SOCIAL SECURITY READY? NOT!!!!!!!!!!!!!!!!!!! : LUSENET : TimeBomb 2000 (Y2000) : One Thread

The Social Security Administration announced it was 99% compliant and The President and Koskinen say "no problems"

The GAO says tells us where they really are. Do you really think the government can be "efficient?

July 29. 1999 Testimony of Joel Willemssen


Social Security Administration: Update on Year 2000 and Other Key Information Technology Initiatives (Testimony, 07/29/1999, GAO/T-AIMD-99-259)

A Testimony Before the Subcommittee on Social Security, Committee on Ways and Means, House of Representatives

For Release on Delivery Expected at SOCIAL SECURITY ADMINISTRATION

Thursday, July 29, 1999, 10 a. m.

Update on Year 2000 and Other Key Information Technology Initiatives

Statement of Joel C. Willemssen Director, Civil Agencies Information Systems Accounting and Information Management Division


Mr. Chairman and Members of the Subcommittee: We are pleased to be here today to discuss the Social Security Administration's (SSA) progress in implementing key information technology initiatives critical to its ability to effectively serve the public. Achieving Year 2000 (Y2K) readiness is SSA's top information technology priority. Consistent with our prior reports, 1 SSA continues to make excellent progress on Y2K and has taken important steps to implement our recommendations for mitigating risks. Further, it has initiated a number of governmentwide best practices to help ensure its preparedness for the change of century. Nonetheless, SSA's work is not yet complete; certain tasks integral to ensuring its overall readiness for the year 2000 must still be accomplished. Another major focus of SSA's information technology activities is implementation of its Intelligent Workstation/ Local Area Network (IWS/ LAN),


The third initiative that I will discuss today is SSA's development of its Reengineered Disability System (RDS). RDS was intended to support SSA's modernized disability claims process and was to be the first major programmatic software application to operate on IWS/ LAN. However, SSA experienced numerous problems and delays in developing this software. Based on a contractor's recent assessment of the initiative, SSA has now decided to terminate the original RDS strategy after 7 years of effort and about $71 million in reported costs. SSA now plans to proceed with a new strategy to address the needs of its disability determination process.

1 Social Security Administration: Significant Progress Made in Year 2000 Effort, But Key Risks Remain


Year 2000: Continuing SSA first recognized the potential impact of the Y2K problem in 1989 and, Progress, But Critical in so doing, was able to launch an early response to this challenge. SSA initiated early awareness activities and made significant progress in Tasks Remain assessing and renovating mission- critical mainframe software that enables it to provide Social Security benefits and other assistance to the public. Because of the knowledge and experience gained through its Y2K efforts, SSA has been a recognized federal leader in addressing this issue. Despite its accomplishments, however, our 1997 report on SSA's Y2K program identified, and recommended actions for addressing three key risk areas:

2 - SSA had not ensured Y2K compliance of mission- critical systems used by the 54 state DDSs that provide vital support in administering SSA's disability programs. Specifically, SSA had not included these DDS systems in its initial assessment of systems that it considered a priority for correction. Without a complete agencywide assessment that included the DDS systems, SSA could not fully evaluate the extent of its Y2K problem or the level of effort that would be required to correct it. We therefore recommended that SSA strengthen its monitoring and oversight of state DDS Y2K activities, expeditiously complete the assessment of mission- critical systems at DDS offices, and discuss the status of DDS Y2K activities in SSA's quarterly reports to the Office of Management and Budget (OMB). SSA had not ensured the compliance of its data exchanges with outside sources, such as other federal agencies, state agencies, and private businesses. Unless SSA can ensure that data received from these organizations are Y2K complaint, program benefits and eligibility computations that are derived from the data provided through these exchanges may be compromised and SSA's databases corrupted. Accordingly, we recommended that SSA quickly complete its Y2K compliance coordination with all data exchange partners.

