[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]




 
    HEARING ON THE STATE OF SOCIAL SECURITY'S INFORMATION TECHNOLOGY

=======================================================================

                                HEARING

                               before the

                    SUBCOMMITTEE ON SOCIAL SECURITY

                                 of the

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                              MAY 9, 2012

                               __________

                            SERIAL 112-SS16

                               __________

         Printed for the use of the Committee on Ways and Means




                  U.S. GOVERNMENT PRINTING OFFICE
80-257                    WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202ï¿½09512ï¿½091800, or 866ï¿½09512ï¿½091800 (toll-free). E-mail, [email protected].  

                      COMMITTEE ON WAYS AND MEANS

                     DAVE CAMP, Michigan, Chairman

WALLY HERGER, California             SANDER M. LEVIN, Michigan
SAM JOHNSON, Texas                   CHARLES B. RANGEL, New York
KEVIN BRADY, Texas                   FORTNEY PETE STARK, California
PAUL RYAN, Wisconsin                 JIM MCDERMOTT, Washington
DEVIN NUNES, California              JOHN LEWIS, Georgia
PATRICK J. TIBERI, Ohio              RICHARD E. NEAL, Massachusetts
GEOFF DAVIS, Kentucky                XAVIER BECERRA, California
DAVID G. REICHERT, Washington        LLOYD DOGGETT, Texas
CHARLES W. BOUSTANY, JR., Louisiana  MIKE THOMPSON, California
PETER J. ROSKAM, Illinois            JOHN B. LARSON, Connecticut
JIM GERLACH, Pennsylvania            EARL BLUMENAUER, Oregon
TOM PRICE, Georgia                   RON KIND, Wisconsin
VERN BUCHANAN, Florida               BILL PASCRELL, JR., New Jersey
ADRIAN SMITH, Nebraska               SHELLEY BERKLEY, Nevada
AARON SCHOCK, Illinois               JOSEPH CROWLEY, New York
LYNN JENKINS, Kansas
ERIK PAULSEN, Minnesota
KENNY MARCHANT, Texas
RICK BERG, North Dakota
DIANE BLACK, Tennessee
TOM REED, New York

        Jennifer M. Safavian, Staff Director and General Counsel

                  Janice Mays, Minority Staff Director

                                 ______

                    SUBCOMMITTEE ON SOCIAL SECURITY

                      SAM JOHNSON, Texas, Chairman

KEVIN BRADY, Texas                   XAVIER BECERRA, California
PATRICK J. TIBERI, Ohio              LLOYD DOGGETT, Texas
AARON SCHOCK, Illinois               SHELLEY BERKLEY, Nevada
RICK BERG, North Dakota              FORTNEY PETE STARK, California
ADRIAN SMITH, Nebraska
KENNY MARCHANT, Texas


                            C O N T E N T S

                               __________

                                                                   Page

Advisory of May 9, 2012 announcing the hearing...................     2

                               WITNESSES

G. Kelly Croft, Deputy Commissioner of Systems and Chief 
  Information Officer, Social Security Administration............     7
Valerie C. Melvin, Director Information Management and Technology 
  Resources Issues, Government Accountability Office.............    13

                                 ______

Larry Freed, President and Chief Executive Officer, ForeSee 
  Results, Inc...................................................    29
William Scherlis, Ph.D. Professor, School of Computer Science, 
  Carnegie Mellon University.....................................    40
Max Richtman, President and CEO, National Committee to Preserve 
  Social Security & Medicare.....................................    50


    HEARING ON THE STATE OF SOCIAL SECURITY'S INFORMATION TECHNOLOGY

                              ----------                              


                         WEDNESDAY, MAY 9, 2012

             U.S. House of Representatives,
                       Committee on Ways and Means,
                                                   Washington, D.C.

    The subcommittee met, pursuant to call, at 2:44 p.m., in B-
318, Rayburn Office Building, the Honorable Sam Johnson 
[chairman of the subcommittee] presiding.
    [The advisory of the hearing follows:]

HEARING ADVISORY

Chairman Johnson Announces a Hearing on The State of Social Security's 
                         Information Technology

Wednesday, May 09, 2012

      
    U.S. Congressman Sam Johnson (R-TX), Chairman of the House 
Committee on Ways and Means Subcommittee on Social Security, today 
announced a hearing on the State of the Social Security 
Administration's (SSA's) Information Technology. The hearing will take 
place on Wednesday, May 9, 2012, in B-318 Rayburn House Office 
Building, beginning at 2:00 p.m.
      
    In view of the limited time available to hear witnesses, oral 
testimony at this hearing will be from invited witnesses only. However, 
any individual or organization not scheduled for an oral appearance may 
submit a written statement for consideration by the Subcommittee and 
for inclusion in the printed record of the hearing.
      

BACKGROUND:

      
    Information technology (IT) is critical to the SSA's ability to 
serve the public. According to the SSA, in fiscal year 2011, the 
agency's IT system supported the payment of more than $770 billion in 
benefits to 60 million people and the maintenance of hundreds of 
millions of Social Security numbers and related earnings records for 
nearly every American. The SSA's computers also house the electronic 
medical records of millions who have filed disability claims and 
exchange over a billion data files annually among the SSA, Federal, 
State, and local government agencies and businesses in order to 
administer Social Security benefits and other programs.
      
    As of January 2011, the SSA had 22 internet-based electronic 
services available to the public. In Fiscal Year 2011, Social Security 
processed 15 million personalized online transactions, including 41 
percent of retirement claims and 33 percent of disability claims. Based 
on the American Customer Satisfaction Index scores, the SSA has the 
three highest-rated online services in all of the Federal Government. 
According to the SSA, IT investments have helped increase the agency's 
productivity by four percent in each of the last five years.
      
    To deliver services, Social Security relies on a complex and large 
IT system, including sensitive data bases, hundreds of software 
applications, large computer platforms and thousands of networked 
computers, printers, phones and other devices. The information 
technology is used by nearly 80,000 employees at the SSA and the state 
Disability Determination Services.
      
    Until January 2009, the SSA ran its nationwide computer operations 
from its 30-year old National Computer Center (NCC). Since then, a 
second state-of-the-art support center now runs approximately 35 
percent of all its workloads. In February 2009, the American Recovery 
and Reinvestment Act of 2009 provided $500 million for the SSA to cover 
the cost of building a replacement facility for the NCC and part of the 
cost of equipping it. After a land acquisition and contractor bidding 
process that took longer than was initially projected in 2009, the 
current projected date for complete commissioning of the new facility 
is February 2015, slightly over one year behind the original schedule. 
However, the project is currently projected to come in significantly 
under budget, due to a lower-than-expected construction contract.
      
    Since 2007, reports by various oversight and advisory groups, 
including the National Research Council, the Government Accountability 
Office (GAO), the SSA Office of the Inspector General and the 
bipartisan Social Security Advisory Board have called for the SSA to 
establish a strategic vision for its information technology investments 
and develop a long-term plan to improve customer service. The Future 
Systems Technology Advisory Panel, a panel of public and private sector 
industry experts established by Commissioner Astrue in 2008 to provide 
independent systems technology advice, also recommended developing a 
``comprehensive, agency-wide strategic systems development roadmap.'' 
In April 2011, Chairman Johnson requested a report from the GAO to 
examine the current state of SSA's modernization efforts and its plans 
for the future, which will be released at the hearing.
      
    In announcing the hearing, Social Security Subcommittee Chairman 
Sam Johnson (R-TX) said, ``Americans of all ages are increasingly using 
technology for their everyday needs--from paying their bills to buying 
their groceries. Rapid technological innovation defines the times we 
live in. Social Security's ability to serve an increasingly tech-savvy 
public depends on its ability to develop a modernized long-term service 
delivery plan with the right investments of today.''
      

FOCUS OF THE HEARING:

      
    The hearing will focus on the state of SSA's IT system and the 
challenges it faces, IT modernization efforts to date and the return on 
these investments, IT management structure, and the effectiveness of 
the SSA's IT strategic planning for IT investment and measures to track 
progress.
      

DETAILS FOR SUBMISSION OF WRITTEN COMMENTS:

      
    Please Note: Any person(s) and/or organization(s) wishing to submit 
for the hearing record must follow the appropriate link on the hearing 
page of the Committee website and complete the informational forms. 
From the Committee homepage, http://waysandmeans.house.gov, select 
``Hearings.'' Select the hearing for which you would like to submit, 
and click on the link entitled, ``Click here to provide a submission 
for the record.'' Once you have followed the online instructions, 
submit all requested information. ATTACH your submission as a Word or 
WordPerfect document, in compliance with the formatting requirements 
listed below, by the close of business on Wednesday, May 23, 2012. 
Finally, please note that due to the change in House mail policy, the 
U.S. Capitol Police will refuse sealed-package deliveries to all House 
Office Buildings. For questions, or if you encounter technical 
problems, please call (202) 225-1721 or (202) 225-3625.
      

FORMATTING REQUIREMENTS:

      
    The Committee relies on electronic submissions for printing the 
official hearing record. As always, submissions will be included in the 
record according to the discretion of the Committee. The Committee will 
not alter the content of your submission, but we reserve the right to 
format it according to our guidelines. Any submission provided to the 
Committee by a witness, any supplementary materials submitted for the 
printed record, and any written comments in response to a request for 
written comments must conform to the guidelines listed below. Any 
submission or supplementary item not in compliance with these 
guidelines will not be printed, but will be maintained in the Committee 
files for review and use by the Committee.
      
    1. All submissions and supplementary materials must be provided in 
Word or WordPerfect format and MUST NOT exceed a total of 10 pages, 
including attachments. Witnesses and submitters are advised that the 
Committee relies on electronic submissions for printing the official 
hearing record.
      
    2. Copies of whole documents submitted as exhibit material will not 
be accepted for printing. Instead, exhibit material should be 
referenced and quoted or paraphrased. All exhibit material not meeting 
these specifications will be maintained in the Committee files for 
review and use by the Committee.
      
