Skip to content

Hearing on The State of Social Security’s Information Technology

May 09, 2012

Hearing on The State of Social Security’s Information Technology










May 9, 2012


Printed for the use of the Committee on Ways and Means


DAVE CAMP, Michigan, Chairman

WALLY HERGER, California
PAUL RYAN, Wisconsin
DEVIN NUNES, California
JIM GERLACH, Pennsylvania
TOM PRICE, Georgia
RICK BERG, North Dakota
DIANE BLACK, Tennessee
TOM REED, New York

RICHARD E. NEAL, Massachusetts
JOHN B. LARSON, Connecticut
RON KIND, Wisconsin

JENNIFER M. SAFAVIAN, Staff Director and General Counsel
JANICE MAYS, Minority Chief Counsel

SAM JOHNSON, Texas, Chairman

RICK BERG, North Dakota






G. Kelly Croft
Deputy Commissioner of Systems and Chief Information Officer, Social Security Administration

Valerie C. Melvin, Director
Information Management and Technology Resources Issues, Government Accountability Office

Larry Freed
President and Chief Executive Officer, ForeSee Results, Inc.

William Scherlis, Ph.D.
Professor, School of Computer Science, Carnegie Mellon University

Max Richtman
President and CEO, National Committee to Preserve Social Security & Medicare


Hearing on The State of Social Security’s Information Technology  

Wednesday, May 9, 2012
U.S. House of Representatives,
Committee on Ways and Means,
Washington, D.C.


The subcommittee met, pursuant to call, at 2:44 p.m., in B-318, Rayburn Office Building, Hon. Sam Johnson [chairman of the subcommittee] presiding.

[The  advisory of the hearing follows:]


Chairman Johnson.  This hearing will come to order.

As our Nation ages, more Americans are depending on the Social Security benefits and services they paid for through their hard-earned wages.  According to the recently released 2012 annual report, the Social Security Board of Trustees projects that the number of people receiving benefits will increase 43 percent between now and 2025, growing from almost 60 million today to close to 80 million.

This long-predicted workload tsunami is placing an ever-greater pressure on Social Security’s ability to serve the public, which is why technology plays such an important role in Social Security’s ability to deliver services to America.

Social Security’s computers have vast numbers of servers and databases containing Social Security numbers, earnings, personal health information, and demographic information on workers, beneficiaries, and their families.  Social Security’s employees retrieve this very personal information through hundreds of software applications in Social Security’s local offices and teleservice centers via network computers, printers, phones, and other devices.

As more of the public chooses to conduct business via the Internet, Social Security has seen its online traffic grow.  In Fiscal Year 2011, Social Security processed 15 million online transactions, including 41 percent of retirement claims and 33 percent of disability claims.

Because of their importance, I take the technology needs of Social Security very seriously.  I have toured the two facilities that house Social Security’s technology infrastructure, and, in addition, my subcommittee continues to keep close tabs on the progress of the new data center that will replace the aging National Computer Center at Social Security headquarters.  At present, the completion date for the new facility is February 2015, a year behind schedule.

In March 2011, the bipartisan Social Security Advisory Board issued a report, “A Vision for the Future,” in which it said, “The Social Security Administration, like all of government, is under extraordinary strain to accomplish its core mission with smaller budgets and a smaller workforce, the immediate pressure to attend only to today’s tasks, and focus less on the future is understandable, but not acceptable.”  I could not agree more.

That is why I asked the Government Accountability Office, or GAO, to report on Social Security’s efforts to modernize its technology.  Today our witness from GAO, Ms. Melvin — thank you — will present GAO’s findings, including the fact that for years experts have highlighted the importance for Social Security to have a strategic IT plan.  As we will learn today, while some progress has been made, there is a long way to go.

I am deeply concerned about the Commissioner’s decision to eliminate the Office of Chief Information Officer and reassign its responsibilities to the Office of Systems when this office was created specifically to develop the agency’s technology vision and manage the investment process in the first place.

Further, I was disappointed to learn that a future systems technology advisory panel, convened by the Commissioner and made up of outside experts, was disbanded after two years of work.

Social Security’s Inspector General is now conducting an audit to tell us what actions Social Security took in response to the panel’s recommendation.  From what I understand, they threw away all the paperwork.

Americans of all ages are increasingly using technology for their everyday needs from paying their bills to buying their groceries.  They expect government to keep up technologically.  Rapid technological innovation defines the times we live in, including creative ways, new ways of doing business.

If Social Security is to effectively meet future service demands, it must embrace change and design a future service delivery plan that, at its core, is driven by new technology.  The public expects and deserves nothing less.

I now recognize Mr. Becerra for his opening statement, and welcome aboard, sir.

Mr. Becerra.  Mr. Chairman, thank you very much.  And to the witnesses, thank you for your patience in indulging us as we were on the floor voting.

Mr. Chairman, the Social Security Administration does a difficult job well, and has had a number of information technology successes.  At the same time, long-range strategic planning for large-scale technology modernization, which can be a challenge for a large enterprise, presents a unique challenge for SSA, which handles over 32,000 new benefit applications, and serves 180,000 Americans in person, and well over 300 Americans by phone each and every business day.

I hope this hearing will focus on how SSA can best move forward and what we can do here in Congress to support that.

For 77 years and through 13 recessions, the Social Security Administration has paid Americans their earned benefits on time and in full.  In 2012, they paid Social Security benefits to over 55,000 million Americans with an error rate of less than 1 percent.  SSA maintains earning records for nearly 160 million current workers and handles more than 8 million new benefit applications each year.

Last year, Social Security field offices served about 45 million visitors in person and 76 million people called SSA’s 800 number for help.  SSA helped all those Americans while maintaining a customer satisfaction rating of about 80 percent.

One of our witnesses today, Mr. Freed, will report that three of SSA’s most popular online tools outperform Amazon, the highest-scoring e-retail website they have ever rated.  That is why I could not support the House Republican budget that forced cuts to SSA’s budget in 2011, or the decision to under fund it again in 2012.  We cannot expect Social Security to keep helping so many people with so few payment mistakes if they keep losing thousands of experienced employees every year and cannot replace them.

Now 1 in 4 American families receives income from Social Security.  That day-to-day mission of providing Americans with their earned benefits is so vital that SSA does not have the option of shutting down even for a day or two while they install new systems or retrain the nearly 80,000 workers who help deliver Social Security every day.

For those who think Social Security could shut down for a day, what are you going to tell the 32,000 Americans who plan to apply for Social Security benefits today, the 72,000 Americans who had to request a Social Security number today, or the 80,000 Americans who would have gone to Social Security’s offices for help today?  Or what about the 300,000 people who would have called Social Security’s 800 number or a local Social Security office today?  All in just one day.  That is what Social Security does.  Let us know if you think we can handle that if Social Security has to close.

SSA has other challenges, too.  Even though Americans will pay over $730 billion into the Social Security system in 2012 alone, SSA has to come to Congress every year to ask for money to operate Social Security.  It is hard to fund long-term investments in technology or anything else when you do not know what next year’s budget will be, especially when your last couple of budgets did not even come close to covering your day-to-day costs.

SSA’s current systems are a complex patchwork quilt of old and new technologies.  Seven hundred different software applications that generate over 160,000 million computer transactions a day.  e-Government offers great promise for modern customer service and greater efficiency, but SSA serves a diverse population, and not everyone has the technology and the skills needed for self-serve government right now. For example, 70 percent of adults in urban areas have high speed Internet access at home, but only 50 percent of those in rural areas do.

There is longstanding concern about SSA’s record of strategic planning and investment for IT modernization.  The Government Accountability Office will tell us this morning that SSA’s methods for measuring the progress and cost-effectiveness of IT investments are inadequate.

Finally I want to better understand SSA’s recent change which merged a separate Office of the Chief Information Officer with the Office of Systems.  Typically a CIO office focuses on long-term strategic planning and investment, while the systems office has the challenging job of making sure those 700 software applications and hardware in thousands of different offices keep functioning every day.

Deputy Commissioner Kelly Croft, who now wears both of those hats as the chief information officer and head of systems, is here today to talk about how he juggles those two critical responsibilities.

