Social Security Administration’s Enterprise Risk Management

View Report

Date Issued

Monday, August 5, 2024

Submitting OIG

Social Security Administration OIG

Other Participating OIGs

Social Security Administration OIG

Agencies Reviewed/Investigated

Social Security Administration

Report Number

022323

Report Description

Objective: To determine whether the Social Security Administration’s Enterprise Risk Management program complies with Office of Management and Budget Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use	Additional Details
1	No	$0	$0	Agree
Make ERM implementation a priority by providing the ERM team the resources it needs to ensure ERM reaches maturity no later than the planned date of FY 2028, in accordance with its current ERM Implementation Plan.
2	No	$0	$0	Agree
Ensure as SSA is working toward reaching maturity that the ERMC is providing leadership over the ERM program and that key Circular A-123 requirements are completed. For example, key requirements should include regular evaluation of SSA’s risk appetite and risk tolerance levels and ERMC communications in support of an Agency-wide risk culture.