I am pleased to present the Office of Audit's Fiscal Year 2009 Annual Work Plan. The reviews described in the Plan are designed to address those areas that are most vulnerable to fraud, waste, and abuse. Since 1997, we have provided our perspective on the top challenges facing Social Security Administration (SSA) management to the Congress, SSA and other key decisionmakers. For Fiscal Year 2009, the Office of the Inspector General has identified the following management challenges: Social Security Number Protection, Management of the Disability Process, Improper Payments and Recovery of Overpayments, Internal Control Environment, Systems Security and Critical Infrastructure Protection, and Service Delivery and Electronic Government.

The Plan describes 105 reviews we plan to complete in Fiscal Year 2009 and 106 reviews we plan to begin in Fiscal Year 2009. In developing these reviews, we worked with Agency management to ensure we provide a coordinated effort.

Our Plan is dynamic, so we encourage continuous feedback and additional study suggestions. This flexibility enables us to meet emerging and critical issues evolving in the upcoming year.

Steven L. Schaeffer
Assistant Inspector General for Audit

Executive Overview
The Office of the Inspector General (OIG) improves the Social Security Administration's (SSA) programs and operations and protects them against fraud, waste, and abuse by conducting independent and objective audits, evaluations, and investigations. We provide timely, useful, and reliable information and advice to Administration officials, the Congress, and the public. The Office of Audit conducts financial and performance audits of SSA's programs and operations and makes recommendations to ensure program objectives are achieved effectively and efficiently. Financial audits assess the reliability of financial data reported by SSA in its annual financial statements and any number of managerial informative reports. Performance audits review the economy, efficiency, and effectiveness of SSA's programs and operations. The Office of Audit also conducts short-term management and program evaluations and projects on issues of concern to SSA, the Congress, and the general public. In Fiscal Year (FY) 2008, we issued 108 reports with over $3.5 billion in monetary findings.

Annual Work Plan
Our Annual Work Plan (Plan) outlines our perspective of the major management and performance challenges facing SSA and serves as a tool for communicating our priorities to SSA, the Congress, the Office of Management and Budget (OMB), and other interested parties. The activities described address the fundamental goals related to SSA's mission to deliver Social Security services that meet the changing needs of the public. Our work is prioritized to focus our resources on those areas that are most vulnerable to fraud, waste and abuse. To ensure we provide a coordinated effort, we work closely with the Offices of Investigations, Counsel to the Inspector General, External Relations, and Technology and Resource Management.

Our Plan is categorized to mirror the top management challenges that cut across the Government, as well as those identified by the Agency and the Social Security Advisory Board.

This Plan describes 105 reviews we intend to complete and 106 reviews we intend to begin in FY 2009 in the following issue areas.
Social Security Number Protection
Management of the Disability Process
Improper Payments and Recovery of Overpayments
Internal Control Environment
Systems Security and Critical Infrastructure Protection
Service Delivery and Electronic Government

To assist us in this analysis, we crosswalked the Commissioner and the Social Security Advisory Board priorities to those identified by our prior and ongoing work. The following table demonstrates that our perspective is congruent with other key decisionmakers.

In preparing this Plan, we solicited suggestions from the Agency. We received a number of suggestions for inclusion in our Plan, and we have incorporated as many of them as possible.

We recognize this Plan is dynamic, so we encourage continuous feedback and additional suggestions. This flexibility enables us to meet emerging and critical issues evolving throughout the upcoming year.

For more information on this Plan, please contact the Office of Audit at (410) 965-9700.

In Fiscal Year (FY) 2007, the Social Security Administration (SSA) processed approximately 17.6 million original and replacement Social Security number (SSN) cards and received approximately $647 billion in employment taxes related to earnings under assigned SSNs. Because the SSN is so heavily relied on in U.S. society as an identifier, it is also valuable as an illegal commodity. Yet, because SSA calculates future benefit payments based on the earnings an individual has accumulated over his or her lifetime, accuracy in recording those earnings is critical. As such, properly assigning SSNs only to those individuals authorized to obtain them, protecting SSN information once the numbers are assigned, and accurately posting the earnings reported under SSNs are critical components of SSA's mission.

Efforts to Protect the Social Security Number
To its credit, over the last decade, SSA has implemented numerous improvements in its SSN assignment, or enumeration process. We acknowledge that with these new procedures/ requirements, the enumeration workload has increased in complexity for SSA personnel and resulted in some difficulties or delays for SSN applicants. Despite these challenges, we believe SSA's improved procedures help ensure the Agency is properly assigning these important numbers. Some of SSA's more notable enumeration improvements include the following.

Verifying the authenticity of all documents evidencing citizenship or lawful alien status before assigning an original SSN.
Establishing six Enumeration Centers in Brooklyn and Queens, New York; Las Vegas, Nevada; Phoenix, Arizona (Downtown and North); and Orlando, Florida, that focus exclusively on assigning SSNs and issuing SSN cards.

Requiring that field office (FO) personnel processing SSN applications use the Agency's SS-5 Assistant, a Microsoft Access-based application intended to increase control over the SSN application process. This program provides FO personnel processing SSN applications structured interview questions and requires certain data to complete the application process. Additionally, SSA plans to implement a web-based enumeration system known as the SSN Application Process in the next few years.

Strengthening the standards and requirements for identity documents presented with SSN applications to ensure the correct individual obtains the correct SSN.
We applaud the Agency for these efforts. Nevertheless, based on our recent audit work, we continue to have concerns regarding SSN assignment and protection. For example, the Agency has few mechanisms to curb the unnecessary collection and use of SSNs. In September 2007, we reported on the collection and use of SSNs by State and local governments for such programs as identifying and tracking K-12 students, posting certain records on the Internet and prescription drug monitoring. Additionally, in FY 2008, we issued a report discussing the vulnerabilities caused by using and displaying SSNs on Medicare cards. In these instances, we believe an alternate identifier would suffice and provide better protection against identity theft. Our audit and investigative work have taught us that the more SSNs are unnecessarily used, the higher the probability these numbers could be used to commit crimes throughout society.

In addition, we issued two audit reports in which we discussed our concern with the practice of assigning SSNs to noncitizens who will only be in the United States for a few months-but are allowed to obtain SSNs that are valid for life. Specifically, these reports addressed SSNs issued to certain exchange visitors and those who enter the United States with a 3-month fiancé visa. Further, in FY 2008, we issued an audit report in which we concluded that SSA's controls over the issuance of SSN Verification Printouts were not sufficient to preclude individuals other than the numberholder from improperly obtaining these sensitive documents that contain personally identifiable information (PII). Additionally, we remain concerned with SSA's plans to expand the Enumeration at Entry process to other classes of noncitizens until it implements significant improvements, which we recommended in two audit reports in 2005 and 2008, respectively.

The Agency continues to modify the information it shares with employers. Under the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) (Pub. L. No. 108-458), SSA is required to add both death and fraud indicators to the SSN verification systems for employers, State agencies issuing drivers' licenses and identity cards, and other verification routines, as determined appropriate by the Commissioner of Social Security. SSA added death indicators to those verification routines used by employers and State agencies in March 2006 and added fraud indicators in August 2007.

Finally, SSA is devoting resources to developing an on-line system for issuing replacement SSN cards. While we support the Agency's decision to offer more services on-line to enhance customer service, we are concerned about the potential for unscrupulous individuals to manipulate such a system. We are particularly concerned about the Agency's plans for issuing replacement SSN cards on-line given the Internal Revenue Service's (IRS) experience with fraud and abuse in its e-file program.

To further enhance SSN integrity, we believe SSA should
support legislation to limit public and private entities' collection and use of SSNs and improve the protection of this information when obtained,
work with the IRS to develop alternatives to assigning SSNs to noncitizens who may only be in the country for a few months,
continue its efforts to safeguard and protect PII,
improve the Enumeration at Entry process before expansion, and
develop stringent authentication measures to ensure the highest level of security and identity assurance before moving forward in offering on-line replacement SSN cards.

The Social Security Number and Reported Earnings
Properly posting earnings is essential in determining whether individuals are eligible to receive retirement, survivor, and/or disability benefits as well as to calculate the benefit amounts. If earnings information is reported incorrectly or not reported at all, SSA cannot ensure all individuals eligible for benefits are receiving the correct payment amounts.

SSA spends scarce resources correcting earnings data when incorrect information is reported. The Earnings Suspense File (ESF) is the Agency's record of annual wage reports for which wage earners' names and/or SSNs fail to match SSA's records. As of October 2007, the ESF had accumulated about $661 billion in wages and 275 million wage items for Tax Years (TY) 1937 through 2005. In TY 2005 alone, the ESF grew by $75 billion in wages and 10.3 million wage items.

While SSA has limited control over the factors that cause erroneous wage reports submitted each year, there are areas where the Agency can improve its processes. SSA can improve wage reporting by informing employers about potential SSN misuse cases, identifying and resolving employer reporting problems, encouraging greater use of the Agency's employee verification programs, and enhancing the employee verification feedback to provide employers with sufficient information on potential employee issues. SSA also needs to coordinate with other Federal agencies with separate, yet related, mandates, such as the IRS and Department of Homeland Security (DHS).

In our audits, we have encouraged SSA to increase collaboration with the IRS to achieve more accurate wage reporting, including cases where earnings are disclaimed by individuals and need to be removed from SSA and IRS records. Both the IRS and SSA have encountered cases where the name and SSN combination is correct and the wages are posted to an earner's record only to learn that the SSN owner did not work for the employer and is the victim of SSN misuse. For example, in June 2008, we reported that SSA had received wage referrals from the IRS for approximately 28,000 SSN owners who had disputed reported wages with the IRS for prior TYs. In other cases, the earners reported fraudulent income in an attempt to gain SSA and/or IRS benefits. In an August 2007 report, we noted that about 12 percent of individuals who disclaimed self-employment income for TYs 2003 through 2005 had initially reported the self-employment income to qualify for Social Security benefits and the IRS' Earned Income Tax Credit. SSA needs to ensure it works closely with the IRS to remove such wages to (1) assist the numberholders with earnings discrepancies, (2) minimize improper IRS tax assessments, and (3) reduce the chance of improper SSA and IRS payments based on incorrect information.

In our reports, we have also encouraged greater collaboration with DHS on some employment eligibility verification issues. For example, in a September 2007 audit, we identified vulnerabilities with the E-Verify system (formerly the Basic Pilot), which is a joint initiative between SSA and DHS that assists employers in verifying the employment eligibility of newly hired employees. In our report, we encouraged SSA and DHS to work together to help resolve the vulnerabilities. As of June 2008, the Commissioner of Social Security had expressed his desire to work with DHS to help resolve some of the weaknesses we identified. Specifically, he expressed the need for SSA and DHS to develop a more stringent registration process for E-Verify to reasonably guard against improper users registering and using the E-Verify system.

In FY 2009, we plan to complete 12 reviews and begin 9 reviews in the Social Security Number Protection challenge.

Appropriate Use of Social Security Administration Data by Third Parties
Assignment of Social Security Numbers to Individuals in the Commonwealth of the Northern Mariana Islands and American Samoa
Completeness of Death Information in the Social Security Administration's Systems
Consent-based Social Security Number Verification Program Earnings Records with Multiple Employers
Field Office Workload Related to Tentative Nonconfirmation Responses to E-Verify
Fraudulent, Overstated, and/or Missing Wages in the Master Earnings File Potential Overpayments Due to Incomplete Quarterly Wage Data from the Office of Child Support Enforcement
Proper Allocation of Back Pay
R-1 Religious Workers' Use of Social Security Numbers
The Social Security Administration's Compliance with Social Security Number Replacement Card Issuance Provisions of the Intelligence Reform and Terrorism Prevention Act of 2004 '
The Social Security Administration's Wage Reconciliation Process with the Internal Revenue Service

Contractor Protection of Personally Identifiable Information and Incident Reporting
Correspondence Containing Personally Identifiable Information Mailed to Claimants
Disabled Beneficiaries Working Under Another Person's Social Security Number
Follow-up: The Social Security Administration's Program for Issuing Replacement Social
Security Cards to Prisoners
Individuals Receiving Social Security Cards After Benefits Have Been Suspended
Orlando Social Security Card Center
The Disability Determination Services' Custodial Services
The Social Security Administration's Compliance with the Ensign Amendment
The Social Security Administration's Special Indicator Codes


To determine the extent of SSA's data sharing with third parties and assess the Agency's controls to ensure third parties are appropriately accessing SSA's systems.

The Privacy Act, other Federal laws, and SSA's disclosure policies allow the Agency to share data with third parties. Under these rules, SSA provides access to Federal, State, International, and private organizations. The data exchange may be either program or non-program related and is established under a variety of agreements. SSA has about 824 data exchanges with about 86 different users.

Of the 824 data exchanges, 83 are with Federal agencies, 731 are with State agencies, and 10 are with private organizations. The 83 Federal agencies include the Department of Defense, Department of Veterans Affairs (VA), Centers for Medicare and Medicaid Services (CMS), Bureau of Census, and Department of Labor. Examples of the type of data shared with these organizations include
(1) the Death Master File (DMF), (2) verification of SSNs, (3) earnings data, and (4) beneficiary information. The frequency SSA shares its data with these organizations varies, including annually, biannually, quarterly, monthly, and weekly. However, most of the exchanges appear to be daily.


To assess SSA's process for assigning SSNs to individuals in the Commonwealth of the Northern Mariana Islands (CNMI) and American Samoa.

Individuals born in the CNMI are U.S. citizens, while those born in American Samoa are considered U.S. nationals (for SSA purposes, these classifications carry the same benefits). However, thousands of noncitizens travel to these U.S. territories each year to work. In 2007, SSA FOs in Saipan, CNMI, and Pago Pago, American Samoa, issued over 5,000 original SSNs to U.S. citizens and noncitizens.

The Department of the Interior and Government Accountability Office (GAO) have expressed concerns about the pre-screening process for noncitizens who wish to enter the CNMI to work. For example, the CNMI does not issue visas, conduct interviews or check fingerprints for noncitizens who wish to travel to the CNMI. Additionally, the CNMI does not have positions equivalent to Federal immigration officers, who are responsible for determining whether each noncitizen is admissible.

We are concerned that lack of U.S. jurisdiction over immigration in American Samoa could create the potential for similar security weaknesses. The Attorney General's Office in American Samoa is investigating the Government's Immigration Office for allegedly accepting money to provide immigration documents to nonresidents. Additionally, incidents of fraudulent birth certificates have occurred in American Samoa. Fraudulent immigration and birth documents could affect the issuance of SSNs by SSA's FOs.

Furthermore, our preliminary work raises concerns as to whether a provision exists for SSA to recognize a work permit issued by these territories to noncitizen workers. We are unsure whether recognition of such work permits satisfies SSA's requirements for assigning SSNs. Because SSA must rely on the CNMI and American Samoa immigration systems (not DHS immigration verification and screening), we are concerned about the potential for SSA to assign SSNs to individuals who may not be who they purport to be.


To determine the extent to which deceased individuals were not properly recorded in SSA's systems and whether earnings were improperly posted after death.

