Search News & Reports

IT Investment Management: Social Security Administration Needs to Oversee Investments in Operations and Better Evaluate Performance

Government Accountability Office
07/28/2025

Download Report

Fast Facts

The Social Security Administration relies on information technology to deliver retirement, disability, and other benefits to millions of Americans. In FY 2024, it spent about $2.2 billion on IT.

We found that SSA doesn't have a process for its IT Investment Review Board to monitor its investments in operations and maintenance, infrastructure, and cybersecurity. These investments accounted for about 90% of its IT budget in FY 2024. SSA also didn't fully evaluate the performance of its investments, even though it's required to do so.

Our 7 recommendations address these issues.

Highlights

What GAO Found

The Social Security Administration (SSA) has defined processes to manage IT investments under development that are consistent with relevant federal legislation, federal guidance, and key practices. However, the agency does not have a process to oversee investments in operations—including those in operations and maintenance (O&M), infrastructure, and cybersecurity. These investments accounted for $2 billion or about 90 percent of SSA's IT budget in fiscal year 2024. SSA officials told GAO that, among other things, maintaining investments in O&M is necessary and the agency cannot have debates on whether to continue to fund them. Without a process for the IT investment review board (IRB) to oversee these investments, SSA lacks the enterprise-wide perspective to make the most appropriate strategic IT investment decisions. In addition, the agency is hampered in its ability to effectively manage the entire IT portfolio and identify opportunities for cost savings and efficiencies.

SSA has not fully evaluated investments under development and those in operations:

  • While SSA has policies and procedures to oversee investments under development, it has not fully implemented them. SSA's IT IRB meeting minutes for fiscal years 2022 to 2024 showed that the board primarily focused on funding allocations for the upcoming fiscal year and did not regularly discuss investment performance. SSA officials said that this was primarily due to the uncertain budget environment. However, without regular oversight, the IT IRB will not know whether the investments are meeting performance targets. The IRB also risks identifying corrective actions late, when they are more difficult and costly to address.
  • SSA did not have complete performance documentation for three selected investments under development. Without complete and current performance data, SSA is unable to determine investment progress and value.

Performance measures identified

Return on investment documentation

Value realization documentation

Investment 1

✔ Yes

✘ No

△ Partial

Investment 2

✘ No

✘ No

✘ No

Investment 3

✔ Yes

△ Partial

△ Partial

✔ Yes = documentation existed and was complete/current; △ Partial = documentation existed but was not complete/current; ✘ No = documentation did not exist.

Source: GAO analysis of Social Security Administration documentation. | GAO-25-107200

  • SSA also does not have a process to regularly review the performance of investments in O&M, as called for in federal guidance. Officials stated that they maintain performance information for investments in O&M which is available to project staff and executives. In addition, project staff are responsible for monitoring investment performance and raising issues as needed to leadership. However, SSA's IT IRB meeting minutes did not show evidence of this. Until SSA defines and implements processes to review investments in O&M, it risks not knowing whether its multibillion-dollar IT investments continue to support agency needs.

Why GAO Did This Study

SSA relies extensively on IT to deliver retirement, disability, survivor, and family benefits programs to millions of Americans. In fiscal year 2024, SSA spent about $2.2 billion on IT.

GAO was asked to review SSA's IT investment management process. This report assesses (1) the extent to which SSA's IT investment management process complies with federal legislation, guidance, and relevant key practices; and (2) SSA's efforts to evaluate its IT investments.

In performing its work, GAO analyzed SSA's IT investment management processes and compared them to relevant provisions of federal IT acquisition legislation, federal guidance, and key practices. GAO also selected three mission-critical IT investments under development, and reviewed investment management documentation, including performance information, to determine if they were consistent with SSA's procedures. GAO also reviewed the contents of IT IRB meeting minutes and compared them to the responsibilities stated in the board's charter.

Recommendations

GAO is making seven recommendations to SSA, including that it implement a process to oversee and review performance of investments in operations, and fully implement its process to evaluate performance of investments under development. SSA agreed with all seven recommendations.

GAO Contacts

David (Dave) Hinchman Director Information Technology and Cybersecurity HinchmanD@gao.gov

Media Inquiries

Sarah Kaczmarek Managing Director Office of Public Affairs media@gao.gov

Public Inquiries

Contact Us

Topics

Information TechnologyAcquisition reformChief information officersInformation technologyInvestment portfolioIT investment managementPolicies and proceduresIT investmentsPerformance measurementPhysical disabilitiesBest practices

Recommendations

GAO is making seven recommendations to SSA, including that it implement a process to oversee and review performance of investments in operations, and fully implement its process to evaluate performance of investments under development. SSA agreed with all seven recommendations.