments are defined as payments that should not have been made or
were made for incorrect amounts. Examples of improper payments include inadvertent
errors, payments for unsupported or inadequately supported claims, payments
for services not rendered, or payments to ineligible beneficiaries. The risk
of improper payments increases in programs with (1) a significant volume of
transactions, (2) complex criteria for computing payments, and/or (3) an overemphasis
on expediting payments. Since SSA is responsible for issuing timely benefit
payments for complex entitlement programs to over 50 million individuals, SSA
is at-risk of making significant improper payments.
The President and Congress have expressed interest in measuring the universe
of improper payments within the Government. Specifically, in August 2001, OMB
published the FY 2002 PMA, which included a Government-wide initiative for improving
financial performance. In November 2002, the Improper Payments Information Act
of 2002 was enacted, and OMB issued guidance in May 2003 on implementing this
new law.
Under this law, agencies that administer programs where the risk of erroneous
payments is significant must estimate their annual amount of improper payments
and report this information in their Performance and Accountability Report
for FYs ending on or after September 30, 2004. OMB will use this information
while working with the agencies to establish goals for reducing erroneous payments
for each program.
SSA and the OIG have had on-going discussions on improper payments—on
such issues as detected vs. undetected improper payments and avoidable overpayments
vs. unavoidable overpayments which are outside the Agency’s control and
a “cost of doing business.” In August 2003, OMB issued specific
guidance to SSA to only include avoidable overpayments in the Agency’s
improper payment estimate because these payments could be reduced through changes
in administrative actions. Unavoidable overpayments that result from legal
or policy requirements are not to be included in SSA’s improper payment
estimate.
In September 2003, the OIG issued an Issue Paper on improper payments—where
we analyzed overpayments from SSA, other Federal agencies, and private sector
disability insurers. Based on this work, we plan to initiate a comprehensive
and statistically valid review in FY 2004 to quantify the amount of undetected
overpayments SSA’s disability programs—with a focus on the four
diagnosis groups we believe (based on prior audit and investigative work) are
problematic. Additionally, preliminary results from one of our audits at the
end of FY 2003 show significant overpayments—related to earnings by disabled
beneficiaries—went undetected by SSA. This work and other studies—such
as one to assess whether overpayment waivers were appropriate—will be
completed and/or initiated in FY 2004 and beyond to address the issue of improper
payments.
SSA has undertaken many projects to identify and improve areas where it could
do more to reduce improper payments and/or recover amounts overpaid. Specifically,
SSA has been working to improve its ability to prevent over- and underpayments
by obtaining beneficiary information from independent sources sooner and/or
using technology more effectively. In this regard, SSA has initiated new computer
matching agreements, obtained on-line access to wage and income data, and implemented
improvements in its debt recovery program.
Working with SSA, we have made great strides in reducing benefit payments to
prisoners and SSI payments to fugitive felons, and these efforts continue.
However, improper payments, including those to deceased beneficiaries, students,
and individuals receiving State workers’ compensation benefits, continue
to drain the Social Security trust fund.
BUDGET AND PERFORMANCE INTEGRATION
Our work has demonstrated that SSA is generally committed to the production
and use of reliable performance and financial management data, but some improvements
would further enhance SSA’s ability to produce accurate and actionable
management information.
This area encompasses SSA’s efforts to provide timely, useful and reliable
data to assist internal and external decisionmakers in effectively managing
Agency programs, as well as both evaluating performance and ensuring the
validity and reliability of performance, budgeting, and financial data.
To effectively meet its mission, manage its programs, and report on its performance,
SSA needs sound performance and financial data. Congress, other external
interested parties, and the general public also want sound data to monitor
and evaluate SSA’s performance. SSA relies primarily on internally
generated data to manage the information it uses to administer its programs
and report to Congress and the public. The necessity for good internal data
Governmentwide has resulted in the passage of several laws and regulations
to make Government more accountable. The Chief Financial Officers Act of
1990, as amended; the Government Management Reform Act of 1994; and the Government
Performance and Results Act (GPRA) were passed to create an environment of
greater accountability within Federal agencies.
In accordance with GPRA, SSA has set forth its mission and strategic goals
in 5-year strategic plans, established yearly targets in its annual performance
plans, and reported on its performance in its annual performance reports.
Each year, we conduct audits to assess the reliability of SSA’s performance
data and evaluate the extent to which SSA’s performance plan describes
its planned and actual performance meaningfully.
In addition to performance audits, we perform and monitor audits of SSA’s
financial statements and other financial-related audits of SSA’s operations.
Our work includes comprehensive technical and administrative oversight of
the annual audit of SSA’s financial statements, performed by an independent
public accountant. We also perform reviews of the quality of single audits
conducted by State auditors and public accounting firms. Additionally, we
conduct administrative cost audits of State DDSs, which assist SSA with its
disability workload. This body of work helps assess the validity and reliability
of the financial data SSA relies on to manage its programs and meet its mission.
The integrity of SSA’s programs and those that rely on information
from SSA depend on the reliability and quality of the Agency’s data.
External data and data exchanges are critical to SSA’s programs and
are the focus of many of our audits. Therefore, it is imperative that SSA’s
data be reliable.
Considering the critical role of the underlying data in all of SSA’s
performance, financial, and data-sharing activities, it is crucial that the
Agency have clear processes in place to ensure the reliability and integrity
of its data.
CRITICAL INFRASTRUCTURE PROTECTION AND SYSTEMS SECURITY
SSA’s information security challenge is to understand and mitigate system
vulnerabilities.
