social security: a-44-05-25111

8/14/2019 Social Security: A-44-05-25111

http://slidepdf.com/reader/full/social-security-a-44-05-25111 1/12

SOCIAL SECURITY

MEMORANDUM

Date: November 10, 2004 Refer To:

To: The Commissioner

From: Acting Inspector General

Subject: Top Issues Facing Social Security Administration Management—Fiscal Year 2005

The Reports Consolidation Act of 2000 requires that we summarize for inclusion in the SocialSecurity Administration’s (SSA) Performance and Accountability Report, our perspective on themost serious management and performance challenges facing SSA. The top management issuesfacing SSA in Fiscal Year 2005, as determined by the Office of the Inspector General, are:Social Security Number Protection, Management of the Disability Process, Improper Payments,Internal Control Environment and Performance Measures, Critical Infrastructure Protection andSystems Security, and Service Delivery.

These areas are dynamic, so we encourage continuous feedback and additional areas to evaluate.Our summary of SSA’s progress in addressing these management issues will be included in theFiscal Year 2005 Performance and Accountability Report.

If you have any questions or need additional information, please call me or have your staff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.

Patrick P. O’Carroll, Jr.

Attachment

cc:James B. LockhartLarry DyeLarry Love

S



op Issues Facingocial Security Administration

Management

Fiscal Year 2005



Top Management Challenges1

The Reports Consolidation Act of 2000 1 requiresthat we summarize, for inclusion in the SocialSecurity Administration’s (SSA) Performanceand Accountability Report, our perspective on

the most serious management and performancechallenges facing SSA. Since 1997, we have provided our perspective on these managementchallenges to Congress, SSA and other keydecisionmakers. In developing this year’s list,we considered

the four initiatives the Commissioner hasidentified as priorities: Service, Stewardship,Solvency, and Staff;

the most significant issues as outlined in thePresident’s Management Agenda (PMA);

SSA’s progress in responding to the Officeof Management and Budget’s (OMB)Scorecard;

the Inspector General’s Strategic Plan;

the high-risk list prepared by the GovernmentAccountability Office (GAO); andour body of audit and investigative work.

Finally, we prepared a crosswalk to ensure therewas no disconnect or gap among those reviewingSSA’s programs and operations.

Crosswalk of PMA to Commissioner Priorities, OIG Management Challenges, Social SecurityAdvisory Board, and GAO Challenges

PMA CommissionerPriorities

OIG MajorManagement

Challenges

Social SecurityAdvisory Board

GAO Performance andAccountability Challenges

ExpandedElectronicGovernment

Service Service Delivery

Management of theDisability Process

Service to the Public

Disability Reform

Service Delivery

Improve the DisabilityDetermination ServiceProcess and Return to Work

Disability Insurance— High Risk

ImprovedFinancialPerformance

CompetitiveSourcing

Budget andPerformanceIntegration

Stewardship

Solvency

Improper Payments

Critical InfrastructureProtection and SystemsSecurity

SSN Protection

Internal ControlEnvironment and

Performance Measures

SSN Case HandlingQuality

SSN Misuse

Supplemental SecurityIncome

Information Security

StrategicManagementof HumanCapital

Staff Service Delivery StaffingHiringTrainingManagementWork Measurement

Human Capital

1 Pub. L. No. 106-531.




S OCIAL S ECURITY N UMBER

P ROTECTION

The SSN is the single most widely used identifier for Federal and State

governments, as well as the private sector.

In FY 2003, SSA issued over 17.6 millionoriginal and replacement Social Securitynumber (SSN) cards, and SSA receivedapproximately $533 billion in employmenttaxes related to earnings under assignedSSNs. Protecting the SSN and properly

posting the wages reported under SSNs arecritical to ensuring eligible individuals receivethe full benefits due them.

Efforts to Protect the SSN

The SSN has become a key to social, legal,and financial assimilation in this country.Because the SSN is so heavily relied on as anidentifier, it is also valuable as an illegalcommodity. Criminals improperly obtainSSNs by (1) presenting false documentation;(2) stealing another person’s SSN;(3) purchasing an SSN on the black market;(4) using the SSN of a deceased individual; or (5) creating a nine-digit number out of thinair.