When Social Security began in the 1930s, a French industrial expert hired to advise the U.S. government concluded that the recordkeeping and data management needed for the new Social Security System was impossible.  Just the weight of the original paper records, for example, would be so massive that no building in Washington had ever been built with floors sturdy enough to hold the paper.

But Social Security persevered, and in 1937, IBM invented the 077 collator, a punch card tabulating system that is the ancestor of modern computers.  That was done just for Social Security.  More recently, in 1993 SSA started using predictive modeling software to increase the efficiency of their programming integrity work which is how they prevent fraud and payment error.  Reviewing cases targeted by computer models more than triples the savings from this work.

Social Security has done other projects that have shown that you can actually use technology to not just help Americans, but to save American people money.  And I look forward, Mr. Chairman, to hearing how we can work with the SSA to make sure that using technology, everyone moves forward with a better SSA.

I yield back, Mr. Chairman.

Chairman Johnson.  Thank you.  As is customary, any member is welcome to submit a statement for the hearing.

Chairman Johnson.  Before we move on to our testimony, I want to remind our witnesses to please try to limit your statement to 5 minutes.  However, without objection, all the written testimony will be made a part of the hearing record.

We have one witness panel today.  Seated at the table is Kelly Croft, our Deputy Commissioner of Systems and Chief Information Officer at Social Security, Valerie Melvin, Director of Information Management and Technology Resource Issues at the Government Accountability Office, Larry Freed, President and Chief Executive Officer of ForeSee Results, Inc. in Ann Arbor, Michigan, William Scherlis, Ph.D., Professor, School of Computer Science at Carnegie Mellon in Pittsburgh, Max Richtman, President and CEO of the National Committee to Preserve Social Security and Medicare.  Thank you all for your attendance today.

Welcome, Mr. Croft.  You may proceed.


Mr. Croft.  Thank you.  Chairman Johnson, Ranking Member Becerra, members of the subcommittee, thank you for having me here today.  Appreciate it.

I have worked at Social Security for 30 years and currently do serve as the Deputy Commissioner for Systems and CIO.  In short, I am responsible for delivering agency-wide IT services and for protecting the information assets of Social Security.

We are a very large and highly automated organization, and our systems are available to end users over 99.9 percent of the time.  Our Internet applications for the public are thoughtfully designed, highly rated, and allow us to maintain high and improving service levels, even with rising workloads.  Just last week we began providing Social Security statements online.  Over 150,000 people have already successfully used the service.

We have extensive internal controls and continually invest in IT security.  In recent years, our most significant security risk was our inability to quickly recover IT services with any prolonged disruption at our Maryland data center.  That is no longer the case.  Earlier this year, we successfully tested fast and assured recovery if we ever experience a serious problem at the Maryland center.

We currently have a number of IT projects that are critical for improving our efficiency and quality of service.  Just to name a few, we are building a new case processing system for State disability determination services, building a visitor intake system for our field offices, adding better systems capabilities in our hearing offices, and building more online services for public use.

Our most important project over the next few years will be to transition IT operations from our aging Maryland data center to a new facility.  GSA has purchased the land, selected a builder, and the design phase of the work is underway, and we are grateful to the subcommittee for your support with this project.

Social Security has a number of IT strengths.  For example, we have a superb technical workforce.  We have consolidated most aspects of IT to benefit from economies of scale, and we are very good at technical project management.  That said, during an annual process where we assess future IT investments, we always have far more needs and good ideas than expected resources, so we must prioritize what we work on.

We are in a continual state of IT modernization, and given the long computing history and size of our enterprise, we always will be.  We have over 700 software applications that combined routinely generate over 160 million computer transactions a day.

Some of our software is state of the art with graphical user interfaces that rival the best systems of their kind in the world.  On the other hand, some of our software is much older with green screen user interfaces.  However, with proven software, old does not necessarily mean dysfunctional.  All of our older software works.  It is regularly updated and maintained, and it accurately reflects the intricacies of Title 2 and Title 16 statute and policy.  This legacy software also represents a multi-billion dollar investment by taxpayers.

We do want to modernize our older systems, and we do so whenever we are rebuilding them because of new business direction, or if we determine through annual review that an important system is at increasing risk for technical failure.

Managing a large IT organization does require planning.  We routinely develop detailed multi-year plans in specific technical areas, for example, to change our storage infrastructure.  At a higher level, we have recently updated our information resources strategic plan, and we are in the process of updating our enterprise architecture roadmap.

We assess agency IT in a number of ways.  For example, we analyze cost, schedule, and functionality with all our major investments, and we post that information on the Federal IT Dashboard.  We also do extensive industry research and benchmarking, and closely track things such as systems availability and satisfaction scores.

Finally, because IT enables all aspects of SSA operations, the ultimate measure of our success is reflected in the overall performance and high year over year productivity gains of the agency.

Thanks again for having me here today, and I will do my best to answer your questions.

[The statement of Mr. Croft follows:]

Chairman Johnson.  Thank you.  We appreciate your presence.

Ms. Melvin, welcome.  Please go ahead.


Ms. Melvin.  Good afternoon, Chairman Johnson, Ranking Member Becerra, and members of the subcommittee.  Thank you for inviting me to participate in today’s hearing on SSA’s information technology.  As you have noted, the agency depends heavily on IT to deliver services that touch the lives of nearly every American, and during the last Fiscal Year, spent nearly $1.6 billion on its IT efforts.

As its systems have aged and its workload has increased, SSA has committed to investing in technology needed to update its infrastructure and deliver services more quickly and efficiently.  In addition, it had recently aligned its IT governance structure, including the responsibilities of a CIO, as you have noted.

At your request, we recently completed the study of the agency’s IT modernization efforts, the results of which are found in our report that is being released today.  Our study examined three areas:  SSA’s progress at modernizing IT, the effectiveness of its modernization plans and strategies, and whether the CIO realignment allows it to effectively oversee and manage its modernization efforts.

To summarize briefly, we found that SSA has spent about $5 billion since 2001 on many modernization projects that have impacted all of its main program areas.  However, SSA’s efforts have not been guided by the kind of strategic approach that we have identified as crucial to ensuring successful modernization outcomes.

Specifically, SSA has not developed comprehensive and quantifiable performance measures, or conducted post-implementation reviews of all of its completed projects, making it difficult to measure the progress that it is making, or determine if its projects are cost-effectively supporting its modernization goals.

Also at the time of our study, SSA lacked an approved IT strategic plan that included key elements to specify how its IT investments support overall agency strategic goals, and fit together to provide the kind of modernized technology environment needed to carry out its mission.

As has been noted, SSA has issued a new plan earlier this week, and we have begun to assess it.  To be a meaningful tool, it is important that this plan provide a clear and comprehensive picture of what the agency seeks to accomplish, identify the IT strategies SSA will use to achieve desired results, and provide results-oriented goals and performance measures that permit the agency to determine whether it is succeeding.

Further, if appropriately implemented, SSA’s recent consolidation of the CIO’s responsibilities and to its Office of Systems could provide for effective management of its IT.  However, this realignment was undertaken without adequate planning, including an assessment of its impact on staffing roles and responsibilities.

In addition, the new governance structure had not been reflected in SSA’s internal guidance on managing IT investments, which is critical to ensuring effective oversight.

As highlighted in our report, SSA has completed many modernization projects that have delivered tangible benefits.  We also note, however, that the agency still has major modernization efforts underway, as Mr. Croft has alluded to.  These include completing the conversion of its legacy database management system and modernizing its Title 2 processing system.  The significance of these efforts highlights the need for a more strategic approach to modernization that SSA currently lacks.

Our report contains recommendations to SSA for establishing such an approach.  In addition to updating its IT strategic plan to help ensure that its investments effectively support broader agency goals, we also recommended that SSA develop comprehensive performance measures, and post implementation reviews to better measure progress, and to further define its enterprise architecture and IT strategic vision, as well as to clearly define the roles and responsibilities of its Office of Systems staff in light of the CIO realignment.

