To: The Commissioner
From: Inspector General
Subject: Top Management Challenges—Fiscal Year 2004
The Reports Consolidation Act of 2000 requires that we summarize for inclusion
in the Social Security Administration’s (SSA) Performance and Accountability
Report, our perspective on the most serious management and performance challenges
facing SSA. The challenges in Fiscal Year (FY) 2004 have not changed substantially
from FY 2003. However, we consolidated several related areas to more effectively
cover these areas. The top management issues facing SSA in FY 2004, as determined
by the Office of the Inspector General, are: Social Security Number Integrity
and Protection, Management of the Disability Process, Improper Payments,
Budget Performance and Integration, Critical Infrastructure Protection and
Systems Security, and Service Delivery.
These areas are dynamic, so we encourage continuous feedback and additional study suggestions. This flexibility enables us to meet emerging and critical issues evolving in the upcoming year. Our summary of SSA’s progress in addressing these challenges (see attached) will be included in the Fiscal Year 2004 Performance and Accountability Report.
If you have any questions or need additional information, please call me or have your staff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.
James G. Huse, Jr.
The Reports Consolidation Act of 2000 requires that we summarize, for inclusion
in the Social Security Administration’s (SSA) Performance and Accountability
Report, our perspective on the most serious management and performance challenges
The challenges facing SSA management in Fiscal Year (FY) 2004 have not changed substantially from FY 2003. However, we consolidated several related areas to more effectively cover these areas. For example, Social Security Number Integrity and Protection now covers the former areas of Homeland Security, Social Security Number (SSN) Integrity and Misuse, and Integrity of the Earnings Reporting Process. Our Service Delivery issue area now includes Human Capital, E-Government, and representative payee issue areas. We also eliminated the Fraud Risk issue area since potentially there are elements of fraud risk in each management challenge.
The Office of the Inspector General (OIG) believes the management challenges facing SSA in FY 2004 are as follows.
Since 1997, we have provided our perspective on these management challenges
to Congress, SSA and other key decisionmakers. In developing this year’s
list, we considered the four initiatives the Commissioner has identified as
priorities: Service, Stewardship, Solvency, and Staff.
We also reviewed
• the most significant issues as outlined in the President’s Management Agenda (PMA),
• SSA’s progress in responding to the Office of Management and Budget’s (OMB) Scorecard,
• the Inspector General’s Strategic Plan,
• the high-risk list prepared by the General Accounting Office (GAO), and
• our body of audit and investigative work.
Finally, we prepared a crosswalk to ensure there was no disconnect or gap among those reviewing SSA’s programs and operations.
SOCIAL SECURITY NUMBER INTEGRITY AND PROTECTION
In FY 2002, SSA issued about 18 million original and replacement SSN cards, and SSA received approximately $524 billion in employment taxes related to earnings under issued SSNs.
The SSN is the single most widely used identifier for Federal and State governments as well as the private sector. In FY 2002, SSA issued about 18 million original and replacement SSN cards, and SSA received approximately $524 billion in employment taxes related to earnings under issued SSNs. Protecting the SSN and properly posting the wages reported under SSNs are critical to ensuring eligible individuals receive the full retirement, survivor and/or disability benefits due them.
Unfortunately, the SSN is often misused. And identity theft is not just about individuals. While being the immediate victim of identity theft and SSN misuse can cause individuals years of difficulty, it also brings cost to financial and commercial institutions, which is ultimately passed on to consumers. Worse yet, SSN misuse can disguise a dangerous felon or a would-be terrorist as a law-abiding citizen. That de facto national identifier can provide a criminal the identification and seeming legitimacy he or she needs to go about nefarious business, perhaps putting dozens, hundreds, or even thousands of lives in jeopardy.
Protecting the Social Security Number
To ensure the integrity of the SSN, SSA must focus on three stages of protection: (1) when the SSN card is issued, (2) during the life of the SSN cardholder, and (3) upon the SSN cardholder’s death. Furthermore, SSA must employ effective front-end controls in its enumeration process. Likewise, additional techniques, such as data mining, biometrics, and enhanced systems controls, are critical in the fight against SSN misuse.
To effectively combat SSN misuse, we believe SSA should
• establish a reasonable threshold for the number of replacement SSN cards an individual may obtain during a year and over a lifetime,
• expedite systems controls that would interrupt SSN assignment when SSA mails multiple cards to common addresses or when parents claim an improbably large number of children,
• continue to address identified weaknesses within its information security environment to better safeguard SSNs, and
• continue to educate SSA staff about counterfeit documents.