To ensure SSN integrity, SSA must employeffective front-end controls in its enumeration

process. To effectively combat SSN misuse,we believe SSA should

establish a reasonable threshold for thenumber of replacement SSN cards anindividual may obtain during a year andover a lifetime,

continue to address identified weaknessesin its information security environment to

better safeguard SSNs, and

consider revising its policies to requirethat field offices obtain independentverification of the birth records for U.S. citizens under age 1 before SSNassignment.

SSA has taken steps to improve controlswithin its enumeration process, includingestablishing the Enumeration Response Team.As a result of the Team’s efforts, SSA now

performs full collateral verification of allimmigration documents before assigningSSNs to noncitizens. SSA requiresmandatory interviews for all applicants for original SSNs who are over age 12 (loweredfrom age 18) and requires evidence of identity

for all children, regardless of age. In addition,SSA has established an Enumeration Center in Brooklyn, New York, that focusesexclusively on assigning SSNs and issuingSSN cards. SSA has also created an IdentityTheft Workgroup in which we participate.

The SSN and Reported Earnings

Properly posting earnings ensures eligibleindividuals receive the full retirement,

survivor and/or disability benefits due them.If earnings information is reported incorrectlyor not reported at all, SSA cannot ensure alleligible individuals are receiving the correct

payment amounts. In addition, SSA’sdisability programs depend on earningsinformation to determine whether anindividual is eligible for benefits and tocalculate the amount of benefit payments.

SSA spends scarce resources correctingearnings data when incorrect information isreported. The Earnings Suspense File (ESF)is the Agency’s record of annual wage reportsfor which wage earners’ names and SSNs failto match SSA’s records. As of October 2003,




SSA had posted 9.6 million wage items to itsESF for Tax Year 2001, representing about$56 billion in wages. This was before some

planned edits, which may have further reduced this number.

While SSA has limited control over thefactors that cause the volume of erroneouswage reports submitted each year, there arestill areas where the Agency can improve its

processes. SSA can improve wage reporting by educating employers on reporting criteria,identifying and resolving employer reporting

problems, and encouraging greater use of theAgency’s SSN verification programs. SSAalso needs to coordinate with other Federal

agencies with separate, yet related, mandates.For example, the Agency now collaborateswith the Internal Revenue Service to achievemore accurate wage reporting.

SSA has taken steps to reduce the size andgrowth of the ESF. For example, SSA hasexpanded its Employee Verification Service

by piloting an on-line service called the SocialSecurity Number Verification Service, whichallows employers to verify the names and

SSNs of employees before reporting their wages to SSA. The Agency has also modifiedits automated processes to better identify thenumberholder related to suspended items.Whereas previous internal edits used only thename and SSN related to the suspended wage,SSA stated the new processes would useinformation stored on the earnings and

benefits records.

The SSN and Unauthorized Work

SSA also assigns nonwork SSNs tononcitizens who are (1) in the United States

but are not authorized to work and (2) are not present in the United States but are entitled toa federally-financed benefit that requires anSSN. In recent years, SSA has strictly limitedthe assignment of such numbers.

Furthermore, SSA monitors noncitizens whoshow earnings under a nonwork SSN andreports this information to the Department of Homeland Security (DHS). Nonetheless, our audits have noted a number of issues relatedto nonwork SSNs, including (1) the type of

evidence provided to obtain a nonwork SSN,(2) the reliability of nonwork SSNinformation in SSA’s records, (3) thesignificant volume of wages reported under nonwork SSNs, and (4) the payment of

benefits to noncitizens who qualified for their benefits while working in the country without proper authorization.

Recent legislation (Pub. L. 108-203, Social Security Protection Act of 2004 ) prohibits the

payment of Title II benefits based on theearnings of any individual who is not aU.S. citizen or national and who has never

been issued an SSN to work in the UnitedStates. SSA’s implementation of this newlaw will require increased coordination withDHS to ensure SSA has the correct work status information in its systems.