SSA's DMF is a publicly available database containing over 82 million death records. The DMF is extracted from the Numident and updated based on verified and unverified reports of deaths to SSA. Relatives of deceased individuals and funeral directors are the primary sources of death information recorded in the DMF. In addition, State and Federal agencies, financial institutions, and postal authorities provide death information to SSA. The DMF is provided monthly to the Department of Commerce, National Technical Information Service, which in turn makes it available to the public under the Freedom of Information Act. The 2002 SSA Bulletin, The Social Security Administration's Death Master File: The Completeness of Death Reporting at Older Ages, stated that for most years since 1973, results suggest the DMF includes 93 to 96 percent of deaths of individuals aged 65 or older. Because at least 4 percent of deaths are missing on the DMF, we are concerned individuals could use SSNs of deceased individuals to work illegally.


To evaluate SSA's FO workload associated with Tentative Nonconfirmation (TNC) responses generated from the E-Verify program.

SSA participates in a joint initiative with DHS, the E-Verify system, formerly known as the Basic Pilot. E-Verify assists employers in verifying the employment eligibility of newly hired employees. Under E-Verify, employers will receive notification of SSA's TNC of employment eligibility when the SSN, name, or date of birth does not match the information in SSA's database or if a death indicator is present. In addition, employers will receive an SSA TNC if the new hire indicated he or she was a U.S. citizen and SSA's records did not show the person was a U.S. citizen.

As of FY 2007, E-Verify had processed about 3.3 million verification requests, of which 261,000 cases involved TNC responses due to invalid SSNs, no matches on dates of birth and/or names, and death indicator. SSA recently implemented a new program called EV-STAR to resolve such responses generated from E-Verify. The system allows FO personnel to transmit case dispositions to the employer through E-Verify.

From FYs 1997 to 2007, SSA received about $8.6 million in reimbursement from DHS for FO workload attributed to E-Verify. SSA did not receive any reimbursement in FY 2006 because DHS notified SSA that it did not receive an annual appropriation to fund the E-Verify work performed by SSA for DHS.


To (1) evaluate SSA's controls for manually posting wages to the MEF and (2) determine whether these new postings could relate to fraud, overstated wages, and/or missing wages in the MEF.

Individuals occasionally inform SSA about wages that are missing from their earnings records. SSA personnel follow explicit instructions in resolving earnings discrepancies and answering earnings inquiries. They perform limited ESF searches during their contacts with wage earners. If staff in SSA's teleservice centers cannot resolve the earnings problem, they establish the case in the Item Correction 2.8 system for referral to the servicing FO. When the FO staff receives the case, it uses Item Correction to conduct a thorough search of the ESF. If the missing earnings are not in the ESF, the FO follows routine procedures for developing the missing earnings. Missing earnings in wage reports may result from possible fraud by the individual to increase earnings/add quarters of credit and improperly obtain SSA benefits; errors in reports filed by employers and/or self-employed individuals; errors in transcribing reports from employers and self-employed individuals; and/or failure of employers or self-employed individuals to file the required reports with SSA and/or the IRS.


To determine whether more accurate quarterly wage data from the Office of Child Support Enforcement (OCSE) could identify unreported work activity, reduce overpayments, and lead to program savings.

Starting in 1999, SSA matched the Social Security Income Records to the OCSE National Directory of New Hires, which includes quarterly information from all States. This quarterly match gathers data from all 50 States and the District of Columbia. The match generates electronic alerts to the FOs. Because wages and unemployment compensation are significant sources of potential overpayments of agency benefits (for example, Supplemental Security Income [SSI] payments and Retirement, Survivors and Disability benefits), these computer matches enhance detection of payment inaccuracies and potential fraud and abuse situations.


To determine whether SSA is properly recording back pay under statute on a numberholder's earnings record.

In 1966, the Back Pay Act was created to grant a cause of action to an employee who has lost pay as a result of a wrongful personnel action. Its purpose is to permit such an employee to recover money damages sufficient to make him or her whole. The Act was amended in 1978 to adopt not only the case law that had evolved since its inception but to conform to the provisions of the Civil Service Reform Act. Specifically, the amended Act provides that an "administrative determination" supporting a monetary award may include "decisions relating to an unfair labor practice or grievance." In addition, the amended Act provides for the payment of interest on awards of back pay and attorney fees. The intent of the Act is to make the grievant whole - nothing less but also nothing more.
Once back pay is awarded, SSA must record these wages on the individual's earnings record to ensure proper crediting for future Social Security benefits. Whether SSA records the back pay information accurately can impact the amount and/or timing of those future benefits.


To assess R-1 religious workers' use of SSNs.

The Department of State issues R-1 visas to members of religious organizations to live and work in the United States for a specific period of time. The program permits foreign nationals with religious training to obtain a work visa if a U.S.-based religious institution sponsors them for employment. However, religious workers are not permitted to obtain a secular job. From April 2005 through March 2006, SSA assigned over 5,000 original SSNs to R-1 religious workers. DHS and GAO have identified incidents of fraud in the religious worker program.


To determine whether SSA is complying with IRTPA.

IRTPA limits the number of replacement SSN cards an individual may receive to 3 per year and 10 in a lifetime beginning with cards issued on or after December 17, 2005, with certain exceptions. SSA has the authority to allow for exceptions and issue a replacement SSN card beyond the limits.


To assess the effectiveness of SSA and the IRS' reconciliation process in correcting SSA's earnings records.

SSA seeks to ensure that Federal Insurance Contributions Act (FICA) reports of Social Security and Medicare wages are received timely and are accurately recorded in the MEF. To accomplish this, SSA and IRS records are compared annually in a process known as Annual Wage Reporting reconciliation.
If the FICA and Medicare wages reported to both agencies agree, no action is necessary. If more wages are reported to the IRS than to SSA, employees' wages may not be credited correctly in SSA's records. SSA examines these cases and tries to resolve the difference without contacting the employer. When resolution is unsuccessful or is not possible without employer assistance, SSA sends a notice and questionnaire to the employer requesting the wage data needed to resolve the case. If SSA does not receive a response after 120 days, it sends the employer a second notice. If no response is received after the second notice, the IRS is responsible for contacting the employer and may impose penalties.

If more wages are reported to SSA than to the IRS, the IRS investigates the discrepancy to determine whether the employer underpaid the Social Security tax. If so, the IRS will assess the additional tax due.


At the forefront of congressional and Agency concern is the timeliness of SSA's disability decisions at the hearings adjudicative level. The average processing time at the hearings level continues to increase-from 293 days in FY 2001 to 512 days as of July 2008. Additionally, the pending hearings workload continues to increase.
At the end of August 2008, there were 767,595 hearing cases pending-up from 746,744 in FY 2007 and almost double the 392,387 cases in FY 2001.
Backlog of Hearing Requests. In his May 23, 2007 testimony to Congress, the Commissioner of Social Security announced a plan to eliminate the backlog of hearing requests and prevent its recurrence. The Commissioner's plan focused on (1) compassionate allowances, (2) improving hearing office procedures, (3) increasing adjudicatory capacity and (4) increasing efficiency with automation and improved business processes. It will take time for these new initiatives and additional resources to lead to a noticeable reduction in the backlog. As we noted earlier, the pending workload of hearing requests in August 2008 was actually greater than it was at the end of FY 2007.

Compassionate Allowances. The compassionate allowances initiative seeks to identify cases where the disease or condition is so consistently devastating that SSA can presume the claimant is disabled once a valid diagnosis is confirmed. SSA has been developing and expanding the use of automated screening tools to identify the types of cases that fall under the compassionate allowances initiative. SSA is also refining its rules, regulations, and listing codes to reflect current advances in medical science.

Improve Hearing Office Procedures. Reducing aged cases is one of the two initiatives SSA has in place to improve hearing office procedures. Under this initiative, SSA focused on eliminating the backlog of approximately 64,000 cases that would be 1,000 days or older by September 28, 2007. By the end of FY 2007, SSA had reduced the backlog of 1,000 day-old cases to just over 100 cases. In FY 2008, SSA redefined aged cases as those that would be 900 days or older by September 26, 2008. At the beginning of FY 2008, there were over 135,000 cases that were or would become 900 days or older by the end of the FY. As of July 2008, the number of these aged cases was reduced to approximately 12,700.

Increase Adjudicatory Capacity. SSA has seven initiatives aimed at increasing adjudicatory capacity. One initiative is to improve administrative law judge (ALJ) productivity. Under this initiative, the Chief ALJ requested that each ALJ issue 500 to 700 dispositions per year. This initiative also addresses providing ALJs with appropriate training to assist them with these workloads. Another initiative is hiring new ALJs. In FY 2008, SSA hired 189 new ALJs.

Increase Efficiency with Automation and Improved Business Process. SSA has 27 initiatives related to automation and business processes. One initiative is transitioning to the electronic folder. Under this initiative, all State disability determination services (DDS) and Office of Disability Adjudication and Review (ODAR) offices have transitioned from processing disability claims using paper folders to using electronic folders. Other initiatives in this area include electronic case file assembly, electronic scheduling, centralized printing and mailing, enhanced hearing office management information, and expanded use of video hearings.

We will continue to work with SSA as it proceeds with its initiatives. For example, our February 2008 review of ALJs' caseload performance found that ODAR's ability to process projected hearing requests and address the growing backlog of cases will continue to be negatively impacted by the caseload performance of some ALJs if their status quo performance levels continue. Accordingly, we recommended that SSA establish a performance accountability process that allows ALJ performance to be addressed when it falls below an acceptable level.

Following issuance of our February 2008 report, Congressmen Michael McNulty and Sam Johnson requested that we perform additional work on ALJ and hearing office performance. We issued the results of our congressional work in August 2008, which reported that ALJs had varying levels of productivity (both high and low productivity) for internalized reasons, such as motivation and work ethic. We also reported factors that impacted ALJ and hearing office productivity and processing times that are part of the case adjudication process. The factors related to hearing office staff levels, hearing dockets, favorable rates, individual ALJ preferences, Agency processes and DDS case development. In addition, at the request of Senator Sherrod Brown, we assessed the organizational culture at the DDS for approving and denying disability claims. Senator Brown's request was precipitated by a media story that stated SSA maintained a "culture to deny" disability claims. Based on our work, we found the weight of evidence did not support the allegation that there is a "culture to deny" within the DDSs.

We also reviewed other hearing reduction initiatives. In our April 2008 review of the Association of ALJ's training conference costs, we found the Agency was supporting ALJ training as a way of improving ALJ productivity but could implement better controls over expenditures and attendance by running such conferences in-house. Our June 2008 report on the timeliness of medical evidence assessed the availability of management information at the hearing office and national levels to assist managers in monitoring timeliness trends. After we identified an area where more accurate coding of hearing activity could improve the management information, the Agency issued new guidance to hearing offices instructing them on the proper use of these codes.

Disability Fraud

Fraud is an inherent risk in SSA's disability programs. Some unscrupulous people view SSA's disability benefits as money waiting to be taken. A key risk factor is individuals who feign or exaggerate symptoms to become eligible for disability benefits. Another key risk factor is the monitoring of medical improvements for disabled individuals to ensure those individuals who are no longer disabled are removed from the disability rolls.

We continue to work with SSA to address the integrity of the disability programs through the Cooperative Disability Investigations (CDI) program. The CDI program's mission is to obtain evidence that can resolve questions of fraud in SSA's disability claims. The CDI program is managed in a cooperative effort between SSA's Offices of Operations, Inspector General, and Disability Programs. Since the program's inception in FY 1998 through July 2008, the 19 CDI units, operating in 17 States, have been responsible for over $1 billion in projected savings to SSA's disability programs and over $650 million in projected savings to non-SSA programs.

In FY 2009, we plan to complete 21 reviews and begin 22 reviews in the Management of the Disability Process challenge.

Accuracy of Special Disability Workload Decisions
Controls over Flexi-Place and Personally Identifiable Information at Hearing Offices
Disability Claims Overall Processing Times
Disability Impairments on Cases Most Frequently Reversed by the Office of Disability Adjudication and Review Disabled Individuals Hiding Self-Employment Income
Electronic File Assembly "ePulling"
Follow-up: Disabled Title II Beneficiaries with Earnings on the Master Earnings File
Hearing Office Position Descriptions and Staff Training
Improved Administrative Law Judge Alleged Misconduct and Complaint Process
Lessons Learned from Remands to Disability Determination Services
Medical Listings
National Rollout of the Quick Disability Determination Process
Quick Response Evaluation: Title II Claimants Who Were Denied Disability Benefits and Who Were Deceased Within 1 Year
Reasons for Hearing Postponements Reduce Aged Cases at the Hearing Level
Role of Technical Denials in the Disability Evaluation Process Rotation of Claims among Administrative Law Judges at Hearing Offices
The Social Security Administration's Definition of Disability
The Social Security Administration's Use of Default/Undefined Diagnosis Codes
Use of Video Hearings to Reduce the Hearing Case Backlog
W-2 Earnings for Individuals Related to Disabled Workers

Attorney Fee Payments-Agreements and Petitions
Continuing Disability Reviews
Differing Levels of Performance at State Disability Determination Services
Disability Determination Services' Examiner Attrition Rates
Dismissals by Administrative Law Judges
Electronics Records Express
Expand Office of Quality Performance Review of Reconsideration Denials Using Profiles
"Expected to Improve" Disabled Recipients Who Received Benefits for an Extended Period
Factors that Result in the Reversal of Disability Determination Services Decisions by the Office of Disability Adjudication and Review
"No Shows" for Cessation Hearings to Terminate Payments Overpayment Waivers Appealed to the Office of Disability Adjudication and Review
Plans for Achieving Self Support
Prison Hearings and the Use of Video Equipment Provide Improved Training to Hearing Office Management Teams, Including Hearing Office Chief Administrative Law Judges
State Disability Determination Services' Procedures to Ensure Quality Consultative Examinations
The Impact of the Claims Process on Disability Beneficiaries
The Office of Disability Adjudication and Review's Decision Writing Process
The Social Security Administration's Electronic Disability Workaround Issues
The Social Security Administration's Technology Improvements to the Disability Process Travel Reimbursements to Claimants and Claimant Representatives
Uneffectuated Medical Cessations Video Hearing Equipment in Private Sector Offices


To determine whether SSA is accurately calculating windfall offset payments pertaining to the Special Disability Workload (SDW).

SSA administers the Old-Age, Survivors and Disability Insurance (OASDI) and SSI programs. The OASDI program provides benefits to qualified retired and disabled workers and their dependents as well as to survivors of insured workers. The SSI program provides payments to individuals who have limited income and resources and who are either age 65 or older, blind or disabled.

Section 1611 (e)(2) of the Act requires that SSI recipients also eligible for OASDI file for those benefits. As of July 2007, SSA reported it had identified approximately 252,000 Title XVI disability recipients who appeared to be insured for, but were not receiving, Disability Insurance (DI) benefits. SSA categorizes these individuals as SDW claimant cases. As of September 30, 2007, SSA had reported an estimated SDW liability totaling about $1.3 billion.

The windfall offset may apply to individuals due SSI and OASDI payments. The windfall offset prevents a person from receiving a higher payment retroactively than would have been received if benefits were actually paid in the month due. Windfall offsets are calculated automatically and manually, respectively, by SSA's systems and staff.


