One year into its five-year IT modernization roadmap, the Social Security Administration has found better success with its second attempt at overhauling its disability case processing system.
Gale Stallworth Stone, the agency’s acting inspector general, told members of the House Ways and Means Committee Thursday that SSA continues to rely on legacy coding and applications that are decades old, calling it an “unsustainable path.”
But that outlook may change, however, once her office reviews SSA’s progress on its IT modernization roadmap as part of its FY 2019 audit work plan.
The agency, for example, has already seen improvements during the second rollout of its Disability Case Processing System (DCPS) to state Disability Determination Services (DDS) offices.
In rolling out its second version of the disability case processing system, SSA has spent $101 million, and anticipates spending an additional $76 million over the next four years.
By the end of 2016, SSA released DCPS version 2.0 to three DDS offices, and by November 2017 employees at 10 DSS office were using the new system.
By the end of 2019, SSA expects that a majority of DDS offices will use the DCPS system.
“This year, we received feedback from 120 users, and found that they generally liked working with the new system, but they would like to see some additional functionality,” Stone said, adding that participating DDS office have used the system to process about 4 percent of their total workloads.
The DCPS rollout stands out as a major project in SSA’s five-year, $700 million IT modernization strategy, which it launched last year.
Rajive Mathur, SSA’s chief information officer and the deputy commissioner for systems, told lawmakers that most of its core systems are over 30 years old.
“Much of the underlying design was set when they were first built,” Mathur said.
For example, he said the agency’s core systems rely on COBOL, a programming language from the 1950s.
“While these systems have performed admirably and have allowed us to provide uninterrupted service for many years, their underlying design limits what we can accomplish and our ability to adapt to change it also makes these systems expensive to maintain,” Mathur said.
SSA administers programs that pay out more than $2.5 billion dollars a day, and the agency holds sensitive data for more than 300 million people.
In addition, as more of SSA’s IT workforce approaches retirement age, Mathur said the agency risks losing the institutional knowledge it needs maintain its legacy systems.
Under its IT modernization plan, SSA has eliminated archaic “green screen” computer systems that employes used to take process claims for more than 25 years, and instead replaced them with web-based interfaces.
The agency also converted its remaining Master File to an industry-standard format.
Last year, the Government Accountability Office reported that SSA lacked a complete data center optimization plan, and emphasized that without one, the agency might not achieve data center optimization targets as outlined by the Office of Managment and Budget.
But more recently, GAO in May reported that SSA had made the most progress among 22 agencies in meeting OMB’s targets data center optimization targets.
“While SSA has made noteworthy progress to improve its management of IT more work is needed to fully address the role of its CIO in its policies,” Carol Harris, GAO’s director of information technology management issues, told lawmakers.
GAO has determined that agency CIOs should stay in office for three-to-five years to maximize effectiveness, and five-to-seven years to fully implement major change initiatives, like SSA’s IT overhaul.
However, GAO found that since 2014, the average tenure of SSA’s CIOs has only been 1.8 years.
Mathur has held the title of agency CIO for about a year and fourth months.
According to GAO, the agency has not yet fully addressed the CIO’s responsibility when it comes to strategic planning, the IT workforce, IT budgeting, IT investment management and information security.