SSA lacked contingency plans to ensure business continuity in the event of systems failure. Business continuity and contingency plans are essential to ensuring that agencies will have well- defined responses and sufficient time to develop and test alternatives when unpredicted failures occur. At the time of our October 1997 review, SSA officials acknowledged the importance of contingency planning, but had not developed specific plans to address how the agency would continue to support its core business processes if its Y2K conversion activities experienced unforeseen disruptions. We therefore recommended that SSA develop specific contingency plans that articulate clear strategies for ensuring the continuity of core business functions. SSA agreed with all of our recommendations and efforts to implement them have either been taken or are underway.

[major snip]

While SSA has been a Y2K leader, it must still complete several critical Critical Tasks to Ensure tasks to ensure its readiness for the year 2000. These tasks include Year 2000 Readiness ensuring the compliance of all external data exchanges, completing tasks outlined in its contingency plans, certifying the compliance of one remaining mission- critical system, completing hardware and software upgrades in the Office of Telecommunications and Systems Operations, and correcting date field errors identified through the quality assurance process.

SSA reported as of mid- July that six of its external data exchanges were still in the process of being made Y2K compliant. In each instance, these include files that have been addressed by SSA but which need further action on the part of SSA's business partners to achieve Y2K compliance. For example,SSA transmits one file on cost- of- living adjustments to the Department of Veterans Affairs (VA). While SSA has made the file compliant, VA must still complete its testing in order to receive the file in a Y2K compliant format. VA is scheduled to complete its testing in August. In addition, SSA is waiting to verify the successful transmission of three compliant files from Treasury regarding information on tax refund actions. SSA expects to verify the compliance of the Treasury files during the first week of August. SSA also still needs to verify the successful transmission of two Massachusetts death data files. SSA expects to complete this activity by the end of this week. Completing tasks in its contingency plans and coordinating with its own staff and its business partners to ensure the timely functioning of its core business operations is likewise critical. This includes coordinating with its benefit delivery partners on contingency actions for ensuring timely benefits payments. For example, SSA plans to assist Treasury in developing alternative disbursement processes for problematic financial institutions. SSA is also now in the process of testing all of its contingency plans, with expected completion in September. In addition, SSA must implement its day- one strategy, consisting of actions to be executed during the last days of 1999 and the first few days of 2000. SSA also has one remaining mission- critical stand- alone system the Integrated Image- Based Data Capture System which must still be certified as Y2K compliant. This system is used to scan and convert W- 2 forms to electronic format for entry into the Annual Wage Reporting System. According to officials in SSA's Office of Systems, the SSA- developed application software has been renovated, tested, and implemented into production; however, SSA cannot certify the system's compliance until it has completed testing of the system's upgraded commercial off- the- shelf software used for tracking W-2 form data from the point of receipt to image scanning. This testing is not scheduled to conclude until late August. The installation of software and hardware upgrades in SSA's Office of Telecommunications and Systems Operations must also be completed. For example, SSA must install Internet browser patches for the IWS/ LAN software by August.

Finally, SSA must correct a number of date-field errors recently identified using its QA tool. SSA reported that as of July 23, 1999, it had assessed 92 percent (283 of 308) of its mission- critical applications (having a total of about 40 million lines of code), 5 and that it had identified 1,565 date field errors. SSA is in the process of correcting these identified date problems. As of mid- July, it reported that 44 of the 283 applications had been corrected, recertified, and returned to production. SSA plans to correct, recertify, and implement all of its remaining applications by November, when it is scheduled to modify some mission- critical applications to reflect Title II benefit rate increases and Title XVI cost- of- living adjustments. IWS/ LAN: Installations

The second major information technology initiative that I will discuss today is SSA's IWS/ LAN modernization effort. [snip] Under this initiative, SSA planned to replace approximately 40,000 dumb terminals and other computer equipment used at about Performance Remain 2, 000 SSA and state DDS sites with an infrastructure consisting of networks of intelligent workstations connected to each other and to SSA's mainframe computers. [snip]

SSA's dumb terminals are connected to its mainframe computers through its data network and are controlled by software executed on the mainframes.