To assess the controls over flexi-place and PII at SSA's hearing offices.

The flexi-place program provides staff and ALJs with more options for completing their assignments. Hearing office staff is allowed to take claimants' case files home to prepare the files for hearing. These case files contain claimant PII, such as their SSN, name, address, earnings information, and medical history. As such, management must ensure controls are in place to appropriately safeguard claimants' PII and ensure necessary workloads are completed.
Although most case files are electronic, it is still possible for claimants' PII to be lost, stolen, and/or used improperly. As such, the hearing offices need to ensure that proper controls are in place and are followed to prevent the loss or inadvertent disclosure of claimant PII to parties without a need to know.

Our audit of Onsite Security Control and Audit Reviews [OSCAR] at Hearing Offices addressed the need to update the OSCAR Guide to include protection of sensitive data. SSA commented it expected to revise the ODAR OSCAR protocol and guide by December 31, 2007. This revision was to include an effort to protect sensitive data.


To determine SSA's average overall processing time for disability claims decided by the DDSs, ALJs, Appeals Council and Federal Courts.

In its Annual Performance Plan, SSA has Key Performance Measures for the average processing times of (1) initial disability claims, (2) hearings and (3) Appeals Council reviews. However, these measures do not cover the entire period it takes to process a disability claim.

To perform our audit, we obtained files of disability decisions that were made in Calendar Year 2006. From these files, we identified
2,618,926 claimants with decisions made by DDSs,
480,529 claimants with decisions made by ALJs,
64,473 claimants with decisions made by the Appeals Council, and
8,102 claimants with decisions made by the Federal Courts.
We then randomly selected 275 sample cases from the DDS population and 100 sample cases from each of the other populations- for a total of 575 cases. For each case, we will measure the time from date of application to date of denial or date all due benefits were paid and use these measurements to determine the average overall processing time. We will also analyze data for Calendar Year 2007.


To identify the impairments of initial disability cases most frequently reversed by ODAR and evaluate the characteristics of these cases.

SSA faces a considerable challenge of processing a large backlog of requests for hearings. There are over 760,000 cases pending at ODAR. Of the 2.8 million initial decisions DDSs made in Calendar Year 2004, 1.7 million (63 percent) were denials. Historically, approximately 40 percent of DDS denials are appealed to ODAR, and ODAR reverses approximately 60 percent of those decisions. Therefore, of the 1.7 million cases denied by DDSs in Calendar Year 2004, we expect 408,000 (24 percent) to be reversed by ODAR.

The American people expect SSA's decisional process to be effective and efficient. Since ODAR reverses a large percentage of DDS decisions, it is logical to believe that favorable decisions should be issued earlier in the process. Specifically, if DDS' were to issue favorable decisions on the types of cases that are most often reversed by ODAR, not only would decisions to the claimants be expedited, but SSA could conserve ALJ resources for the more complex cases that require a hearing.


To identify individuals who participated in self-employment activities while receiving DI benefits but concealed the income by transferring it to another individual.

SSA is responsible for maintaining accurate individual earnings records, including wages and Self-Employment Income (SEI). Wages and SEI are posted to SSA's MEF and are used to determine eligibility for retirement, survivors, disability, and health insurance benefits as well as to calculate benefit amounts. Self-employed individuals report SEI to the IRS on a Profit or Loss from Business (Schedule C) and Self Employment Tax (Schedule SE) attached to a Federal Income Tax Form 1040. The IRS sends this SEI information to SSA where it is recorded on individuals' earning records.
Reporting earnings under another individual's SSN could make an individual appear to be eligible for Social Security disability benefits when he or she is actually working. To receive disability benefits, individuals must not be able to engage in substantial work activity. Because of this stipulation, individuals awarded disability benefits under the DI program may be inclined to deliberately conceal work by transferring the income to someone else.


To (1) assess the results of SSA's ePulling pilot project and (2) determine whether the assessment procedures are effective for deciding when ODAR's hearing offices are ready to implement ePulling.

Most cases processed by hearing offices are fully electronic, and the case folders are reviewed electronically. The electronic folder containing these documents requires manual sorting/reordering and data entry to support the hearing office's business process. Information must be examined and organized in a manner that is useful to those reviewing the cases and to the ALJs hearing the cases.

EPulling is one of the Commissioner's initiatives to eliminate the hearings backlog by increasing the efficiency of the case preparation process in the electronic folder. The initiative involves developing customized software that can extract page-level data, identify potential duplicates, classify documents by type of evidence and date, sequentially number pages, and assist in the creation of exhibit lists. This program will support preparation of electronic cases for hearing. It is anticipated that ePulling will reduce the time it takes to assemble folders and will allow staff to devote more time to file analysis and development.
The ePulling software went into production on June 7, 2008 and was tested in the Model Process Test Facility in Falls Church, Virginia. Subsequently, the ePulling pilot was rolled out to hearing offices in Tupelo, Mississippi; St. Louis, Missouri; Mobile, Alabama; Minneapolis, Minnesota; and Richmond, Virginia, as well as the National Hearing Center in Falls Church, Virginia.


To determine whether SSA implemented the recommendations from our July 2004 report, Disabled Title II Beneficiaries with Earnings Reported on the Master Earnings File.

Our 2004 audit found that SSA did not evaluate all earnings reported to the MEF for disabled individuals receiving Title II benefits as of March 2002. We estimated that approximately $1.37 billion in overpayments resulting from about 63,000 disabled beneficiaries' work activity was not identified.
We recommended that SSA (1) review cases where significant earnings are present in the MEF and no determination had been made regarding trial work and/or Substantial Gainful Activity (SGA); (2) ensure future earnings enforcements are adequately controlled by management and resolved timely; (3) ensure earnings reported on the MEF or disclosed on beneficiary-completed forms are evaluated when medical continuing disability reviews (CDR) are performed or mailer CDR forms are received; and (4) ensure earnings resulting in benefit increases are evaluated to determine whether trial work activity and/or SGA were performed.


To analyze hearing office position descriptions and determine necessary training for hearing office staff due to technical changes associated with the electronic folder.

ODAR has over 5,000 staff in its 140 hearing offices to assist 1,100 ALJs. Staff duties include (1) ordering updated medical information, (2) associating incoming mail with the claim folder, (3) organizing the claimant's information in the claim folder, (4) scheduling hearings, (5) updating the Case Processing and Management System (CPMS), and (6) writing decisions.

Hearing offices are implementing new information technology initiatives that are transforming hearing office operations from paper-based claim folders to the electronic processing of disability claims. The technology initiatives include Electronic Disability Initiative; CPMS; Digital Recording; and Video Hearings.
In March 2005, we issued a report on The Effects of Staffing on Hearing Office Performance that stated hearing offices had difficulty retaining high-performing staff. Once staff members are trained and become efficient in their duties, they leave for higher paying positions in SSA. We also learned that many management positions in hearing offices remained vacant for long periods of time because the positions include greater duties for the same pay. Finally, ALJs stated they were concerned that their support staff lacked requisite skills to properly assist with backlogged cases.


To determine whether SSA has established an effective process to address public complaints alleging ALJ misconduct.

Since 1992, ODAR has offered a second method to voice complaints specifically about ALJ bias, misconduct or unfair treatment by an ALJ, referred to as the Public ALJ Misconduct Complaint Process. The Offices of General Counsel, the Chief Administrative Law Judge (OCALJ), Appellate Operations, and Labor Management and Employee Relations have been meeting to improve this complaint process. The group's work involves changing notices, posters, associated pamphlets, and the website that outlines how to file an unfair treatment complaint. The group is also studying the process and considering improvements that will involve regulatory changes. The goal is to make the ALJ complaint process both fair and effective for SSA, the ALJs and the American people. The OCALJ has also taken a more proactive stance in pursuing disciplinary actions based on ALJ misconduct.


To analyze the role of the remands to the DDSs in reducing the backlog and determine whether this process has provided any lessons learned that can be applied in the future.

The DDS informal remand initiative was developed to increase ODAR's adjudicatory capacity and reduce the paper case backlog by requesting DDSs re-open certain cases based on scoring profiles established by the Office of Quality Performance. The DDSs agreed to review approximately 20,000 informal remands in FY 2007. DDSs reviewed these cases, and if they were able to make a fully favorable determination, they returned the cases to an SSA FO for adjudication. If the claimant did not request to pursue the hearing within 30 days of notice of the revised DDS determination, ODAR dismissed the hearing. If the DDS was not able to make a favorable determination, the case was fully developed by the DDS and returned to ODAR. ODAR moved these developed cases to the front of the queue for scheduling. According to SSA, approximately 20,000 cases were sent to the DDSs in FY 2007, and another 51,000 were expected to be remanded to the DDSs in FY 2008.


To assess SSA's efforts to update the medical listings.

The medical listing is the third step in the Agency's sequential evaluation process in determining whether a claimant is disabled. In August 2000, we issued a report on SSA's updates to the medical listings and concluded that SSA should make updating the medical listings a priority. In January 2007, GAO issued a report, High-Risk Series: An Update, which put Federal disability programs, including SSA's disability programs, on GAO's high-risk list for being outdated. GAO noted that disability criteria have not been updated to reflect the current state of science, medicine, technology, and labor market conditions.


To assess the national rollout of the Quick Disability Determination (QDD) process.

The QDD process involves initial disability claims that are electronically identified by a predictive model as involving a high potential that (a) the claimant is disabled and (b) evidence of the claimant's allegations can be easily and quickly obtained. QDD was piloted in the Boston Region, and we issued a report in May 2007 with suggestions for improving the process before national rollout. In October 2007, SSA started rolling out the QDD process nationwide.


To determine whether individuals who were denied disability benefits and were subsequently deceased within 1 year should have been denied benefits.

Disability claimants must provide medical and, if asked, nonmedical evidence to support their claims. Applications and nonmedical development are initiated in the FO. Information provided by the claimant to the FO during the disability interview is critical to the DDS' development of medical evidence. A claimant whose disability claim has been denied may request a reconsideration of the initial determination. Notice of a claimant's death after denial or cessation of disability benefits may raise a question as to whether the prior determination should be changed.


To determine why more than 1 of every 10 hearings is postponed and rescheduled and identify best practices at those hearing offices with the lowest volume of postponements.

ODAR uses the Auxiliary Monthly Activity Report to monitor the different types of postponements in a hearing office. Postponements can relate to a number of reasons, such as the claimant or claimant's representative being unavailable. Our review of the FY 2007 postponement codes revealed 51,988 hearings were postponed.

The Act provides the individual the option for benefit continuation through the ALJ hearing level of appeal in medical cessation decisions. The option to elect continued benefits also applies to auxiliaries receiving benefits on the record of the primary disability beneficiary. Benefit payments made during the appeals process are considered overpayments if the cessation decision is upheld. As a result, hearing postponements can result in higher overpayments that SSA must then recover.


To determine the age of cases in the backlog, identify potential bottlenecks and areas for improvement, and recommend actions that can assist SSA in reducing the aged case backlog.

Since FY 2001, hearing receipts have been increasing while the timeliness of hearings processing has worsened, resulting in an increase in the number of hearings pending. For example, pending claims were 392,387 in FY 2001 but increased to over 762,000 in FY 2008. In addition, average processing time was 307 days in FY 2001 but increased to 512 days by July 2008.

As noted earlier, the Commissioner's initiative to reduce the number of older cases focused on eliminating the backlog of aged cases that would be 1,000 days or older by September 28, 2007. By the end of FY 2007, SSA had reduced the backlog of 1,000 day-old cases to just over 100. In FY 2008, SSA redefined aged cases as those that would be 900 days or older by September 26, 2008. At the beginning of FY 2008, there were over 135,000 cases that were or would become 900 days or older by the end of the FY. As of June 2008, the number of these aged cases was reduced to approximately 20,000.

Per SSA, the successful strategies to reduce the backlog included the following.
Identification of national and regional coordinators who were in continuous communication with the hearing offices to provide extensive oversight and closely track the progress of reducing the number of aged cases.

Inter-regional transfers authorized by the OCALJ to assist regions with permanent case reassignment and decision writing.
Cooperative efforts between regional offices, FOs and DDSs to expedite consultative examinations in aged cases.
Review and correction of ODAR workload status codes.
Update and correct claimants' addresses.


To (1) identify the types of non-medical technical denials at all stages of the disability evaluation process and (2) determine the percent/ratio of technical denials issued for disability claims at each adjudicative level.

A technical denial is a disability claim that is denied for a reason other than an unfavorable medical decision. Technical denials include non-medical decisions, such as excess income or resources for SSI applicants or lack of insured status for Social Security applicants as well as medical decisions that were subsequently denied for technical reasons.

According to SSA's 2007 Annual Statistical Report on Social Security Disability Insurance Program, there has been a sharp increase in the number of technical denials related to DI claims. In 1999, there were 104,344 technical denials (approximately 8.3 percent of 1,262,564 total claims adjudicated) and 528,636 technical denials in 2005 (approximately 30.2 percent of 1,749,271 total claims adjudicated). From 1999 to 2005, SSA issued 2,160,441 technical denials for DI claims at all adjudicative levels.


To determine whether claims are assigned to ALJs on a rotational basis as stipulated in ODAR's Hearings, Appeals and Litigation Law (HALLEX) manual.

ODAR's HALLEX rotational policy is based on the Administrative Procedures Act. ODAR has stated that the rotational policy is necessary to
ensure the appearance of fairness in that there is no pre-selection of ALJs by the claimant and/or his or her representative;
distribute the workload evenly, thereby improving hearing office efficiency;
adhere to the Agency's policy of public service; and
keep up office morale.

In previous audit work, we learned hearing offices were not always following the rotational policy. A review of hearing office rotation practices nationwide may identify problematic trends that need to be resolved as well as best practices that can be shared among hearing offices.


To assess SSA's definition of disability.

Modernizing Federal disability programs is on GAO's high-risk list. GAO noted that "...SSA's and VA's disability programs are based on definitions and concepts that originated over 50 years ago, despite scientific advances that have reduced the severity of some medical conditions and have allowed individuals to live with greater independence and function in work settings."

Under SSA's disability program, an individual is considered disabled if he or she is unable to engage in any SGA because of a medically determinable impairment that
(1) can be expected to result in death or
(2) has lasted (or can be expected to last) for a continuous period of at least 12 months.

The Social Security Advisory Board issued a report in October 2003 on SSA's definition of disability. The Board concluded "The Social Security disability programs had their origins in the 1950s-a world vastly different from today's world in several important respects including the nature of available work, the educational levels of the workforce, medical capacity to treat disabling conditions, and the nature and availability of rehabilitative technology. Over the past half-century, there have been a number of changes in the disability programs. But the core design of the program, rooted in a definition of disability as inability to do substantial work, has remained unchanged."


To determine the appropriateness of using "default/undefined" disability diagnosis codes.

The diagnosis code is an integral part of each disabled individual's permanent record. This code on the Master Beneficiary (MBR) and Supplemental Security Records should refer to the basic medical condition that rendered the individual disabled. SSA uses the diagnosis code, along with other fields, for a variety of purposes, such as determining what type of CDR will be performed. If the original diagnoses was electronically available, SSA could better assess the likelihood of medical improvement in profiling the case and thereby determine the appropriate method of review.