    3. All submissions must include a list of all clients, persons and/
or organizations on whose behalf the witness appears. A supplemental 
sheet must accompany each submission listing the name, company, 
address, telephone, and fax numbers of each witness.
      
    The Committee seeks to make its facilities accessible to persons 
with disabilities. If you are in need of special accommodations, please 
call 202-225-1721 or 202-226-3411 TTD/TTY in advance of the event (four 
business days notice is requested). Questions with regard to special 
accommodation needs in general (including availability of Committee 
materials in alternative formats) may be directed to the Committee as 
noted above.
      
    Note: All Committee advisories and news releases are available on 
the World Wide Web at http://www.waysandmeans.house.gov/.

                                 

    Chairman JOHNSON. This hearing will come to order.
    As our Nation ages, more Americans are depending on the 
Social Security benefits and services they paid for through 
their hard-earned wages. According to the recently released 
2012 annual report, the Social Security Board of Trustees 
projects that the number of people receiving benefits will 
increase 43 percent between now and 2025, growing from almost 
60 million today to close to 80 million.
    This long-predicted workload tsunami is placing an ever-
greater pressure on Social Security's ability to serve the 
public, which is why technology plays such an important role in 
Social Security's ability to deliver services to America.
    Social Security's computers have vast numbers of servers 
and databases containing Social Security numbers, earnings, 
personal health information, and demographic information on 
workers, beneficiaries, and their families. Social Security's 
employees retrieve this very personal information through 
hundreds of software applications in Social Security's local 
offices and teleservice centers via network computers, 
printers, phones, and other devices.
    As more of the public chooses to conduct business via the 
Internet, Social Security has seen its online traffic grow. In 
Fiscal Year 2011, Social Security processed 15 million online 
transactions, including 41 percent of retirement claims and 33 
percent of disability claims.
    Because of their importance, I take the technology needs of 
Social Security very seriously. I have toured the two 
facilities that house Social Security's technology 
infrastructure, and, in addition, my subcommittee continues to 
keep close tabs on the progress of the new data center that 
will replace the aging National Computer Center at Social 
Security headquarters. At present, the completion date for the 
new facility is February 2015, a year behind schedule.
    In March 2011, the bipartisan Social Security Advisory 
Board issued a report, ``A Vision for the Future,'' in which it 
said, ``The Social Security Administration, like all of 
government, is under extraordinary strain to accomplish its 
core mission with smaller budgets and a smaller workforce, the 
immediate pressure to attend only to today's tasks, and focus 
less on the future is understandable, but not acceptable.'' I 
could not agree more.
    That is why I asked the Government Accountability Office, 
or GAO, to report on Social Security's efforts to modernize its 
technology. Today our witness from GAO, Ms. Melvin--thank you--
will present GAO's findings, including the fact that for years 
experts have highlighted the importance for Social Security to 
have a strategic IT plan. As we will learn today, while some 
progress has been made, there is a long way to go.
    I am deeply concerned about the Commissioner's decision to 
eliminate the Office of Chief Information Officer and reassign 
its responsibilities to the Office of Systems when this office 
was created specifically to develop the agency's technology 
vision and manage the investment process in the first place.
    Further, I was disappointed to learn that a future systems 
technology advisory panel, convened by the Commissioner and 
made up of outside experts, was disbanded after two years of 
work.
    Social Security's Inspector General is now conducting an 
audit to tell us what actions Social Security took in response 
to the panel's recommendation. From what I understand, they 
threw away all the paperwork.
    Americans of all ages are increasingly using technology for 
their everyday needs from paying their bills to buying their 
groceries. They expect government to keep up technologically. 
Rapid technological innovation defines the times we live in, 
including creative ways, new ways of doing business.
    If Social Security is to effectively meet future service 
demands, it must embrace change and design a future service 
delivery plan that, at its core, is driven by new technology. 
The public expects and deserves nothing less.
    I now recognize Mr. Becerra for his opening statement, and 
welcome aboard, sir.
    Mr. BECERRA. Mr. Chairman, thank you very much. And to the 
witnesses, thank you for your patience in indulging us as we 
were on the floor voting.
    Mr. Chairman, the Social Security Administration does a 
difficult job well, and has had a number of information 
technology successes. At the same time, long-range strategic 
planning for large-scale technology modernization, which can be 
a challenge for a large enterprise, presents a unique challenge 
for SSA, which handles over 32,000 new benefit applications, 
and serves 180,000 Americans in person, and well over 300 
Americans by phone each and every business day.
    I hope this hearing will focus on how SSA can best move 
forward and what we can do here in Congress to support that.
    For 77 years and through 13 recessions, the Social Security 
Administration has paid Americans their earned benefits on time 
and in full. In 2012, they paid Social Security benefits to 
over 55,000 million Americans with an error rate of less than 1 
percent. SSA maintains earning records for nearly 160 million 
current workers and handles more than 8 million new benefit 
applications each year.
    Last year, Social Security field offices served about 45 
million visitors in person and 76 million people called SSA's 
800 number for help. SSA helped all those Americans while 
maintaining a customer satisfaction rating of about 80 percent.
    One of our witnesses today, Mr. Freed, will report that 
three of SSA's most popular online tools outperform Amazon, the 
highest-scoring e-retail website they have ever rated. That is 
why I could not support the House Republican budget that forced 
cuts to SSA's budget in 2011, or the decision to under fund it 
again in 2012. We cannot expect Social Security to keep helping 
so many people with so few payment mistakes if they keep losing 
thousands of experienced employees every year and cannot 
replace them.
    Now 1 in 4 American families receives income from Social 
Security. That day-to-day mission of providing Americans with 
their earned benefits is so vital that SSA does not have the 
option of shutting down even for a day or two while they 
install new systems or retrain the nearly 80,000 workers who 
help deliver Social Security every day.
    For those who think Social Security could shut down for a 
day, what are you going to tell the 32,000 Americans who plan 
to apply for Social Security benefits today, the 72,000 
Americans who had to request a Social Security number today, or 
the 80,000 Americans who would have gone to Social Security's 
offices for help today? Or what about the 300,000 people who 
would have called Social Security's 800 number or a local 
Social Security office today? All in just one day. That is what 
Social Security does. Let us know if you think we can handle 
that if Social Security has to close.
    SSA has other challenges, too. Even though Americans will 
pay over $730 billion into the Social Security system in 2012 
alone, SSA has to come to Congress every year to ask for money 
to operate Social Security. It is hard to fund long-term 
investments in technology or anything else when you do not know 
what next year's budget will be, especially when your last 
couple of budgets did not even come close to covering your day-
to-day costs.
    SSA's current systems are a complex patchwork quilt of old 
and new technologies. Seven hundred different software 
applications that generate over 160,000 million computer 
transactions a day. e-Government offers great promise for 
modern customer service and greater efficiency, but SSA serves 
a diverse population, and not everyone has the technology and 
the skills needed for self-serve government right now. For 
example, 70 percent of adults in urban areas have high speed 
Internet access at home, but only 50 percent of those in rural 
areas do.
    There is longstanding concern about SSA's record of 
strategic planning and investment for IT modernization. The 
Government Accountability Office will tell us this morning that 
SSA's methods for measuring the progress and cost-effectiveness 
of IT investments are inadequate.
    Finally I want to better understand SSA's recent change 
which merged a separate Office of the Chief Information Officer 
with the Office of Systems. Typically a CIO office focuses on 
long-term strategic planning and investment, while the systems 
office has the challenging job of making sure those 700 
software applications and hardware in thousands of different 
offices keep functioning every day.
    Deputy Commissioner Kelly Croft, who now wears both of 
those hats as the chief information officer and head of 
systems, is here today to talk about how he juggles those two 
critical responsibilities.
    When Social Security began in the 1930s, a French 
industrial expert hired to advise the U.S. government concluded 
that the recordkeeping and data management needed for the new 
Social Security System was impossible. Just the weight of the 
original paper records, for example, would be so massive that 
no building in Washington had ever been built with floors 
sturdy enough to hold the paper.
    But Social Security persevered, and in 1937, IBM invented 
the 077 collator, a punch card tabulating system that is the 
ancestor of modern computers. That was done just for Social 
Security. More recently, in 1993 SSA started using predictive 
modeling software to increase the efficiency of their 
programming integrity work which is how they prevent fraud and 
payment error. Reviewing cases targeted by computer models more 
than triples the savings from this work.
    Social Security has done other projects that have shown 
that you can actually use technology to not just help 
Americans, but to save American people money. And I look 
forward, Mr. Chairman, to hearing how we can work with the SSA 
to make sure that using technology, everyone moves forward with 
a better SSA.
    I yield back, Mr. Chairman.
    Chairman JOHNSON. Thank you. As is customary, any member is 
welcome to submit a statement for the hearing.
    Chairman JOHNSON. Before we move on to our testimony, I 
want to remind our witnesses to please try to limit your 
statement to 5 minutes. However, without objection, all the 
written testimony will be made a part of the hearing record.
    We have one witness panel today. Seated at the table is 
Kelly Croft, our Deputy Commissioner of Systems and Chief 
Information Officer at Social Security, Valerie Melvin, 
Director of Information Management and Technology Resource 
Issues at the Government Accountability Office, Larry Freed, 
President and Chief Executive Officer of ForeSee Results, Inc. 
in Ann Arbor, Michigan, William Scherlis, Ph.D., Professor, 
School of Computer Science at Carnegie Mellon in Pittsburgh, 
Max Richtman, President and CEO of the National Committee to 
Preserve Social Security and Medicare. Thank you all for your 
attendance today.
    Welcome, Mr. Croft. You may proceed.

