Good morning, Chairman Johnson, Ranking Member Becerra, and Members of the Subcommittee. Thank you for asking me to be here today, to share my thoughts on how best to protect Social Security from waste, fraud, and abuse. I will share observations based on my 12 years overseeing the Social Security Administration’s (SSA) programs, and recommend areas for continued monitoring by the Office of the Inspector General (OIG) as well as this Subcommittee. This timely topic should be of concern to every American, since all of us—or someone we care about—will rely on Social Security at some point in our lives.
During my tenure as Inspector General, I am proud that we have maximized our return on investment while providing effective oversight of the full range of SSA’s complex programs and nationwide operations. While I certainly cannot recount every one of the thousands of valuable recommendations we have made, upon reflection it becomes clear that most of them fall under one of three overarching trends that emerged or intensified during this time:
- SSA experienced an increase in the number of disability and retirement claims due to factors beyond the agency’s control, including the aging of the baby boom generation; more women participating in the workforce; and a significant economic downturn.
- As workloads have increased and its own workforce has undergone a retirement wave, SSA has encountered a difficult fiscal climate and resulting budgetary constraints. This situation has demanded innovative and efficient ways to best use its limited resources.
- Technology has fundamentally changed the way the American people and the Federal Government do business. As government agencies have struggled to adapt to the demands of the Information Age, outside threats have made it clear that no system is immune to attack. Moreover, criminals who used to steal paper checks from mailboxes have moved into cyberspace with new fraud schemes targeting Social Security beneficiaries.
These changes have presented SSA with serious challenges that it must address to successfully meet its critical mission going forward. SSA must:
- balance its goal of providing excellent service that meets the needs and expectations of its customers with the need to be a good steward of public funds;
- modernize and secure its information systems and processes within a robust strategic planning framework that ensures successful outcomes; and
- identify and prevent disability fraud using mechanisms provided for in the Bipartisan Budget Act as well as other innovative tools.
Each of these challenges encompasses multiple issues that warrant continuing attention and reassessment, which I will outline below.
Balancing Service and Stewardship
According to SSA, in fiscal year (FY) 2015, the agency made more than $900 billion in payments to more than 60 million Americans and their families. Given that many people depend on those funds for meeting their basic needs, SSA must continue striving to get the right benefit to the right person at the right time.
In particular, SSA must place a very high priority on ensuring that the most vulnerable members of our society are paid the benefits they are due, and that those benefits are being used to meet their needs. SSA appoints representative payees for those who are determined to be incapable of managing their own benefits. Representative payee program oversight is a crucial responsibility for SSA, because often those who need a representative payee do not have anyone else with their best interests in mind. About 8 million vulnerable children and disabled or elderly individuals currently have representative payees. With such a large population, SSA must find innovative ways to monitor payees, and identify and quickly take action on suspected benefit misuse, including reporting it to OIG for criminal investigation. Investigating suspected organizational and individual representative payee fraud is a top priority of my office, as it can often involve physical or other types of abuse against the beneficiary, as well as other financial crimes.
Earlier this month, we issued an audit report finding that SSA had made $78 million in direct payments to individuals under one benefit program while paying $136 million to their designated representative payees under a different benefit program. This finding raises questions either about those individuals’ capacity to serve as their own payee, or whether they appropriately used the funds provided directly to them. We recommended, and SSA agreed, that the agency should assess whether to develop a systems alert for payee discrepancies, and should match records from the two benefit programs to quickly identify discrepancies.
SSA has, as a steward of taxpayer funds, a responsibility to ensure that it is spending those funds in the most efficient and effective way possible. I have made a priority of assessing SSA’s efforts to fulfill this responsibility and find areas for improvement. For example, we recently issued an audit report in which we found that SSA was spending much more money to collect low-dollar overpayments than the value of the overpayments themselves. We recommended that SSA re-evaluate this collection process to ensure it expends resources on activities that result in the greatest return on investment. We estimate that implementing our recommendation could save taxpayers over $3 billion. SSA agreed with our recommendation, and has said it has a multi-year plan to enhance its overpayment collection processes with a significant IT investment.
SSA must balance program integrity workloads with the need to process initial claims. We understand that achieving this balance requires difficult fiscal choices by both SSA and its appropriators in Congress. However, according to SSA, at the end of FY 2015, there was a backlog of more than 726,000 full medical continuing disability reviews (CDR). In FY 2016, SSA planned to conduct 908,000 full medical CDRs. We believe SSA should allocate the resources needed every year to initiate CDRs as soon as they come due, to reduce that backlog and prevent its recurrence. This is the best way for SSA to identify those who are no longer disabled and stop their payments timely.
Finally, during my tenure as Inspector General, I have encouraged SSA—and OIG—to pursue computer data matches that can improve payment accuracy and identify government waste and fraud more quickly and efficiently. In particular, we have long recommended that SSA verify information that is self-reported by applicants and beneficiaries, using other government data and third-party sources. Indeed, the agency has begun matching beneficiary information against Medicare data to identify those who may be deceased, based on an OIG recommendation.