M ANAGEMENT OF THE

D ISABILITY P ROCESS

In FY 2003, DDSs processed over 2.5 million initial disability claims, and

the average processing time was 97 days.

SSA administers the Disability Insurance (DI)and Supplemental Security Income (SSI)

programs, which provide benefits based ondisability. Most disability claims are initially

processed through a network of SocialSecurity field offices and State DisabilityDetermination Services (DDS). SSArepresentatives in the field offices areresponsible for obtaining applications for

disability benefits, disability report forms andauthorization for disclosure of informationforms as well as verifying non-medicaleligibility requirements, which may includeage, employment, marital status, or SocialSecurity coverage information. After initial

processing, the field office sends the case to aDDS to develop medical evidence andevaluate disability.

Once SSA establishes an individual is eligible

for disability benefits under either the DI or SSI program, the Agency turns its effortstoward ensuring the individual continues toreceive benefits only as long as SSA’seligibility criteria are met. For example, acontinuing disability review (CDR) may showthe individual no longer meets SSA’sdisability criteria or has demonstrated medicalimprovement.

If an individual disagrees with the Agency’sdecision on his/her claim or CDR, theclaimant can appeal to SSA’s Office of Hearings and Appeals (OHA). OHA’s fieldstructure consists of 10 regional offices and140 hearing offices. OHA’s administrativelaw judges hold hearings and issue decisions.In FY 2003, hearing offices processed571,928 cases. OHA’s average processing

time has increased significantly from274 days in FY 2000 to 344 days in FY 2003.Further, the pending workload was591,562 cases on September 30, 2003,whereas it was 346,756 cases on

September 30, 2000. We have focused our attention on weaknesses within OHA—suchas the backlog of cases, safeguards for sensitive information in case files, andshredding documents.

GAO added modernizing Federal disability programs—including SSA’s—to its 2003high-risk list due, in part, to outmodedconcepts of disability, lengthy processingtimes, and decisional inconsistencies. InSeptember 2003, the Commissioner of SocialSecurity proposed a new approach toimproving the disability determination

process, which includes several initiatives thatemphasize timely and accurate disabilitydecisions. For example, a quick-decision stepwould initially sort claims based oninformation provided by claimants to identify

people who are obviously disabled.Additionally, the Commissioner proposed anin-line quality review process and acentralized quality control unit. TheCommissioner views her September 2003

proposal as the first step in a collaborative process eventually leading to a final plan for disability improvements.

In addition to her long-term proposal, theCommissioner has accelerated the Agency’stransition to the electronic disability folder.The electronic disability folder will allow for disability claims information to be storedelectronically and transmitted electronically

between field offices, DDSs, and OHA.




Disability Fraud

Fraud is an inherent risk in SSA’s disability programs. Some unscrupulous people viewSSA’s disability benefits as money waiting to

be taken. A key risk factor in the disability program is individuals who feign or exaggerate symptoms to become eligible for disability benefits. Another key risk factor isthe monitoring of medical improvements for disabled individuals to ensure thoseindividuals who are no longer disabled areremoved from the disability rolls.

We are working with SSA to address theintegrity of the disability programs through

the Cooperative Disability Investigation(CDI) program. The CDI program’s missionis to obtain evidence that can resolvequestions of fraud in SSA’s disability

programs. The CDI program is managed in acooperative effort between SSA’s Office of Operations, the Office of the Inspector General, and the Office of DisabilityPrograms. There are 18 CDI units operatingin 17 States. In the first half of FY 2004, theCDI units saved SSA almost $64 million by

identifying fraud and abuse related to initialand continuing claims within the disability program.

I MPROPER P AYMENTS

In FY 2003, SSA issued over $500 billion in benefit payments to about

50 million beneficiaries.

