Federal Reports

Objective: To determine whether the Social Security Administration accurately administered Statutory Benefit Continuation for beneficiaries who appealed the Agency’s medical cessation decisions.

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) review of the Social Security Administration’s (SSA) ransomware prevention and response strategy. Ernst & Young’s audit results contain information that, if not protected, could result in adverse effects to the Agency’s information systems. In accordance with government auditing standards, we have separately transmitted to SSA management Ernst & Young’s detailed findings and recommendations and excluded from this summary report certain sensitive information because of the potential damage if the information is misused. We have determined the omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) review of the security of the Social Security Administration’s (SSA) Earnings Record Maintenance System - Cloud. Ernst & Young’s audit results contain information that, if not protected, could be used to adversely affect SSA’s information systems. In accordance with government auditing standards, we have transmitted Ernst & Young’s detailed findings and recommendations to SSA management and excluded from this summary certain sensitive information because of the potential damage if the information is misused. The omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) Fiscal Year (FY) 2023 review of the Social Security Administration’s (SSA) information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). Ernst & Young’s audit results contain information that, if not protected, could result in adverse effects to the Agency’s information systems. In accordance with government auditing standards, we have separately transmitted to SSA management Ernst & Young’s detailed findings and recommendations and excluded from this report certain sensitive information because of the potential damage if the information is misused. The omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.

What We Looked AtWe performed a quality control review on the single audit that Crosslin PLLC performed for the Metropolitan Transit Authority (MTA) of Nashville, TN. During this period, MTA expended approximately $32 million from U.S. Department of Transportation (DOT) programs. Crosslin determined that DOT’s major program was the Federal Transit Cluster. What We FoundCrosslin did not comply with the requirements of the Single Audit Act, the Uniform Guidance, and DOT’s major program. We found that Crosslin’s audit documentation contained an unreported noncompliance that affected the reliability of the audit results. Accordingly, we assigned Crosslin an overall rating of fail. Additionally, we identified several deficiencies requiring corrective actions in future audits.