The resources that SSA plans to invest in acquiring IWS/ LAN are enormous. The first phase of the planned project that started in 1996, was to be a 7- year, approximately $1 billion effort to acquire, install, and maintain 56,500 intelligent workstations and 1,742 local area networks, 2,567 notebook computers, systems furniture, and other peripheral devices.

The basic intelligent workstation that SSA planned to procure included a 100- megahertz Pentium personal computer with 32 megabytes of random access memory and a 1. 2- gigabyte hard (fixed) disk drive. We reported in 1998, 8 however, that the IWS/ LAN contractor Unisys Corporation had raised concerns about the availability of the intelligent workstations being acquired, noting that the 100- megahertz workstations specified in the contract were increasingly difficult to obtain. At that time, SSA's Deputy Commissioner for Systems did not believe it was necessary to upgrade to a faster processor because the 100- megahertz workstation met the agency's needs. Over the past year, SSA has continued its aggressive implementation of IWS/ LAN. The agency reported, as of mid- July 1999, that it had completed the installation of 518 workstations and 742 LANs at 1,565 SSA sites and 177 DDS sites.

As the agency has proceeded with the initiative, however, it has revised its requirements several times based on the need for additional workstations. Specifically, from June 1998 through April 1999, SSA modified its contract with the Unisys Corporation three times to purchase additional workstations and related hardware. These modifications increased from 56,500 to 70,624, the total number of intelligent workstations acquired under the Unisys contract.

In addition, because Unisys faced difficulty in obtaining the 100- megahertz workstations specified in the initial contract, the additional workstations acquired through the modifications were configured with processor speeds ranging from 266 megahertz to 350 megahertz. The national IWS/ LAN initiative consisted of two phases. During phase I, SSA planned to acquire workstations, LANs, notebook computers, systems furniture, and other peripheral devices as the basic, standardized infrastructure to which additional applications and functionality can later be added. Phase II was intended to build upon the IWS/ LAN infrastructure provided through the phase I effort.


According to SSA officials overseeing the initiative, SSA's initial estimates of its IWS/ LAN requirements had not fully considered the needs of all SSA and state DDS sites. As a result, additional workstations were necessary to (1) ensure Y2K hardware compliance at all DDS sites, (2) complete installations in some of SSA's larger sites, and (3) support training needs. SSA reported that the contract modifications cost about $32 million and that it had completed the installations of all but 106 workstations acquired via the modifications by July 11, 1999.

Beyond these modifications, however, SSA has continued to increase its requirements and is currently in the process of acquiring additional workstations to support the national IWS/ LAN initiative. In particular, SSA's Office of Systems concluded during fiscal year 1999 that the workstations acquired via the Unisys contract and its subsequent modifications were not sufficient to fulfill the IWS/ LAN requirements of all SSA and DDS sites. As a result, the Chief Information Officer (CIO), in November 1998, approved a request for a $45 million, 5- year follow- on contract to acquire, install, and maintain at least 6,900 additional workstations and about 275 additional LANs. According to a Systems official, the intelligent workstation that SSA has specified for the follow- on contract is, at a minimum, a 333- megahertz Pentium II processor with 64 megabytes of random access memory and a 4- gigabyte hard (fixed) disk drive. SSA is currently evaluating vendors' proposals and expects to award the contract by the end of July.

Although the CIO approved the Unisys contract modifications and the follow- on contract, SSA's Deputy Commissioner for Finance, Assessment and Management had previously expressed concerns about SSA's need for the additional workstations and their expected benefits. In particular, in letters to the CIO in November 1998 and April 1999, the Deputy Commissioner recommended that the CIO approve the additional workstations from Unisys and the follow- on contract award on the condition that SSA would, respectively, (1) reassess the total number of work year savings for IWS/ LAN and (2) reconcile the number of workstations against staffing levels. The CIO agreed to these conditions and requested that relevant agency components determine the reasons for the additional workstations and identify the benefits expected to be 10 According to SSA, the remaining workstations are to be installed by October 1999.

