Federal Reports

Objective: To determine whether the Social Security Administration accurately administered Statutory Benefit Continuation for beneficiaries who appealed the Agency’s medical cessation decisions.

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) review of the Social Security Administration’s (SSA) ransomware prevention and response strategy. Ernst & Young’s audit results contain information that, if not protected, could result in adverse effects to the Agency’s information systems. In accordance with government auditing standards, we have separately transmitted to SSA management Ernst & Young’s detailed findings and recommendations and excluded from this summary report certain sensitive information because of the potential damage if the information is misused. We have determined the omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) review of the security of the Social Security Administration’s (SSA) Earnings Record Maintenance System - Cloud. Ernst & Young’s audit results contain information that, if not protected, could be used to adversely affect SSA’s information systems. In accordance with government auditing standards, we have transmitted Ernst & Young’s detailed findings and recommendations to SSA management and excluded from this summary certain sensitive information because of the potential damage if the information is misused. The omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) Fiscal Year (FY) 2023 review of the Social Security Administration’s (SSA) information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). Ernst & Young’s audit results contain information that, if not protected, could result in adverse effects to the Agency’s information systems. In accordance with government auditing standards, we have separately transmitted to SSA management Ernst & Young’s detailed findings and recommendations and excluded from this report certain sensitive information because of the potential damage if the information is misused. The omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.

What We Looked AtWe performed a quality control review on the single audit that Crosslin PLLC performed for the Metropolitan Transit Authority (MTA) of Nashville, TN. During this period, MTA expended approximately $32 million from U.S. Department of Transportation (DOT) programs. Crosslin determined that DOT’s major program was the Federal Transit Cluster. What We FoundCrosslin did not comply with the requirements of the Single Audit Act, the Uniform Guidance, and DOT’s major program. We found that Crosslin’s audit documentation contained an unreported noncompliance that affected the reliability of the audit results. Accordingly, we assigned Crosslin an overall rating of fail. Additionally, we identified several deficiencies requiring corrective actions in future audits.

Anticipating a surge in disability benefits claims resulting from the passage of the PACT Act, the Veterans Benefits Administration (VBA) launched a project to automate the processing of hypertension (high blood pressure) claims—specifically, claims that request an increased evaluation or rating for this condition. VBA assigns a rating to each service connected disability based on impaired earning capacity; an increased rating would indicate worsening of the disability and increase the veteran’s monthly benefits accordingly. The VA Office of Inspector General (OIG) conducted this proactive review to determine whether the project supported accurate decisions on veterans’ claims while also improving processing timeliness and reducing manual effort.The project automates evidence-gathering tasks including extracting blood pressure readings and hypertension-related medication data from VA treatment records. These are compiled into a summary sheet uploaded to the veteran’s electronic claims folder. Overall, the summary sheets the OIG team reviewed did not contain comprehensive blood pressure reading information that would assist claims processors in accurately deciding the claim.Three other automation project deficiencies were inaccurate decisions, oversight gaps, and unclear metrics. Testing revealed that 27 percent of all claims reviewed (16 of 60 claims) contained inaccurate and inconsistent determinations (1) regarding the predominant blood pressure readings for hypertension or (2) when evidence was sufficient to decide a claim without an exam. This resulted in inaccurate decisions on veterans’ claims. The inaccuracies were largely caused by confusing guidance. Oversight gaps appeared in quality assurance results and monitoring. The team also found that claims processing timeliness metrics did not factor in the high priority given hypertension claims, making it difficult to assess improvement in claims decisions.The OIG recommended implementing technology improvements, ensuring guidance is clear for all claims processors, improving quality assurance and better monitoring the results, and creating or amending metrics.

Our objective was to assess the effectiveness of the THS operations at the West Valley P&DC. To assess the effectiveness of THS operations, we reviewed three key performance indicators including air container utilization, bypass utilization, and timely tendering of mail to the air supplier. In addition, we analyzed air container data from October 2021 to May 2023, and further supported our analysis with a site visit to the West Valley P&DC during the week of May 22, 2023, to review the THS operations.