SSA issues benefit payments under the

Old-Age, Survivors and Disability Insurance(OASDI) and SSI programs. Since SSA isresponsible for issuing timely benefit

payments for complex entitlement programsto about 50 million individuals, even theslightest error in the overall process can resultin millions of dollars in over- or underpayments.

Improper payments are defined as paymentsthat should not have been made or were madefor incorrect amounts. Examples of improper

payments include inadvertent errors, payments for unsupported or inadequately

supported claims, or payments to ineligible beneficiaries. Furthermore, the risk of improper payments increases in programswith

a significant volume of transactions,

complex criteria for computing payments,and

an overemphasis on expediting payments.

The President and Congress have expressedinterest in measuring the universe of improper

payments within the Government. In August2001, OMB published the FY 2002 PMA,which included a Government-wide initiativefor improving financial performance. In

November 2002, the Improper Payments Information Act of 2002 was enacted, andOMB issued guidance in May 2003 onimplementing this law.

Under the Act, agencies that administer programs where the risk of improper payments is significant must estimate their annual amount of improper payments andreport this information in their AnnualPerformance and Accountability Reports.OMB works with each agency to establishgoals for reducing improper payments for each program.

SSA and the Office of the Inspector General

have had discussions on such issues asdetected versus undetected improper payments and avoidable versus unavoidableoverpayments that are outside the Agency’scontrol and a cost of doing business. InAugust 2003, OMB issued specific guidanceto SSA to only include avoidableoverpayments in its improper payment




estimate because these payments could bereduced through changes in administrativeactions. Unavoidable overpayments thatresult from legal or policy requirements arenot included in SSA’s improper payment

estimate.SSA has been working to improve its abilityto prevent over- and underpayments byobtaining beneficiary information fromindependent sources sooner and/or usingtechnology more effectively. For example,the Agency is continuing its efforts to preventimproper payments after a beneficiary diesthrough the use of Electronic Death

Registration information. Also, the Agency’sCDR process identifies and prevents

payments to beneficiaries who are no longer disabled.

In FY 2004, we focused on improper payments that go undetected by SSA’s normal processes. For instance, in one review of disabled beneficiaries who work, we foundthat SSA had assessed about $1.78 billion inoverpayments for about 117,320 individuals.However, we estimated the Agency did notdetect about $1.37 billion in overpayments toabout 63,000 beneficiaries. SSA isimplementing eWork, a new initiative tostrengthen controls in this area.

Working with SSA, we have made greatstrides in reducing benefit payments to

prisoners and SSI payments to fugitive felons,and these efforts continue. However, our work has shown that improper payments— such as those related to workers’compensation—continue to diminish theSocial Security trust funds. Additionally,with the passage of the Social Security

Protection Act of 2004 , SSA faces newchallenges in preventing and recoveringimproper payments—such as OASDI benefitsto fugitives.

I NTERNAL C ONTROL

E NVIRONMENT AND

P ERFORMANCE M EASURES

Assessing the control environment over DDSs and SSA’s performance measures helps ensure the Agency is properly

managing its resources to meet it mission.

Internal control comprises the plans, methods,and procedures used to meet missions, goals,and objectives. Internal controls helpsafeguard assets and prevent and detect errorsand fraud. Assessing the internal controlenvironment is important since internalcontrol is a critical part of performance-basedmanagement. SSA’s internal controlenvironment helps its managers achievedesired results through effective stewardshipof public resources.

SSA is responsible for implementing policiesfor the development of disability claims under the DI and SSI programs. Disabilitydeterminations under both DI and SSI are

performed by DDSs in each State inaccordance with Federal regulations. Incarrying out its obligation, each DDS isresponsible for determining claimants’disabilities and ensuring adequate evidence isavailable to support its determinations. Toassist in making proper disabilitydeterminations, each DDS is authorized to

purchase medical examinations, x-rays, andlaboratory tests on a consultative basis tosupplement evidence obtained from theclaimants’ physicians or other treatingsources. There are 52 DDSs located in each

of the 50 States, the District of Columbia, andPuerto Rico. SSA reimburses the DDS for 100 percent of allowable expenditures up toits approved funding authorization. In FY2003, SSA allocated over $1.6 billion to fundDDS operations.