STATEMENT OF G. KELLY CROFT, DEPUTY COMMISSIONER OF SYSTEMS AND 
   CHIEF INFORMATION OFFICER, SOCIAL SECURITY ADMINISTRATION

    Mr. CROFT. Thank you. Chairman Johnson, Ranking Member 
Becerra, Members of the Subcommittee, thank you for having me 
here today. Appreciate it.
    I have worked at Social Security for 30 years and currently 
do serve as the Deputy Commissioner for Systems and CIO. In 
short, I am responsible for delivering agency-wide IT services 
and for protecting the information assets of Social Security.
    We are a very large and highly automated organization, and 
our systems are available to end users over 99.9 percent of the 
time. Our Internet applications for the public are thoughtfully 
designed, highly rated, and allow us to maintain high and 
improving service levels, even with rising workloads. Just last 
week we began providing Social Security statements online. Over 
150,000 people have already successfully used the service.
    We have extensive internal controls and continually invest 
in IT security. In recent years, our most significant security 
risk was our inability to quickly recover IT services with any 
prolonged disruption at our Maryland data center. That is no 
longer the case. Earlier this year, we successfully tested fast 
and assured recovery if we ever experience a serious problem at 
the Maryland center.
    We currently have a number of IT projects that are critical 
for improving our efficiency and quality of service. Just to 
name a few, we are building a new case processing system for 
State disability determination services, building a visitor 
intake system for our field offices, adding better systems 
capabilities in our hearing offices, and building more online 
services for public use.
    Our most important project over the next few years will be 
to transition IT operations from our aging Maryland data center 
to a new facility. GSA has purchased the land, selected a 
builder, and the design phase of the work is underway, and we 
are grateful to the subcommittee for your support with this 
project.
    Social Security has a number of IT strengths. For example, 
we have a superb technical workforce. We have consolidated most 
aspects of IT to benefit from economies of scale, and we are 
very good at technical project management. That said, during an 
annual process where we assess future IT investments, we always 
have far more needs and good ideas than expected resources, so 
we must prioritize what we work on.
    We are in a continual state of IT modernization, and given 
the long computing history and size of our enterprise, we 
always will be. We have over 700 software applications that 
combined routinely generate over 160 million computer 
transactions a day.
    Some of our software is state of the art with graphical 
user interfaces that rival the best systems of their kind in 
the world. On the other hand, some of our software is much 
older with green screen user interfaces. However, with proven 
software, old does not necessarily mean dysfunctional. All of 
our older software works. It is regularly updated and 
maintained, and it accurately reflects the intricacies of Title 
2 and Title 16 statute and policy. This legacy software also 
represents a multi-billion dollar investment by taxpayers.
    We do want to modernize our older systems, and we do so 
whenever we are rebuilding them because of new business 
direction, or if we determine through annual review that an 
important system is at increasing risk for technical failure.
    Managing a large IT organization does require planning. We 
routinely develop detailed multi-year plans in specific 
technical areas, for example, to change our storage 
infrastructure. At a higher level, we have recently updated our 
information resources strategic plan, and we are in the process 
of updating our enterprise architecture roadmap.
    We assess agency IT in a number of ways. For example, we 
analyze cost, schedule, and functionality with all our major 
investments, and we post that information on the Federal IT 
Dashboard. We also do extensive industry research and 
benchmarking, and closely track things such as systems 
availability and satisfaction scores.
    Finally, because IT enables all aspects of SSA operations, 
the ultimate measure of our success is reflected in the overall 
performance and high year over year productivity gains of the 
agency.
    Thanks again for having me here today, and I will do my 
best to answer your questions.
    [The prepared statement of Mr. Croft follows:]

    [GRAPHIC] [TIFF OMITTED] T0257.001
    
    [GRAPHIC] [TIFF OMITTED] T0257.002
    
    [GRAPHIC] [TIFF OMITTED] T0257.003
    
    [GRAPHIC] [TIFF OMITTED] T0257.004
    
                                 

    Chairman JOHNSON. Thank you. We appreciate your presence.
    Ms. Melvin, welcome. Please go ahead.

     STATEMENT OF VALERIE C. MELVIN, DIRECTOR, INFORMATION 
    MANAGEMENT AND TECHNOLOGY RESOURCES ISSUES, GOVERNMENT 
                     ACCOUNTABILITY OFFICE

    Ms. MELVIN. Good afternoon, Chairman Johnson, Ranking 
Member Becerra, and Members of the Subcommittee. Thank you for 
inviting me to participate in today's hearing on SSA's 
information technology. As you have noted, the agency depends 
heavily on IT to deliver services that touch the lives of 
nearly every American, and during the last Fiscal Year, spent 
nearly $1.6 billion on its IT efforts.
    As its systems have aged and its workload has increased, 
SSA has committed to investing in technology needed to update 
its infrastructure and deliver services more quickly and 
efficiently. In addition, it had recently aligned its IT 
governance structure, including the responsibilities of a CIO, 
as you have noted.
    At your request, we recently completed the study of the 
agency's IT modernization efforts, the results of which are 
found in our report that is being released today. Our study 
examined three areas: SSA's progress at modernizing IT, the 
effectiveness of its modernization plans and strategies, and 
whether the CIO realignment allows it to effectively oversee 
and manage its modernization efforts.
    To summarize briefly, we found that SSA has spent about $5 
billion since 2001 on many modernization projects that have 
impacted all of its main program areas. However, SSA's efforts 
have not been guided by the kind of strategic approach that we 
have identified as crucial to ensuring successful modernization 
outcomes.
    Specifically, SSA has not developed comprehensive and 
quantifiable performance measures, or conducted post-
implementation reviews of all of its completed projects, making 
it difficult to measure the progress that it is making, or 
determine if its projects are cost-effectively supporting its 
modernization goals.
    Also at the time of our study, SSA lacked an approved IT 
strategic plan that included key elements to specify how its IT 
investments support overall agency strategic goals, and fit 
together to provide the kind of modernized technology 
environment needed to carry out its mission.
    As has been noted, SSA has issued a new plan earlier this 
week, and we have begun to assess it. To be a meaningful tool, 
it is important that this plan provide a clear and 
comprehensive picture of what the agency seeks to accomplish, 
identify the IT strategies SSA will use to achieve desired 
results, and provide results-oriented goals and performance 
measures that permit the agency to determine whether it is 
succeeding.
    Further, if appropriately implemented, SSA's recent 
consolidation of the CIO's responsibilities and to its Office 
of Systems could provide for effective management of its IT. 
However, this realignment was undertaken without adequate 
planning, including an assessment of its impact on staffing 
roles and responsibilities.
    In addition, the new governance structure had not been 
reflected in SSA's internal guidance on managing IT 
investments, which is critical to ensuring effective oversight.
    As highlighted in our report, SSA has completed many 
modernization projects that have delivered tangible benefits. 
We also note, however, that the agency still has major 
modernization efforts underway, as Mr. Croft has alluded to. 
These include completing the conversion of its legacy database 
management system and modernizing its Title 2 processing 
system. The significance of these efforts highlights the need 
for a more strategic approach to modernization that SSA 
currently lacks.
    Our report contains recommendations to SSA for establishing 
such an approach. In addition to updating its IT strategic plan 
to help ensure that its investments effectively support broader 
agency goals, we also recommended that SSA develop 
comprehensive performance measures, and post implementation 
reviews to better measure progress, and to further define its 
enterprise architecture and IT strategic vision, as well as to 
clearly define the roles and responsibilities of its Office of 
Systems staff in light of the CIO realignment.
    Until SSA has a more strategic approach to using IT to 
supports its mission, it risks investing in technology that 
does not meet future needs of the agency or the public in the 
most optimal manner. Further, SSA will continue to lack a 
meaningful mechanism for oversight bodies, such as your 
subcommittee, to gauge its progress in meeting modernization 
goals.
    This concludes my prepared statement. I would be pleased to 
respond to your questions.
    [The prepared statement of Ms. Melvin follows:]

    [GRAPHIC] [TIFF OMITTED] T0257.005
    
    [GRAPHIC] [TIFF OMITTED] T0257.006
    
    [GRAPHIC] [TIFF OMITTED] T0257.007
    
    [GRAPHIC] [TIFF OMITTED] T0257.008
    
    [GRAPHIC] [TIFF OMITTED] T0257.009
    
    [GRAPHIC] [TIFF OMITTED] T0257.010
    
    [GRAPHIC] [TIFF OMITTED] T0257.011
    
    [GRAPHIC] [TIFF OMITTED] T0257.012
    
    [GRAPHIC] [TIFF OMITTED] T0257.013
    
    [GRAPHIC] [TIFF OMITTED] T0257.014
    
    [GRAPHIC] [TIFF OMITTED] T0257.015
    
    [GRAPHIC] [TIFF OMITTED] T0257.016
    
    [GRAPHIC] [TIFF OMITTED] T0257.017
    
    [GRAPHIC] [TIFF OMITTED] T0257.018
    

                                 

    Chairman JOHNSON. Thank you, ma'am. I appreciate your 
testimony.
    Mr. Freed, you are welcome to proceed.

