Skip to main content
Report File
Date Issued
Submitting OIG
Social Security Administration OIG
Other Participating OIGs
Social Security Administration OIG
Agencies Reviewed/Investigated
Social Security Administration
Report Number
142312
Report Description

Attached is Ernst & Young LLP's final audit report. Their objective was to determine the extent to which (1) the Social Security Administration had improved its cyber-security posture by defining and implementing plans to modernize or replace and retire its legacy information technology systems and (2) SSA’s efforts and plans to move to cloud services are consistent with Federal guidance.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
8
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 8 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 Yes $0 $0 Agree

Ensure timely steps are taken to approve and implement a modernization strategy which covers SSA modernization efforts and comprehensively addresses legacy system risks for the upcoming years.

2 No $0 $0 Agree

Ensure timely steps are taken to develop Enterprise Architecture planning documents that directly align with strategic objectives and performance goals noted in the Agency's strategic and Annual Performance Plans.

3 No $0 $0 Agree

Review the Information Resource Management Strategic Plan annually and ensure it supports the goals of the Agency Strategic Plan, as required by the Government Performance and Results Modernization Act of 2010, OMB Circular A-130, the Paperwork Reduction Act of 1995, and the Clinger-Cohen Act of 1996.

4 No $0 $0 Agree

Ensure legacy system modernization plans include a detailed description of the work needed for modernization, considerations for the disposition of the system, and tracking cost data that covers all aspects of the project.

5 Yes $0 $0 Agree

Regularly perform risk assessments for legacy systems, as required by OMB Circular A-130, Section 5(a)(1)(b)(i) and (c)(ii). Performing assessments regularly will help management identify information systems and components that cannot be appropriately protected or secured. This will ensure that such systems that may be costly or difficult to maintain, are given high priority for upgrade, replacement, or retirement.

6 No $0 $0 Agree

Continue to refine the Agency’s inventory of business applications to ensure data elements specifically related to changes, such as retiring or replacing applications, resulting from modernization efforts are tracked/flagged appropriately.

7 No $0 $0 Agree

Implement cost monitoring mechanisms to help with the tracking and management costs related to modernization. Additionally, management should conduct cost analyses for modernization projects, considering cost from a risk perspective.

8 No $0 $0 Agree

Regularly perform post-implementation reviews on all information technology investments.

Social Security Administration OIG

United States