SSA needs better plan for high-risk project, IG says
Project achieves initial goals but with less than ideal design
The Social Security Administration started a high-risk conversion of its legacy core databases without a comprehensive strategic plan and without recognizing the project as a major information technology investment, according to a new audit from the SSA's Office of Inspector General.
Although the conversion of the file management system has achieved its initial milestones so far, the result is a less than optimal database design, the audit said.
Starting in 2005, the SSA recognized the need to update its Master Data Access Method (MADAM) legacy file management system. The legacy system was developed in the 1980s to access the agency’s personal records for most Americans. However, the programming language for the master file system was no longer widely used and there were few programmers to support it.
The SSA has successfully attained the initial phase one goals of the conversion to a DB2 database management system, audit said. Phase one will be completed in 2013.
While praising the SSA for carrying out the first steps of the conversion, the audit also highlighted several problems, including lack of a comprehensive strategic plan and a need to elevate the project into a major information technology investment.
Also, the audit noted that the conversion methodology may have hampered the design for the database, which falls short of ideal.
“We found that SSA had effectively implemented the project to replace MADAM. However, the project implementation strategy was not efficient because it resulted in less than optimal database design,” the audit concluded.
The IG said, with so much at risk in managing its core databases, the SSA should discuss with the Office of Management and Budget whether to classify the project as a major IT investment, and suggested this should have been done.
“This project meets OMB’s definition of a major investment due in part to its importance to the mission or function of the agency. The project ensures the continued availability of the agency’s major data files and therefore is critical to SSA’s mission and function. The project is also a high risk project because delay or failure will impose unacceptable risk on SSA. SSA should have identified and managed the project as a major IT investment,” the audit states.
In addition, the audit recommended that SSA needs to develop a comprehensive strategic plan for the conversion. To date, the only high-level plans are for phase one, while the remainder of the plans do not contain “critical decision-making information,” the audit states.
SSA officials agreed with nearly all the recommendations; however, they disputed the need for a comprehensive strategic plan to cover all phases of the project.
“We believe that the extended duration of the project makes a plan as proposed infeasible. We have developed sufficiently detailed plans for near term activities, and we have developed conceptual plans for those activities that we will be undertaking several years from now,” the SSA said in its response.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.