    STATEMENT OF LARRY FREED, PRESIDENT AND CHIEF EXECUTIVE 
      OFFICER, FORESEE RESULTS, INC., ANN ARBOR, MICHIGAN

    Mr. FREED. Thank you. Good afternoon, Chairman Johnson, and 
Ranking Member Becerra, and the rest of the subcommittee. Thank 
you for the opportunity to testify about our experience 
measuring and analyzing citizen satisfaction with nine of the 
Social Security Administration's websites.
    My name is Larry Freed, and I am president and CEO of 
ForeSee. We are a company that is a customer experience 
analytics company that helps measure the experience and help 
companies analyze where to invest their dollars to make the 
largest improvements possible for the benefit of the users.
    We use a patented technology based on a methodology 
developed at the University of Michigan called the American 
Customer Satisfaction Index, or ACSI. The ACSI methodology has 
a long history as a measurement system, a performance metric, 
and a great improvement tool, both in the Federal Government 
and in the private sector.
    Since 2001, ForeSee has measured citizen satisfaction on 
more than 300 government websites, including 9 Social Security 
websites, across 50 departments and agencies, in addition to 
international, State, and quasi-government sites. We have also 
worked with over 400 private sector companies as well.
    We have collected more than 7 million citizen surveys since 
2001 for visitors to Federal Government websites, and since 
2009 we have collected 4 million surveys as well. And we 
collect over 1.5 million consumer satisfaction surveys every 
month across our 700 plus measures.
    So why measure satisfaction? Well, satisfaction is very 
important because ultimately when citizens are visiting these 
websites, the experience they have is going to ultimately 
determine where they go next and what they do. And the e-
Government initiatives provide a great opportunity to lower the 
cost of delivering goods and services and information and 
transactions to the citizens.
    Based on the measurements that we do satisfaction scores, 
the future behavior scores, we find that citizens are very high 
satisfied with Federal Government websites. They are highly 
more likely to have trust in an agency, 70 percent higher if 
they are in highly satisfied versus those that are 
dissatisfied. They are 48 percent more likely to participate in 
government by expressing their thoughts to the agency than 
citizens that are less satisfied. And their future behaviors 
directly relate to the open government initiatives.
    Satisfaction also increases the likelihood that citizens 
will return to the websites again and use it as their primary 
resource as opposed to utilizing more costly channels, such as 
call centers and branches. These behaviors significantly will 
increase both the efficiency and reduce costs and make the 
lives of citizens far more easy.
    Our research continues to demonstrate that citizens find 
their interactions with government through the online channel 
to be far more satisfying than their experience through 
traditional means of dealing with government. Social Security 
and other agencies must focus on customer experience online in 
order to maximize the value of this cost savings channel.
    I would like to share some of our research with you on how 
well the Social Security sites do in meeting citizens' needs 
and exceeding expectations with the websites and applications 
that we are currently measuring.
    ForeSee has measured and analyzed customer satisfaction 
data for nine Social Security websites and applications for 
more than eight years. SSA uses the data and analysis in three 
main ways: one, to measure whether citizens are getting a good 
experience and the sites are meeting their needs, second, to 
understand how to improve the websites in a citizen-centric 
manner, and, third, to understand how to improve the online 
self-service and decrease offline services, and, therefore, 
lead to a decreased utilization of offline services, and 
ultimately cost savings and efficiency.
    Currently we are measuring the nine sites are: the Social 
Security online main website, the Social Security Internet 
disability report, the Social Security iClaim, the Social 
Security business services online, the retirement estimator, 
the help with Medicare prescription drug plan costs, the Social 
Security online frequently asked questions, the SSA iAppeals, 
and the Social Security electronic access.
    We measure satisfaction on a 100-point scale, and any score 
above 80 is generally considered to be an excellent score. The 
scores for the sites that we measure range from 69 to 92, and 
six of the nine sites score above 80, which we think of as a 
threshold for a great performing site. And as Mr. Becerra 
mentioned, some of the sites outperform even Amazon, which by 
most is considered one of the best e-tellers around.
    I would like to quickly go through a quick performance 
rundown of these different sites. Social Security's iClaim we 
have been measuring since January of 2004. The current score is 
a 92. When we started measuring it, it was a score of 68, 
significant improvement over time.
    The retirement estimator has been tracking citizen 
satisfaction since July of 2008, and it currently sits at a 
score of 90, another very strong score.
    The help with Medicare prescription drug plan costs, began 
measuring in June of 2005, and it is currently at a score of 
89.
    The electronic access applications, started measuring in 
May of 2012, and their score is 88, again, well above the 
threshold.
    The Internet disability report, we have been measuring 
since 2006, and it has a score of 83, and it has increased from 
72 when we first started measuring it.
    The business services online has a score above 80, and 
right now it is at a score of 83.
    SSA iAppeals has a score of 71, so there is obviously some 
room for improvement there. And the FAQ section is one of the 
lowest-scoring SSA websites with a score of 70. And the SSA 
main website has a score of 69, but it has a difficult 
challenge in that it is a very broad website, and it has a lot 
of different aspects that it is dealing with.
    In summary, measurement of both the Internet sites and also 
the soon to come mobile sites is critical for citizens to not 
only get a great experience, but provide a great way for 
lowering their costs and improving the efficiency of delivering 
this information and services to our citizens.
    [The prepared statement of Mr. Freed follows:]

    [GRAPHIC] [TIFF OMITTED] T0257.019
    
    [GRAPHIC] [TIFF OMITTED] T0257.020
    
    [GRAPHIC] [TIFF OMITTED] T0257.021
    
    [GRAPHIC] [TIFF OMITTED] T0257.022
    
    [GRAPHIC] [TIFF OMITTED] T0257.023
    
    [GRAPHIC] [TIFF OMITTED] T0257.024
    
    [GRAPHIC] [TIFF OMITTED] T0257.025
    
    [GRAPHIC] [TIFF OMITTED] T0257.026
    
    [GRAPHIC] [TIFF OMITTED] T0257.027
    

                                 

    Chairman JOHNSON. Thank you, sir.
    Dr. Scherlis, welcome. Please go ahead.

  STATEMENT OF WILLIAM SCHERLIS, PH.D., PROFESSOR, SCHOOL OF 
   COMPUTER SCIENCE, CARNEGIE MELLON UNIVERSITY, PITTSBURGH, 
                          PENNSYLVANIA

    Dr. SCHERLIS. Thank you. Mr. Chairman, Ranking Member 
Becerra, Members of the Subcommittee, it is my honor to be here 
to discuss the future of one of our most essential American 
institutions, the Social Security Administration.
    My name is William Scherlis. I am a professor of computer 
science at Carnegie Mellon University in Pittsburgh. My 
research focuses on software assurance. I am also the acting 
CTO for the Software Engineering Institute, which is a 
Department of Defense Federal Lab focused on advanced software 
capability for the DoD and its supply chain.
    I had six years of Federal service at DARPA. Returned to 
the university almost 20 years ago with an interest of the role 
of IT in government, which has stayed with me. I just completed 
chairing a National Academy study on DoD software. Its 
recommendations relate to the nature of agency leadership for 
large-scale systems and why it is important to strengthen that 
leadership, particularly with respect to software systems 
architecture, the overall structure and interconnection of 
computing systems. That is my focus today, and I speak 
primarily from that general perspective.
    The SSA cannot accomplish its mission without effective IT, 
without effective IT leadership, and without effective support 
from the top for that IT leadership. In the 30 years since many 
of these SSA systems were developed, I grew up in Baltimore. I 
watched the building being constructed. Storage capacities, 
network bandwidth, processing power, and the costs of all these 
things have improved by between four to six orders of 
magnitude. That is a factor of a million. Skyscrapers growing 
at that rate would scrape the moon.
    Software capability, much harder to measure, has also 
increased dramatically. At a gross level, macro economists 
attribute 25 percent of GDP growth and fully 40 percent of 
productivity growth to information and communications 
technology. And there is no barrier to continuing this pace. We 
are nowhere near any kind of a plateau.
    So there are great opportunities, but not just for 
performance improvement. The FSTAP and NRC committees 
identified many potential improvements to customer service. But 
there are also dramatic improvements possible on the inside 
away from the customer. One of these is modern data intensive 
computing, or big data. Big data techniques can rapidly extract 
useful information and manipulate vast quantities of data. 
Instead of a giant mainframe with large amounts of data piped 
through, we have thousands of processors distributed, each with 
associated storage. We send small instructions to each of those 
processors to the data so that they can work in parallel.
    This is called cloud architecture. It is scalable. We can 
just buy more processors and more disks. It is cheap, and it 
survivable, to use the DoD jargon. And with modern 
infrastructure, it can offer great ease of programming, 
flexible support for a wide range of applications.
    So while we are motivated to make changes, we also must 
recognize their impediments. Large organizations, and SSA is 
one example among many, are often plagued by the challenges of 
legacy systems. These are not to be confused with the legacy 
from your ancestors. In the general case, these are old systems 
on obsolete platforms. And very typically, we no longer fully 
understand these systems, so they are difficult to change, and 
they often provoke fear and superstition among otherwise 
rational technologists.
    This loss of intellectual control is strange, but very 
real. An old DoD study indicated for long-lived, large-scale 
systems, the costs of reverse engineering--understanding what 
makes them tick--can exceed the original development costs. 
These are systems the government owns and built.
    The pace of innovation ironically is also an impediment. 
When technology changes rapidly, risk judgments become 
difficult. The quantitative case that we have discussed earlier 
is harder to make. It is easier just to say no. Intel's Andy 
Grove was famous for keeping his company successful by causing 
it to reinvent itself even in the absence of any immediate 
perceived threat.
    The refresh is different from the more typical routine and 
reactive O&M, which can be a series of changes that may 
potentially worsen the legacy because they are not aligned with 
a master plan and may conflict with other actions elsewhere in 
the organization. This is what my colleagues call technical 
debt--architectural changes that need to be done that are not 
yet done. It is like unpaid student loans that will not go 
away. It just gets worse.
    So and this technical debt can be self-reinforcing when it 
is amassed. It can appear risky to make the necessary 
disruptive changes. So I suggest six actions for Social 
Security Administration.
    First and most essential, full commitment from top 
leadership, motivating change both on the basis of need and 
also on opportunity. Second, understand what you have, the 
architecture and the full set of existing capabilities. This is 
the baseline. Third, decide what is needed, a cohesive vision 
of future services. This includes capabilities, but it also 
includes quality requirements related to security and quality 
of service and so on.
    Fourth, identify potential changes over the next five to 10 
years. Anticipate, scale up, and other changes. This is what 
drives us off the mainframe and into the modern data center. 
Fifth, put these results together and develop a master plan 
that addresses the overall future architecture, the structure 
systems, and also has road maps for evolution based on that 
architecture. This is architecture leadership, and it is the 
leadership commitment that enables the natural growth process.
    Sixth, create a business and decision model that accounts 
for costs, risks, and benefits. This is not easy because there 
are relatively few quantifiable measures at the strategic 
level. It is rather, in many cases, a frame for expert judgment 
and effective process leadership.
    The most important features in my proposal are, to 
summarize, the emphasis on overall system architecture, one, 
and, two, the necessity of senior agency leadership to lead 
that process. I believe this is in harmony with the 
recommendations both of the National Academy panel and also the 
FSTAP and the recent GAO recommendations.
    The SSA has an extraordinary and critical role in the lives 
of all Americans. I hope these ideas I share with you will be 
of use in strengthening that essential institution. Thank you 
very much.
    [The prepared statement of Dr. Scherlis follows:]