Integrity of the Earnings Process
The integrity of the SSN is also related to SSA’s process for posting workers’ earnings. The proper posting of earnings ensures that eligible individuals receive the full retirement, survivor and/or disability benefits due them. If earnings information is reported incorrectly or not reported at all, SSA cannot ensure all eligible individuals are receiving the correct payment amounts. In addition, SSA’s disability programs under the Disability Insurance (DI) and Supplemental Security Income (SSI) provisions depend on this earnings information to determine (1) whether an individual is eligible for benefits and (2) the size of the disability payment.
SSA spends scarce resources trying to correct the earnings data when incorrect information is reported. The Earnings Suspense File (ESF) is the Agency’s record of annual wage reports for which wage earners’ names and SSNs fail to match SSA’s records. Between 1937 and 2000, the ESF grew to represent about $374 billion in wages, which included approximately 236 million wage items with an invalid name and SSN combination. As of July 2002, SSA had posted 9.6 million wage items to the ESF for Tax Year 2000, representing about $49 billion in wages.
While SSA has limited control over the factors that cause the volume of erroneous wage reports submitted each year, there are still areas where SSA can improve its processes. SSA can improve wage reporting by educating employers on reporting criteria, identifying and resolving employer reporting problems, and encouraging greater use of the Agency’s SSN verification programs. SSA also needs to improve coordination with other Federal agencies with separate, yet related, mandates. For example, SSA’s ability to improve wage reporting is related to the Internal Revenue Service’s failure to sanction employers for submitting invalid wage data. It is also related to the complicated employer procedures the Bureau of Citizenship and Immigration Services uses to verify eligible employees.
Social Security Number Integrity Protection Team
Finally, pending funding, we will be establishing an SSN Integrity Protection Team (Team) to address the escalating issue of SSN misuse. The Team is an integrated approach that combines the talents of our auditors, investigators, computer specialists, analysts, and attorneys. In addition to supporting homeland security initiatives, the Team will focus its efforts on
• identifying patterns and trends of SSN misuse;
• locating systemic weaknesses that contribute to SSN misuse, such as in the enumeration and earnings-related processes;
• recommending legislative or other corrective actions to ensure the SSN’s integrity; and
• pursuing criminal and civil enforcement provisions for individuals misusing SSNs.
This Team will also partner with external private and public sector organizations not only to educate, but to pursue mutually beneficial activities to prevent and detect fraudulent use of SSNs.
MANAGEMENT OF THE DISABILITY PROCESS
SSA has tested several improvements to the disability claims process. To date, these initiatives have not resulted in significant improvement. In January 2003, GAO added the modernizing of Federal disability programs, to include SSA’s disability programs, to its high-risk list.
SSA administers the DI and SSI programs that provide benefits based on disability. Most disability claims are initially processed through a network of Social Security field offices and State Disability Determination Services (DDS). SSA representatives in the field offices are responsible for obtaining applications for disability benefits and verifying non-medical eligibility requirements, which may include age, employment, marital status, or Social Security coverage information. After initial processing, the field office sends the case to a DDS for evaluation of disability. |
The DDSs, which SSA fully funds, are State agencies responsible for developing medical evidence and rendering the determination of whether the claimant is disabled or blind. After the DDS makes the disability determination, it returns the case to the field office for appropriate action depending on whether the claim is allowed or denied. In FY 2002, over 2 million initial disability claims were processed, and the average processing time was 104 days.
Once SSA establishes an individual is eligible for disability benefits under either the DI or SSI program, the Agency turns its efforts toward ensuring the individual continues to receive benefits only as long as SSA’s eligibility criteria are met. Disability benefits will not continue if any of the following occur:
• legislation or Federal regulations rescind a prior disabling condition from qualifying for benefits,
• a child turns 18 years old and is no longer considered disabled under adult criteria,
• an individual returns to work and has income over SSA’s allowable amount, or
• a continuing disability review shows the individual is no longer disabled.
SSA’s Office of Hearings and Appeals (OHA) is responsible for holding hearings and issuing decisions in SSA’s appeals process. OHA’s field structure consists of 10 regional offices and 140 hearing offices. Administrative law judges (ALJ) hold hearings and issue decisions in hearing offices nationwide. In FY 2002, hearing offices processed over 500,000 cases, and the average processing time was 336 days.