Although this effort has been ongoing for about 8 months, as of July 22, the study had not been finalized. IWS/ LAN's Actual Last June, we expressed concern that SSA lacked target goals and a defined Contribution to Improved process for measuring IWS/ LAN performance essential to determining whether its investment in IWS/ LAN was yielding expected improvements in service to the public.

According to the Clinger- Cohen Act and OMB Performance Remains guidance, effective technology investment decision- making requires that Unclear processes be implemented and data collected to ensure that (1) project proposals are funded on the basis of management evaluations of costs, risks, and expected benefits to mission performance and (2) once funded, projects are controlled by examining costs, the development schedule, and actual versus expected results. We therefore recommended that SSA establish a formal oversight process for measuring the actual performance of IWS/ LAN, including identifying the impact that each phase of this initiative has on mission performance and conducting postimplementation reviews of the project. Although SSA agreed with the need for performance goals and measures, its Information Technology Systems Review Staff had neither completed nor established plans for performing in- process reviews of IWS/ LAN to compare the estimated cost levels to actual cost data, (2) compare the estimated and actual schedules, (3) compare expected and actual benefits realized, and (4) assess risks. In addition, while the Clinger- Cohen Act and OMB guidelines call for postimplementation evaluations to determine the actual project cost, benefits, risks, and returns, SSA has not scheduled a post implementation review to validate the IWS/ LAN phase I projected savings and to apply lessons learned to make other information technology investment decisions. According to the Director of the Information Technology Systems Review Staff, the agency has no plans to perform either in- process or postimplementation reviews unless problems are identified that warrant such an effort.

As expressed in our earlier report, it is essential that SSA conduct in- process and postimplementation reviews for the IWS/ LAN initiative. Since 1994, we have expressed concerns regarding SSA's need to measure 11 the actual benefits achieved from its implementation. Moreover,as the agency continues to expand IWS/ LAN via its follow- on workstation acquisitions, it is critical for the agency to know how well it has achieved the savings projected in its initial assessments supporting this initiative. Without such reviews, the agency will be unable to make informed decisions concerning whether it should continue, modify, or terminate its investment in a particular initiative or how it can improve and refine its information technology investment decision-making process.

SSA Will Need to Continue

Our 1998 report also noted concerns among state DDSs about the loss of to Address DDS Network network management and control over IWS/ LAN operations in their offices Management Concerns and dissatisfaction with the service and technical support received from the IWS/ LAN contractor. Accordingly, we recommended that SSA work closely with the DDSs to identify and resolve the network management concerns. SSA has worked with the DDSs to address these issues. For example, it is providing additional servers to give the DDSs certain administrative rights capabilities, such as access to specific login scripts and full control over DDS applications. SSA has also worked with the DDSs to streamline the maintenance process and establish agreements that would allow the DDSs to perform their own IWS/ LAN maintenance. Under such agreements, according to SSA, states could rely on their in- house technical staff rather than the services of the IWS/ LAN contractor, Unisys Corporation to address maintenance problems. At the conclusion of our review, SSA had entered into a maintenance agreement with one state DDS Wisconsin and was considering the requests of four other DDSs. Other issues also continue to concern the DDSs. For example, representatives of the National Council of Disability Determination Directors, which represents the state DDSs, stated that they remain concerned about SSA's attempts to implement a standard print solution. In addition, they stated that SSA has not ensured that the workstations implemented adhere to a standard configuration that provides all DDS system administrators with the same rights. SSA has acknowledged these issues and plans to work with the states to address them.

