SSA’s IT board failed to properly oversee operations investments, watchdog says
The Social Security Administration is not properly reviewing the billions of dollars that it spends as part of its IT budget, a federal watchdog warned in a new report.
In a report made public Monday, the Government Accountability Office said the SSA lacks a defined process for its IT Investment Review Board (IRB) to oversee initiatives for the agency’s technology operations and management, infrastructure and cybersecurity.
These investments totalled about $2 billion in fiscal year 2024 and made up nearly 90% of SSA’s total IT budget that year, according to the report.
“SSA officials told GAO that, among other things, maintaining investments in O&M [operations and maintenance] is necessary and the agency cannot have debates on whether to continue to fund them,” the report stated.
“Without a process for the IT investment review board to oversee these investments, SSA lacks the enterprise-wide perspective to make the most appropriate strategic IT investment decisions,” the report continued.
Without “regular oversight,” or a documented process for “investments in operations,” the GAO argued the IT Investment Review Board will not be able to determine whether the investments are meeting performance targets.
SSA officials pointed the GAO to the agency’s special expense item process for investments that do not fall under the Information Technology Investment Process (ITIP), which outlines guidance on the selection and management of certain IT investments, according to the report.
The special expense item process determines annual funding needs for IT products like hardware, software and agency labor, which are then reviewed and directly approved by the agency CIO, the report said.
But this does not suffice, the GAO said, maintaining it goes against guidance from the Office of Budget and Management. Under this guidance, federal chief information officers are required to establish specific steps that the investment review board follows to evaluate the cost, schedule and performance of all IT projects, the report said.
As the report lays out, SSA is heavily reliant on IT — including software, hardware and systems — to carry out its main tasks. This includes using technology for beneficiary and recipient record maintenance and management of the agency’s customer service online and telephone initiatives.
The watchdog’s performance audit, conducted from November 2023 to June 2025, further found that SSA has not updated its ITIP procedures. It warned SSA investment teams “will be confused about their responsibilities and which ITIP procedures or activities are currently required.”
The GAO’s audit and review of the board’s meeting minutes found the SSA does have a defined process for investments under development, but the agency has not fully implemented them.
“Specifically, while the IRB generally held monthly meetings to discuss IT investments under development, these discussions primarily focused on funding allocations for the upcoming fiscal year,” the report stated. “They did not include regular discussions of performance such as investments’ schedule, risks, and value realization; or corrective action plans for underperforming investments.”
SSA officials explained the focus on funding allocations was a result of an “uncertain budget environment,” adding that staff would not be able to regularly review the estimated 40 ITIP investments, which often include multiple IT projects, per the report.
But, “without regular oversight of IT investments under development — including costs, schedule, and risks — the IRB will not know whether critical investments are meeting performance targets and achieving expected outcomes,” the watchdog said.
The GAO made seven recommendations to SSA, including that the agency’s commissioner should direct the CIO to define and implement policies for the investment review board, along with regularly reviewing the investment management guidance and procedures.
The SSA responded to the report in a letter last month, stating it agreed with all seven recommendations.