Until SSA has a more strategic approach to using IT to supports its mission, it risks investing in technology that does not meet future needs of the agency or the public in the most optimal manner.  Further, SSA will continue to lack a meaningful mechanism for oversight bodies, such as your subcommittee, to gauge its progress in meeting modernization goals.

This concludes my prepared statement.  I would be pleased to respond to your questions.

[The statement of Ms. Melvin follows:]

Chairman Johnson.  Thank you, ma’am.  I appreciate your testimony.

Mr. Freed, you are welcome to proceed.


Mr. Freed.  Thank you.  Good afternoon, Chairman Johnson, and Ranking Member Becerra, and the rest of the subcommittee.  Thank you for the opportunity to testify about our experience measuring and analyzing citizen satisfaction with nine of the Social Security Administration’s websites.

My name is Larry Freed, and I am president and CEO of ForeSee.  We are a company that is a customer experience analytics company that helps measure the experience and help companies analyze where to invest their dollars to make the largest improvements possible for the benefit of the users.

We use a patented technology based on a methodology developed at the University of Michigan called the American Customer Satisfaction Index, or ACSI.  The ACSI methodology has a long history as a measurement system, a performance metric, and a great improvement tool, both in the Federal government and in the private sector.

Since 2001, ForeSee has measured citizen satisfaction on more than 300 government websites, including 9 Social Security websites, across 50 departments and agencies, in addition to international, State, and quasi-government sites.  We have also worked with over 400 private sector companies as well.

We have collected more than 7 million citizen surveys since 2001 for visitors to Federal government websites, and since 2009 we have collected 4 million surveys as well.  And we collect over 1.5 million consumer satisfaction surveys every month across our 700 plus measures.

So why measure satisfaction?  Well, satisfaction is very important because ultimately when citizens are visiting these websites, the experience they have is going to ultimately determine where they go next and what they do.  And the e-Government initiatives provide a great opportunity to lower the cost of delivering goods and services and information and transactions to the citizens.

Based on the measurements that we do satisfaction scores, the future behavior scores, we find that citizens are very high satisfied with Federal government websites.  They are highly more likely to have trust in an agency, 70 percent higher if they are in highly satisfied versus those that are dissatisfied.  They are 48 percent more likely to participate in government by expressing their thoughts to the agency than citizens that are less satisfied.  And their future behaviors directly relate to the open government initiatives.

Satisfaction also increases the likelihood that citizens will return to the websites again and use it as their primary resource as opposed to utilizing more costly channels, such as call centers and branches.  These behaviors significantly will increase both the efficiency and reduce costs and make the lives of citizens far more easy.

Our research continues to demonstrate that citizens find their interactions with government through the online channel to be far more satisfying than their experience through traditional means of dealing with government.  Social Security and other agencies must focus on customer experience online in order to maximize the value of this cost savings channel.

I would like to share some of our research with you on how well the Social Security sites do in meeting citizens’ needs and exceeding expectations with the websites and applications that we are currently measuring.

ForeSee has measured and analyzed customer satisfaction data for nine Social Security websites and applications for more than eight years.  SSA uses the data and analysis in three main ways:  one, to measure whether citizens are getting a good experience and the sites are meeting their needs, second, to understand how to improve the websites in a citizen-centric manner, and, third, to understand how to improve the online self-service and decrease offline services, and, therefore, lead to a decreased utilization of offline services, and ultimately cost savings and efficiency.

Currently we are measuring the nine sites are:  the Social Security online main website, the Social Security Internet disability report, the Social Security iClaim, the Social Security business services online, the retirement estimator, the help with Medicare prescription drug plan costs, the Social Security online frequently asked questions, the SSA iAppeals, and the Social Security electronic access.

We measure satisfaction on a 100-point scale, and any score above 80 is generally considered to be an excellent score.  The scores for the sites that we measure range from 69 to 92, and six of the nine sites score above 80, which we think of as a threshold for a great performing site.  And as Mr. Becerra mentioned, some of the sites outperform even Amazon, which by most is considered one of the best e-tellers around.

I would like to quickly go through a quick performance rundown of these different sites.  Social Security’s iClaim we have been measuring since January of 2004.  The current score is a 92.  When we started measuring it, it was a score of 68, significant improvement over time.

The retirement estimator has been tracking citizen satisfaction since July of 2008, and it currently sits at a score of 90, another very strong score.

The help with Medicare prescription drug plan costs, began measuring in June of 2005, and it is currently at a score of 89.

The electronic access applications, started measuring in May of 2012, and their score is 88, again, well above the threshold.

The Internet disability report, we have been measuring since 2006, and it has a score of 83, and it has increased from 72 when we first started measuring it.

The business services online has a score above 80, and right now it is at a score of 83.

SSA iAppeals has a score of 71, so there is obviously some room for improvement there.  And the FAQ section is one of the lowest-scoring SSA websites with a score of 70.  And the SSA main website has a score of 69, but it has a difficult challenge in that it is a very broad website, and it has a lot of different aspects that it is dealing with.

In summary, measurement of both the Internet sites and also the soon to come mobile sites is critical for citizens to not only get a great experience, but provide a great way for lowering their costs and improving the efficiency of delivering this information and services to our citizens.

[The statement of Mr. Freed follows:]

Chairman Johnson.   Thank you, sir.

Dr. Scherlis, welcome.  Please go ahead.


Dr. Scherlis.  Thank you.  Mr. Chairman, Ranking Member Becerra, members of the subcommittee, it is my honor to be here to discuss the future of one of our most essential American institutions, the Social Security Administration.

My name is William Scherlis.  I am a professor of computer science at Carnegie Mellon University in Pittsburgh.  My research focuses on software assurance.  I am also the acting CTO for the Software Engineering Institute, which is a Department of Defense Federal Lab focused on advanced software capability for the DoD and its supply chain.

I had six years of Federal service at DARPA.  Returned to the university almost 20 years ago with an interest of the role of IT in government, which has stayed with me.  I just completed chairing a National Academy study on DoD software.  Its recommendations relate to the nature of agency leadership for large-scale systems and why it is important to strengthen that leadership, particularly with respect to software systems architecture, the overall structure and interconnection of computing systems.  That is my focus today, and I speak primarily from that general perspective.

The SSA cannot accomplish its mission without effective IT, without effective IT leadership, and without effective support from the top for that IT leadership.  In the 30 years since many of these SSA systems were developed, I grew up in Baltimore.  I watched the building being constructed.  Storage capacities, network bandwidth, processing power, and the costs of all these things have improved by between four to six orders of magnitude.  That is a factor of a million.  Skyscrapers growing at that rate would scrape the moon.

Software capability, much harder to measure, has also increased dramatically.  At a gross level, macro economists attribute 25 percent of GDP growth and fully 40 percent of productivity growth to information and communications technology.  And there is no barrier to continuing this pace.  We are nowhere near any kind of a plateau.

So there are great opportunities, but not just for performance improvement.  The FSTAP and NRC committees identified many potential improvements to customer service.  But there are also dramatic improvements possible on the inside away from the customer.  One of these is modern data intensive computing, or big data.  Big data techniques can rapidly extract useful information and manipulate vast quantities of data.  Instead of a giant mainframe with large amounts of data piped through, we have thousands of processors distributed, each with associated storage.  We send small instructions to each of those processors to the data so that they can work in parallel.

This is called cloud architecture.  It is scalable.  We can just buy more processors and more disks.  It is cheap, and it survivable, to use the DoD jargon.  And with modern infrastructure, it can offer great ease of programming, flexible support for a wide range of applications.

So while we are motivated to make changes, we also must recognize their impediments.  Large organizations, and SSA is one example among many, are often plagued by the challenges of legacy systems.  These are not to be confused with the legacy from your ancestors.  In the general case, these are old systems on obsolete platforms.  And very typically, we no longer fully understand these systems, so they are difficult to change, and they often provoke fear and superstition among otherwise rational technologists.

This loss of intellectual control is strange, but very real.  An old DoD study indicated for long-lived, large-scale systems, the costs of reverse engineering — understanding what makes them tick — can exceed the original development costs.  These are systems the government owns and built.