RDS: Development SSA's work toward developing RDS has been ongoing for many years. The initiative began in 1992 as the Modernized Disability System and was redesignated as RDS in 1994 to coincide with the agency's efforts to SSA to Discontinue the reengineer the disability claims process. As shown in figure 1, SSA had planned to implement the RDS software starting November 1996 and to complete the national rollout by May 2001. Figure 1: Planned RDS Rollout Schedule

When completed, RDS was to be the first major programmatic software application to operate on SSA's IWS/ LAN infrastructure and be part of the enabling platform for SSA's modernized disability claims process. Specifically, RDS was to automate the Title II and Title XVI disability claims processes from the initial claims- taking in the field office to the gathering and evaluation of medical evidence in the state DDSs, to payment execution in the field office or processing center, and include the handling of appeals in hearing offices. SSA anticipated that this automation would contribute to increased productivity, decreased disability claims processing times, and more consistent and uniform disability decisions. However, after approximately 7 years and more than $71 million reportedly spent on the initiative, SSA has not succeeded in developing RDS and no longer plans to continue the effort.

As figure 2 shows, from 1993 through 1999, SSA took various steps toward developing the RDS software. Figure 2: Actual RDS Rollout Schedule

Further RDS rollout suspended


However, even in its earliest stages, this effort proved problematic and was plagued with delays. For example, in September 1996, we reported that software development problems had delayed the scheduled implementation of RDS by more than 2 years.An assessment of the development effort revealed a number of factors as having contributed to that delay, including

(1) using programmers with insufficient experience,

(2) using software development tools that did not perform effectively, and software design and development, pilot tests, and contractor support.

(3) establishing initial software development schedules that were too optimistic.

SSA proceeded with the initiative nonetheless and, in August 1997, began pilot testing the first release of the RDS software in its Alexandria, Virginia, field office and the federal DDS 16 for the specific purposes of (1) assessing the performance,cost, and benefits of the software and (2) determining IWS/ LAN phase II equipment requirements. However, as we previously reported, SSA encountered performance problems during the pilot tests.


In January 1998, we reported that SSA had begun taking steps to improve its software development capability.

Significant actions that SSA initiated include (1) launching a formal software process improvement program, (2) acquiring assistance from a nationally recognized research and development center in assessing its strengths and weaknesses and in assisting with improvements, 19 and (3) establishing management groups to oversee software process improvement activities. SSA has developed and is currently applying the improved software development processes to 11 projects. Given the failure of RDS, it is imperative that any future software initiatives adhere to the improved processes and methods. Without such linkage, SSA again risks spending millions on a project that will not succeed. On July 27, SSA officials told us that the new post- RDS initiative will be linked to the agency's software development improvement efforts.

In summary, SSA has encountered mixed success in implementing its key information technology initiatives. The agency has clearly been a leader on Y2K and has demonstrated a commitment to addressing the challenges of the century date change. Further, the agency has worked aggressively to implement IWS/ LAN as its basic automation infrastructure. However, the benefits of the IWS/ LAN investment remain uncertain because SSA has not yet assessed its actual contribution to improved mission performance. In addition, after years of problems, SSA terminated RDS, which will delay expected improvements in the processing of disability claims. To avoid repeating past mistakes on its future information technology efforts, SSA will need to, at a minimum, apply disciplined information technology investment management practices and adhere to improved software development processes.

Mr. Chairman, this concludes my statement. I would be happy to respond to any questions that you or other members of the Subcommittee may have at this time.

For information about this testimony, please contact Joel Willemssen at Acknowledgements (202) 512- 6253. Individuals making key contributions to this testimony included Michael A. Alexander, Yvette R. Banks, Nabajyoti Barkakati, Kenneth A. Johnson, Valerie C. Melvin, and

-- None (Your $$$$$$$$$$$ @, August 30, 1999



trolling for Polly comments

-- None (Your $$$ @, August 30, 1999.

--None And what would you expect from a leader ? Makes you wonder about the ones that won't be ready. All kidding aside ~good post thanks.....

-- kevin (, August 30, 1999.

Picky, picky, picky. But they started really early, and they've been working really hard, and they expect to finish. Isn't that good enough?