    [GRAPHIC] [TIFF OMITTED] T0257.028
    
    [GRAPHIC] [TIFF OMITTED] T0257.029
    
    [GRAPHIC] [TIFF OMITTED] T0257.030
    
    [GRAPHIC] [TIFF OMITTED] T0257.031
    
    [GRAPHIC] [TIFF OMITTED] T0257.032
    
    [GRAPHIC] [TIFF OMITTED] T0257.033
    
    [GRAPHIC] [TIFF OMITTED] T0257.034
    

                                 

    Chairman JOHNSON. Thank you, sir. That is good testimony. 
Thank you all for your testimony.
    Mr. Richtman, welcome. Please proceed.

    STATEMENT OF MAX RICHTMAN, PRESIDENT AND CEO, NATIONAL 
       COMMITTEE TO PRESERVE SOCIAL SECURITY AND MEDICARE

    Mr. RICHTMAN. Thank you very much. Mr. Chairman and Ranking 
Member Becerra, thank you for inviting me to testify this 
afternoon.
    The National Committee to Preserve Social Security and 
Medicare agrees with you, Mr. Chairman and Congressman Becerra, 
that it is very important that the Social Security 
Administration continue to invest in improving its capabilities 
in information technology. This investment will ensure that SSA 
continues to provide excellent service to the American people 
through new service delivery options that supplement--and let 
me emphasize supplement--its existing systems of service 
delivery.
    Currently, SSA provides service to millions of Americans 
through a complementary system of 1,300 local offices and its 
toll free telephone service. The magnitude of the workloads 
that SSA handles in these offices is huge. Congressman Becerra, 
you cited the number of people using these services today, and 
it is a staggering number.
    In all of 2011, 45 million individuals visited SSA field 
offices, 63 million were served over the phone. Of course 
workload of this magnitude cannot be accomplished without 
adequate information technology. More and more of SSA workloads 
are being handed over to the Internet.
    In 2011, 41 percent of its retirement applications, 33 
percent of disability applications were filed online. As more 
Americans have home computers, become accustomed to using the 
Internet, and demand increases for social security to have a 
robust offering of Internet applications, these expectations 
continue to rise.
    Still we believe it is important to understand that 
Internet service will not entirely supplant service provided 
through SSA's traditional system of service delivery. Local 
offices, toll free phone service will continue to be critical 
for Americans who live in areas that do not have access to high 
speed Internet service, those who cannot afford the cost of a 
home computer, and those who just are not comfortable using it.
    The Congressional Research Service recently published a 
report on the digital divide that found broadband Internet 
service is more likely to be available in higher income urban 
and suburban areas than in rural and low income areas. The 
Census Bureau reported that only 68 percent of households have 
access to high speed Internet service.
    While we at the National Committee applaud the SSA in its 
effort to make more and more services available through the 
Internet, we must not lose sight of the needs of those who do 
not have access or who are not comfortable using it. For these 
Americans, local Social Security offices and toll free 
telephone services remain vital lifelines.
    We would like to compliment the SSA on its recently-
completed project to make Social Security statements available 
online. It is truly an impressive achievement. However, we want 
to caution against regarding online availability as a 
satisfactory substitute for the annual delivery of paper 
statements. The reason for our view on this is simple: we are 
concerned that few Americans will ever know about the 
availability of the online statement and, thus, will never 
request one.
    Educating the public about Social Security has always been 
one of SSA's top priorities, and the annual statement has 
properly been regarded as a key element in their work in this 
area. That is why we believe that the annual delivery of a 
paper statement should be resumed immediately.
    We also think that commissioner of Social Security should 
not have to choose between delivery of a paper statement and 
the completion of the agency's other vital functions.
    This, of course, leads us to SSA's administrative budget. 
They have, it is my understanding, requested a total of $11.9 
billion to cover operations for Fiscal Year 2013. This request 
is only modestly higher than what the Congress appropriated for 
this year, $11.56 billion. And we do urge that this request be 
fully funded by the Congress.
    Last year in Fiscal Year 2011, SSA lost 4,000 employees to 
attrition, and projects to lose another 3,000 in Fiscal Year 
2012. These losses should be stopped, and to that end, we call 
on the Congress to fund fully the agency's 2013 request.
    In addition, we are concerned that the Treasury 
Department's rules requiring a payment of Social Security 
benefits through direct deposit, which has an implementation 
deadline of March 2013, about 4 million beneficiaries will be 
affected by this. And we believe that requiring frail, elderly 
beneficiaries to attest to their cognitive inability to receive 
benefits payments electronically in front of a notary public, 
this really seems unduly burdensome to us. I would urge this 
committee----
    Chairman JOHNSON. Can you summarize your----
    Mr. RICHTMAN. I'm sorry?
    Chairman JOHNSON. Please try to summarize.
    Mr. RICHTMAN. And we urge this subcommittee to hold 
hearings on this implementation plan. I'm summarizing.
    In conclusion, Mr. Chairman, we applaud SSA for its work on 
these new IT applications. Still we believe they cannot 
supplement the crucial role SSA field offices and telephone 
toll services play for the foreseeable futures. These offices 
should remain and will remain, I believe, central to any 
inclusive plan for services delivery.
    Thank you.
    [The prepared statement of Mr. Richtman follows:]

    [GRAPHIC] [TIFF OMITTED] T0257.035
    
    [GRAPHIC] [TIFF OMITTED] T0257.036
    
    [GRAPHIC] [TIFF OMITTED] T0257.037
    
    [GRAPHIC] [TIFF OMITTED] T0257.038
    
    [GRAPHIC] [TIFF OMITTED] T0257.039
    

                                 