The pace of innovation ironically is also an impediment.  When technology changes rapidly, risk judgments become difficult.  The quantitative case that we have discussed earlier is harder to make.  It is easier just to say no.  Intel’s Andy Grove was famous for keeping his company successful by causing it to reinvent itself even in the absence of any immediate perceived threat.

The refresh is different from the more typical routine and reactive O&M, which can be a series of changes that may potentially worsen the legacy because they are not aligned with a master plan and may conflict with other actions elsewhere in the organization.  This is what my colleagues call technical debt — architectural changes that need to be done that are not yet done.  It is like unpaid student loans that will not go away.  It just gets worse.

So and this technical debt can be self-reinforcing when it is amassed.  It can appear risky to make the necessary disruptive changes.  So I suggest six actions for Social Security Administration.

First and most essential, full commitment from top leadership, motivating change both on the basis of need and also on opportunity.  Second, understand what you have, the architecture and the full set of existing capabilities.  This is the baseline.  Third, decide what is needed, a cohesive vision of future services.  This includes capabilities, but it also includes quality requirements related to security and quality of service and so on.

Fourth, identify potential changes over the next five to 10 years.  Anticipate, scale up, and other changes.  This is what drives us off the mainframe and into the modern data center.  Fifth, put these results together and develop a master plan that addresses the overall future architecture, the structure systems, and also has road maps for evolution based on that architecture.  This is architecture leadership, and it is the leadership commitment that enables the natural growth process.

Sixth, create a business and decision model that accounts for costs, risks, and benefits.  This is not easy because there are relatively few quantifiable measures at the strategic level.  It is rather, in many cases, a frame for expert judgment and effective process leadership.

The most important features in my proposal are, to summarize, the emphasis on overall system architecture, one, and, two, the necessity of senior agency leadership to lead that process.  I believe this is in harmony with the recommendations both of the National Academy panel and also the FSTAP and the recent GAO recommendations.

The SSA has an extraordinary and critical role in the lives of all Americans.  I hope these ideas I share with you will be of use in strengthening that essential institution.  Thank you very much.

[The statement of Dr. Scherlis follows:]

Chairman Johnson.  Thank you, sir.  That is good testimony.  Thank you all for your testimony.

Mr. Richtman, welcome.  Please proceed.


Mr. Richtman.  Thank you very much.  Mr. Chairman and Ranking Member Becerra, thank you for inviting me to testify this afternoon.

The National Committee to Preserve Social Security and Medicare agrees with you, Mr. Chairman and Congressman Becerra, that it is very important that the Social Security Administration continue to invest in improving its capabilities in information technology.  This investment will ensure that SSA continues to provide excellent service to the American people through news service delivery options that supplement — and let me emphasize supplement — its existing systems of service delivery.

Currently, SSA provides service to millions of Americans through a complementary system of 1,300 local offices and its toll free telephone service.  The magnitude of the workloads that SSA handles in these offices is huge.  Congressman Becerra, you cited the number of people using these services today, and it is a staggering number.

In all of 2011, 45 million individuals visited SSA field offices, 63 million were served over the phone.  Of course  workload of this magnitude cannot be accomplished without adequate information technology.  More and more of SSA workloads are being handed over to the Internet.

In 2011, 41 percent of its retirement applications, 33 percent of disability applications were filed online.  As more Americans have home computers, become accustomed to using the Internet, and demand increases for social security to have a robust offering of Internet applications, these expectations continue to rise.

Still we believe it is important to understand that Internet service will not entirely supplant service provided through SSA’s traditional system of service delivery.  Local offices, toll free phone service will continue to be critical for Americans who live in areas that do not have access to high speed Internet service, those who cannot afford the cost of a home computer, and those who just are not comfortable using it.

The Congressional Research Service recently published a report on the digital divide that found broadband Internet service is more likely to be available in higher income urban and suburban areas than in rural and low income areas.  The Census Bureau reported that only 68 percent of households have access to high speed Internet service.

While we at the National Committee applaud the SSA in its effort to make more and more services available through the Internet, we must not lose sight of the needs of those who do not have access or who are not comfortable using it.  For these Americans, local Social Security offices and toll free telephone services remain vital lifelines.

We would like to compliment the SSA on its recently-completed project to make Social Security statements available online.  It is truly an impressive achievement.  However, we want to caution against regarding online availability as a satisfactory substitute for the annual delivery of paper statements.  The reason for our view on this is simple:  we are concerned that few Americans will ever know about the availability of the online statement and, thus, will never request one.

Educating the public about Social Security has always been one of SSA’s top priorities, and the annual statement has properly been regarded as a key element in their work in this area.  That is why we believe that the annual delivery of a paper statement should be resumed immediately.

We also think that commissioner of Social Security should not have to choose between delivery of a paper statement and the completion of the agency’s other vital functions.

This, of course, leads us to SSA’s administrative budget.  They have, it is my understanding, requested a total of $11.9 billion to cover operations for Fiscal Year 2013.  This request is only modestly higher than what the Congress appropriated for this year, $11.56 billion.  And we do urge that this request be fully funded by the Congress.

Last year in Fiscal Year 2011, SSA lost 4,000 employees to attrition, and projects to lose another 3,000 in Fiscal Year 2012.  These losses should be stopped, and to that end, we call on the Congress to fund fully the agency’s 2013 request.

In addition, we are concerned that the Treasury Department’s rules requiring a payment of Social Security benefits through direct deposit, which has an implementation deadline of March 2013, about 4 million beneficiaries will be affected by this.  And we believe that requiring frail, elderly beneficiaries to attest to their cognitive inability to receive benefits payments electronically in front of a notary public, this really seems unduly burdensome to us.  I would urge this committee —

Chairman Johnson.  Can you summarize your —

Mr. Richtman.  I’m sorry?

Chairman Johnson.  Please try to summarize.

Mr. Richtman.  And we urge this subcommittee to hold hearings on this implementation plan.  I’m summarizing.

In conclusion, Mr. Chairman, we applaud SSA for its work on these new IT applications.  Still we believe they cannot supplement the crucial role SSA field offices and telephone toll services play for the foreseeable futures.  These offices should remain and will remain, I believe, central to any inclusive plan for services delivery.

Thank you.

[The statement of Mr. Richtman follows:]

Chairman Johnson.  Thank you, sir.  I think the field offices do a good job.  Stopping the mailing of the online statements saved $30 million last year, which needs to be put into IT.

I thank you all for your testimony.  We will turn to questions.  As is customary for each round of questions, and I will limit my time to 5 minutes, and ask my colleagues also to limit their questioning time to five minutes as well.

Ms. Melvin, I would like to discuss the chart on page 9 of your report.  You see it up there on the screen.  It shows how Social Security’s technology spending is divided between maintenance to run the current system and investment for new technology.  To put this into context, Social Security IT maintenance spending in 2011 was more than the agency’s total IT spending in 2004.  Would you walk us through these costs and tell us why?

Ms. Melvin.  We think there are a number of factors that probably contribute to their maintenance costs all the way from their investments and infrastructure to maintaining the legacy systems that they have.  As Mr. Croft has mentioned earlier, there are 700 plus applications that still have to be maintained at any time, as well as additional services that are provided online.

We did note in our study that from 2004 to 2011, the maintenance did almost double from approximately $411 million to $809 million.  And with that, the 2004 total costs were $868 million, so there has been some definite growth in terms of the operations and maintenance.

One of the key factors that we point to in the overall message that we have that stresses the need for a strategic plan is because that goes hand in hand at looking at how SSA can look at the resources that it has, its use of them, and what its needs are, and how it might identify what more needs better.  And from that standpoint also, the performance measures that it puts in place to assess its progress and to understand when it uses technology or when it implements technology, how that cost is contributing to lowering the cost of maintenance, or how that overall technology is contributing to lowering the cost of maintenance.

Chairman Johnson.  Thank you.  Dr. Scherlis, in your testimony on page 4, you say that smooth changes to existing systems may seem conservative, but often transform a patch system into a time bomb of deferred maintenance.  The eventual cost of repairs continues to rise, and our aspirations to move into the future become unattainable.  You refer to this as technical debt.  Could we be looking at such a time bomb in Social Security, and would you explain that?