-- Linda (, August 30, 1999.

related thread

-- Puddintame (, August 30, 1999.

Sorry, new policy implementation.

Only one (1) free debunking per story.

Others are available at normal consulting rates.

-- Hoffmeister (, August 30, 1999.

Just a few tidbits from the "morass" above: and true, this is from a "good" y2k success story: it is typical of the last 1% of the "details" in that last 10% of the project that, as Rickover always maintained, were "devil in the details...."

<<... 54 state DDSs that provide vital support in administering SSA's disability programs. >> Now, I can get 52 if we include Alaska and HI (since they are states now 8<), Puerto Rico and Washington DC, but who else: Guam, Wake, Phillipines, US Virgin Islands, ???? The total doesn't come to 54....

Also: note that the PC's in this order to Unisys for the LAN kept getting more powerful as time went by, but that means either the original machines were not good enough to do the job, or the follow-on orders were too expensive to do the original job, or the original job could be done properly on the original-ordered machines....and thus they would be dragging down the newer machines on the network.....

Also: testing scheduled for August is now overdue, but could finish. Final completion in NOvember for these "big picture items" listed is very, very problematic...

Fundemental - the Social Security system must be "live" since births, deaths, and immigration are occurring daily; and since money transactions are continuous into the system. Note the warning about working with treasury about "troublesome finiancial institutions" - just how many banks and other institutions are troublesome, and why don't we hear about these troublesome banks?

Infrastructure failures that could shut down the SSA are almost swept under the rug - the possibility is aknowledged, but no apparent contingency plans have been completed since the last report to Congress in 1998????

Since the SSA mus tbe "live" in data entry and data exchange, how have they tested the exchanges with the 1973 windowing standard of the banking industry.....

Since the SSA must be "live" in data updates, how will manage in the new system if the replacement for LAN system fails? Is the current system compliant in all equal processes?

-- Robert A. Cook, PE (Kennesaw, GA) (, August 30, 1999.

1) Social Security is the "poster boy" for Y2K readiness.

2) Social Security is not ready yet.

3) Therefore...

I wonder if I have enough time to pick up a couple more coconuts on the way home?

-- Mad Monk (, August 30, 1999.

However, even in its earliest stages, this effort proved problematic and was plagued with delays. For example, in September 1996, we reported that software development problems had delayed the scheduled implementation of RDS by more than 2 years.An assessment of the development effort revealed a number of factors as having contributed to that delay, including

(1) using programmers with insufficient experience,

(2) using software development tools that did not perform effectively, and software design and development, pilot tests, and contractor support.

(3) establishing initial software development schedules that were too optimistic.

Alas and alack, such a good example of what we've been trying to alert "non-techies" about. IT development of ALL types follow this pattern. Constant programmer challenges, insufficient resources compounded by optimistic proposals (results and project time frames), and unattainable completion dates (which usually move back 4-6 times on the average). Now, how many times since 1998 has the government moved the 3 month target date of "full compliance" ( a laughable assumption on Koski's part) back?

-- Mr. Kennedy (Mr.K@home.tonight), August 31, 1999.

Mr. Kennedy, "non-techies"?

Heck...what about the techie Pollys?

This would just about ruin my night if I didn't already figure this was the case.

It is the same world where Y2k was born, after all.



-- Michael Taylor (, August 31, 1999.

Hi Mike,
Just referring to non-techies that really don't have a clue as to how software and programming projects run, or how off- schedule production is the "norm".

Most that aren't familiar with this think that IT projects are as predictable as tangible projects in manufacturing plants. Draw it up, crank it out, ship it off -- assembly line style. Most folks don't have a clue as to how useless all of these past compliance deadlines, surveys, and reports of testing / completion spewed from the government really are.

I agree. If I hadn't supposed it already, this report of SSA non- compliance would have been rather a let-down.

-- Mr. Kennedy (Mr.K@home.tonight), August 31, 1999.

Moderation questions? read the FAQ