    Chairman JOHNSON. Thank you, sir. I think the field offices 
do a good job. Stopping the mailing of the online statements 
saved $30 million last year, which needs to be put into IT.
    I thank you all for your testimony. We will turn to 
questions. As is customary for each round of questions, and I 
will limit my time to 5 minutes, and ask my colleagues also to 
limit their questioning time to five minutes as well.
    Ms. Melvin, I would like to discuss the chart on page 9 of 
your report. You see it up there on the screen. It shows how 
Social Security's technology spending is divided between 
maintenance to run the current system and investment for new 
technology. To put this into context, Social Security IT 
maintenance spending in 2011 was more than the agency's total 
IT spending in 2004. Would you walk us through these costs and 
tell us why?
    Ms. MELVIN. We think there are a number of factors that 
probably contribute to their maintenance costs all the way from 
their investments and infrastructure to maintaining the legacy 
systems that they have. As Mr. Croft has mentioned earlier, 
there are 700 plus applications that still have to be 
maintained at any time, as well as additional services that are 
provided online.
    We did note in our study that from 2004 to 2011, the 
maintenance did almost double from approximately $411 million 
to $809 million. And with that, the 2004 total costs were $868 
million, so there has been some definite growth in terms of the 
operations and maintenance.
    One of the key factors that we point to in the overall 
message that we have that stresses the need for a strategic 
plan is because that goes hand in hand at looking at how SSA 
can look at the resources that it has, its use of them, and 
what its needs are, and how it might identify what more needs 
better. And from that standpoint also, the performance measures 
that it puts in place to assess its progress and to understand 
when it uses technology or when it implements technology, how 
that cost is contributing to lowering the cost of maintenance, 
or how that overall technology is contributing to lowering the 
cost of maintenance.
    Chairman JOHNSON. Thank you. Dr. Scherlis, in your 
testimony on page 4, you say that smooth changes to existing 
systems may seem conservative, but often transform a patch 
system into a time bomb of deferred maintenance. The eventual 
cost of repairs continues to rise, and our aspirations to move 
into the future become unattainable. You refer to this as 
technical debt. Could we be looking at such a time bomb in 
Social Security, and would you explain that?
    Dr. SCHERLIS. I do not have enough direct engagement with 
Social Security to make a judgment with respect to SSA 
particularly. But I will say that this issue of technical debt 
is a very common issue in large enterprises, not just Federal 
agencies. It can be avoided with the right kind of planning and 
leadership.
    It goes back to the fact that many of these changes 
highlighted here under the O&M category come up, bubble up from 
the stakeholders and individual systems. If they are not 
aligned with a master plan, if they do not harmonize into an 
enterprise architecture concept, then they can be in conflict 
with other actions elsewhere in the organization. And the 
result is that things are even more difficult to sort out.
    So in many of these studies, all three of the studies, 
National Academy, the FSTAP study, the GAO study, highlight 
what we could call a technical debt crisis in the SSA. And you 
can decide whether to raise the debt ceiling or not.
    Chairman JOHNSON. Thank you. Mr. Croft, what is your 
response to that? I would like to know, are we looking at a 
time bomb as he suggests?
    Mr. CROFT. I do not believe so, sir. I am very interested 
in the term ``technical debt,'' and very interested in learning 
more about it. But, no, I would not say we are in a time bomb 
situation. You have to get behind those numbers and understand 
what the costs actually are. Among other things as you note, 
sir, we have added a second data center at Social Security 
which have increased our costs a great deal in those 
categories.
    There are ways we certainly can improve, but I would not 
put us in a crisis mode, no.
    Chairman JOHNSON. Well, maintenance costs have risen, you 
know that. Does Social Security plan to reverse that trend? 
And, if so, when?
    Mr. CROFT. Well, it is such a broad category, sir, 
maintenance costs. Actually if you look at our software 
maintenance costs, it is relatively flat year over year in 
terms of our cost to maintain software. We do have a lot of 
hardware maintenance costs. We are refreshing hardware all the 
time.
    Again, you have to get underneath these numbers to 
understand what you are actually talking about if you want to 
get into a deep analysis of maintenance.
    Chairman JOHNSON. So, you are telling me you got it under 
control.
    Mr. CROFT. I believe we are doing well, especially when you 
compare us with other organizations that are very similar to 
us, yes.
    Chairman JOHNSON. Thank you. Mr. Becerra.
    Mr. BECERRA. Thank you, Mr. Chairman. Thank you.
    Actually, Mr. Freed, I found your testimony the most 
interesting because while everyone, I think, was talking more 
technically, and your numbers are also technical numbers, they 
are based on feelings. And, in many respects, that may be the 
most important thing, how Americans feel about the service they 
are getting. And while right now Social Security's satisfaction 
rating seems to be pretty high, it could start to drop. And if 
it does start to drop, you start having less confidence in the 
agency and who knows what happens. And so I appreciated your 
testimony.
    Give us some context. I remember the discussion during some 
legislation that was being proposed in Congress to change the 
way Internet providers would offer services and who could 
control what could be sent over the Internet and so forth. And 
at one point I think Google was threatening to shut down for a 
day or so to make the point that they should not be prevented 
from being able to carry their service to whomever they wished. 
And people were up in arms.
    Shutting down SSA, the Social Security Administration, for 
the time it would take to rejigger, to come up to speed with 
the new technologies that are available so that it could 
provide better service faster, more accurately--tell us what 
your sense is. Could they shut down? If so, for how long? How 
could they manage?
    Mr. FREED. I do not think there is any way they could shut 
down. It is obviously a lifeblood to a lot of people. 
Technology is always incremental. In my experience in 
technology, having spent time in roles similar to some of these 
people, technology never goes away. You just build more 
technology on top.
    Hopefully when we deal with the Internet and we deal with 
mobile, there are some benefits to it that you get great cost 
savings. But I do not think it could, by any means, shut down 
and start over, and take, you know, the months or years that it 
would take to restart a system like that.
    Mr. BECERRA. And, of course, we have to be careful that we 
are not just putting a newer system on top of an older system 
and then attaching a newer system to that previously new 
system, and before you know it, you have got all these 
different parts that operate differently, and it becomes a 
machine that is so out of whack that you've got to do 
something.
    Mr. FREED. Yeah. When designed poorly, you definitely can 
run that risk where you have got a lot of different systems 
that do not communicate well. And you create a house of cards 
that if you take one away, the whole thing can crumble.
    From what I have seen from the Social Security side, I do 
not see evidence of that. I have not looked within their 
infrastructure by any means. But their apps, their websites, 
those things are really the user interface to it. The back end 
systems are the back end systems. So it is really about 
creating a better interface to get information out to citizens 
quickly, easily. And, again, makes it easier for citizens and 
will lower costs, probably not the technology costs, but should 
lower costs within the branches and the locations and the call 
centers. Not going to eliminate them by any means, but it 
should lower the cost.
    Mr. BECERRA. Any sense, and, Dr. Scherlis, let me ask you 
this question as well if you have a response. Any sense of what 
typically a company spends in IT modernization on an annual 
basis from its operating accounts, operating expenses?
    Mr. FREED. I am not sure that I would have any great data 
on that to share.
    Mr. BECERRA. Dr. Scherlis, by chance?
    Dr. SCHERLIS. I do not have that data either, but I just 
want to mention one thing, which is that----
    Mr. BECERRA. And if you could do it very quickly because 
I----
    Dr. SCHERLIS. Okay. For many of these firms, the 
distinction between development and maintenance is a 
distinction that is going away because these systems are in a 
state of constant refreshing evolution. And also I will say 
that you just gave a good definition of technical debt, that 
mishmash.
    Mr. BECERRA. Yes, thank you. Mr. Richtman, quick question. 
Is it your sense from what you heard from all the witnesses who 
testified that they have captured a sense of how people are 
feeling out there, those who are receiving the benefits, going 
to the offices visiting, making the calls, and talking to the 
Social Security office employees?
    Mr. RICHTMAN. Well, I think generally so that that is 
accurate. And the experience I have had in traveling around the 
country and meeting with groups of our members is they regard 
the Social Security folks as friends. They are maybe unusual in 
that regard in government, but they really regard them as 
friends. They provide a very important service, and they do it 
in a very positive way.
    Mr. BECERRA. Let us hope we can keep it that way. Mr. 
Croft, you have got a big job, and I hope that you know that 
the chairman and I will try to keep at you on this because I 
think we are very concerned as to whether or not SSA will be 
able to keep up. And it is too big a system, too many depend on 
it for us to not to see you make it work.
    How much do you actually invest from your operating budget 
for IT modernization?
    Mr. CROFT. We do not really have a particular target 
number.
    Mr. BECERRA. Give me a rough estimate.
    Mr. CROFT. The data that was just presented would be the 
data. That is how we categorize. It is consistent with OMB 
guidance, the Federal Government guidance on modernization 
types of activity. I am sorry I do not have the number off the 
top of me.

    ** Mr. Croft** Transcript Insert 1
    [GRAPHIC] [TIFF OMITTED] T0257.040
    

                                 

    Mr. BECERRA. Maybe Ms. Melvin, and I will close with that, 
Mr. Chairman.
    Mr. CROFT. Yes.
    Mr. BECERRA. Ms. Melvin, do you happen to know?
    Ms. MELVIN. In terms of how much--I am sorry.
    Mr. BECERRA. From operating expenses, how much does SSA 
devote to IT modernization?
    Ms. MELVIN. We do not have exact numbers on that, but what 
we did see was, I believe----
    Mr. BECERRA. Microphone.
    Ms. MELVIN. I apologize. I think that in the numbers that 
we had, about----
    Mr. BECERRA. I thought you said that SSA spent about $5 
billion on IT modernization over the past decade.
    Ms. MELVIN. Yes.
    Mr. BECERRA. And if you average that, about $500 million a 
year. My understanding is that SSA's annual budget has been 
about a $9 or $10 billion operating budget.
    Ms. MELVIN. Yeah.
    Mr. BECERRA. Well, we heard $9 to $11 billion, so it is 
about 5 percent.
    Ms. MELVIN. Yeah. I would prefer, if I could, to provide 
you with an exact number for the record on that.
    Mr. BECERRA. That would be great.

    **Ms. Melvin** Transcript Insert #1
    [GRAPHIC] [TIFF OMITTED] T0257.041
    
                                 