However, we have cited other potential data matches that could do more to improve payment accuracy in the Old Age, Survivors, and Disability Insurance program. For example, we have made recommendations related to unreported Federal Employees’ Compensation Act payments and pensions that are not covered by Social Security, which may affect disability or retirement benefit amounts. A previous OIG report noted that beneficiaries whose non-covered pensions are not known to SSA could receive about $870 million in overpayments over their lifetimes; SSA is currently pursuing a legislative change to address this issue.
Information Technology Security, Modernization, and Planning
To meet the challenges described above relating to payment accuracy and customer service, SSA must invest in its information technology infrastructure to support current and future workloads. Regardless of what SSA’s business process looks like in 20 years, having the proper infrastructure to support it will be critical. I am proud of OIG’s efforts to monitor and assess the planning and construction of SSA’s National Support Center, which will soon replace its National Computer Center as the primary repository of the agency’s data and systems hardware. Still, to run its large and complex benefit programs, SSA maintains a number of legacy systems that are more than 30 years old. We believe it is important for the agency to work toward modernizing those systems to reflect current technology that can better support future workloads and lower operating and maintenance costs going forward. Therefore, I was pleased to see SSA’s response to a draft GAO report issued just last week, Federal Agencies Need to Address Aging Legacy Systems, stating that modernization was a “significant priority for our budgeted (IT) resources.”
Unfortunately, one agency initiative to modernize its systems has come under scrutiny due to questions over its planning and development. SSA awarded a contract in 2010 to develop the Disability Case Processing System (DCPS) to replace all State disability determination agencies’ separate systems. In 2014, a contractor hired by SSA determined that despite spending $288 million on the project, DCPS faced schedule delays and limited functionality. In May 2015, SSA discontinued spending on the original DCPS project, and in October 2015 decided to develop a new system. Between FY 2008 and 2015, SSA invested $356 million in DCPS, but has not produced a viable product. In fact, many of these tax dollars represent “sunk costs” for which SSA—and U.S. taxpayers—will realize no benefit.
We have two ongoing reviews of DCPS, due to be issued soon, assessing SSA’s analysis of alternatives to DCPS and the costs incurred during this process. OIG will continue to monitor this project closely, to help inform the Subcommittee and ensure that SSA can eventually achieve DCPS’ stated goals improving consistency and timeliness of initial claims processing across the country.
Not only must the agency modernize its systems, but it must work to ensure that its systems—current and future—are secure from attack or disruption. Recent breaches at government agencies have underscored the importance of securing the voluminous sensitive data that SSA holds for nearly every U.S. citizen, living and deceased, including medical and financial records. Unauthorized access to, or theft of, SSA data can result in significant harm and distress to potentially hundreds of millions of Americans. It is, therefore, imperative that SSA make protecting its networks and information a top priority.
Since FY 2012, our contractor has identified weaknesses in SSA’s information security program that, when aggregated, constitute a significant deficiency under the Federal Information Security Management Act of 2002. Some of these weaknesses include:
- lack of a comprehensive organization-wide risk management strategy;
- weaknesses in network security controls indicating that SSA did not always timely remediate configuration-related vulnerabilities; and
- numerous issues with logical access controls, which resulted in inappropriate and/or unauthorized access.
We have reported similar problems in previous reports, but these weaknesses continue to exist, partly because new controls did not completely address the risks, and because management oversight and governance were not sufficient. SSA must make all efforts to address the weaknesses we have repeatedly identified.
My office has long held that SSA would make progress in both systems modernization and security if it had a comprehensive strategic planning process with measurable, achievable, and specific outcomes. A robust strategic planning process would allow SSA to determine what systems changes it needs to focus on to provide the greatest return on investment and benefit for its current and future customers. Improving long-range planning would also allow SSA to ensure that program integrity workloads (such as CDRs) are balanced against processing initial claims, by predicting workload trends and responding proactively to those trends.
Finally, SSA needs thoughtful, comprehensive strategic planning for customer service as well as information technology, given the rapidly changing expectations of the public. As we recently reported to the Subcommittee, the agency’s Vision 2025, released in FY 2015, described its three priorities for the next 10 years—superior customer experience, exceptional employees, and innovative organization—but did not include specific, measurable goals or outline the strategy needed to implement the proposed vision. SSA has said it will issue its strategic plan next year for FYs 2018-2022 and has said the plan will include specific, measurable goals. However, we believe SSA needs to undertake longer-range planning, optimally 20 years into the future, to plan adequately based on demographic realities, fiscal projections, and technological capabilities.