Dr. Scherlis.  I do not have enough direct engagement with Social Security to make a judgment with respect to SSA particularly.  But I will say that this issue of technical debt is a very common issue in large enterprises, not just Federal agencies.  It can be avoided with the right kind of planning and leadership.

It goes back to the fact that many of these changes highlighted here under the O&M category come up, bubble up from the stakeholders and individual systems.  If they are not aligned with a master plan, if they do not harmonize into an enterprise architecture concept, then they can be in conflict with other actions elsewhere in the organization.  And the result is that things are even more difficult to sort out.

So in many of these studies, all three of the studies, National Academy, the FSTAP study, the GAO study, highlight what we could call a technical debt crisis in the SSA.  And you can decide whether to raise the debt ceiling or not.

Chairman Johnson.  Thank you.  Mr. Croft, what is your response to that?  I would like to know, are we looking at a time bomb as he suggests?

Mr. Croft.  I do not believe so, sir.  I am very interested in the term “technical debt,” and very interested in learning more about it.  But, no, I would not say we are in a time bomb situation.  You have to get behind those numbers and understand what the costs actually are.  Among other things as you note, sir, we have added a second data center at Social Security which have increased our costs a great deal in those categories.

There are ways we certainly can improve, but I would not put us in a crisis mode, no.

Chairman Johnson.  Well, maintenance costs have risen, you know that.  Does Social Security plan to reverse that trend?  And, if so, when?

Mr. Croft.  Well, it is such a broad category, sir, maintenance costs.  Actually if you look at our software maintenance costs, it is relatively flat year over year in terms of our cost to maintain software.  We do have a lot of hardware maintenance costs.  We are refreshing hardware all the time.

Again, you have to get underneath these numbers to understand what you are actually talking about if you want to get into a deep analysis of maintenance.

Chairman Johnson.  So, you are telling me you got it under control.

Mr. Croft.  I believe we are doing well, especially when you compare us with other organizations that are very similar to us, yes.

Chairman Johnson.  Thank you.  Mr. Becerra.

Mr. Becerra.  Thank you, Mr. Chairman.  Thank you.

Actually, Mr. Freed, I found your testimony the most interesting because while everyone, I think, was talking more technically, and your numbers are also technical numbers, they are based on feelings.  And, in many respects, that may be the most important thing, how Americans feel about the service they are getting.  And while right now Social Security’s satisfaction rating seems to be pretty high, it could start to drop.  And if it does start to drop, you start having less confidence in the agency and who knows what happens.  And so I appreciated your testimony.

Give us some context.  I remember the discussion during some legislation that was being proposed in Congress to change the way Internet providers would offer services and who could control what could be sent over the Internet and so forth.  And at one point I think Google was threatening to shut down for a day or so to make the point that they should not be prevented from being able to carry their service to whomever they wished.  And people were up in arms.

Shutting down SSA, the Social Security Administration, for the time it would take to rejigger, to come up to speed with the new technologies that are available so that it could provide better service faster, more accurately–tell us what your sense is.  Could they shut down?  If so, for how long?  How could they manage?

Mr. Freed.  I do not think there is any way they could shut down.  It is obviously a lifeblood to a lot of people.  Technology is always incremental.  In my experience in technology, having spent time in roles similar to some of these people, technology never goes away.  You just build more technology on top.

Hopefully when we deal with the Internet and we deal with mobile, there are some benefits to it that you get great cost savings.  But I do not think it could, by any means, shut down and start over, and take, you know, the months or years that it would take to restart a system like that.

Mr. Becerra.  And, of course, we have to be careful that we are not just putting a newer system on top of an older system and then attaching a newer system to that previously new system, and before you know it, you have got all these different parts that operate differently, and it becomes a machine that is so out of whack that you’ve got to do something.

Mr. Freed.  Yeah.  When designed poorly, you definitely can run that risk where you have got a lot of different systems that do not communicate well.  And you create a house of cards that if you take one away, the whole thing can crumble.

From what I have seen from the Social Security side, I do not see evidence of that.  I have not looked within their infrastructure by any means.  But their apps, their websites, those things are really the user interface to it.  The back end systems are the back end systems.  So it is really about creating a better interface to get information out to citizens quickly, easily.  And, again, makes it easier for citizens and will lower costs, probably not the technology costs, but should lower costs within the branches and the locations and the call centers.  Not going to eliminate them by any means, but it should lower the cost.

Mr. Becerra.  Any sense, and, Dr. Scherlis, let me ask you this question as well if you have a response.  Any sense of what typically a company spends in IT modernization on an annual basis from its operating accounts, operating expenses?

Mr. Freed.  I am not sure that I would have any great data on that to share.

Mr. Becerra.  Dr. Scherlis, by chance?

Dr. Scherlis.  I do not have that data either, but I just want to mention one thing, which is that —

Mr. Becerra.  And if you could do it very quickly because I —

Dr. Scherlis.  Okay.  For many of these firms, the distinction between development and maintenance is a distinction that is going away because these systems are in a state of constant refreshing evolution.  And also I will say that you just gave a good definition of technical debt, that mishmash.

Mr. Becerra.  Yes, thank you.  Mr. Richtman, quick question.  Is it your sense from what you heard from all the witnesses who testified that they have captured a sense of how people are feeling out there, those who are receiving the benefits, going to the offices visiting, making the calls, and talking to the Social Security office employees?

Mr. Richtman.  Well, I think generally so that that is accurate.  And the experience I have had in traveling around the country and meeting with groups of our members is they regard the Social Security folks as friends.  They are maybe unusual in that regard in government, but they really regard them as friends.  They provide a very important service, and they do it in a very positive way.

Mr. Becerra.  Let us hope we can keep it that way.  Mr. Croft, you have got a big job, and I hope that you know that the chairman and I will try to keep at you on this because I think we are very concerned as to whether or not SSA will be able to keep up.  And it is too big a system, too many depend on it for us to not to see you make it work.

How much do you actually invest from your operating budget for IT modernization?

Mr. Croft.  We do not really have a particular target number.

Mr. Becerra.  Give me a rough estimate.

Mr. Croft.  The data that was just presented would be the data.  That is how we categorize.  It is consistent with OMB guidance, the Federal government guidance on modernization types of activity.  I am sorry I do not have the number off the top of me.

** Mr. Croft** Transcript Insert 1

Mr. Becerra.  Maybe Ms. Melvin, and I will close with that, Mr. Chairman.

Mr. Croft.  Yes.

Mr. Becerra.  Ms. Melvin, do you happen to know?

Ms. Melvin.  In terms of how much — I am sorry.

Mr. Becerra.  From operating expenses, how much does SSA devote to IT modernization?

Ms. Melvin.  We do not have exact numbers on that, but what we did see was, I believe —

Mr. Becerra.  Microphone.

Ms. Melvin.  I apologize.  I think that in the numbers that we had, about —

Mr. Becerra.  I thought you said that SSA spent about $5 billion on IT modernization over the past decade.

Ms. Melvin.  Yes.

Mr. Becerra.  And if you average that, about $500 million a year.  My understanding is that SSA’s annual budget has been about a $9 or $10 billion operating budget.

Ms. Melvin.  Yeah.

Mr. Becerra.  Well, we heard $9 to $11 billion, so it is about 5 percent.

Ms. Melvin.  Yeah.  I would prefer, if I could, to provide you with an exact number for the record on that.

Mr. Becerra.  That would be great.

**Ms. Melvin** Transcript Insert #1

Ms. Melvin.  Okay, thank you.

Mr. Becerra.  Mr. Chairman, thank you very much.

Chairman Johnson.  Thank you, sir.  Mr. Berg, you are recognized.

Mr. Berg.  Thank you, Mr. Chairman.  Thanks to the panel for being here.

One of the things in preparing for this hearing that quite frankly stunned me the most was what I saw as a lack of long-term planning.  We went through a real process in North Dakota probably about 10 years ago on IT.  We had 20 different agencies in North Dakota.  Each agency was out doing their own thing, had non-compatible software, non-compatible equipment.  It was just a mess.

Chairman Johnson.  And then you discovered oil.