During FYs 2000 through 2003, weconducted 15 DDS administrative cost audits.In 13 of the 15 audits, internal controlweaknesses were identified. For example, wereported that improvements were needed to

ensure Federal funds were properly drawnand payments to medical providers were inaccordance with Federal regulations. Thelack of effective internal controls can result inthe mismanagement of Federal resources andincrease the risk of fraud.

In 6 of the 15 DDS administrative cost audits,we reported unallowable indirect coststotaling about $12.3 million. As a result, weinitiated a separate review of SSA’s oversightof indirect costs. We reported that SSAneeded to improve its oversight of indirectcosts claimed by DDSs to ensure SSA fundsobligated by DDSs through the indirect cost

process benefited SSA’s disability programsand the costs were equitably distributed to its

programs.

Congress, external interested parties, and thegeneral public need sound data to monitor andevaluate SSA’s performance. SSA relies

primarily on internally generated data tomanage the information it uses to administer its programs and report to Congress and the

public. The necessity for good internal dataGovernment wide has resulted in the passageof several laws, including the GovernmentPerformance and Results Act. In addition tothe legislation calling for greater accountability within the Government, thePMA has focused on the integration of the

budget and performance measurement processes. The PMA calls for agencies to,over time, identify high quality outcomemeasures, accurately monitor the performanceof programs, and begin integrating this

presentation with associated costs.

SSA sets forth its mission and strategic goalsin strategic plans, establishes yearly targets inits annual performance plan, and reports on its

performance annually. Each year, we conductaudits to assess the internal controlenvironment over SSA’s performancemeasures. The objective of this work is toassess the reliability of SSA’s performancedata and evaluate the extent to which SSA’s

performance measures describe its plannedand actual performance meaningfully.

Assessing the control environment over DDSsand SSA’s performance measures helpsensure the Agency is properly managing itsresources to meet its mission.

C RITICAL I NFRASTRUCTURE

P ROTECTION AND S YSTEMS

S ECURITY

The information technology revolution has changed the way government and

business operate.

Today, the growth in computer interconnectivity brings a heightened risk of disrupting or sabotaging critical operations,reading or copying sensitive data, andtampering with critical processes. Those whowish to disrupt or sabotage critical operationshave more tools than ever. The United Statesworks to protect the people, economy,essential services, and national security byensuring that any disruptions are infrequent,manageable, of minimal duration, and causethe least damage possible. The Governmentmust continually strive to secure informationsystems for critical infrastructures. Protectionof these systems is essential totelecommunications, energy, financialservices, manufacturing, water, transportation,health care, and emergency services.




SSA’s information security challenge is tounderstand and mitigate systemvulnerabilities. At SSA, this means ensuringthe security of its critical informationinfrastructure, such as access to the Internet

and its networks. By improving systemssecurity and controls, SSA will be able to usecurrent and future technology moreeffectively to fulfill the public’s needs. The

public will not use electronic access to SSAservices if it does not believe those systemsare secure. SSA addresses criticalinformation infrastructure and systemssecurity in a variety of ways. For example, ithas created a Critical Infrastructure Protectionwork group that works toward compliance

with various directives, such as the HomelandSecurity Presidential Directives and the Federal Information Security Management Act of 2002 . SSA has several other components throughout the organization thathandle systems security, including the Officeof Information Technology Security Policywithin the Office of the Chief InformationOfficer.

Homeland Security Presidential Directive 7requires that all Federal departments andagency heads identify, prioritize, assess,remediate, and protect their respective criticalinfrastructure and key resources. OMB

provided guidance to Federal departments andagencies on how to prepare plans to protect

physical and cyber critical infrastructure andkey resources and to complete these plans byJuly 31, 2004. We have worked closely withSSA to help meet these requirements. TheAgency plans must address identification,

prioritization, protection, and contingency planning, including the recovery andreconstitution of essential capabilities.

