Legacy IT

CARES Act delivery hampered by old tech, bad data

 Information technology installed in the Social Security Department By Everett Historical Shutterstock ID 237228895  

Aspects of the federal government's economic response to the coronavirus pandemic were marred by outdated state technology software and a crushing volume of beneficiaries that overwhelmed many systems, according to a new report from the watchdog Government Accountability Office.

Federal officials said "the ability to easily modify data systems to incorporate new flexibilities varies among state and local agencies," leading to numerous delays and interoperability challenges across multiple recovery programs related to the Coronavirus Aid, Relief, and Economic Security Act passed in March.

Agencies like Health and Human Services reported that states had to coordinate across different data systems to serve existing beneficiaries as well as a surge of new applicants for programs like Electronic Benefit Transfer and Supplemental Nutrition Assistance Program payments. Meanwhile, uneven technological sophistication across different states made remote collaboration in the wake of the pandemic caused challenges while coordinating payments for the Women, Infants and Children (WIC) program.

According to Department of Labor officials, many states processing unemployment claims were using "information technology systems that date as far back as the 1970s" and crashed under the load of newly laid off workers filing for benefits. The department has provided federal grants, technical assistance and guidance to help modernize those systems, but "relatively few" states conducted adequate load-testing to handle the volume of claims they have received since March.

These systems was already straining, with federal and state governments overseeing more than $2.7 billion in improper unemployment payments in 2019, and overseers worry the numbers will look even worse this year as the government has rushed to respond to the economic fallout of the virus.

"DOL's experience with temporary UI programs following natural disasters suggests there may be an increased risk of improper payments associated with CARES Act UI programs," auditors wrote.

A rushed response also led the IRS to send more than a million stimulus checks to citizens who were deceased. As FCW has reported, the agency emphasized speed to get relief dollars into the hands of Americans as soon as possible, leading to processing errors and opening the door to potential fraud. Auditors suggest that implementing 2018 recommendations to align their authentication practices with NIST cybersecurity guidance making better use of death data housed at the Department of Treasury and other agencies could address the problem.

Auditors noted that " IRS has full access to the death data maintained by the Social Security Administration…but Treasury and its Bureau of the Fiscal Service, which distribute the payments, do not."

In a response attached to the audit, IRS Chief Risk Officer Tom Brandt said employee worked "around the clock since mid-March to develop new tools and new guidance" to make handle economic impact payments but that "our work is not done yet" and the agency will consider the GAO's recommendations further.

Information technology challenges and delays also reportedly hampered efforts by the Small Business Administration to process economic injury disaster loans, though details are scarce. The report paints a portrait of disorganized agency that at times unresponsive to oversight. While auditors asked to meet with agency officials on April 13 to get more detailed information on individual loan data and other aspects of the response, SBA didn't agree to a meeting until June 1 and provided "primarily publicly available information in response to our inquiries" about loan data.

In a statement, House Oversight and Government Reform Chairwoman Rep. Carolyn Maloney (D-N.Y.) said the report "provides a comprehensive and independent look at the Trump administration's incompetent and dangerous response to the coronavirus pandemic" and pressed for more information on IRS stimulus payments to dead Americans. She also called on SBA to address transparency concerns about its loan program "immediately."

SBA responded to a draft version of the report disputing GAO's claims, saying they offered staff for interviews and provided 420 pages, including "information on loan numbers and loan volume, the number and type of lenders participating in [the Paycheck Protection Program], loan numbers and loan volume for each type of lender, loan numbers and volume by industry and state" and other figures.

"To be clear, SBA has never refused to provide data to GAO," wrote William Manger, Chief of Staff for Administrator Jovita Carranza.

Federal agencies were of course not immune from technological troubles, and the audit suggests modernization efforts at the IRS, the Department of Housing and Urban Development and other agencies can better position them to process funds related to the CARES Act.

The report also posits that agencies could make better use of a number of existing contracting authorities and programs, including contracts that allow work to begin before a final agreement is reached, Other Transaction Authority (OTA) that sidestep certain federal regulations to prototype new technologies and higher spending thresholds for emergency purchases.

GAO is currently working on separate reports examining how agencies planned and managed contracts related to the pandemic, reimbursement policies for contractors who performed emergency work and the use of the Defense Product Act.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

  • Defense
    DOD photo by Senior Airman Perry Aston  11th Wing Public Affairs

    How DOD's executive exodus could affect tech modernization

    Back-to-back resignations raise concerns about how things will be run without permanent leadership in key areas from policy to tech development.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.