Identifying and Preventing Fraud, Waste, and Abuse
Thank you for your efforts to include several Social Security-related provisions in the Bipartisan Budget Act of 2015; they will help both SSA and OIG identify and prevent more waste, fraud, and abuse in Social Security programs. First, the mandate to expand our Cooperative Disability Investigations (CDI) program to cover all 50 States is a hard-won recognition of the success of this program to prevent billions of dollars of fraud loss over nearly 20 years. This program has an estimated return on investment of $18 for every $1 invested in its operations. I believe its success lies largely in the cooperative nature that combines expertise and resources across agency and jurisdictional lines. SSA, OIG, State disability determination agencies, and State or local law enforcement agencies work in units located across the country to investigate suspicious disability claims and provide evidence to improve the accuracy of claims decisions.
OIG has worked closely with SSA as it has renewed its efforts to address fraud and increase anti-fraud awareness over the past two years. As part of this effort, in FY 2014, we began to establish additional CDI units in the wake of two major disability fraud investigations in Puerto Rico and New York City. The Bipartisan Budget Act mandate has encouraged SSA to allocate even more resources to the program and allowed us to pursue law enforcement partners in more locations. We are currently working to secure law enforcement partners in new CDI units in Washington, D.C., Baltimore, and Birmingham, Alabama, and we just announced our next unit will be located in South Dakota.
In FY 2015, the CDI program contributed to projected savings of $400 million to SSA, as well as savings for other Federal, State, and local assistance programs. As we move forward with expansion, we will continue to investigate disability applications at the front end to prevent fraud loss before it ever occurs, but we will also encourage referrals of post-entitlement claims to CDI units as well. Those referrals, which can involve work concealment as well as medical improvement, are more likely to result in criminal prosecution and recovery of funds for SSA. Widening the scope of CDI to increase the percentage of post-entitlement cases is a more efficient use of our resources and those of our law enforcement partners, to pursue as many allegations of disability program fraud as we possibly can.
The Bipartisan Budget Act also recognizes the impact of third-party facilitator fraud schemes on the integrity of SSA’s disability programs. I am gratified that the end of my tenure as Inspector General has coincided with the indictments and arrests of individuals in connection with an alleged conspiracy in West Virginia and Kentucky to submit fraudulent disability claims on a large scale. Working with SSA, the Department of Justice, and other Federal law enforcement agencies, our investigation has revealed a potentially huge breach of the public trust. We need to do our utmost to ensure that similar schemes are not occurring and that we can quickly identify or prevent them altogether in the future. Amending the Social Security Act to increase civil and criminal penalties for facilitator fraud—as well as increasing penalties to reflect inflation and including the criminal charge of conspiracy—will go a long way in deterring this type of fraud. In addition, we are working with SSA to establish a predictive analytics program that will use risk factors to identify claims at a high risk for fraud, so we can develop and evaluate them further.
I am also pleased that SSA has expanded the Special Assistant United States Attorney (SAUSA) initiative, in which agency attorneys are detailed to the Department of Justice to prosecute primarily Social Security fraud cases that might otherwise not be prosecuted. SSA currently has 25 SAUSAs across the country, and they have been a tremendous asset to our criminal investigators as they look for avenues to see their cases result in criminal charges and convictions. We would like to see more SAUSAs as resources allow.
Finally, we believe SSA must continue promoting the integrity and protection of its primary identifier, the Social Security number (SSN). SSA established the SSN solely to administer its own programs; however, in many ways it has become the key to financial life in the United States. As such, it has become a valuable commodity for identity thieves. We recently recommended that SSA remove full SSNs from all of its mailed notices, and the agency agreed, but stated, “there are a multitude of complexities that may affect our ability to quickly change our notice structure and format.” The agency has decided to remove SSNs “on a flow basis” as resources allow and other changes to notices are made. However, given that other agencies have already undertaken similar efforts—the Department of Defense has removed SSNs from military identification cards, and the Department of the Treasury has removed them from government checks—we continue to believe SSA should move quickly to remove SSNs from all documents that could find their way to people who could misuse that valuable information.
I am honored to have served as Inspector General for Social Security for 12 years, leading an outstanding workforce of auditors, investigators, attorneys, and support personnel who are committed to providing oversight of and helping improve the United States’ largest and most important public assistance program. The Office of the Inspector General has a critical role as watchdog to ensure that SSA effectively manages this critical safety net for the benefit of all Americans. In this role, we serve both those individuals who benefit from SSA’s programs and all taxpayers who place their trust in SSA to be a good steward of their funds.
Under the next generation of leadership, I am confident that SSA OIG will continue to help ensure the integrity of the Social Security system—the integrity of payments going out and of the infrastructure underpinning the claims and payment processes. This office will also continue to focus on the role that technology and planning must play in identifying and preventing waste, fraud, and abuse.
Thank you again for the invitation to testify, and thank you for your longstanding support of OIG’s efforts and your interest in addressing these critical issues facing SSA. I am happy to answer any questions.