One important issue in systems security isrestricting physical access to the Agency’ssystems and data. We reported on physicalsecurity problems at several hearing officesand noted that non-SSA employees were

allowed inappropriate access to secured areas.Though the managers at these sites took

prompt action to remedy the security breaches, we believe the same securityconcerns may be present at other hearing

offices. However, because our observationswere limited to only a few offices, we do notknow how pervasive these security breachesmay be. We plan to better assess OHA’svulnerabilities in this area.

In addition, under the Federal InformationSecurity Management Act , we independentlyevaluate SSA’s security program. We alsomonitor the Agency’s efforts and progress onthe Expanded Electronic Governmentinitiative of the PMA. Systems security is akey component of this initiative, and we areworking with the Agency to resolveoutstanding issues so it can get to “green” onthe Electronic Government Scorecard.

S ERVICE D ELIVERY

Given the complexity of Agency programs,the billions of dollars in payments at

stake, and the millions of citizens who rely on SSA, we must ensure that quality,

timely, and appropriate services are consistently provided to the public-at-

large.

One of SSA’s goals is to deliver high-quality,“citizen-centered” service. This goalencompasses traditional and electronicservices to applicants for benefits,

beneficiaries and the general public. Itincludes services to and from States, other agencies, third parties, employers, and other

organizations, including financial institutionsand medical providers. This area includes basic operational services, and two of thegreatest challenges in the area are therepresentative payee process and managinghuman capital.




Representative Payee Challenges

When SSA determines a beneficiary cannotmanage his/her benefits, SSA selects arepresentative payee who must use the

payments for the beneficiary’s needs. Thereare about 5.4 million representative payeeswho manage benefit payments for 6.8 million

beneficiaries. While representative payees provide a valuable service for beneficiaries,SSA must provide appropriate safeguards toensure they meet their responsibilities to the

beneficiaries they serve.

We have completed several audits of representative payees. Our audits have

identifieddeficiencies with the accounting for

benefit receipts and disbursements,

vulnerabilities in the safeguarding of beneficiary payments,

poor monitoring and reporting to SSA of changes in beneficiary circumstances,

inappropriate handling of beneficiary-conserved funds, and

improper charging of fees.

In March 2004, the President signed into lawthe Social Security Protection Act of 2004 .This Act provides several new safeguards for those individuals who need a representative

payee. In addition, it presents significantchallenges to SSA to ensure representative

payees meet beneficiaries’ needs. For

example, it requires that SSA conduct periodic on-site reviews of representative payees and a statistically valid survey todetermine how payments made torepresentative payees are being used. It alsoauthorizes SSA to impose civil monetary

penalties for offenses involving misuse of benefits received by a representative payee.

Human Capital Challenges

SSA, like many other Federal agencies, is being challenged to address its human capitalshortfalls. In January 2001, GAO added

strategic human capital management to its listof high-risk Federal programs and operations.In addition, Strategic Management of HumanCapital is one of five Government-wideinitiatives contained in the PMA.

By the end of 2012, SSA projects its DI andOld-Age and Survivors Insurance benefit rollswill increase by 35 percent and 18 percent,respectively. At the same time, 59 percent of SSA’s employees will be eligible to retire.

This retirement wave will result in a loss of institutional knowledge that will affect SSA’sability to deliver quality service to the public.

Along with the workload increase, theincredible pace of technological change willhave a profound impact on both the public’sexpectations and SSA’s ability to meet thoseexpectations. In the face of these challenges,technology is essential to achievingefficiencies and enabling employees to deliver the kind of service every claimant, beneficiaryand citizen needs and deserves.

The critical loss of institutional skills andknowledge, combined with greatly increasedworkloads at a time when the baby-boomgeneration will require its services, must beaddressed by succession planning, strongrecruitment efforts, and the effective use of technology.

SSA continues to score “green” in “Progressin Implementing the President’s ManagementAgenda” on the OMB Scorecard and, in July2004, improved its rating in “Status” from“yellow” to “green.”

social security: a-44-05-25111

Documents