During recent audit work, we found disability records with default/undefined diagnosis codes, such as 0001 (diagnosis unknown), 6490 (none established), and 2480 (diagnosis established). A March 2000 report on the Reliability of Diagnosis Codes Contained in the Social Security Administration's Data Bases identified inefficiencies in this area that may still be present.


To determine whether ODAR's use of video hearings has increased the number of hearings scheduled and heard, increased dispositions, minimized travel by ALJs, reduced pending caseload, and decreased the processing time of hearings.

The use of video hearings allows ALJs to conduct hearings without being co-located with the claimant and representative. Video hearings have the potential to reduce processing times and increase productivity. In FY 2007, ODAR held approximately 45,000 hearings using video hearing equipment. SSA has installed 400 video hearing units, most are at hearing offices and permanent remote sites. The Commissioner's Backlog Initiative calls for another 158 units nationwide.


To identify DI beneficiaries hiding wages by using a relative's SSN.

SSA administers the DI to provide benefits to qualified disabled workers and their dependents. An individual is considered disabled for the purposes of the DI program if he/she cannot engage in SGA. SGA means the performance of significant physical or mental activities in work for pay or profit or in work of a type generally performed for pay or profit.

Our Office of Investigations identified beneficiaries drawing DI benefits while their spouses, according to wage information, began receiving pay in the same positions the beneficiaries held before filing for disability benefits. The investigations found beneficiaries were receiving DI benefits by concealing wages earned under the SSNs of their spouses.


Workers, employers, and taxpayers who fund SSA and SSI programs deserve to have their tax dollars effectively managed. Therefore, SSA must be a responsible steward of the funds entrusted to its care and minimize the risk of making improper payments. SSA strives to balance its service commitments to the public with its stewardship responsibilities. However, given the size and complexity of the programs the Agency administers, it is a certainty that some payment errors will occur.
Since SSA is responsible for issuing timely benefit payments for complex entitlement programs to millions of people, even the slightest error in the overall process can result in millions of dollars in over- or underpayments. In FY 2007, SSA issued over $612 billion in OASDI and SSI benefit payments to about 54 million people. In January 2008, the Office of Management and Budget's (OMB) report on Improving the Accuracy and Integrity of Federal Payments noted that nine Federal programs-including SSA's OASDI and SSI programs-accounted for over 90 percent of the improper payments in FY 2007. However, this report also noted that the OASDI program had an almost $800 million reduction in improper payments from the prior year.

Curbing improper payments is one of SSA's strategic objectives. In addition, Congress passed the Improper Payments Information Act of 2002 (Pub.L.No. 107-300), and OMB issued implementing guidance that clarified the definition of an improper payment and OMB's authority to require that agencies track programs with low error rates (that is, less than 2.5 percent) but significant improper payment amounts.

SSA has been working to improve its ability to prevent over- and underpayments by obtaining beneficiary information from independent sources sooner and using technology more effectively. For example, SSA is continuing its efforts to prevent payments after a beneficiary dies through the use of Electronic Death Registration information. Also, the Agency's CDR process is in place to identify and prevent beneficiaries who are no longer disabled from receiving payments. SSA tries to achieve a balance between stewardship and service; however, it is a challenge due to the funding needed for the Agency to conduct an adequate number of medical and work-related CDRs. Although the Agency had special funding for CDRs in FYs 1996 through 2002 and SSA's data shows that CDRs save about $10 for every $1 spent to conduct them, the Agency has cut back on this workload.

In March 2008, we issued a report that identified $7.6 million in overpayments to auxiliary beneficiaries because SSA's records did not have their SSNs on its payment records; and as a result, the Agency's data matching efforts did not detect that these individuals were incorrectly paid. When we issued the report, SSA had already recovered $3.1 million (41 percent) of the improper payments. We also issued a report in May 2008 showing that an estimated 2,088 SSI recipients were overpaid about $24.8 million because they did not report their marriages to SSA. As a result, SSA is taking corrective action to stop the improper payments and collect the overpayments.

We continue to work with SSA to address improper payments in its programs. For example, in an April 2008 report, we determined that despite SSA's efforts to identify residency violations, about $226.2 million in overpayments went undetected because about 40,560 recipients did not inform SSA of their absence from the United States. SSA agreed with our recommendation to obtain and analyze electronic bank statement information to prevent these types of overpayments in the future. In two other reports issued in 2008, we identified approximately $467 million in underpayments owed to about 395,000 beneficiaries.
In FY 2009, we plan to complete 27 reviews and begin 36 reviews in the Improper Payments and Recovery of Overpayments challenge.

Beneficiary Overpayments not Established in the Recovery of Overpayments, Accounting and Reporting System Benefit Payments Mailed to Post Office Boxes
Controls over Changes Made to Direct Deposit Routing Numbers for Title II Payments
Controls over Supplemental Security Income Immediate Payments
Credit Information for Supplemental Security Income Recipients with Excess Income or Resources
Discrepancies in Medicare Enrollment Data on Social Security Administration and Centers for Medicare and Medicaid Services Records
Establishment of Dedicated Accounts
Federal Employees Receiving Federal Employees' Compensation Act and Disability Insurance
Follow-up: Controls over Recording Supplemental Security Income Overpayments
Follow-up: Controls over the Suspension of Collection Efforts for Supplemental Security Income Overpayments Follow-up: Prisoner Incentive Payments
Follow-up: The Social Security Administration's Controls over the Old-Age, Survivors and Disability Insurance Waiver Approval Process
Follow-up: Title XVI Overpayment Waivers Force-due Computations of Supplemental Security Income Payments
Improper Payments Resulting from Unresolved Delayed Claims
Individuals Receiving Multiple Old-Age, Survivors and Disability Insurance Benefits
Payments to Spouses Eligible for Higher Retirement Benefits Potential Overpayments Due to Incomplete Quarterly Wage Data from the Office of Child Support Enforcement
Retroactive Title II Payments to Released Prisoners Spouses to Widow(er)'s Benefits When Government Pensions are Involved
Status of Title XVI Installment Agreements
Supplemental Security Income Eligibility of Refugees
Supplemental Security Income Recipients Who May be Eligible for Department of Veterans Affairs Benefits
Supplemental Security Income Resources-Vehicles
The Social Security Administration's Government Purchase Card Program
Title II Benefit Payments to Individuals Whose Numident Record Contains a Death Entry Unprocessed Annual Earnings Enforcement Selections

Attorney Fees Paid Before the Release of Retroactive Benefits
Benefits to Supplemental Security Income Recipients Claimed as Dependents on Federal Tax Returns
Concurrently Entitled Beneficiaries with Discrepant Payment Statuses
Corporate Officers Receiving Disability Insurance or Supplemental Security Income Payments
Development of Supplemental Security Income S2 Alerts and K6 Diaries
Disabled Children Receiving Concurrent Benefits
Disabled Individuals Potentially Eligible as Auxiliary Beneficiaries Discharging Overpayments Based on Bankruptcy Petitions
Follow-up: Controls over Old-Age, Survivors and Disability Insurance Replacement Checks
Follow-up: Controls over the Write-off of Title XVI Overpayments Fugitives with Pending Claims
Improper Payments to Widows Because Deceased Wage Earner's Benefits Were Not Adjusted at Full Retirement Age
Mass Loss Write-offs
Old-Age and Survivors Insurance Benefits Affected by State or Local Government Pensions
Overpayment Assessment Notices Not Issued to Beneficiaries/Recipients
Overpayment Compromise Settlements for Title XVI/II Recipients (2 Reviews)
Prisoners with Earnings in the Master Earnings File
Processing of Internal Revenue Service Alerts
Professional Licenses Indicating Possible Ineligibility for Disability Benefits
Provisional Benefits Paid While an Expedited Reinstatement Decision is Pending
Streamlining the Medicare Non-usage Project
Supplemental Security Income Recipients Who Allege Living Separately from Their Spouses
Supplemental Security Income Recipients with Unverified Wages
Supplemental Security Income Resources-Real Property
Technical Denials in the Social Security Administration's Disability Programs
The Social Security Administration's Collection of Civil Monetary Penalties
The Social Security Administration's Controls over Deleted Title II Overpayments
The Social Security Administration's Controls over Extended Administrative Leave
The Social Security Administration's Controls over the Payment of Student Benefits
The Social Security Administration's Foreign Enforcement Questionnaires
The Social Security Administration's Match of Disability Insurance Records with Ohio's Workers' Compensation Payment Data
The Social Security Administration's Use of Administrative Sanctions in the Supplemental Security Income Program
Title II Benefits Paid Based on Having a Child in Care
Underpayments Payable Due to Annual Earnings Test Provisions
Unrecovered Payments Issued After Beneficiaries' Deaths


To determine whether SSA properly identifies and controls overpayments recorded as Special Payment Amounts (SPA) on the MBR.

Overpayments recorded as SPA on the MBR must be established and recorded on the Recovery of Overpayments, Accounting and Reporting (ROAR) System, which controls the recovery and collection of all Title II overpayments until they are repaid or resolved. SSA periodically identifies overpayments recorded as SPA on the MBR to ensure they are properly established and controlled by the ROAR System.

A 1998 audit identified about $11.2 million in SPA overpayments in which no actions had been taken to record them on the ROAR System. In addition, the audit identified approximately $26.3 million in erroneous SPA overpayments recorded on the MBR.


To determine the appropriateness of multiple OASDI and/or SSI benefit payments mailed to the same Post Office Box address.

In January 2004, we were alerted to three cases where beneficiaries inappropriately received benefits under multiple SSNs at the same address. In FY 2005, we issued a report on Individuals Receiving Benefits under Multiple Social Security Numbers at the Same Address. As part of that review, we obtained data identifying approximately 54 million OASDI and SSI beneficiaries/ recipients in current payment status. Through analysis of the data, we identified hundreds of beneficiaries who received benefits inappropriately under at least two different SSNs at the same address.


To determine the effectiveness of SSA's controls over changes to direct deposit routing numbers for Title II payments.

SSA encourages beneficiaries to use direct deposit for their benefit payments. As of June 2008, approximately 85 percent of all Title II payments were made through direct deposit. When beneficiaries who use direct deposit change bank accounts, they can call or visit an FO or call SSA's 800-number to request that their payments be deposited into their new bank accounts.

In the past, a small number of SSA employees has been caught redirecting beneficiary payments to their own bank accounts. For example, an SSA employee from the Northeastern Program Service Center and three accomplices were arrested and prosecuted for redirecting tens of thousands of dollars in benefit payments from over a dozen elderly and disabled beneficiaries. To help prevent such instances of fraud, SSA has controls in place to ensure only appropriate changes are made to a beneficiary's bank account information.


To determine whether SSI immediate payments were issued in compliance with SSA's policies and procedures and resulting overpayments were properly recorded.

When an SSI recipient is in dire need of immediate cash to pay living expenses, staffs at SSA FOs are authorized to issue the individual an immediate payment. SSI immediate payments are processed through the Modernized Supplemental Security Income Claims System and should be recorded on the Supplemental Security Record. When the immediate payment replaces a previously issued check or benefits withheld to recover an overpayment, an overpayment should be recorded on the recipient's record for the amount of the immediate payment.


To determine whether SSA could use information from credit bureaus to identify SSI recipients who may be receiving inaccurate SSI payments because of unreported income and/or resources.

In 1972, Title XVI of the Act established the SSI program to guarantee a minimum level of income to financially needy individuals who are aged, blind or disabled. The 2008 SSI Federal benefit rate for an eligible individual is $637. However, the Federal benefit rate is reduced if an individual has countable income or resources over the established limit. Large credit card or mortgage payments could indicate the individual has income or resources from other sources that are not being reported to SSA.


To determine whether SSA identifies and corrects discrepancies between SSA and CMS Medicare enrollment data.

SSA maintains and updates health insurance-related entitlement, enrollment, premium and third-party data for Medicare beneficiaries on the MBR. SSA provides these data to CMS daily and monthly. CMS houses these data in its Enrollment Database, Direct Billing System and Third Party System.
The Enrollment Database contains enrollment and entitlement information, as well as demographic information, for each beneficiary. The Direct Billing System maintains a record of all beneficiaries who are billed directly for their Medicare premiums. The Third Party System contains information on Medicare beneficiaries whose premiums are paid by third parties (for example, State Medicare Agencies and the Office of Personnel Management).


To determine compliance with requirements to establish dedicated accounts.

Public Law 104-193, enacted August 22, 1996, requires that certain past-due payments for SSI recipients under age 18 be placed in dedicated accounts. Dedicated accounts are separately maintained from other accounts and may only be used for certain expenditures. Only certain SSI underpayments may be deposited into dedicated accounts. A dedicated account must be established when the applicable past due SSI payment exceeds six times the maximum monthly benefit payable.

The representative payee should establish the dedicated account before past-due payments are paid. SSA, in turn, will deposit the past-due payments into this account so the funds may be used for the beneficiary's allowable expenditures.

Allowable expenses must be related to the recipient's impairments and include impairment-related expenses for medical treatment and education or job skills training. Generally, the funds may not be used for non-impairment-related expenses, including food, clothing, housing, and personal items. However, SSA may approve use of dedicated account funds for basic living expenses to prevent a recipient from becoming homeless or malnourished.


To determine whether Federal Employees' Compensation Act recipients are reporting compensation received for lost wages that may impact their Title II disability benefits.

The Act provides DI to beneficiaries under age 65. If the beneficiary also receives public disability benefits, which includes Workers' Compensation, the DI benefit may be reduced. The Act requires that disability benefits be reduced when the worker is also eligible for periodic or lump-sum Workers' Compensation payments, so the combined amount of Workers' Compensation and DI benefits does not exceed 80 percent of the worker's average current earnings. The combined payments after the reduction, however, will never be less than the amount of DI benefits before the reduction.


To determine whether SSA implemented the recommendations from our May 2001 report,
Controls over Recording Supplemental Security Income Overpayments.

Our 2001 audit found that SSA's internal controls did not ensure all SSI overpayments on closed records were identified and pursued for collection from payments. As a result, we estimated that, as of February 2000, $93.5 million in overpayments should have been transferred to 35,138 recipients' current records. Further, we estimated that SSA could have already recovered $42.8 million in overpayments from these recipients' benefit payments had the overpayments been transferred to the newly established SSI records when their payments resumed.

We recommended that SSA:
1. Continue to periodically run the Debt Recovery Program to ensure that prior overpayments on closed records were identified and pursued for collection.
2. Pursue collection of the 17,675 overpayments we identified that did not meet the criteria for selection by the Debt Recovery Program.
3. Review the 20,519 overpayments we identified that met the criteria for being moved forward by the Debt Recovery Program and ensure these outstanding overpayments were transferred to new SSI records.


To determine whether SSA implemented corrective actions in our prior review and whether those changes improved controls over the suspension of collection efforts for SSI overpayments.

