Summary: The Social Security Administration (SSA) needs to identify strengths and weaknesses within its agencywide operational and managerial capabilities to enable the delivery of high-quality customer service in the face of increases in both workloads and in the number of retirements from its experienced workforce. Evaluating SSA's management of information technology (IT) is critical to assess whether the agency is adequately addressing these capabilities. This report reviews SSA's IT policies, procedures, and practices in the following five areas: investment management, enterprise architecture, software acquisition and development, information security, and human capital. GAO found that SSA had many important IT management policies and procedures in place in each of these five key areas but did not always implement them consistently. In some areas, SSA had not established key policies, procedures, or practices essential to ensure that its IT was effectively managed. GAO found weaknesses in all of the five key areas of IT management--particularly in investment management and human capital management.