Mr. Berg.  Well, then we discovered oil.


Mr. Berg.  We learned a few things from Texas, Mr. Chairman.  And actually this was before oil was when we had a huge deficit, and it was a matter of how do we make things work?  And we looked a lot at the private sector and the government sector, and I know some questions were brought towards, you know, how does this compare with an investment in the private sector?  And really we found that it is almost totally different.  I mean, the private sector invests in technology, and it really does two things.  One, it lowers that business’ cost.  They are able to do things, you know, less expensively, e-mail versus maybe, you know, sending a letter and that whole process.  And also it saves people’s time which in result ends up they are able to apply their energy and time into things that are going to generate more revenue for the business.

And so, so much of the technology that was invested in the private sector was really driven on increasing that company’s revenue.

My point here is all these things are kind of planned, and when the private sector invests in technology, they are expecting a return.  They are looking into that plan.  And so, you know, from our State standpoint, we had this big mess.  Our plan was to pull people together.  We ended up with a State IT director that really became the project leader whether it was the prisons, or whether it was human services, or whatever, move forward.

And so we had a format.  We had a checklist.  We had measurable things.  Prior to that, we had IT people that we hired to lead projects.  And as we talked about, in the middle of the project they left, and it was a disaster, and we were left hanging with a huge investment, and really many times nowhere to go to but to simply start over.  And so, I do not think anyone would disagree the need for a long-term plan.

My question for Ms. Melvin and also Dr. Scherlis is, what would be the next steps in developing a long-term plan for the Social Security Administration.  What would they be?

Ms. Melvin.  For developing a long-term plan, we think that SSA needs to start looking at this point in terms of what their current state of information technology is, to have a good handle on that, and to let that feed into an overall idea of where they want to go.

So part of what our report talked to was the need not only for them to develop a strategic plan, but to have a completed enterprise architecture that would allow them to examine and document their current state of technology, where they want to go.

One of the critical concerns that we noted in our study was in looking forward in terms of a vision, we did not find that SSA had a particularly good handle or ability at least to express its longer-term vision beyond two years for what it wants to achieve.  We believe that it is important that it establish a longer-term vision and that it be able to tie that to its agency’s strategic plan, and then move forward with the goals and the particular strategies, if you will, that it wants to apply to move to a target state of its architecture.

So we think starting initially, they have got to do more in terms of putting more focus on just being more specific about what their current state of technology is and what they are trying to achieve moving forward, and to apply results-oriented performance measures for how they want to do that, and to be able to assess how well they come to achieving that target state.

Mr. Berg.  Okay, thank you.  Dr. Scherlis.

Dr. Scherlis.  I want to agree with everything that Ms. Melvin just said.  The two critical elements of the master plan are the overall future architecture, which describes how systems are linked together, how the data is managed and shared internally.  This ensures coordination among all the various projects.  And the second element of the master plan is a road map for evolution.

And I also agree that the time horizon should be between 5 and 10 years.  The plan should anticipate the kinds of changes that might come in terms of the mission of SSA, in terms of the demographics, in terms of technology changes, other changes.  That is the essential framework within which systems become managed.  And this is part of that six-step plan that I suggested earlier.

Mr. Berg.  Thank you.

Dr. Scherlis.  I want to add one thing.  The other is people.  We have not spoken about people, but, you know, SSA has a large internal IT workforce.  This is a blessing among Federal agencies that they have this workforce.  It is essential to have strong, connected, committed career people.  It is also essential to keep them technically fresh through various mechanisms — engagement on the outside, conferences, training, and the like.  And also to have them share in the vision, and to seek career paths for themselves to develop to participate in the manifestation of that vision.  That takes leadership commitment from the very top.

Chairman Johnson.  Mr. Croft, Mr. Berg, we will have a second round.

Mr. Berg.  Okay.

Chairman Johnson.  Mr. Brady, you are recognized.

Mr. Brady.  Thank you, Mr. Chairman.  Thank you for calling this hearing.

Mr. Croft, one of your strategies to increase the use of online services is to explore offering online services through mobile devices as opposed to implementing online services through mobile devices.  Since the strategic plan, if I recall, runs through the end of 2016, does that mean the public, we are going to have to wait four years while we are exploring as opposed to moving these things and getting them in place?  That seems like a lifetime.

Mr. Croft.  No, sir.  Thank you for the question.  We are actually building a mobile application now.  We are doing it very carefully and cautiously, though.  We want to make sure we are going to get a good return on investment for the application that we are building.  We are on target to actually deliver a mobile application before the end of this year.  It will have to do with SSI wage reporting, which is one of our largest improper payment areas as an agency.

We believe after a lot of exploration, a lot of thinking inside the agency, strategizing that that is one area that actually fits mobile because it is a reoccurring reporting requirement, not a one-time thing like filing an application that people are unlikely to use a mobile application to do.  So look for something later this year.

Mr. Brady.  From a priority standpoint, is that because it is a priority in the fraud or incorrect data, or ability to move that sooner than other apps?

Mr. Croft.  Yeah.  It is one of our executive oversight projects.  It is a priority in terms of improper payments.  It is one of the higher error categories of improper payments.  It seemed to fit.  We are interested in exploring mobile.  I think we are like most large organizations.  We want to try mobile, but we are very cautious about doing it in a way that is really more folly than substance.  So we are focused on substance.

Mr. Brady.  Okay, thank you.  Dr. Scherlis, do you have any thoughts on that?

Dr. Scherlis.  Not really.  I am sorry.

Mr. Brady.  Okay.  First time that has ever happened.

Dr. Scherlis.  Yeah.

Mr. Brady.  Thank you very much.


Mr. Brady.  Yield back.

Chairman Johnson.  Thank you, Mr. Brady.  Mr. Marchant, you are recognized.

Mr. Marchant.  Thank you, Mr. Chairman.  Yesterday, the subcommittee held a hearing on identity theft and the use of the Death Master File to make sure that that file is not being misused by thieves.  Social Security collects probably more personal data on anyone in America.  Google might argue with that.  Facebook might argue with that.  But I think most people believe, at least, besides maybe the IRS, that Social Security probably has the most information on anybody in America.

In this time of rapid advancement, how can we assure our constituents that this information is being protected and is not being used by the thieves, the fraud artists, and the people that are out to steal this information.  Commissioner?

Mr. Croft.  Thank you.  So we are purposely not boastful about IT security protections, but trust that we do as much state of the art as we possibly can in terms of IT security.  We are incredibly conscious of the personally identifiable information that is ours to be stewards of.  We stand for outside audits.  We follow all guidelines.  We do everything we possibly can to stay as secure and sound as we can in terms of data protection.

Mr. Marchant.  Mr. Richtman, would you agree that the perception of the general public is that their information is completely secure within the Social Security Administration?

Mr. Richtman.  As far as I know, Congressman, that would be true.

Mr. Marchant.  Dr. Scherlis, just recently there was an expert advisory panel that was put together, but it was ultimately disbanded.  Do you have the belief that outside advisory panels in the private sector can help fill the gap?

Dr. Scherlis.  I think that outside advisory panels provide an opportunity for an organization to compare and baseline its practices against practices in other organizations, particularly in areas where measurement is a challenge.  And one of those areas is architecture and strategic planning because we are working to a vision of future potential.  And so that is an area where the kinds of inputs that you get from advisory panels can be extremely useful.

Mr. Marchant.  Okay.  Thank you, Mr. Chairman.

Chairman Johnson.  Thank you.  Dr. Scherlis, since 2008, I have continued to raise concerns about the time it has taken for Social Security to modernize its outdated programming language, including replacing COBOL, which was created some time ago.  In your testimony, you talk about challenges of old systems, so-called legacy systems, that operate on obsolete platforms.

Social Security is phasing out its older software, but they told me the process will take years.  Does that sound right to you?  You know, it seems to me you can go out to the store and buy a new computer with all the latest stuff on it, and I do not know why we cannot do that in the Federal government.