When an SSI recipient is overpaid, SSA can suspend collection of the debt when a recipient is not in current payment status and previous collection efforts have determined the individual is unable or unwilling to pay, cannot be located, or is out of the country. Suspension decisions allow SSA to stop unproductive collection efforts. Because a suspended overpayment is not waived or written off as uncollectible, SSA has the option to initiate collection efforts at a later date if a change in the debtor's status may lead to some collection of the overpayment.

We found that SSA staff did not always comply with the Agency's policies and procedures to ensure decisions to suspend collection efforts on SSI overpayments were appropriate. We estimated, for FY 2002 suspension decisions greater than $3,000, that SSA personnel did not fully comply with policies and procedures in 12,060 decisions totaling about $87.5 million.


To determine whether SSA is paying the appropriate amount of incentive payments to prisons for inmate data.

Our 2004 report, The Social Security Administration's Prisoner Incentive Payment Program, found that SSA's procedures did not ensure that incentive payments to institutions that provided inmate information were in accordance with the provisions of the Act. We estimated that 86,131 incentive payments were issued to institutions for $18.97 million that should not have been paid. SSA agreed there was a discrepancy that needed to be resolved between the incentive payment provisions included in the Act and how the Agency was paying incentive payments.


To determine the extent to which SSA implemented recommendations from our February 2006 report, The Social Security Administration's Controls over the Old-Age, Survivors and Disability Insurance Waiver Approval Process.

When an overpayment occurs, it is SSA's responsibility to identify the overpayment and pursue recovery of the debt. Beneficiaries can seek relief from repaying an overpayment by requesting that SSA waive the debt. Generally, SSA policy allows FO personnel to waive recovery of an overpayment if the person is without fault, recovery would defeat the purpose of Title II of the Act, and/or if recovery would be against equity and good conscience.

Our prior audit found overpayments were waived when there were indications the beneficiaries may have caused the overpayments and/or had the financial ability to repay portions of the waived debt. Also, granting waiver approvals, SSA did not comply with its waiver approval policies and procedures for overpayments exceeding $500.

The Agency agreed to:
Alert employees to follow policies and procedures when approving waivers for OASDI overpayments that exceed $500.
Ensure required secondary review and sign-off occurs for waivers greater than $2,000.
Remind employees to properly document all waiver approval decisions.
Determine whether employee training is needed, and if so, provide training necessary to ensure compliance with Agency policies and procedures for granting OASDI overpayment waivers for amounts exceeding $500.


To follow up on recommendations from our report, The Social Security Administration's Controls over the Title XVI Overpayment Waiver Process.

Our October 2004 report identified over $64 million in savings. We recommended that SSA ensure employees (1) develop and maintain documentation for all waivers to include recipients' request for waivers, (2) properly develop fault and financial circumstances and discontinue the practice of granting waivers when development is incomplete and (3) ensure waivers over $2,000 are reviewed by supervisors before a decision becomes final.


To determine whether SSA's internal controls are adequate to ensure the force-due process for manual computations of SSI payments is calculated and reviewed in accordance with SSA policies and procedures.

When SSA's automated system cannot compute an accurate SSI payment, the payment must be manually computed, and the system must be forced to pay the manually computed amount (force-due cases). Designated employees may perform manual overrides of system-calculated SSI payments. SSA policy requires review of all force-due calculations.

The system will use the manually computed amounts to pay benefits and determine under- and overpayment amounts until the force-due amount is changed or the record is terminated. In most cases, the force-due payment should be temporary, and the forced record should be terminated as soon as automated processing is possible.

Benefits paid outside the system can be highly susceptible to error. If not controlled carefully, these payments can cause significant overpayments or underpayments. SSA conducted a review of a random sample of force-due cases that raised concerns that these cases may not have received the proper level of attention and oversight.


To determine whether SSA properly increases beneficiaries' payments after a delayed claim has been denied or benefits terminated.

When an initial claim for Title II benefits is processed but an entitlement factor has not been resolved, the claim is placed in a delayed payment status. The claimant is considered entitled when computing benefit payments for other entitled beneficiaries. As such, the delayed payment status prevents overpayments to other beneficiaries entitled on the account.

SSA should make reasonable efforts to contact the delayed beneficiary to develop the claim. If SSA cannot locate the delayed claimant or resolve the entitlement, the delayed payment status must be changed to terminated or disallowed, and benefits to other beneficiaries on the same record should be increased, excluding the delayed claimant.


To identify and quantify overpayments to individuals receiving multiple OASDI benefits.

SSA administers the OASDI program under Title II of the Act. The program provides monthly benefits to retired or disabled workers and their families and to survivors of deceased workers. Individuals may be entitled to benefits based on several workers' earnings simultaneously but may generally only be paid the higher of the two. When a beneficiary becomes entitled to another, higher benefit, SSA's policy is to stop issuing the lower benefit payment, thus preventing an overpayment from occurring.


To determine whether beneficiaries receiving spousal benefits are eligible to receive higher retirement benefits based on their own earnings history.

Individuals receiving spousal benefits may have also earned sufficient quarters of coverage to be eligible for higher retirement benefits based on their own earnings history. Their retirement benefits may be further increased for any month in which they did not receive a monthly benefit after full retirement age. The amount of the increase, referred to as a delayed retirement credit, depends on the number of months an individual was at least full retirement age, fully insured, and eligible for retirement benefits but did not receive a monthly benefit. A delayed retirement credit is earned for each month beginning at full retirement age up to age 70.
SSA notifies surviving spouses who are eligible for higher retirement benefits at full retirement age and age 70; however, it does not send similar notices to spouses who are eligible for higher retirement benefits. We estimate there are approximately 123,000 individuals over age 70 receiving spousal benefits who are eligible for higher retirement benefits on their own earnings record because of earned delayed retirement credit and/or work credits.


To assess the completeness of quarterly wage data collected by OCSE and the potential overpayments resulting from the absence of this information when determining SSA benefits.

The Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (Pub. L. No. 104-193) authorized OCSE to design and build a large database known as the National Directory of New Hires. The National Directory of New Hires contains three sets of data: Quarterly Wage, New Hire, and Unemployment Insurance. OCSE provides SSA access to the National Directory of New Hires to establish or verify eligibility and/or payment amounts under the SSI and OASDI programs.

We have learned that a number of States provide incomplete name/SSN information on their submissions, so SSA is unable to match the wage data with its records. These incomplete matches could lead to significant overpayments in SSA's programs. A prior Office of Quality Performance review determined that the OCSE/SSA match in the SSI program produced $277 million in benefits during FY 2005 alone.


To determine whether retroactive benefit payments issued to individuals shortly after serving long prison sentences were valid.

SSA suspends Title II payments if a beneficiary is both convicted of a criminal offense and confined to a penal institution for more than 30 continuous days. SSA reinstates benefits if the beneficiary is officially released because of completion of a sentence, parole or pardon or residing outside a penal institution and doing so at no expense (other than the cost of monitoring) to the institution or the penal system or to any agency to which the penal system has transferred jurisdiction over the individual. An example of this situation is home confinement, home monitoring, or tethering.

A recent Office of Investigations case highlighted SSA system vulnerability related to processing a resumption action for an incorrect Title II benefit suspension. An FO service representative fraudulently issued retroactive Title II benefits to an individual who had been incarcerated and was not eligible to receive benefits for the time period the retroactive payments were paid.


To determine whether Government pension verifications and payment recalculations were completed when auxiliary beneficiaries receiving payments as spouses had their benefit status changed to widow(er)s.

The OASDI program provides monthly benefits to retired or disabled workers and their families and to survivors of deceased workers. OASDI auxiliary benefit payments are based on a percentage of the insured individual's primary insurance amount. The maximum OASDI benefit an individual can receive as a spouse is 50 percent of the primary insurance amount. However, the maximum OASDI benefit amount an individual can receive as a widow(er) is 100 percent of the decedent's primary insurance amount.

Government Pension Offset may apply to spouse and widow(er)'s OASDI benefits. The Government Pension Offset provision reduces monthly benefits for spouses, divorced spouses, and surviving spouses who receive a pension based on their own government employment that did not result in FICA taxable wages. If two-thirds of the Government pension payment is equal to or more than the OASDI benefit payable, spouse or widow(er) OASDI benefits can be reduced to zero. SSA staff is required to initiate an action to determine whether the change from "spouse" to "widow(er)" status would result in an increase to the benefit payment amount. If staff does not make this assessment, OASDI underpayments may occur.


To determine the effectiveness of SSA's efforts to collect Title XVI overpayments when an installment agreement has been made but not honored.

In most cases, overpaid individuals are responsible for repaying the overpayments to SSA. They may not be responsible for repaying when the overpayment was not their fault. SSA prefers a full and immediate refund of overpayments. If a full refund is not possible, SSA has a number of methods to recover an overpayment. For example, if a benefit is payable to the individual, SSA may reduce the monthly benefit to recover the overpayment.

When benefit withholding is not possible and an overpaid person is unable to make a full refund in a single payment, an individual can agree to refund the overpayment through regular installment payments. In cases where a beneficiary makes, but later fails to honor an installment agreement, SSA's policies describe a number of steps SSA staff should take to contact the delinquent debtor.

If certain criteria are met, SSA can also recover delinquent overpayments through options such as the Treasury Offset Program, which offsets any Federal payment, such as a tax refund, due an overpaid individual and/or through garnishing the wages of delinquent debtors.


To determine the effectiveness of SSA's controls over determining the eligibility for SSI of refugees, asylees, and other noncitizens in a refugee-like immigration status.

In general, to be eligible for SSI, a noncitizen must be in a qualified alien category and meet an exception that permits eligibility for qualified noncitizens. Noncitizens who are refugees, asylees, or in certain refugee-like categories can receive SSI for a maximum of 9 years from the date status was granted. SSA is responsible for considering eligibility under this time-limited rule if the noncitizen does not meet one of the exception conditions.
If the noncitizen status remains the same, they will lose their SSI eligibility under the 9-year rule. However, SSA may pay continued benefits if an aged recipient entered the United States before August 22, 1996 and alleges disability in connection with an appeal of the loss of SSI eligibility under this rule.


To determine whether SSI recipients should be receiving VA benefits instead of SSI.

In Calendar Year 2008, we were alerted to a group of SSI recipients who appeared to be eligible for VA benefits. SSI is a needs-based program that is intended to be a program of last resort. Therefore, it is important to assess all other benefit programs for which an individual is eligible based on his/her activities or based on indirect qualification through family circumstances. According to SSA guidelines, an individual is not eligible for SSI if he/she fails to apply for all other benefits, such as VA benefits, for which he/ she may be eligible.


To determine the accuracy of SSA's determinations of SSI recipients' resources related to vehicle ownership.

SSA considers an applicant or recipient's resources when determining eligibility for the program. SSA policy requires exclusion as a resource the value of one vehicle per family, regardless of its value. Additional vehicles are considered non-liquid resources, and their value is generally counted as a resource. The value of additional vehicles can be excluded as a resource if they are used as property essential to self-support or a plan to achieve self-support, or if the applicant/ recipient made a disposal agreement with SSA. While automobiles are often the vehicle in question, other vehicles, like boats and recreational vehicles, can be counted as resources.
When determining whether an applicant or recipient is eligible for SSI based on their resources, SSA staff generally relies on an individual's allegation of the resources they own. If SSA staff suspect an individual is providing inaccurate information, they may ask for additional information from the individual and/or further investigate the allegations provided. To help investigate allegations of vehicle ownership, SSA staffs in 30 States have access to the vehicle ownership information in the LexisNexis Risk Management Solutions Database (LexisNexis). LexisNexis vehicle ownership information is limited to 30 States because of the varying State laws on public access to vehicle ownership records.

A study conducted in 2005 by SSA's Office of Quality Performance found that less than 20 percent of the SSI recipients reported their vehicle ownership, while another study published in the Access Almanac in 2002, Travel Patterns Among Welfare Recipients, reported that 55 percent of welfare recipients own an automobile.


To determine whether SSA's oversight of its Government Purchase Card program is effective.

The Purchase Card program was created as a way for agencies to streamline Federal acquisition processes by providing a low-cost, efficient vehicle for obtaining goods and services directly from vendors. SSA began participating in the Government Purchase Card program in 1988.

The Department of Commerce initially implemented the program and awarded a contract to U.S. Bank for 10 years. In 1998, the General Services Administration awarded Master Contracts to five banks under its SmartPay Program for another 10 years. These contracts required that each bank provide commercial electronic access system products and services to all agencies that issue them orders. In November 1998, the Agency issued a task order to Citibank that covers these services. SSA reported that purchase card use increased from about $47 million in FY 1999 to almost $81 million in FY 2007. Further, the Agency indicated the number of cardholders ranged between 2,800 and 3,000 at any given time during these FYs.


To determine the appropriateness of benefits paid to individuals whose Numident record contains a date of death.

Section 205(r) of the Act requires that SSA match States' death records against SSA payment records to identify and prevent erroneous payments after death. In addition, SSA matches death records from other Federal, State and local public assistance agencies. SSA posts a person's date of death to its Numident record and uses the Death Alert, Control, and Update System (DACUS) to receive and process death information. The purpose of DACUS is to ensure that all benefits to deceased beneficiaries are terminated appropriately and produce a national record of death information, known as the DMF. However, prior audits and investigations have found that in some cases, SSA erroneously continues to pay benefits after death.


To assess SSA's progress in resolving a backlog of approximately 2.5 million Earnings Enforcement selections and quantify the amount of improper payments for the affected beneficiaries.

Social Security benefits are intended to replace, in part, earnings an individual or family loses because of retirement, disability, or death. SSA uses the Annual Earnings Test to measure the extent of a beneficiary's retirement and determine the amount to be deducted from their monthly benefits. Beneficiaries who are younger than full retirement age and who earn an amount in wages, self-employment income, or both over the annual exemption amount receive reduced benefits. To ensure compliance with the Annual Earnings Test, SSA compares the earnings posted to the MEF with the earnings the beneficiary reported. This process, called the Earnings Enforcement Operation, is designed to detect over- or underpayments that may have occurred during the year.

In our 2007 audit of the Annual Earnings Test, we found that for Calendar Years 2002 through 2004 SSA overpaid about $313 million to 89,300 beneficiaries and underpaid about $35 million to 12,800 beneficiaries. In addition, we found that SSA had not processed approximately 2.5 million Earnings Enforcement selections for Calendar Years 1996 through 2005. Finally, we recommended that SSA review and process, as appropriate, all Earnings Enforcement Operation selections pending since 1996.


Sound management of public programs includes effective internal control. Internal control comprises the plans, methods and procedures used to meet missions, goals and objectives. SSA management is responsible for establishing and maintaining internal controls to achieve the objectives of effective and efficient operations, reliable financial reporting and compliance with applicable laws and regulations. Similarly, SSA management is responsible for determining whether the programs it manages achieve intended objectives.

OMB Circular A-123, Management's Responsibility for Internal Control, requires that SSA develop and implement cost-effective internal controls for results-oriented management. Internal controls are important when SSA works with third parties to help complete its important workloads. For example, disability determinations under DI and SSI are performed by DDSs in each State. DDSs are responsible for determining claimants' disabilities and ensuring adequate evidence is available to support its determinations. SSA reimburses the DDS for 100 percent of allowable expenditures up to its approved funding authorization. We conduct audits of state DDSs to ensure the costs they claimed are allowable and the DDSs have proper internal controls over the accounting and reporting of the administrative costs SSA reimburses.