    Ms. MELVIN. Okay, thank you.
    Mr. BECERRA. Mr. Chairman, thank you very much.
    Chairman JOHNSON. Thank you, sir. Mr. Berg, you are 
recognized.
    Mr. BERG. Thank you, Mr. Chairman. Thanks to the panel for 
being here.
    One of the things in preparing for this hearing that quite 
frankly stunned me the most was what I saw as a lack of long-
term planning. We went through a real process in North Dakota 
probably about 10 years ago on IT. We had 20 different agencies 
in North Dakota. Each agency was out doing their own thing, had 
non-compatible software, non-compatible equipment. It was just 
a mess.
    Chairman JOHNSON. And then you discovered oil.
    Mr. BERG. Well, then we discovered oil.
    [Laughter.]
    Mr. BERG. We learned a few things from Texas, Mr. Chairman. 
And actually this was before oil was when we had a huge 
deficit, and it was a matter of how do we make things work? And 
we looked a lot at the private sector and the government 
sector, and I know some questions were brought towards, you 
know, how does this compare with an investment in the private 
sector? And really we found that it is almost totally 
different. I mean, the private sector invests in technology, 
and it really does two things. One, it lowers that business' 
cost. They are able to do things, you know, less expensively, 
e-mail versus maybe, you know, sending a letter and that whole 
process. And also it saves people's time which in result ends 
up they are able to apply their energy and time into things 
that are going to generate more revenue for the business.
    And so, so much of the technology that was invested in the 
private sector was really driven on increasing that company's 
revenue.
    My point here is all these things are kind of planned, and 
when the private sector invests in technology, they are 
expecting a return. They are looking into that plan. And so, 
you know, from our State standpoint, we had this big mess. Our 
plan was to pull people together. We ended up with a State IT 
director that really became the project leader whether it was 
the prisons, or whether it was human services, or whatever, 
move forward.
    And so we had a format. We had a checklist. We had 
measurable things. Prior to that, we had IT people that we 
hired to lead projects. And as we talked about, in the middle 
of the project they left, and it was a disaster, and we were 
left hanging with a huge investment, and really many times 
nowhere to go to but to simply start over. And so, I do not 
think anyone would disagree the need for a long-term plan.
    My question for Ms. Melvin and also Dr. Scherlis is, what 
would be the next steps in developing a long-term plan for the 
Social Security Administration. What would they be?
    Ms. MELVIN. For developing a long-term plan, we think that 
SSA needs to start looking at this point in terms of what their 
current state of information technology is, to have a good 
handle on that, and to let that feed into an overall idea of 
where they want to go.
    So part of what our report talked to was the need not only 
for them to develop a strategic plan, but to have a completed 
enterprise architecture that would allow them to examine and 
document their current state of technology, where they want to 
go.
    One of the critical concerns that we noted in our study was 
in looking forward in terms of a vision, we did not find that 
SSA had a particularly good handle or ability at least to 
express its longer-term vision beyond two years for what it 
wants to achieve. We believe that it is important that it 
establish a longer-term vision and that it be able to tie that 
to its agency's strategic plan, and then move forward with the 
goals and the particular strategies, if you will, that it wants 
to apply to move to a target state of its architecture.
    So we think starting initially, they have got to do more in 
terms of putting more focus on just being more specific about 
what their current state of technology is and what they are 
trying to achieve moving forward, and to apply results-oriented 
performance measures for how they want to do that, and to be 
able to assess how well they come to achieving that target 
state.
    Mr. BERG. Okay, thank you. Dr. Scherlis.
    Dr. SCHERLIS. I want to agree with everything that Ms. 
Melvin just said. The two critical elements of the master plan 
are the overall future architecture, which describes how 
systems are linked together, how the data is managed and shared 
internally. This ensures coordination among all the various 
projects. And the second element of the master plan is a road 
map for evolution.
    And I also agree that the time horizon should be between 5 
and 10 years. The plan should anticipate the kinds of changes 
that might come in terms of the mission of SSA, in terms of the 
demographics, in terms of technology changes, other changes. 
That is the essential framework within which systems become 
managed. And this is part of that six-step plan that I 
suggested earlier.
    Mr. BERG. Thank you.
    Dr. SCHERLIS. I want to add one thing. The other is people. 
We have not spoken about people, but, you know, SSA has a large 
internal IT workforce. This is a blessing among Federal 
agencies that they have this workforce. It is essential to have 
strong, connected, committed career people. It is also 
essential to keep them technically fresh through various 
mechanisms--engagement on the outside, conferences, training, 
and the like. And also to have them share in the vision, and to 
seek career paths for themselves to develop to participate in 
the manifestation of that vision. That takes leadership 
commitment from the very top.
    Chairman JOHNSON. Mr. Croft, Mr. Berg, we will have a 
second round.
    Mr. BERG. Okay.
    Chairman JOHNSON. Mr. Brady, you are recognized.
    Mr. BRADY. Thank you, Mr. Chairman. Thank you for calling 
this hearing.
    Mr. CROFT, one of your strategies to increase the use of 
online services is to explore offering online services through 
mobile devices as opposed to implementing online services 
through mobile devices. Since the strategic plan, if I recall, 
runs through the end of 2016, does that mean the public, we are 
going to have to wait four years while we are exploring as 
opposed to moving these things and getting them in place? That 
seems like a lifetime.
    Mr. CROFT. No, sir. Thank you for the question. We are 
actually building a mobile application now. We are doing it 
very carefully and cautiously, though. We want to make sure we 
are going to get a good return on investment for the 
application that we are building. We are on target to actually 
deliver a mobile application before the end of this year. It 
will have to do with SSI wage reporting, which is one of our 
largest improper payment areas as an agency.
    We believe after a lot of exploration, a lot of thinking 
inside the agency, strategizing that that is one area that 
actually fits mobile because it is a reoccurring reporting 
requirement, not a one-time thing like filing an application 
that people are unlikely to use a mobile application to do. So 
look for something later this year.
    Mr. BRADY. From a priority standpoint, is that because it 
is a priority in the fraud or incorrect data, or ability to 
move that sooner than other apps?
    Mr. CROFT. Yeah. It is one of our executive oversight 
projects. It is a priority in terms of improper payments. It is 
one of the higher error categories of improper payments. It 
seemed to fit. We are interested in exploring mobile. I think 
we are like most large organizations. We want to try mobile, 
but we are very cautious about doing it in a way that is really 
more folly than substance. So we are focused on substance.
    Mr. BRADY. Okay, thank you. Dr. Scherlis, do you have any 
thoughts on that?
    Dr. SCHERLIS. Not really. I am sorry.
    Mr. BRADY. Okay. First time that has ever happened.
    Dr. SCHERLIS. Yeah.
    Mr. BRADY. Thank you very much.
    [Laughter.]
    Mr. BRADY. Yield back.
    Chairman JOHNSON. Thank you, Mr. Brady. Mr. Marchant, you 
are recognized.
    Mr. MARCHANT. Thank you, Mr. Chairman. Yesterday, the 
subcommittee held a hearing on identity theft and the use of 
the Death Master File to make sure that that file is not being 
misused by thieves. Social Security collects probably more 
personal data on anyone in America. Google might argue with 
that. Facebook might argue with that. But I think most people 
believe, at least, besides maybe the IRS, that Social Security 
probably has the most information on anybody in America.
    In this time of rapid advancement, how can we assure our 
constituents that this information is being protected and is 
not being used by the thieves, the fraud artists, and the 
people that are out to steal this information. Commissioner?
    Mr. CROFT. Thank you. So we are purposely not boastful 
about IT security protections, but trust that we do as much 
state of the art as we possibly can in terms of IT security. We 
are incredibly conscious of the personally identifiable 
information that is ours to be stewards of. We stand for 
outside audits. We follow all guidelines. We do everything we 
possibly can to stay as secure and sound as we can in terms of 
data protection.
    Mr. MARCHANT. Mr. Richtman, would you agree that the 
perception of the general public is that their information is 
completely secure within the Social Security Administration?
    Mr. RICHTMAN. As far as I know, Congressman, that would be 
true.
    Mr. MARCHANT. Dr. Scherlis, just recently there was an 
expert advisory panel that was put together, but it was 
ultimately disbanded. Do you have the belief that outside 
advisory panels in the private sector can help fill the gap?
    Dr. SCHERLIS. I think that outside advisory panels provide 
an opportunity for an organization to compare and baseline its 
practices against practices in other organizations, 
particularly in areas where measurement is a challenge. And one 
of those areas is architecture and strategic planning because 
we are working to a vision of future potential. And so that is 
an area where the kinds of inputs that you get from advisory 
panels can be extremely useful.
    Mr. MARCHANT. Okay. Thank you, Mr. Chairman.
    Chairman JOHNSON. Thank you. Dr. Scherlis, since 2008, I 
have continued to raise concerns about the time it has taken 
for Social Security to modernize its outdated programming 
language, including replacing COBOL, which was created some 
time ago. In your testimony, you talk about challenges of old 
systems, so-called legacy systems, that operate on obsolete 
platforms.
    Social Security is phasing out its older software, but they 
told me the process will take years. Does that sound right to 
you? You know, it seems to me you can go out to the store and 
buy a new computer with all the latest stuff on it, and I do 
not know why we cannot do that in the Federal Government.
    Dr. SCHERLIS. Well, in fact, I am going to give you two 
answers. One answer is that this sense of urgency that we 
should feel needs to focus around the development of this 
master plan that we have been speaking of earlier today. That 
creates the commitment, creates the framework within which we 
move forward. But that given the magnitude of the operation at 
Social Security and the sensitivity of the data, the unfolding 
of that plan will take some years. But the plan provides a 
framework for making decisions and having a sense of 
expectation regarding what kinds of projects will happen when 
and how much they might cost.
    So it is this juxtaposition of the urgency to create the 
plan with the unfolding of that. So we have the comfort that 
the incremental actions that are taken as an organization are 
in harmony and moving in the right direction.
    Chairman JOHNSON. Well, it seems like we keep changing our 
approach. You know, Mr. Croft, it seems to me we have been 4 or 
5 years downstream trying to modernize the system. Can you tell 
me how long it is going to take before we get out of COBOL?
    Mr. CROFT. No, sir, I cannot. I do not believe anybody 
could do that. And we would find ourselves----
    Chairman JOHNSON. Dr. Scherlis could tell you how to.
    [Laughter.]
    Mr. CROFT. I would comment, and my colleague to the left 
mentioned. We actually have just recently published an IT 
strategic plan. We released it formally, I believe it was 
earlier this week. And I encourage people please to take a look 
at it. It does look out 5 years. It does describe our current 
state in detail, not in the kind of----
    Chairman JOHNSON. So you are telling me you are going to 
rid of COBOL in 5 years.
    Mr. CROFT. No, sir. No. No. It is an incremental approach 
to----
    Chairman JOHNSON. We are going to have it for, what, 20 
more years?
    Mr. CROFT. The way we build software, sir, is so when we--I 
do not know about 20 years, but the way we build software is 
when we are taking on new projects, we only build with new 
code. We only build in the new ways.
    We also assess the risk of all of our systems, as I 
mentioned in my opening statement. And if we believe we are 
facing a technical risk with one of our systems, we will take 
it on motion and rebuild it. And we are rebuilding following a 
systematic approach to the software.
    I would also mention in terms of architecture, we do have 