The Government has a major responsibility for public health and safety. Dramatic
and widespread harm would result should its systems be compromised. Therefore,
it is imperative that the Nation’s critical information infrastructure,
which is essential to the operations of the economy and Government, be protected.
These systems include, but are not limited to the following.
• Telecommunications
• Energy
• Banking and finance
• Transportation
• Water systems
• Facility and personnel security
• Emergency services, both Federal and private sector
Many of the Nation’s critical infrastructures have historically been physically
and logically separate systems that had little interdependence. Through advances
in information technology and improved efficiency, however, these infrastructures
have become increasingly automated and interconnected. These same advances have
created new vulnerabilities to equipment failures, human error, weather and
other natural disasters, and physical cyber-attacks.
Addressing these vulnerabilities will require flexible, evolutionary approaches
that span the public and private sectors and protect both domestic and international
security. Presidential Decision Directive 63, issued in 1998, requires that
Federal agencies identify and protect their critical infrastructure and assets.
The information SSA needs to conduct its mission is one of its most valuable
assets. The Agency is depending on technology to meet the challenges of increasing
workloads with fewer resources. A physically and technologically secure Agency
information infrastructure is a fundamental requirement.
Growth in computer interconnectivity brings a heightened risk of disrupting
or sabotaging critical operations, reading or copying sensitive data, and tampering
with critical processes. Those who wish to disrupt or sabotage critical operations
have more tools than ever.
SSA’s information security challenge is to understand and mitigate system
vulnerabilities. At SSA, this means ensuring its critical information infrastructure,
such as access to the Internet and the networks, is secure. By improving systems
security and controls, SSA will be able to use current and future technology
more effectively to fulfill the public’s needs. The public will not use
electronic access to SSA services if it does not believe those systems are secure.
SSA addresses critical information infrastructure and systems security in a
variety of ways. It created a Critical Infrastructure Protection work group
that continually works toward compliance with Presidential Decision Directive
63. SSA has several other components throughout the organization that handle
systems security including the newly created Office of Information Technology
Security Policy within the Office of the Chief Information Officer. SSA also
routinely releases out security advisories to its employees and has hired outside
contractors to provide expertise in this area.
SERVICE DELIVERY
Given the complexity of the Agency’s programs, the billions of dollars
in payments at stake, and the millions of citizens who rely on SSA, we must
ensure that quality, timely, and appropriate services are consistently provided
to the public-at-large.
The delivery of service to the American people poses a significant challenge
that SSA is compelled to address. The Agency’s goal of “service”
encompasses traditional and electronic services to applicants for benefits,
beneficiaries and the general public. It also includes services to and from
States, other agencies, third parties, employers, and other organizations including
financial institutions and medical providers. This goal supports the delivery
of “citizen-centered” services and use of “E-Government,”
and therefore affords SSA opportunities to advance these levels of service.
Given the complexity of the Agency’s programs, the billions of dollars
in payments at stake, and the millions of citizens who rely on SSA, we must
ensure that quality, timely, and appropriate services are consistently provided
to the public-at-large.
E-Government Challenges
The PMA also calls for improved service delivery through the use of E-Government
in creating more cost-effective and efficient ways to provide service to citizens.
The increased use of E-Government will be essential to help address the Agency’s
expected future loss of institutional knowledge accompanied by the increased
services expected with the aging of the baby-boom generation. Future service
delivery challenges include providing electronic services over the Internet
and telephone, 24 hours a day, 7 days a week. It will be the norm for business
transactions to be processed electronically.
By 2005, SSA is expected to make 60 percent of its customer-initiated services
available through automated telephone services or the Internet. The Agency recently
began allowing the public to file DI claims through the Internet to help achieve
its service delivery goals. SSA expects to begin a nation-wide roll-out of its
Electronic Disability System in 2004. There are always risks involved in conducting
electronic commerce, despite the Agency’s efforts to identify and mitigate
them. SSA will have to keep privacy and security concerns at the forefront of
its planning efforts.
Representative Payee Challenges
A specific challenge in this area is maintaining the integrity of the representative
payee process. When SSA determines a beneficiary cannot manage his/her benefits,
SSA selects a representative payee, who must use the payments for the beneficiary’s
benefit. There are about 5.3 million representative payees who manage benefit
payments for 6.7 million beneficiaries. While representative payees provide
a valuable service for beneficiaries, SSA must provide appropriate safeguards
to ensure they meet their responsibilities to the beneficiaries they serve.
Since FY 2001, we have completed numerous audits of representative payees. Our
audits identified
• deficiencies with the financial management of, and accounting for, benefit
receipts and disbursements;
• vulnerabilities in the safeguarding of beneficiary payments;
• poor monitoring and reporting to SSA of changes in beneficiary circumstances;
• inappropriate handling of beneficiary-conserved funds; and
• improper charging of fees.
Human Capital Challenges
Many agencies, including SSA, share the challenge to address human capital shortfalls.
The critical loss of institutional skills and knowledge, combined with greatly
increased workloads at a time when the baby-boom generation will require its
services, must be addressed by succession planning, strong recruitment efforts,
and the effective use of technology as previously discussed.
In January 2001, GAO added strategic human capital management to its list of
high-risk Federal programs and operations. By 2010, workloads are anticipated
to increase to unprecedented volumes. Along with the workload increase, the
incredible pace of technological change will have a profound impact on both
the public’s expectations and SSA’s ability to meet those expectations.
At current staffing levels, SSA finds it difficult to maintain an acceptable
level of service, especially in its most complicated workloads. After downsizing
and curtailing investments in human capital (people), the Government is facing
a major challenge to meet the current and emerging needs of the Nation’s
citizens.