From FYs 2000 through 2008, we conducted 72 DDS administrative cost audits. In 40 of the 72 audits, we identified internal control weaknesses and nearly $115 million in questioned costs and/or funds that could be put to better use. We believe the large dollar amounts claimed by State DDSs and the control issues we have identified warrant that this issue remain a major management challenge.

Another area that involves third parties and requires effective internal controls is the selection and oversight of contractors. Contracting is increasingly seen as an effective way of supporting Federal agencies in managing increasing workloads with diminished levels of staff. In FY 2007, SSA spent over $807 million on contracts. We will review multiple contracts in FY 2009 to ensure SSA is getting the services for which it is paying and has proper internal controls in place to ensure effective oversight of contractors. Additionally, we will review a number of the grants SSA provides for research and demonstration efforts involving the OASDI and SSI programs.

Effective controls are critical to the accuracy and efficiency of daily operations. Internal control applies to program, operational, and administrative areas. In addition to DDS, contract and grant audits, we will review internal controls in a variety of areas. For example, we plan to review the accuracy of SSA's garnishments of Title II benefits by SSA's court-ordered garnishment system, the use of funding provided to SSA as part of the Economic Stimulus Act of 2008 (Pub. L. No. 110-185), and SSA's collection of backup withholding taxes from vendors.

We plan to complete 20 reviews and begin 22 reviews in the Internal Control Environment challenge.

WE PLAN TO COMPLETE THE FOLLOWING REVIEWS IN FY 2009 Accuracy of the Garnishment of Title II Benefits by the Social Security Administration's Court-Ordered Garnishment System Accuracy of the Social Security Administration's Federal Procurement Data System - Next Generation Data
Administrative Costs Claimed by the Arizona, Kentucky, Michigan, Pennsylvania and Utah Disability Determination Services (5 Reviews)
Contract Audits: Abt Associates, Inc.; Lockheed Martin Government Services, Inc.; MDRC; and Virginia Commonwealth University (4 Reviews)
Fiscal Year 2008 Financial Statement Audit Oversight
Fiscal Year 2008 Inspector General Statement on the Social Security Administration's Major Management and Performance Challenges
Follow-up: The Social Security Administration's Procedures for Addressing Employee-Related Allegations
Homeless Outreach Projects and Evaluation
Indirect Costs Claimed by the Texas Disability Determination Services
Quick Response Evaluation: Absent Without Leave in the Social Security Administration
Quick Response Evaluation: Federal Protective Service Basic Security Fees
University of Michigan Retirement Research Center Youth Transition Demonstration Project

Administrative Costs Claimed by the Kansas, Massachusetts, Ohio and Oregon Disability Determination Services (4 Reviews)
CESSI Incurred Cost Rates for Fiscal Years 2007 and 2008
Collection of Backup Withholding Taxes from Vendors
Contract Audits: Headquarters Mailroom; Myers Investigative and Security Services; Paragon Systems; Quality Associates; Softmart; TELE-Interpreters, LLC; and WESTAT (7 Reviews)
Controls over Religious Compensatory Leave Fiscal Year 2009 Financial Statement Audit
Fiscal Year 2009 Inspector General Statement on the Social Security Administration's Major Management and Performance Challenges
Indirect Costs Claimed by the New Mexico and New York Disability Determination Services (2 Reviews)
MAXIMUS' Incurred Cost Rates for Fiscal Years 2004 and 2005
Peer Review of the Department of Energy Office of Inspector General
Social Security Administration Process for Submitting Timely Acquisition Plans and Requisitions to the Office of Acquisition and Grants
Use of Funding Provided as Part of the Economic Stimulus Act of 2008


To determine whether the system accurately
(1) calculates the allowable garnishment amount and (2) documents payment amounts to third parties and State child support enforcement agencies.

Section 207 of the Act states that no benefits paid under Title II of the Act ". . . shall be subject to execution, levy, attachment, garnishment, or other legal process" except by a provision of law that ". . . does so by express reference to" section 207. Section 459(a) of the Act contains such a specific exception. Pursuant to this section, Title II benefits are subject to legal process brought by an individual in a State court for the enforcement of a legal obligation to provide child support and/or make alimony payments. Title XVI payments are not subject to levies or garnishment.

To assist with this process, SSA has implemented the Court-Ordered Garnishment System. This national System automates withholding from beneficiaries in compliance with State or court-ordered garnishment requests. The System adjusts Title II benefits, issues payments to the appropriate payee as designated in the garnishment order and issues appropriate notices to the garnished beneficiary and the Court. The Court-Ordered Garnishment System limits the garnishment amount to the lesser of the State maximum or the maximum under the Consumer Credit Protection Act and is based on the law of the State where the beneficiary resides.


To determine the accuracy of SSA's Federal Procurement Data System - Next Generation (FPDS-NG) data submission certification.

FPDS-NG is a computer-based data system for collecting, developing, and disseminating procurement data. FPDS-NG contains data the Government uses to create reports for the President, Congress, GAO, Federal executive agencies and the public. It is important that data contained in FPDS-NG be accurate, complete and timely. SSA formed a workgroup in March 2007 to improve and maintain the quality of data entered into FPDS-NG.
The accuracy of FPDS-NG is directly related to implementation of the Federal Funding Accountability and Transparency Act of 2006 (Pub. L. No. 109-282), which requires a single, searchable website, publicly accessible for free, that includes for each Federal award
the name of the entity receiving the award;
the amount of the award;
information on the award including transaction type, funding agency, etc;
the location of the entity receiving the award; and
a unique identifier for the entity receiving the award.
USAspending.gov opened in December 2007 as a result of the Transparency Act.


To (1) evaluate the DDS' internal controls over the accounting and reporting of administrative costs, (2) determine whether costs claimed by the DDS were allowable and funds were properly drawn, and (3) assess limited areas of the general security controls environment.

Disability determinations under both DI and SSI are performed by an agency in each State in accordance with Federal regulations. In carrying out its obligation, each State agency is responsible for determining the claimants' disabilities and ensuring that adequate evidence is available to support its determinations.


Abt Associates, Inc.-This contract is to develop the design of a multi-site, demonstration project that tests alternate methods of treating work activity in the Title II program. The contract period is September 30, 2004 to June 30, 2007. The total value of the contract is $5.5 million.

Lockheed Martin Government Services, Inc.-This contract provides for medical records and non-medical evidence, along with related data transmission and document control services, to be digitally imaged (scanned). The cost of the services over the 5-year period is estimated at about $125 million.

MDRC-This contract is for program review/development services to test the impact of providing immediate cash benefits and Medicare to Title II applicants. This is a 5-year contract with a period of performance from January 2006 through January 2011. With contract modifications, the total contract award to date is about $42.9 million.

Virginia Commonwealth University-This audit will provide SSA's contracting officer with the cost information necessary to determine the final value of the contract to use in closing the contract. The total value of the contract is about $1.9 million.


To fulfill our responsibilities under the Chief Financial Officers Act (Pub. L. No. 101-576) and related legislation for ensuring the quality of the audit work performed, we will monitor PricewaterhouseCoopers' audit of SSA's financial statements.

The Chief Financial Officers Act requires that agencies annually prepare audited financial statements. Each agency's Inspector General is responsible for auditing these financial statements to determine whether they provide a fair representation of the entity's financial position. This annual audit also includes an assessment of the agency's internal control structure and its compliance with laws and regulations. The audit work to support this opinion of SSA's financial statement will be performed by PricewaterhouseCoopers. We will monitor the contract to ensure reliability of PricewaterhouseCoopers' work to meet our statutory requirements for auditing the Agency's financial statements.


To provide a summary and assessment of the most serious management and performance challenges facing SSA in FY 2008.

The Reports Consolidation Act of 2000 (Pub. L. No. 106-531) requires that Inspectors General provide a summary and assessment of the most serious management and performance challenges facing Federal agencies and the agencies' progress in addressing them. This document responds to the requirement to include this statement in SSA's FY 2008 Performance and Accountability Report.


To determine the extent to which SSA implemented certain recommendations from a series of reports on employee-related allegations we issued during FYs 2004 and 2005.

Employee-related allegations can originate from various sources, including SSA employees, the public, congressional inquiries, internal security reviews, or the Office of the Inspector General. These allegations are referred to the Offices of the Regional Commissioners and/or SSA Headquarters components for review.
Examples of employee-related allegations include standards of conduct violations; ethics violations; potential criminal violations; the theft of Government property; or allegations of rude, discourteous, or poor service where a specific employee is named. Allegations concerning SSA employees are significant because of the potential losses to SSA's programs and the corresponding negative impact on the public.

During FYs 2004 and 2005, we issued 11 reports on SSA's procedures for addressing employee-related allegations. In each report, we discussed the applicable components' management of employee-related allegations. In our reports, we frequently recommended the component
implement a control system to document receipt, development, and disposition of allegations;
retain documentation related to employee-related allegations; and
refer potential criminal violations to the Office of the Inspector General for investigation.


To evaluate the results of the Homeless Outreach Projects and Evaluation (HOPE).

Congress provided $8 million annually in FYs 2003 through 2005 directing SSA to conduct outreach to homeless and other under-served populations. SSA used this earmarked funding to establish HOPE in support of the initiative to end chronic homelessness within 10 years. The HOPE initiative is focused on assisting eligible, homeless individuals in applying for SSI and DI benefits. The HOPE project will help SSA demonstrate the effectiveness of using skilled medical and social service providers to identify and engage homeless individuals with disabilities as well as assist them with the application process. Arizona, California, Colorado, Connecticut, the District of Columbia, Florida, Hawaii, Indiana, Kansas, Louisiana, Massachusetts, Michigan, Minnesota, Nevada, New York, North Carolina, Ohio, Oregon, Texas, Washington, and Wisconsin were involved in this project.

These grantees were required to provide outreach, supportive services and benefit application assistance to homeless adults and children. In addition, HOPE grantees may have performed optional activities that included presumptive disability screening for SSI applicants; pre-release assistance for institutionalized individuals with disabilities; representative payee services; employment interventions and/or the use of electronic services to file for benefits.


To determine whether the indirect costs claimed by the Texas DDS for Federal FYs 2006 and 2007 were allowable and properly allocated.

State agencies determining disabilities for SSA are subject to regulations set forth by OMB Circular A-87, Cost Principles for State, Local, and Indian Tribal Governments. OMB Circular A-87 establishes basic guidelines for both direct and indirect costs, setting the criteria as to whether a cost is allowable, reasonable, and allocable. It further defines indirect costs and states that indirect cost pools should be distributed to the benefited cost objectives on bases that will produce an equitable result in consideration of the relative benefits derived.

SSA pays the Texas Department of Assistive and Rehabilitative Services, the parent agency, indirect costs associated with providing support to the Texas DDS. The U.S. Department of Education, as the cognizant agency, has negotiated the indirect cost rate of all federally funded programs under the Texas Department of Assistive and Rehabilitative Services. Indirect costs claimed by Texas Department of Assistive and Rehabilitative Services for FYs 2006 and 2007 totaled approximately $12.5 million and $11.6 million, respectively.


To determine the number of hours SSA employees are Absent Without Leave annually and the controls management has in place to recognize and respond when an employee is Absent Without Leave.

On August 21, 2008, Senator Tom Coburn, M.D., released a report, Missing in Action, AWOL in the Federal Government, which documents 18 Federal agencies whose employees were Absent Without Leave about 19.6 million hours. The investigation found that the number of Absent Without Leave hours increased from approximately 2.5 million in 2001 to 3.5 million in 2007. SSA was not mentioned in Senator Coburn's report.


To (1) review the statutory authority of DHS' Federal Protective Service to charge SSA a basic user fee and (2) determine whether current charges are correct and appropriate.

The Federal Protective Service is the law enforcement program within DHS responsible for the security of General Services Administration-owned or leased Federal buildings and grounds, and the persons occupying them. Federal Protective Service is 100 percent reimbursable and must collect the costs of providing law enforcement and security services from the Federal agencies receiving this support.

Public Law 110-161, signed December 26, 2007, directed the Federal Protective Service to increase its staffing to 1,200 personnel to protect and enforce laws at Federal buildings, including 900 law enforcement personnel. This requires that the Federal Protective Service hire an additional 150 law enforcement officers above its current staffing levels. To comply with the law, the Federal Protective Service must increase its operating budget and will hire 150 new officers in FY 2008 to bring Federal Protective Service's total law enforcement office staffing to 900. Since the Federal Protective Service is entirely fee-funded, it must recoup these additional costs through a mid-year fee increase. The law directs the Secretary of DHS to adjust the fees to generate the necessary revenue to fund the increase in personnel. Therefore, this unfunded congressional mandate requires DHS to raise the basic security fee levels in FYs 2008 and 2009.


To evaluate the results of the University of Michigan Retirement Research Center cooperative agreement.

SSA awarded approximately 210 grants and cooperative agreements in FY 2007 for about $39 million. The largest grantee was the University of Michigan Retirement Research Center, which received $2.6 million in FY 2007. The University of Michigan is part of SSA's Retirement Research Consortium. The Consortium consists of three multidisciplinary centers in Boston College, the University of Michigan, and the National Bureau of Economic Research and is funded through cooperative agreements with SSA. SSA awarded the Consortium approximately $5 million in 2003 when the current 5-year award was made. When the award was made, funding was expected to continue at that level or higher for each of the remaining years of the award.


To evaluate the results of the Youth Transition Demonstration Project.

The States developed service delivery systems to assist youth with disabilities to successfully transition from school, which may include post-secondary education, to employment and economic self-sufficiency. The States established partnerships to improve employment outcomes for youth age 14-25 who receive SSI or DI payments based on their own disability. The projects provide transition-related services and support.

To further the New Freedom Initiative goal of increasing employment of individuals with disabilities, SSA created the Youth Transition Demonstration. The Youth Transition Demonstration began in 2003 with seven projects in six States. A national evaluation contract was awarded to Mathematica Policy Research in September 2005. The obligated amount is $19.6 million. California, Colorado, Florida, Maryland, Mississippi, New York, and West Virginia are currently involved. Iowa, Vermont, Washington and one site in Maryland were previously involved in the project, but these projects ended in 2007.

Youth participating in the evaluation will be monitored for at least 4 years after they are recruited into the study. A variety of data sources, surveys of youth, and interviews with project staff will be used to determine whether the intervention led to increased earnings or increased enrollment in postsecondary education for youth. The evaluation uses a random assignment design, similar to a lottery or picking names from a hat. Eligible youth are randomly chosen to either receive Youth Transition Demonstration services or be in the control group. Any differences in outcomes that emerge are attributed to the intervention.

The Youth Transition Demonstration is generating empirical evidence, based on process and random-assignment evaluations, on the impacts of SSI waivers and enhanced coordination of services for youth with disabilities. Under this project, SSA is testing the effectiveness of altering certain SSI rules as an incentive to encourage beneficiaries to initiate work or increase their work activity and to increase their earnings.


Federal agencies maintain significant amounts of personal information concerning individuals, known as personally identifiable information (PII). The loss of PII can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information. Agencies have a duty to protect PII from loss and misuse.