Dr. Scherlis.  Well, in fact, I am going to give you two answers.  One answer is that this sense of urgency that we should feel needs to focus around the development of this master plan that we have been speaking of earlier today.  That creates the commitment, creates the framework within which we move forward.  But that given the magnitude of the operation at Social Security and the sensitivity of the data, the unfolding of that plan will take some years.  But the plan provides a framework for making decisions and having a sense of expectation regarding what kinds of projects will happen when and how much they might cost.

So it is this juxtaposition of the urgency to create the plan with the unfolding of that.  So we have the comfort that the incremental actions that are taken as an organization are in harmony and moving in the right direction.

Chairman Johnson.  Well, it seems like we keep changing our approach.  You know, Mr. Croft, it seems to me we have been 4 or 5 years downstream trying to modernize the system.  Can you tell me how long it is going to take before we get out of COBOL?

Mr. Croft.  No, sir, I cannot.  I do not believe anybody could do that.  And we would find ourselves —

Chairman Johnson.  Dr. Scherlis could tell you how to.


Mr. Croft.  I would comment, and my colleague to the left mentioned.  We actually have just recently published an IT strategic plan.  We released it formally, I believe it was earlier this week.  And I encourage people please to take a look at it.  It does look out 5 years.  It does describe our current state in detail, not in the kind of —

Chairman Johnson.  So you are telling me you are going to rid of COBOL in 5 years.

Mr. Croft.  No, sir.  No.  No.  It is an incremental approach to —

Chairman Johnson.  We are going to have it for, what, 20 more years?

Mr. Croft.  The way we build software, sir, is so when we — I do not know about 20 years, but the way we build software is when we are taking on new projects, we only build with new code.  We only build in the new ways.

We also assess the risk of all of our systems, as I mentioned in my opening statement.  And if we believe we are facing a technical risk with one of our systems, we will take it on motion and rebuild it.  And we are rebuilding following a systematic approach to the software.

I would also mention in terms of architecture, we do have robust enterprise architecture at Social Security.  I want to make sure that everybody is clear on that.  I will accept a bit of criticism that the architecture has not looked out far enough into the future, and that is something we are addressing now rather than looking out a couple of years consistent with where we think business projects are going.  We are actually extending the look of the architecture out 5 years now, and that is something we are actively working on.

Chairman Johnson.  Well, you know, you got a new place down in North Carolina, and you are building a new place up here.  And it seems to me by the time that place is finished up here, you ought to have a whole new system developed.  If you cannot do it, something is wrong I think.

You are working at a snail’s pace, and I think, as was mentioned earlier, maybe you need a strategic plan in writing.  And once you get started on something, do not stop it like you just have as I know.  And your job has changed, too.  So something is happening over there that you all are not telling us about that and it is causing problems.

Mr. Croft, GAO mentions eight reports issued since 2007 by GAO, and here they are laying here on my desk.  And the National Research Council, the National Academies, the inspector general, and the bipartisan Social Security Advisory Board highlight Social Security’s technology challenges, and stress the need for Social Security to have a strategic IT plan.  They tell me there is still no plan.  Can you tell me why not?

Mr. Croft.  There is a plan now.  We were working on it.

Chairman Johnson.  Did you do it yesterday or something?

Mr. Croft.  We released a final this week, yes.

Chairman Johnson.  Okay.

Mr. Croft.  But we were working on it actually for quite a long time.

Chairman Johnson.  Okay.  So you have a strategic IT plan now?

Mr. Croft.  We do.

Chairman Johnson.  And you are using it?

Mr. Croft.  Yes.

Chairman Johnson.  Thank you very much.  Mr. Becerra.

Mr. Becerra.  A couple of questions, Mr. Chairman.

First, Mr. Croft, again, I think it is pretty clear from some of the questions that we are concerned about the strategic planning.  And I think Ms. Melvin, her testimony, her written and oral testimony pointed to that.  And I think all the witnesses pointed to the importance of being able to think way ahead.

And I hope what you will do is you will take our admonition and really work on it with this new plan you have in place, and know that you should never come here with a fire at the house claiming you need the engine real quickly, 911, because I hope we are telegraphing that we can see it, too.

And you have got a great satisfaction rating from folks right now.  The public for the most part likes what you do.  In fact, I was looking at some of these other customer ratings, Mr. Freed, and you can tell me if I am wrong.  But Bank of America, 68 percent customer service satisfaction, YouTube, 74 percent, Facebook, 66 percent, Google, 83 percent, IRS, 57 percent, and you are at 80 percent.  So not bad.  Better than YouTube, close to Google.  Work with us so we can work with you.

And, by the way, when Americans every day are contributing to the Social Security system to the tune of over $700 billion this year alone, there should be no reason why you cannot come to us and say I’ve got a great plan to move us forward.  We have taken the best minds who told us how to do this, and this is what it is going to cost to make this kind of investment.  And then let us work with you on that because the American public is paying for Social Security, and so let us work together on that.  I hope we can do that really well.

One quick question.  Servicing.  You actually got great scores in a lot of areas.  You got a higher score on the Internet side than you did on the person-to-person and telephone.  Some might say, well, maybe that means you can go all the way and do everything by computers and the Internet and have all interactions with customers be through the Internet.  Do you think that we are ever going to reach a day where the face-to-face will not be needed?

Mr. Croft.  For Social Security?

Mr. Becerra.  For Social Security.

Mr. Croft.  Not in the foreseeable future, no.  I do not think so.  I would comment on the non-technology side, though, we also do internal surveying, and we receive very high satisfaction scores from face-to-face and telephone contacts as well.  In particular what is noted in any survey that we have ever done is the excellence of the workforce for Social Security, the courtesy, but also the business knowledge of the agents.  So once people get through, sometimes there are problems in terms of getting access to our employees because of the long wait times or busy rates and things like that.  But once they get through, time and time again the surveys have always shown a very happy satisfaction in terms of our workforce.

Mr. Becerra.  Well, let me just compliment today your folks in Los Angeles, who we work with.  They have done remarkable work addressing some of the concerns that we have raised to them in trying to help constituents.  And please convey that to folks throughout the nation that work for SSA.  We say thank you.  But I know for a fact that in LA, people really enjoy the interaction they have and are pleased with some of the folks that you have there in Los Angeles.  And know that we want to work with you as you move forward.  We know it is not easy, but we need to do this, and we have to figure out a way to do it so we do not have a machine with a whole bunch of old and new moving parts trying to make this thing work.  So thank you.

Mr. Chairman, I will yield back.

Chairman Johnson.  Mr. Berg, do you care to question?

Mr. Berg.  Thank you, Mr. Chairman.  I will just kind of back up where we went.  But, I mean, clearly assess the current situation of all your strengths and your weaknesses.  Number two, what is your long-term vision?  And have an IT plan that ties into that and a plan that then has performance measures and checks and balances and timetables.  That is, I think, kind of what I heard.

So I guess I would like your response, Mr. Croft, to those suggestions.

Mr. Croft.  Yes, sir, I agree.  One thing I would also mention is we stay very in sync with the business direction of the agency in terms of IT.  We follow the agency’s strategic plan and flow from that in terms of IT.  We are not doing IT just for IT’s sake.  We are doing IT to enable the business.

I would also mention, in terms of the investments that we make, we do very rigorous analysis up front before we embark on an investment, including ROI analysis to make sure that we are picking the right mix of projects to get the most value for Social Security.

So we do have a robust planning process.  Some might say we do not refresh it enough or look farther out, but we definitely have a planning process.

Mr. Berg.  So on the return on investment, who do you present that to?

Mr. Croft.  Ultimately, it is presented to a board of my peer executives and the Commissioner as we decide what investments we are going to make in IT looking out into the future.  That also is reported up through central government, OMB.  It is public knowledge on the Federal IT Dashboard and so forth what we expect to get out of our investments.

Mr. Berg.  Those have been presented to a congressional panel?

Mr. Croft.  I do not know.  It is part of the budgeting process and the oversight that we do.  It is public information.

Mr. Berg.  Well, we will follow up.  Thank you, Mr. Chairman.  Yield back.

Chairman Johnson.  Mr. Brady, you are recognized.