The Appeals Council is the final level of administrative review for claims filed under SSA’s disability programs. The Appeals Council reviews ALJ decisions and dismissals upon the claimant’s timely request for review. In FY 2002, the Appeals Council processed 115,467 cases, and the average processing time was 412 days.
Over the last several years, SSA has tested improvements to the disability claims process as a result of concerns about the timeliness and quality of customer service. The disability improvements combine initiatives that have been tested and piloted and include all levels of eligibility determination—beginning with State DDSs and going through the hearings and appeals processes.
To date, these initiatives have not resulted in significant improvements in the disability claims process, and, in January 2003, GAO added the modernizing of Federal disability programs, including SSA’s, to its 2003 high-risk list. The Commissioner recently announced several decisions on the future of SSA’s disability process. This included the Commissioner’s decisions to
• pursue the expansion of the Single-Decision Maker authority nationwide,
• end the requirements for the claimant conference in sites testing the prototype disability process,
• evaluate the elimination of the reconsideration level of the claims process nationwide,
• make additional improvements to the hearings process, and
• implement an Electronic Disability System by 2004.
SSA reports that its short-term initiatives have improved the hearings process. The short-term initiatives include expedited techniques for the review of cases and technology enhancements designed to improve the timeliness of decisions. Furthermore, SSA expects the electronic disability system to provide OHA a more efficient and effective case processing system when implemented.
Fraud is an inherent risk in SSA’s disability programs. Some unscrupulous people view SSA’s disability benefits as money waiting to be taken. A key risk factor in the disability program is individuals who feign or exaggerate symptoms to become eligible for disability benefits. Another key risk factor is the monitoring of medical improvements for disabled individuals to ensure those individuals who are no longer disabled are removed from the disability roles.
SSA, in conjunction with our office, has taken an active role in addressing the integrity of the disability programs through the Cooperative Disability Investigations (CDI) program. The CDI program’s mission is to obtain evidence that can resolve questions of fraud in SSA’s disability programs. SSA’s Offices of Operations, Disability Programs, and Disability Determinations along with the OIG manage the CDI program. There are 17 CDI units operating in 16 States. From October 1, 2002 through March 31, 2003, the CDI units saved SSA about $44 million by identifying fraud and abuse in the disability program before benefits were paid.
Determining and paying accurate and timely program benefits are primary commitments of SSA, along with good stewardship of the trust fund and the General Revenue fund.
SSA is responsible for issuing benefit payments under the Old-Age, Survivors, and Disability Insurance (OASDI) and SSI programs. In FY 2002, SSA issued $483 billion in benefit payments to 53.1 million beneficiaries. Considering the volume and amount of payments SSA makes each month, even the slightest error in the overall process can result in millions of dollars in over- or underpayments.
Improper payments are defined as payments that should not have been made or were made for incorrect amounts. Examples of improper payments include inadvertent errors, payments for unsupported or inadequately supported claims, payments for services not rendered, or payments to ineligible beneficiaries. The risk of improper payments increases in programs with (1) a significant volume of transactions, (2) complex criteria for computing payments, and/or (3) an overemphasis on expediting payments. Since SSA is responsible for issuing timely benefit payments for complex entitlement programs to over 50 million individuals, SSA is at-risk of making significant improper payments.
The President and Congress have expressed interest in measuring the universe of improper payments within the Government. Specifically, in August 2001, OMB published the FY 2002 PMA, which included a Government-wide initiative for improving financial performance. In November 2002, the Improper Payments Information Act of 2002 was enacted, and OMB issued guidance in May 2003 on implementing this new law.
Under this law, agencies that administer programs where the risk of erroneous
payments is significant must estimate their annual amount of improper payments
and report this information in their Performance and Accountability Report
for FYs ending on or after September 30, 2004. OMB will use this information
while working with the agencies to establish goals for reducing erroneous payments
for each program.
SSA and the OIG have had on-going discussions on improper payments—on such issues as detected vs. undetected improper payments and avoidable overpayments vs. unavoidable overpayments which are outside the Agency’s control and a “cost of doing business.” In August 2003, OMB issued specific guidance to SSA to only include avoidable overpayments in the Agency’s improper payment estimate because these payments could be reduced through changes in administrative actions. Unavoidable overpayments that result from legal or policy requirements are not to be included in SSA’s improper payment estimate.