The vulnerability of critical infrastructures and the unique risks associated with networked computing have been recognized for some time. Federal agencies rely heavily on information technology to run their daily operations and deliver products and services. With an increasing reliance on information technology, a growing complexity of Federal information technology infrastructure, and a constantly changing information security threat and risk environment, information security has become a mission-essential function.

SSA's information security challenge is to understand and mitigate system vulnerabilities. Weaknesses in controls over physical and logical access to its electronic information, technical security configuration standards, suitability and continuity of systems operations have been identified. The information security challenge extends the Agency's ability to properly maintain its operations and recover from a disaster. While many of these weaknesses have been resolved, SSA needs to monitor these issues diligently to ensure that they do not recur. This means ensuring the security of its critical information infrastructure and sensitive data. Federal agencies maintain significant amounts of personal information concerning individuals, known as PII.

Incidents of Federal agencies losing PII demonstrate the importance of data security. The public will be reluctant to use electronic access to SSA services if it does not believe the Agency's systems and data are secure. Without due diligence, sensitive information can become available to those who are not entitled to it and may use it for personal gain. For example, in June 2008, we reported that since January 2004, the publication of the Death Master File (DMF) has resulted in the breach of PII for over 20,000 living individuals erroneously listed as deceased on the DMF. To address increasing workloads and the changing work environment, SSA constantly assesses and implements new technologies, such as the Internet Protocol version 6 and Voice over Internet Protocol (VoIP). New technology often brings advantages, but also presents new security challenges. SSA needs to understand and address potential risks before such technology is implemented.
SSA addresses critical information infrastructure and systems security in a variety of ways. For example, it created a Critical Infrastructure Protection workgroup that works toward compliance with various directives, such as the Homeland Security Presidential Directives (HSPD) and the Federal Information Security Management Act of 2002 (Pub. L. No. 107-347) (FISMA). HSPD 12 mandates the development of a common identification standard for all Federal employees and contractors. Federal Information Processing Standard 201, Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12. SSA worked with other agencies and OMB to address HSPD 12 and comply with Personal Identity Verification. To date, SSA has issued more than 63,000 Personal Identity Verification compliant credentials to employees and contractor personnel and is on target to issue credentials to all 85,000 employees by September 30, 2008.

To meet FISMA requirements, SSA and the Office of the Inspector General annually evaluate SSA's security program. FISMA requires that agencies institute a sound information security program and framework. Since the inception of FISMA, we have worked with the Agency to ensure prompt resolution of security issues. The House Government Reform Committee rated SSA "A+" for FY 2007 on its computer security based on its compliance with the OMB FISMA reporting guidance. This guidance requires that Federal agencies report on the status of certain elements of their information security programs. However, reporting under these criteria does not ensure a lack of system security deficiencies.

Even though SSA is substantially compliant with the OMB FISMA guidance, there are a number of system security areas that the Agency could improve upon. SSA needs to ensure (1) controls to protect PII are fully developed and implemented in accordance with OMB guidance; (2) adequate incident response and reporting policies and procedures are implemented Agencywide; (3) system access controls are fully implemented to meet least privilege criteria for all users of SSA systems; (4) systems are sufficiently tested to fully meet FISMA requirements; and (5) the suitability of all contractor personnel is appropriately tested and such personnel receive annual security awareness training.

Additionally, SSA has taken numerous steps in the area of PII. The Agency has established workgroups: a PII Executive Steering Committee, which provides oversight and recommendations on SSA policy; and the PII Breach Response Group whose role is to engage in Agency planning in the event a breach occurs. SSA has developed strict policies and procedures for employees to protect PII. In May 2008, SSA began notifying the United States Computer Emergency Readiness Team that individuals were erroneously included in the DMF. SSA is also completing an assessment of the risks involved with the affected individuals and developing an appropriate notification policy for these individuals. Because of the critical nature of PII, we plan to audit SSA's compliance with its own PII polices in the coming Fiscal Year.

SSA's sensitive information in its databases is an important asset. To ensure effective use of these databases in the future, SSA is converting them from legacy systems to more commercially used applications. This will take several years to complete. Additionally, in recent years, the need to recover from a disaster or significant event has become increasingly evident. To better enable itself to recover from such an event, SSA is building a second Data Center to handle some of the current workload of SSA's primary data center and temporarily replace the primary data center in the event of a significant incident. SSA plans to begin occupancy of this facility in January 2009, but there have been delays to the original occupancy date. Because of the importance of the new data center, we plan to continue to monitor SSA's progress.

In FY 2009, we plan to complete nine reviews and begin four reviews in the Systems Security and Critical Infrastructure Protection challenge.

Access to Personally Identifiable Information in LexisNexis Total Research System
Fiscal Year 2009 Federal Information Security Management Act
Follow-up: The Social Security Administration's Computer Security Program
Follow-up: The Social Security Administration's Electronic Mail Security Review
Follow-up: The Social Security Administration's Implementation of Program Operations
Manual System Security Requirements at Disability Determination Services
New Homeland Security Presidential Directive 12 Badging Process
Physical Security at the Office of Disability Adjudication and Review's Headquarters Building
Security for the Social Security Administration's Voice over Internet Protocol Contract
The Social Security Administration's Ability to Address Future Processing Requirements

Conversion of the Social Security Administration's Legacy Systems
The Social Security Administration's Agency-wide Support Services Contract
The Social Security Administration's Compliance with its Personally Identifiable Information Policies and Procedures
The Social Security Administration's Second Data Processing Center Contract


To determine whether SSA's policies and procedures safeguard PII available in LexisNexis from improper use.

LexisNexis uses public records and non-public information to provide invaluable fraud detection and identity authentication solutions that help to safeguard citizens and reduce consumers' financial losses. Although PII, such as address history, real property records, and criminal information, available through LexisNexis can be obtained by the general public from various other sources, LexisNexis pulls the information together for easy access. However, information that is not readily available or considered public, such as SSNs and drivers' license numbers, is also made available through LexisNexis.
SSA contracts with LexisNexis to provide access to data by employees performing their official job function.


To determine whether SSA's overall security program and practices complied with the requirements of FISMA for FY 2009.

FISMA requires an Agency-wide information security program and separate annual reviews of the security program performed by the Agency and the Office of the Inspector General. Each year, OMB issues questions to be answered concerning agencies' compliance with FISMA. Congress and OMB use these reports to judge how well agencies are protecting their critical infrastructure and sensitive information.


To determine whether SSA has implemented the recommendations from our June 2001 audit, Compliance of the Social Security Administration's Computer Security Program with Applicable Laws and Regulations.

The objective of our 2001 audit was to assess SSA's computer security program. We reviewed the requirements of the Computer Security Act (Pub. L. No. 100-235), Government Information Security Reform Act (Pub. L. No. 106-398), Clinger-Cohen Act of 1996 (Pub. L. No. 104-106), OMB Circular A-130, National Institute of Standards and Technology Special Publication 800-18, and applicable provisions of the Code of Federal Regulations and compared these to SSA's program. SSA agreed with the five recommendations in our report, which were as follows.

Centralize its systems security management structure to comply with the Government Information Security Reform Act and other applicable laws to ensure all key security components responsible for Agency-wide security policy and administration report directly to the Chief Information Officer.
Develop a more inclusive system security plan for the mainframe and distributed computing environments according to National Institute of Standards and Technology Special Publication 800-18.
Implement global electronic mail and other appropriate methods for broadcasting computer incidents.
Develop sanctions for users who cause system disruptions or share passwords.
Develop a computer system security manual consistent with guidance provided by the National Institute of Standards and
Technology and incorporate it in all existing computer security policies.


To determine whether SSA implemented the recommendations from our September 2006 audit of the Social Security Administration's Electronic Mail Security Review.

The objective of our 2006 review was to evaluate the adequacy of electronic mail security controls designed to ensure confidentiality, availability, and integrity of sensitive information. As part of the audit, we evaluated SSA's management, operational and technical controls related to electronic mail security for consistency with Federal standards and guidelines and industry best practices. Based on our audit, we made nine recommendations of which the Agency agreed with seven.


To determine whether SSA has sufficient security requirements in the Program Operations Manual System to ensure security at its DDS sites.

Disability determinations are performed by an agency in each State or other responsible jurisdiction according to Federal regulations. In carrying out its obligation, each responsible State agency determines claimants' disabilities and ensures there is adequate evidence to support its determinations.

We will evaluate our and PricewaterhouseCoopers' reports from 2001 through 2007 to determine which security provisions the Agency agreed to implement and whether it has incorporated those security provisions into its policies and procedures. We will also review Federal security requirements issued or amended during that time period, and determine whether SSA should include these in its DDS requirements.


To assess the internal controls over the distribution of Agency badges to contractor personnel.

HSPD-12 requires that all Federal agencies develop a common identification process for agency personnel and contractor employees. SSA compliance with this directive required the issuance of nearly 100,000 compliant identification badges and the installation of appropriate hardware and supporting software systems for all points of physical access to every SSA facility.

Everyone in any Headquarters building must have and display an appropriate SSA access badge. Under HSPD-12, SSA created an electronic Identity Management System to store the required information and interface with other SSA systems.

The Deputy Commissioner for Human Resources and the appropriate Human Resource branches in the Office of the Deputy Commissioner for Operations conduct and oversee background investigations for SSA employees, contractors, vendors, students, volunteers and other individuals requiring frequent access to SSA's facilities or logical systems.


To determine whether the ODAR building in Falls Church, Virginia, complies with physical security standards.

ODAR headquarters occupies approximately 15 floors of a 26-story commercial building in Falls Church. The building contains other Federal and private tenants.
Following the 1994 Oklahoma City bombing, a Department of Justice study created minimum physical security standards for Federal buildings. The President directed Federal agencies to upgrade the physical security of their facilities based on the Department of Justice's recommendations. SSA placed its version of the Department of Justice standards into its Administrative Instructions Manual System.

Several Federal agencies have published physical security guidelines that go beyond the Department of Justice minimum standards. In 2002, the Department of Defense issued a report on DoD Minimum Antiterrorism Standards for Buildings and made it available to the general public. A VA Task Group recently recommended that all VA facilities adopt the Department of Defense standards. The Federal Emergency Management Agency published scientific research to support that buildings not meeting Department of Defense standards are vulnerable to catastrophic consequences if subjected to a terrorist attack.


To determine whether SSA's VoIP contract with Nortel Government Solutions, Inc., is properly administered and managed according to the contract's terms. This will result in a series of audits on (1) VoIP Security Measures and (2) Contract Compliance.

VoIP is the routing of voice conversations over the Internet or any other Internet Protocol-based network. VoIP traffic can be deployed on any Internet Protocol network, including those that do not have a connection to the rest of the Internet. SSA recently awarded a $41 million contract to Nortel Government Solutions Inc., to replace its entire telephone system with a system based on VoIP. The contract will run 2 years. In general, telephone service via VoIP costs less than its equivalent service from traditional sources and is similar to providers of alternative Public Switched Telephone Network service. Cost savings can result from using a single network to carry voice and data transmissions. This is especially evident where users have existing excess network capacity that VoIP can use at no additional cost.


To assess SSA's efforts to address future processing needs and infrastructure issues at the National Computer Center.

Effective and efficient data processing is essential to SSA fulfilling its mission to the American public. Most of this processing has been done in the National Computer Center on SSA's Headquarters campus. However, concerns regarding the National Computer Center's capacity have been raised, and the Agency planned a second data processing center in North Carolina known as the Durham Service Center. Recent assessments show that this may still not be sufficient to handle the Agency's future data processing needs, and other options are being considered. Lockheed Martin has completed a feasibility assessment of the National Computer Center and expressed concern over SSA's data processing capacity and problems with the National Computer Center's infrastructure. Most of the National Computer Center infrastructure problems stem from the fact that the facility is almost 30 years old.


In SSA's recently released strategic plan, the Agency identified its employees and information technology as key foundational elements, stating that it must invest in developing and supporting its employees and its information technology since they are essential to everything the Agency does. SSA's strategic plan also identified certain actions that must be taken to preserve the public's trust and confidence in the Agency's programs. These actions include the need to move forward aggressively with process, policy, and systems improvement.

This management challenge includes such areas as the Representative Payee Process, Electronic Government and Managing Human Capital.

Representative Payee Process
Representative payees continue to be a significant challenge for SSA. Most notably, SSA needs to improve: its identification of incapable beneficiaries in need of representative payees; its selection of suitable representative payees; and its subsequent monitoring to ensure beneficiaries' funds are properly managed. Our audits and investigations of representative payees have found significant problems with the management of beneficiaries' funds that, in some cases, had been occurring for several years in spite of SSA's previous identification of these problems.

Some beneficiaries cannot manage or direct the management of their finances because of their youth or mental or physical impairment. For such people, Congress provided for payment to be made through a representative payee who receives and manages the beneficiary's payments. In recognizing the potential for representative payee misuse of benefits, Congress requires that SSA exercise extreme care in determining whether a payee is needed and in the selection and monitoring of representative payees.

SSA reports there are approximately 5.4 million representative payees who manage about $52.7 billion in annual benefit payments for approximately 7.2 million beneficiaries. While representative payees provide a valuable service for beneficiaries, SSA must provide appropriate safeguards to ensure they meet their responsibilities to the beneficiaries they serve. In addition, the Social Security Protection Act of 2004 (Pub. L. No. 108-203) requires that SSA conduct periodic site reviews of certain types of representative payees. As of February 2008, SSA reported that representative payees subject to periodic review included approximately 2,880 organizational representative payees serving 50 or more beneficiaries, 375 individual representative payees serving 15 or more beneficiaries, and 1,067 representative payees who were authorized to collect a fee. During these reviews, SSA assesses the representative payee's performance by examining beneficiaries' and representative payee's records, and by interviewing beneficiaries. Finally, for representative payees who are problematic or if SSA suspects representative payee misuse of benefits, SSA will request an audit or investigation by the Office of the Inspector General.

Congressional staff has requested that we examine a potential concern about SSA not being aware of aged beneficiaries who may be in need of a representative payee. According to statistics from the medical community, approximately 50 percent of individuals over age 85 suffer from dementia or Alzheimer's disease. According to SSA, there are about 4.8 million Title II beneficiaries over age 85, of which only 210,000 (4.4 percent) have a representative payee.

In a July 2007 study of individual representative payees serving 14 or fewer beneficiaries and non-fee-for-service organizational payees serving fewer than 50 beneficiaries, the National Academy of Sciences (NAS) reported that SSA should take steps to better prevent and detect misuse of beneficiary funds. In addition, NAS concluded that SSA's current methods to detect misuse of benefits are not reliable. As such, NAS recommended that SSA conduct targeted reviews of those representative payees most likely to misuse benefits. NAS estimated this approach would identify about 7,000 cases of misuse and another 7,000 cases of possible misuse. In FY 2009, we plan to complete two such targeted reviews of representative payees who are likely to commit misuse. One of our reviews will determine whether certain characteristics of representative payees as identified by NAS result in an increased risk of misuse. In another review, we will determine whether individual representative payees who act as organizations or operate "group homes" need more monitoring, as recommended by NAS.