Mr. Brady.  Thank you.  Dr. Scherlis was so efficient in his last answer, let me try again.  In your testimony about drivers of change, you discussed the advantages of modern data computing, including, you know, big data, cloud computing obviously, architecture.  And for the subcommittee’s education, would you define this for us and how Social Security can leverage this kind of computing to their advantage, because clearly we want to be ahead on some of this technology, not trailing so much.

Dr. Scherlis.  Sure.  Sure.  So the idea of big data computing, basically it refers to a whole collection of techniques and technologies to exploit data assets.  We do not merely want to accumulate those data assets, but we want to see patterns, do analyses for all kinds of reasons.  The best way to realize the capability to do that is within what we call the cloud.

In this case, by cloud I mean an architecture for a data center, and also for the processing of data, the key features of which are large numbers of relatively smaller processors, the same kind of processors that are run in your PC, and data that is located on disk drives that are associated with those processors.  So the data is spread all around.

That allows to scale up by buying more processors and more disks and, therefore, to store more data.  This is the kind of configuration that is used not just at Google and Amazon that we hear about, but in financial services firms and government agencies all over.

And scalability is key because we can do very large-scale searches by sending small amounts of instructions out to those processors to query the data that resides on those processors, and then we very rapidly can assemble an aggregate result.  So those are the ideas of big data and cloud.

Sometimes we hear the word “cloud” in the setting of sort of the controversial setting of the so-called public cloud, services such as are provided by Microsoft through Azure or Amazon and so on.  And really that is an entirely separate issue from this discussion that we are having, which is about the architecture of data centers.  Whether you own the data center and it is inside of your facility, which certainly would be the case with SSA, or whether you outsource to a provider is really a business decision.

Mr. Brady.  And you believe this type of architecture could be helpful as Social Security pursues its IT goals?

Dr. Scherlis.  I do.  I do because it offers both scalability, flexibility, and also cost management, the ability to incrementally upgrade.  There are many advantages of this architecture.

Mr. Brady.  Great.  Thank you, Doctor.

Dr. Scherlis.  You are welcome.

Chairman Johnson.  I would like to welcome the distinguished gentleman from Kentucky and chairman of the Ways and Means Subcommittee on Human Resources, Mr. Davis, down there on the end.  Thank you for joining us.  You may have a couple minutes.

Mr. Davis.  Thank you very much, Mr. Chairman.  And before I begin, I would like to thank you for holding this hearing and for allowing me to join and ask a question from such a knowledgeable panel.

The Social Security Administration has come a long way since the days of the punch card.  There is still significant progress to be made in order to truly become a 21st customer service provider.

From the work we have been doing on the Human Resources Subcommittee, we know that strategic IT investments to promote operations and to integrate and reuse existing data resources could help more effectively target limited taxpayer dollars.

I used to do this for a living, managing large system implementation, data integration in the private sector before coming to Congress.  And I discovered my biggest client was the United States government, and probably the most challenging in the sense of legacy systems that you are all dealing within a wide variety of areas.

You know, we have worked with this and we have had some success in promoting data standardization across a number of programs.  We are working with Chairman Johnson to see how we can be helpful here.  Our efforts are not intended to be yet another statutory mandate, but rather an important piece of a larger IT strategy and approach to architecture to effectively integrate information and to help the government run more efficiently, particularly when some of our agencies under Ways and Means jurisdiction have 10 percent or higher improper payment levels.  Social Security is very low, which is a good thing.  But nonetheless it shows this disconnection.

I guess I would like to begin with Ms. Melvin.  In your 2009 report, and again in your most recent review, you expressed concerns about the Social Security Administration’s ability to handle future data exchange demands and their lack of IT management practices for this workload.

With over 3,500 data exchange agreements and growing demand for government to reuse information, what I would call in my other job, customer master information, vendor master type of information, the transaction analysis, bills of labor, and resources, those sort of things.

But could you elaborate for us on whether SSA is adequately preparing to handle this workload from an IT perspective?  And also what is SSA doing to better serve its State and local government customers and meet their demands to operate in the 21st century?

Ms. Melvin.  The work that we did note that SSA is going to web-based technologies and to newer online technologies.  And our report does highlight some of the initiatives that support electronic data exchange with the Federal, State, and the private sector.

Our 2009 report, however, included a couple of recommendations that focused on conducting detailed analyses.  We believe that SSA needed to determine workload projects and define requirements for effectively and efficiently delivering data exchange services to their agency partners.

As of right now, those two recommendations remain open.  So it is very difficult from our standpoint to know until SSA has actually done the analysis and started to implement against that analyses exactly how its online exchanges are affecting it.

Mr. Davis.  Okay, thank you.  Mr. Croft, what difficulties do you face from an IT perspective when exchanging information with outside partners such as the States?  For example, would it be more useful for incoming data if it were provided in a more consistent, standardized format?

Mr. Croft.  Absolutely, yes, it would.  Another point I would bring up, sir, is the uniformity of the exchanges in general.  We do have many, many exchanges.  We are probably the largest body that is exchanging data in the Federal government.  And all in all, it is going okay.  It is a large workload, a growing workload.  But we are needing to redo our core software, our core data exchange software, and we are actually in the process now of modernizing that software to make it more agile to deal with the multiple kinds of customer requests that we receive.

I would also mention just in general around data exchanges, the IT generally is not the hardest part.  The hardest part is, as you know, data definitions, but it is also the legal, fiscal kinds of things that go with interagency kinds of agreements like that.

Mr. Davis.  What lessons do you think you have learned so far from the implementation of the Access to Financial Institutions Program, the web-based electronic process for verifying financial account information?

Mr. Croft.  It is going very well, but I would note that we piloted that for quite some time and really worked out the kinks before we took it operational.  All in all, I would say that is a very effective and proper payment mechanism.  And I really do not have any further comments to say except that it does take time to work out the business process, and the privacy angles, and all those kinds of things that go along with data exchange.

So if you looked at it, it is like we just turned it on, but, in fact, we have been working on that in various pilot modes for some number of years.

Mr. Davis.  Well, one question that I have looking at this, again, in my multi-facility implementation experiences that are admittedly smaller scale than the Social Security Administration.

Chairman Johnson.  Can you summarize?

Mr. Davis.  Yes.


Mr. Davis.  But if you could answer quickly one question for me, that would be very helpful.  If you were to pick one or two statutes that need to be amended to allow better interchange of data, what would those be?

Mr. Croft.  Sir, may I answer that for the record, please?  I am not able to answer that quickly for you.  I would rather give you a thoughtful answer than a quick answer.

**Mr. Croft** Transcript Insert 2

Mr. Davis.  Yeah, that would be great.  Thank you.  I yield back, Mr. Chairman.

Chairman Johnson.  Thank you.  Mr. Croft, I noted in my opening statement I am disappointed to learn the panel of outside experts convened by Commissioner Astrue to provide independent systems technology advice was disbanded.  I was even more disappointed to learn that the reports and minutes have been removed from Social Security’s website.

I would like to know why Social Security took those documents down and ask you which of the recommendations of that panel has Social Security acted on, and what specific actions have you taken or intend to take?

Mr. Croft.  I do not know the intricacies of why things come down off the website.  I do not know if that was a requirement for a FACA panel when we disband them that we take that down.  We certainly have all the information, though, and have shared that with the IG.

Probably the most substantive information that I received from the panel was in the early part of it around the data center project.  That was a more in-depth piece of work, and they made a number of recommendations in terms of our data center planning.  And we were certainly very positive about using many of those.

Another area where there was help from the panel, and this was also a while ago, but was in terms of authentication and the way we designed the authentication with the new online statement.  It was not so much a panel deliberation, but we worked with one of the panel members on that.

Chairman Johnson.  Thank you, sir.  Again, I thank you all for being here today and for your testimony.

Innovations in technology will continue to drive the kind of service Americans expect and deserve.  And Social Security must and will be held accountable.

I thank you all for your attendance.  And with that, the subcommittee stands adjourned.

[Whereupon, at 4:08 p.m., the subcommittee was adjourned.]

Questions For The Record

Kelly Croft
Kelly Croft Attachment #1
Kelly Croft Attachment #2
Larry Freed
Valerie Melvin

Submission For The Record

James Strassberger