In September 2003, the OIG issued an Issue Paper on improper payments—where we analyzed overpayments from SSA, other Federal agencies, and private sector disability insurers. Based on this work, we plan to initiate a comprehensive and statistically valid review in FY 2004 to quantify the amount of undetected overpayments SSA’s disability programs—with a focus on the four diagnosis groups we believe (based on prior audit and investigative work) are problematic. Additionally, preliminary results from one of our audits at the end of FY 2003 show significant overpayments—related to earnings by disabled beneficiaries—went undetected by SSA. This work and other studies—such as one to assess whether overpayment waivers were appropriate—will be completed and/or initiated in FY 2004 and beyond to address the issue of improper payments.
SSA has undertaken many projects to identify and improve areas where it could do more to reduce improper payments and/or recover amounts overpaid. Specifically, SSA has been working to improve its ability to prevent over- and underpayments by obtaining beneficiary information from independent sources sooner and/or using technology more effectively. In this regard, SSA has initiated new computer matching agreements, obtained on-line access to wage and income data, and implemented improvements in its debt recovery program.
Working with SSA, we have made great strides in reducing benefit payments to prisoners and SSI payments to fugitive felons, and these efforts continue. However, improper payments, including those to deceased beneficiaries, students, and individuals receiving State workers’ compensation benefits, continue to drain the Social Security trust fund.
BUDGET AND PERFORMANCE INTEGRATION
Our work has demonstrated that SSA is generally committed to the production and use of reliable performance and financial management data, but some improvements would further enhance SSA’s ability to produce accurate and actionable management information.
This area encompasses SSA’s efforts to provide timely, useful and reliable data to assist internal and external decisionmakers in effectively managing Agency programs, as well as both evaluating performance and ensuring the validity and reliability of performance, budgeting, and financial data.
To effectively meet its mission, manage its programs, and report on its performance, SSA needs sound performance and financial data. Congress, other external interested parties, and the general public also want sound data to monitor and evaluate SSA’s performance. SSA relies primarily on internally generated data to manage the information it uses to administer its programs and report to Congress and the public. The necessity for good internal data Governmentwide has resulted in the passage of several laws and regulations to make Government more accountable. The Chief Financial Officers Act of 1990, as amended; the Government Management Reform Act of 1994; and the Government Performance and Results Act (GPRA) were passed to create an environment of greater accountability within Federal agencies.
In accordance with GPRA, SSA has set forth its mission and strategic goals in 5-year strategic plans, established yearly targets in its annual performance plans, and reported on its performance in its annual performance reports. Each year, we conduct audits to assess the reliability of SSA’s performance data and evaluate the extent to which SSA’s performance plan describes its planned and actual performance meaningfully.
In addition to performance audits, we perform and monitor audits of SSA’s financial statements and other financial-related audits of SSA’s operations. Our work includes comprehensive technical and administrative oversight of the annual audit of SSA’s financial statements, performed by an independent public accountant. We also perform reviews of the quality of single audits conducted by State auditors and public accounting firms. Additionally, we conduct administrative cost audits of State DDSs, which assist SSA with its disability workload. This body of work helps assess the validity and reliability of the financial data SSA relies on to manage its programs and meet its mission.
The integrity of SSA’s programs and those that rely on information from SSA depend on the reliability and quality of the Agency’s data. External data and data exchanges are critical to SSA’s programs and are the focus of many of our audits. Therefore, it is imperative that SSA’s data be reliable.
Considering the critical role of the underlying data in all of SSA’s performance, financial, and data-sharing activities, it is crucial that the Agency have clear processes in place to ensure the reliability and integrity of its data.
CRITICAL INFRASTRUCTURE PROTECTION AND SYSTEMS SECURITY
SSA’s information security challenge is to understand and mitigate system vulnerabilities.
The Government has a major responsibility for public health and safety. Dramatic and widespread harm would result should its systems be compromised. Therefore, it is imperative that the Nation’s critical information infrastructure, which is essential to the operations of the economy and Government, be protected. These systems include, but are not limited to the following.
• Banking and finance
• Water systems
• Facility and personnel security
• Emergency services, both Federal and private sector
Many of the Nation’s critical infrastructures have historically been physically and logically separate systems that had little interdependence. Through advances in information technology and improved efficiency, however, these infrastructures have become increasingly automated and interconnected. These same advances have created new vulnerabilities to equipment failures, human error, weather and other natural disasters, and physical cyber-attacks.
Addressing these vulnerabilities will require flexible, evolutionary approaches that span the public and private sectors and protect both domestic and international security. Presidential Decision Directive 63, issued in 1998, requires that Federal agencies identify and protect their critical infrastructure and assets. The information SSA needs to conduct its mission is one of its most valuable assets. The Agency is depending on technology to meet the challenges of increasing workloads with fewer resources. A physically and technologically secure Agency information infrastructure is a fundamental requirement.