The Agency classifies individual payees who serve 15 or more beneficiaries as individual volume representative payees. Some of these payees serve a significant number of individuals. Certain conditions raise questions about an individual serving large populations of beneficiaries. During the fiscal year, we plan to conduct audits of individual volume representative payees. The audits are intended to determine whether the beneficiaries served by such payees receive the support and benefit their payments are intended to deliver.

Electronic Government

Electronic Government has changed the way Government operates and the way citizens relate to Government. Federal agencies rely heavily on information technology to run their daily operations and deliver products and services. SSA is developing a wide range of Electronic Services (eServices) to improve its services to the public because the Agency is facing what is often referred to as a "silver tsunami" of baby boomer claims. Because of the aging of the baby boomers, SSA is facing an avalanche of retirement and disability claims at the same time it must address large backlogs due to years of increasing workloads and limited resources.
Over the last 9 years, SSA has automated more of its workload and is attempting to have the public conduct more of their business using SSA's eServices. However, SSA must overcome several challenges to meet its Internet service goals including increasing its use, implementing planned enhancements, and addressing critical issues. Additionally, as the Agency implements its planned expansion of eServices, it also needs to develop appropriate authentication measures tailored to each electronic application to identify individuals and maintain the security of SSA's most sensitive information. Although SSA's Internet retirement application is one of the highest rated Internet applications in the Government, only 18.5 percent of retirement benefit claims were filed through the Internet in FY 2008 as of August 2008. According to Commissioner Astrue, the on-line filing percentage will need to increase to 50 percent within the next 5 years ". . . in order to keep field offices from being totally overwhelmed." The Agency believes maximizing the use of modern technology and changing the service delivery model will enable SSA to continue to provide critical services to all future beneficiaries.

Managing Human Capital

SSA, like many other Federal agencies, is being challenged to address its human capital shortfalls. As of March 2008, GAO continued to identify strategic human capital management on its list of high-risk Federal programs and operations. GAO initially identified strategic human capital management as high-risk in January 2001.

By the end of 2012, SSA projects its DI rolls will have increased by 35 percent. Further, the Agency projects 53 percent of its employees will be eligible to retire by FY 2017. It is expected this will result in a loss of institutional knowledge that will affect SSA's ability to deliver quality service to the public. The Agency acknowledges that these two issues combined with a growing workload, technological advances, increased diversity, and changes in economic conditions will have a significant impact on the Agency's workforce, the public's expectations and the Agency's ability to meet those expectations.

SSA's service and staffing challenges must be addressed by leadership and succession planning, strong recruitment and retention strategies, competency development and increased training. Further, technology is essential to increasing productivity, streamlining workload processes, and achieving efficiencies to deliver the kind of service that every claimant, beneficiary, and citizen needs and deserves. In FY 2009, we plan to conduct an evaluation to assess SSA's efforts to identify and address competency gaps in mission critical occupations. Also, we plan to conduct a review to assess the Agency's succession planning as it relates to its automated workloads.

In FY 2009, we plan to complete 16 reviews and begin 13 in the Service Delivery and Electronic Government challenge.

Aged Beneficiaries in Need of a Representative Payee
Characteristics of Representative Payees that May Increase the Risk of Benefit Misuse
Field Office Procedures for Charging and Collecting Fees
Fugitive Representative Payees Individual Representative Payees for the Social Security Administration in Sterling Heights, Michigan, and Hartford, Connecticut (2 Reviews)
Individual Representative Payees Serving Multiple Beneficiaries
Mission-Critical Occupations' Core Competencies
Organizational Representative Payees for the Social Security Administration in Dallas, Texas; Cleveland, Ohio; and Salina, Kansas (3 Reviews)
Quick Response Evaluation: Financial Institutions Serving as Representative Payees
Quick Response Evaluation: The Social Security Administration's Access to State Online Vital Records
State of Florida's use of Title IV-E Funds
The Social Security Administration Informing Beneficiaries of New Electronic Banking Options
The Social Security Administration's Succession Planning Related to Automated Workloads

Acquiescence Rulings
Bank Accounts Where Representative Payee and Beneficiary Can Access Funds
Benefit Payments Managed by Representative Payees for Children in Foster Care
Follow-up: Concurrent Title II and XVI Beneficiaries Receiving Representative Payee and Direct Payments
Group and Boarding Homes Serving as Organizational Representative Payees
Individual Representative Payees for the Social Security Administration in Grand Rapids, Michigan, and Los Angeles, California (2 Reviews)
Internal Controls over the Processing of Privacy Act and Freedom of Information Act Requests for Information
Missing Persons Receiving Social Security Benefits
Organizational Representative Payee for the Social Security Administration in the Dallas and San Francisco Regions (2 Reviews)
Representative Payees Reporting Criminal Convictions Social Security Administration's Controls to Ensure Non-Governmental Fee for Service Organizational Payees are Licensed and Bonded


To identify any potential vulnerabilities of direct payment to aged beneficiaries and to determine whether additional safeguards are needed to ensure these beneficiaries' funds are properly managed.

SSA provides benefits to the most vulnerable members of society-the young, the elderly, and the disabled. Congress granted SSA the authority to appoint representative payees for those beneficiaries judged incapable of managing or directing the management of their benefits.

Congressional staff requested that we examine a potential concern about SSA not being aware of aged beneficiaries who may be in need of a representative payee. According to statistics from the medical community, approximately 50 percent of individuals over age 85 suffer from dementia or Alzheimer's disease. According to SSA, there are approximately 4.8 million beneficiaries over age 85, of which only 210,000 (4.4 percent) have a representative payee.


To determine whether certain characteristics of representative payees result in an increased risk of benefit misuse.

In July 2007, NAS issued a report on Improving the Social Security Representative Payee Program: Serving Beneficiaries and Minimizing Misuse. One of the objectives of the NAS review was to identify the types of representative payees who have the highest risk of benefit misuse. In its report, NAS identified several characteristics of individual representative payees that may be potential indicators of misuse or poor performance. To determine whether these characteristics increase the risk of misuse, we identified all individual representative payees who serve 14 or fewer beneficiaries. From this group, we identified a population of 3,329 representative payees who had at least 3 of the characteristics NAS identified.


To determine whether SSA's FOs are complying with policies and procedures for charging and collecting fees for services rendered in response to numberholder and third-party information requests.

SSA FOs are authorized to charge a fee for services provided in response to individual and third-party information requests that exceed what is provided for free in the normal course of business. Under the Privacy (Pub. L. No. 95-579) and the Freedom of Information Acts (Pub. L. No. 104-231), individuals and third parties have the right to obtain certain information from SSA. SSA is authorized to charge a fee for the cost of providing those services.


To assess SSA's controls to prevent fugitives from serving as representative payees.

Our March 2003 report, Screening Representative Payees for Fugitive Warrants, concluded that SSA should use fugitive warrant information to screen representative payees because a fugitive felon may not be in the best position to manage a beneficiary's funds. Based on our analysis, we estimated that approximately 3,145 fugitives served as payees and managed approximately $81.2 million in Social Security funds. Furthermore, we estimated that if not replaced, current fugitives would manage approximately $19.6 million in Social Security benefits over the next year.

The Social Security Protection Act of 2004 was signed into law on March 2, 2004. This law, which took effect in April 2005, contained a provision that disqualifies fugitive felons from serving as representative payees.


To ensure the selected representative payee/ guardian is providing beneficiaries the full support and benefit their payments are intended to deliver.

SSA provides benefits to the most vulnerable members of society-the young, the elderly, and the disabled. Congress granted SSA the authority to appoint representative payees for those beneficiaries judged incapable of managing or directing the management of their benefits. Representative payees (organizations and individuals) receive and manage payments on behalf of these beneficiaries.

An individual volume representative payee in Sterling Heights, Michigan, serves as the representative payee for approximately 160 individuals and as the legal guardian for some of these individuals.

An individual volume representative payee in Hartford, Connecticut, serves as the representative payee for approximately 244 individuals and the guardian for approximately 178 of these individuals.


To determine whether selected individual payees (1) operated as organizations or group homes (2) met the needs of the beneficiaries being served and/or (3) misused Social Security benefits.

In July 2007, NAS issued a report on Improving the Social Security Representative Payee Program: Serving Beneficiaries and Minimizing Misuse. NAS restricted its national survey to individual payees serving fewer than 15 beneficiaries and non-fee-forservice organizational payees serving fewer than 50 beneficiaries.
The NAS study concluded SSA's current designation of "individual payee" is too broad. NAS reported the designation mixes payees who serve a single or even a few beneficiaries with payees who operate group homes for up to 14 beneficiaries. Further, the NAS report indicated individual payees who are owners or administrators of group homes have an inherent conflict of interest. NAS concluded that payees of this type require special monitoring.
We identified all individual representative payees who serve 14 or fewer beneficiaries. From this, we identified a population of 910 representative payees who have the following characteristics.

Serves between 4 and 14 beneficiaries.
At least three beneficiaries are not family members.
Manages over $800 in monthly benefits.


To assess SSA's efforts to identify and address competency gaps in its mission-critical occupations.

SSA, like many other Federal agencies, is being challenged to address its human capital shortfalls. By the end of 2012, SSA projects its DI rolls will have increased by 35 percent. Further, the Agency projects 53 percent of its employees will be eligible to retire by FY 2017. The "retirement wave" will result in a loss of valuable skills, institutional knowledge, and technical expertise. This may have a profound impact on the public's expectations and SSA's ability to meet those expectations.
It is imperative that staff in mission-critical occupations possess the competencies to complete their work more efficiently and effectively. In 2001, GAO identified those job series it considered mission-critical for all major Federal agencies. Both GAO and Congress emphasized the importance of hiring, retaining, and developing employees according to competencies.
There are three key areas related to mission-critical occupations: (1) staffing levels, (2) the development of core competencies, and (3) the closure of competency gaps. However, because of SSA's budget constraints and other limitations, this review will focus on the Agency's development of competencies, gap analysis and improvement plans for closing gaps in mission-critical occupations.


To determine whether the representative payee (1) has effective safeguards over the receipt and disbursement of Social Security benefits and (2) ensures Social Security benefits are used and accounted for in accordance with SSA's policies and procedures.

Some individuals cannot manage or direct the management of their finances because of their youth or mental and/or physical impairments. Congress granted SSA the authority to appoint representative payees to receive and manage these beneficiaries' payments. A representative payee may be an individual or an organization. SSA selects representative payees for OASDI beneficiaries or SSI recipients when representative payments would serve the individuals' interests. Representative payees are responsible for managing benefits in the best interest of the beneficiary.


To analyze information recorded in SSA's information systems regarding financial institutions serving as representative payees

The decision to make OASDI and/or SSI payments through a representative payee is serious. It deprives a beneficiary or recipient of direct control over personal finances, and may affect the beneficiary's manner of living. In recognizing the potential for a representative payee to mishandle benefits, Congress requires that SSA exercise extreme care in determining that a representative payee is needed, in selecting a representative payee, and in monitoring the representative payee's performance.


To assess SSA's progress in expanding its on-line access to States' vital records.

On-line access to State's vital records improves the speed at which SSA can obtain information necessary for it to process certain actions. Currently, SSA has on-line access to a limited number of States' vital records. However, SSA has been working with representatives from the National Association of Public Health Statistics and Information Systems to obtain on-line access to additional States' vital records.


To determine whether Florida's Department of Human Services is properly offsetting a recipient's Title XVI funds when the State's Foster Care Program receives Title IV-E funds to reimburse a portion of program costs.

According to SSA policy, Title IV-E funds provided to States' foster care programs are considered income for children who also receive Title XVI benefits. The policy further states that Title XVI payments must be reduced dollar-for-dollar by income derived from Title IV-E benefits.

In April 2006, the Department of Health and Human Services, Administration for Children and Families, granted Florida's Department of Human Services a 5-year waiver under Title IV-E of the Act. Effective October 2006, the waiver allows Federal foster care funds to be used for any child-welfare purpose, instead of being restricted to out-of-home care, as generally required under Federal law. Under the waiver, funds can be used for a variety of child welfare services including abuse prevention, in-home services, and family reunification. The increased flexibility in funding is expected to result in improved services for Florida families.
In recent years, Florida Department of Children and Families has received about $10 million a year in Title XVI funds as reimbursement for the cost of foster care.


To determine whether SSA is informing beneficiaries of new electronic banking options that include the Direct Express Card and Electronic Transfer Account.

The Direct Express Card is a debit card sponsored by the Department of the Treasury available to Social Security and SSI recipients. The Direct Express Card allows individuals who do not have a bank account to access their funds with a debit card. The debit card can be used to make purchases from participating merchants, get money from a point-of-sale transaction, and get cash at Automated Teller Machines and financial institutions nationwide.

On December 27, 2006, the Department of the Treasury mailed a letter and brochure to 20,000 Social Security and SSI paper check recipients residing in the Chicago area and rural areas of Southern Illinois to test whether paper check recipients would be interested in signing up to receive their monthly payment via a debit card account.

On January 4, 2008, the Department of the Treasury announced the selection of Comercia Bank to replace JPMorgan Chase as the operating bank for the Direct Express Card program. As of June 10, 2008, SSA and SSI recipients who received paper checks and resided in Alabama, Arkansas, Florida, Georgia, Louisiana, Mississippi, North Carolina, Oklahoma, South Carolina and Texas were mailed inserts with their benefit checks introducing the Direct Express Card. Treasury expects Direct Express to be offered nationwide through enrollment phases.


To assess SSA succession planning as it relates to automated workloads. Specifically, we will review the Agency's activities related to the recruitment, training, retention and development of staff who occupy the mission-critical position of information specialist.

SSA is challenged to address increasing workloads as the "baby boom" generation approaches its peak disability and retirement years, at the same time SSA's workforce is retiring. By the end of 2012, SSA estimates its DI and Old-Age and Survivors Insurance benefit rolls will increase by 35 and 18 percent, respectively. Further, SSA projects that by FY 2017 about 53 percent of its employees will be eligible to retire. This "retirement wave" will result in a loss of valuable skills, institutional knowledge and technical expertise that will affect its ability to deliver quality service to the public.

To minimize the impact of this loss of human capital and address expected DI and Old-Age and Survivors Insurance workload increases, SSA plans to increase its use of automation to continuously provide superior services to the American public. Automation is currently the foundation for all SSA's business processes. For example, to manage its mission-critical programs, SSA has automated the Modernized Claims System and the Modernized Supplemental Security Income Claims System. Without automated tools and processes, SSA would not be able to keep up with its workloads or provide the services the American public expects. This, in turn, has challenged SSA's information systems staff to develop new technologies to serve the public.

To ensure it hires, retains, and develops employees needed to provide services to its beneficiaries and recipients, SSA identified those positions it considers critical to obtaining its mission. Of the 14 mission-critical positions identified, SSA considers the information technology specialist position essential to its workload automation efforts. The information technology specialist develops and supports the systems and services used in the Agency's program and business functions. SSA's succession planning should include actions/activities to ensure the Agency has adequate information specialists to develop and maintain automated systems and tools that enhance SSA's ability to provide quality services within an environment of diminishing resources and expanding expectations.