Growth in computer interconnectivity brings a heightened risk of disrupting or sabotaging critical operations, reading or copying sensitive data, and tampering with critical processes. Those who wish to disrupt or sabotage critical operations have more tools than ever.
SSA’s information security challenge is to understand and mitigate system vulnerabilities. At SSA, this means ensuring its critical information infrastructure, such as access to the Internet and the networks, is secure. By improving systems security and controls, SSA will be able to use current and future technology more effectively to fulfill the public’s needs. The public will not use electronic access to SSA services if it does not believe those systems are secure.
SSA addresses critical information infrastructure and systems security in a variety of ways. It created a Critical Infrastructure Protection work group that continually works toward compliance with Presidential Decision Directive 63. SSA has several other components throughout the organization that handle systems security including the newly created Office of Information Technology Security Policy within the Office of the Chief Information Officer. SSA also routinely releases out security advisories to its employees and has hired outside contractors to provide expertise in this area.
Given the complexity of the Agency’s programs, the billions of dollars in payments at stake, and the millions of citizens who rely on SSA, we must ensure that quality, timely, and appropriate services are consistently provided to the public-at-large.
The delivery of service to the American people poses a significant challenge that SSA is compelled to address. The Agency’s goal of “service” encompasses traditional and electronic services to applicants for benefits, beneficiaries and the general public. It also includes services to and from States, other agencies, third parties, employers, and other organizations including financial institutions and medical providers. This goal supports the delivery of “citizen-centered” services and use of “E-Government,” and therefore affords SSA opportunities to advance these levels of service. Given the complexity of the Agency’s programs, the billions of dollars in payments at stake, and the millions of citizens who rely on SSA, we must ensure that quality, timely, and appropriate services are consistently provided to the public-at-large.
The PMA also calls for improved service delivery through the use of E-Government in creating more cost-effective and efficient ways to provide service to citizens. The increased use of E-Government will be essential to help address the Agency’s expected future loss of institutional knowledge accompanied by the increased services expected with the aging of the baby-boom generation. Future service delivery challenges include providing electronic services over the Internet and telephone, 24 hours a day, 7 days a week. It will be the norm for business transactions to be processed electronically.
By 2005, SSA is expected to make 60 percent of its customer-initiated services available through automated telephone services or the Internet. The Agency recently began allowing the public to file DI claims through the Internet to help achieve its service delivery goals. SSA expects to begin a nation-wide roll-out of its Electronic Disability System in 2004. There are always risks involved in conducting electronic commerce, despite the Agency’s efforts to identify and mitigate them. SSA will have to keep privacy and security concerns at the forefront of its planning efforts.
Representative Payee Challenges
A specific challenge in this area is maintaining the integrity of the representative payee process. When SSA determines a beneficiary cannot manage his/her benefits, SSA selects a representative payee, who must use the payments for the beneficiary’s benefit. There are about 5.3 million representative payees who manage benefit payments for 6.7 million beneficiaries. While representative payees provide a valuable service for beneficiaries, SSA must provide appropriate safeguards to ensure they meet their responsibilities to the beneficiaries they serve.
Since FY 2001, we have completed numerous audits of representative payees. Our audits identified
• deficiencies with the financial management of, and accounting for, benefit receipts and disbursements;
• vulnerabilities in the safeguarding of beneficiary payments;
• poor monitoring and reporting to SSA of changes in beneficiary circumstances;
• inappropriate handling of beneficiary-conserved funds; and
• improper charging of fees.
Human Capital Challenges
Many agencies, including SSA, share the challenge to address human capital shortfalls. The critical loss of institutional skills and knowledge, combined with greatly increased workloads at a time when the baby-boom generation will require its services, must be addressed by succession planning, strong recruitment efforts, and the effective use of technology as previously discussed.
In January 2001, GAO added strategic human capital management to its list of high-risk Federal programs and operations. By 2010, workloads are anticipated to increase to unprecedented volumes. Along with the workload increase, the incredible pace of technological change will have a profound impact on both the public’s expectations and SSA’s ability to meet those expectations.
At current staffing levels, SSA finds it difficult to maintain an acceptable level of service, especially in its most complicated workloads. After downsizing and curtailing investments in human capital (people), the Government is facing a major challenge to meet the current and emerging needs of the Nation’s citizens.