robust enterprise architecture at Social Security. I want to 
make sure that everybody is clear on that. I will accept a bit 
of criticism that the architecture has not looked out far 
enough into the future, and that is something we are addressing 
now rather than looking out a couple of years consistent with 
where we think business projects are going. We are actually 
extending the look of the architecture out 5 years now, and 
that is something we are actively working on.
    Chairman JOHNSON. Well, you know, you got a new place down 
in North Carolina, and you are building a new place up here. 
And it seems to me by the time that place is finished up here, 
you ought to have a whole new system developed. If you cannot 
do it, something is wrong I think.
    You are working at a snail's pace, and I think, as was 
mentioned earlier, maybe you need a strategic plan in writing. 
And once you get started on something, do not stop it like you 
just have as I know. And your job has changed, too. So 
something is happening over there that you all are not telling 
us about that and it is causing problems.
    Mr. CROFT, GAO mentions eight reports issued since 2007 by 
GAO, and here they are laying here on my desk. And the National 
Research Council, the National Academies, the inspector 
general, and the bipartisan Social Security Advisory Board 
highlight Social Security's technology challenges, and stress 
the need for Social Security to have a strategic IT plan. They 
tell me there is still no plan. Can you tell me why not?
    Mr. CROFT. There is a plan now. We were working on it.
    Chairman JOHNSON. Did you do it yesterday or something?
    Mr. CROFT. We released a final this week, yes.
    Chairman JOHNSON. Okay.
    Mr. CROFT. But we were working on it actually for quite a 
long time.
    Chairman JOHNSON. Okay. So you have a strategic IT plan 
now?
    Mr. CROFT. We do.
    Chairman JOHNSON. And you are using it?
    Mr. CROFT. Yes.
    Chairman JOHNSON. Thank you very much. Mr. Becerra.
    Mr. BECERRA. A couple of questions, Mr. Chairman.
    First, Mr. Croft, again, I think it is pretty clear from 
some of the questions that we are concerned about the strategic 
planning. And I think Ms. Melvin, her testimony, her written 
and oral testimony pointed to that. And I think all the 
witnesses pointed to the importance of being able to think way 
ahead.
    And I hope what you will do is you will take our admonition 
and really work on it with this new plan you have in place, and 
know that you should never come here with a fire at the house 
claiming you need the engine real quickly, 911, because I hope 
we are telegraphing that we can see it, too.
    And you have got a great satisfaction rating from folks 
right now. The public for the most part likes what you do. In 
fact, I was looking at some of these other customer ratings, 
Mr. Freed, and you can tell me if I am wrong. But Bank of 
America, 68 percent customer service satisfaction, YouTube, 74 
percent, Facebook, 66 percent, Google, 83 percent, IRS, 57 
percent, and you are at 80 percent. So not bad. Better than 
YouTube, close to Google. Work with us so we can work with you.
    And, by the way, when Americans every day are contributing 
to the Social Security system to the tune of over $700 billion 
this year alone, there should be no reason why you cannot come 
to us and say I've got a great plan to move us forward. We have 
taken the best minds who told us how to do this, and this is 
what it is going to cost to make this kind of investment. And 
then let us work with you on that because the American public 
is paying for Social Security, and so let us work together on 
that. I hope we can do that really well.
    One quick question. Servicing. You actually got great 
scores in a lot of areas. You got a higher score on the 
Internet side than you did on the person-to-person and 
telephone. Some might say, well, maybe that means you can go 
all the way and do everything by computers and the Internet and 
have all interactions with customers be through the Internet. 
Do you think that we are ever going to reach a day where the 
face-to-face will not be needed?
    Mr. CROFT. For Social Security?
    Mr. BECERRA. For Social Security.
    Mr. CROFT. Not in the foreseeable future, no. I do not 
think so. I would comment on the non-technology side, though, 
we also do internal surveying, and we receive very high 
satisfaction scores from face-to-face and telephone contacts as 
well. In particular what is noted in any survey that we have 
ever done is the excellence of the workforce for Social 
Security, the courtesy, but also the business knowledge of the 
agents. So once people get through, sometimes there are 
problems in terms of getting access to our employees because of 
the long wait times or busy rates and things like that. But 
once they get through, time and time again the surveys have 
always shown a very happy satisfaction in terms of our 
workforce.
    Mr. BECERRA. Well, let me just compliment today your folks 
in Los Angeles, who we work with. They have done remarkable 
work addressing some of the concerns that we have raised to 
them in trying to help constituents. And please convey that to 
folks throughout the nation that work for SSA. We say thank 
you. But I know for a fact that in LA, people really enjoy the 
interaction they have and are pleased with some of the folks 
that you have there in Los Angeles. And know that we want to 
work with you as you move forward. We know it is not easy, but 
we need to do this, and we have to figure out a way to do it so 
we do not have a machine with a whole bunch of old and new 
moving parts trying to make this thing work. So thank you.
    Mr. Chairman, I will yield back.
    Chairman JOHNSON. Mr. Berg, do you care to question?
    Mr. BERG. Thank you, Mr. Chairman. I will just kind of back 
up where we went. But, I mean, clearly assess the current 
situation of all your strengths and your weaknesses. Number 
two, what is your long-term vision? And have an IT plan that 
ties into that and a plan that then has performance measures 
and checks and balances and timetables. That is, I think, kind 
of what I heard.
    So I guess I would like your response, Mr. Croft, to those 
suggestions.
    Mr. CROFT. Yes, sir, I agree. One thing I would also 
mention is we stay very in sync with the business direction of 
the agency in terms of IT. We follow the agency's strategic 
plan and flow from that in terms of IT. We are not doing IT 
just for IT's sake. We are doing IT to enable the business.
    I would also mention, in terms of the investments that we 
make, we do very rigorous analysis up front before we embark on 
an investment, including ROI analysis to make sure that we are 
picking the right mix of projects to get the most value for 
Social Security.
    So we do have a robust planning process. Some might say we 
do not refresh it enough or look farther out, but we definitely 
have a planning process.
    Mr. BERG. So on the return on investment, who do you 
present that to?
    Mr. CROFT. Ultimately, it is presented to a board of my 
peer executives and the Commissioner as we decide what 
investments we are going to make in IT looking out into the 
future. That also is reported up through central government, 
OMB. It is public knowledge on the Federal IT Dashboard and so 
forth what we expect to get out of our investments.
    Mr. BERG. Those have been presented to a congressional 
panel?
    Mr. CROFT. I do not know. It is part of the budgeting 
process and the oversight that we do. It is public information.
    Mr. BERG. Well, we will follow up. Thank you, Mr. Chairman. 
Yield back.
    Chairman JOHNSON. Mr. Brady, you are recognized.
    Mr. BRADY. Thank you. Dr. Scherlis was so efficient in his 
last answer, let me try again. In your testimony about drivers 
of change, you discussed the advantages of modern data 
computing, including, you know, big data, cloud computing 
obviously, architecture. And for the subcommittee's education, 
would you define this for us and how Social Security can 
leverage this kind of computing to their advantage, because 
clearly we want to be ahead on some of this technology, not 
trailing so much.
    Dr. SCHERLIS. Sure. Sure. So the idea of big data 
computing, basically it refers to a whole collection of 
techniques and technologies to exploit data assets. We do not 
merely want to accumulate those data assets, but we want to see 
patterns, do analyses for all kinds of reasons. The best way to 
realize the capability to do that is within what we call the 
cloud.
    In this case, by cloud I mean an architecture for a data 
center, and also for the processing of data, the key features 
of which are large numbers of relatively smaller processors, 
the same kind of processors that are run in your PC, and data 
that is located on disk drives that are associated with those 
processors. So the data is spread all around.
    That allows to scale up by buying more processors and more 
disks and, therefore, to store more data. This is the kind of 
configuration that is used not just at Google and Amazon that 
we hear about, but in financial services firms and government 
agencies all over.
    And scalability is key because we can do very large-scale 
searches by sending small amounts of instructions out to those 
processors to query the data that resides on those processors, 
and then we very rapidly can assemble an aggregate result. So 
those are the ideas of big data and cloud.
    Sometimes we hear the word ``cloud'' in the setting of sort 
of the controversial setting of the so-called public cloud, 
services such as are provided by Microsoft through Azure or 
Amazon and so on. And really that is an entirely separate issue 
from this discussion that we are having, which is about the 
architecture of data centers. Whether you own the data center 
and it is inside of your facility, which certainly would be the 
case with SSA, or whether you outsource to a provider is really 
a business decision.
    Mr. BRADY. And you believe this type of architecture could 
be helpful as Social Security pursues its IT goals?
    Dr. SCHERLIS. I do. I do because it offers both 
scalability, flexibility, and also cost management, the ability 
to incrementally upgrade. There are many advantages of this 
architecture.
    Mr. BRADY. Great. Thank you, Doctor.
    Dr. SCHERLIS. You are welcome.
    Chairman JOHNSON. I would like to welcome the distinguished 
gentleman from Kentucky and chairman of the Ways and Means 
Subcommittee on Human Resources, Mr. Davis, down there on the 
end. Thank you for joining us. You may have a couple minutes.
    Mr. DAVIS. Thank you very much, Mr. Chairman. And before I 
begin, I would like to thank you for holding this hearing and 
for allowing me to join and ask a question from such a 
knowledgeable panel.
    The Social Security Administration has come a long way 
since the days of the punch card. There is still significant 
progress to be made in order to truly become a 21st customer 
service provider.
    From the work we have been doing on the Human Resources 
Subcommittee, we know that strategic IT investments to promote 
operations and to integrate and reuse existing data resources 
could help more effectively target limited taxpayer dollars.
    I used to do this for a living, managing large system 
implementation, data integration in the private sector before 
coming to Congress. And I discovered my biggest client was the 
United States government, and probably the most challenging in 
the sense of legacy systems that you are all dealing within a 
wide variety of areas.
    You know, we have worked with this and we have had some 
success in promoting data standardization across a number of 
programs. We are working with Chairman Johnson to see how we 
can be helpful here. Our efforts are not intended to be yet 
another statutory mandate, but rather an important piece of a 
larger IT strategy and approach to architecture to effectively 
integrate information and to help the government run more 
efficiently, particularly when some of our agencies under Ways 
and Means jurisdiction have 10 percent or higher improper 
payment levels. Social Security is very low, which is a good 
thing. But nonetheless it shows this disconnection.
    I guess I would like to begin with Ms. Melvin. In your 2009 
report, and again in your most recent review, you expressed 
concerns about the Social Security Administration's ability to 
handle future data exchange demands and their lack of IT 
management practices for this workload.
    With over 3,500 data exchange agreements and growing demand 
for government to reuse information, what I would call in my 
other job, customer master information, vendor master type of 
information, the transaction analysis, bills of labor, and 
resources, those sort of things.
    But could you elaborate for us on whether SSA is adequately 
preparing to handle this workload from an IT perspective? And 
also what is SSA doing to better serve its State and local 
government customers and meet their demands to operate in the 
21st century?
    Ms. MELVIN. The work that we did note that SSA is going to 
web-based technologies and to newer online technologies. And 
our report does highlight some of the initiatives that support 
electronic data exchange with the Federal, State, and the 
private sector.
    Our 2009 report, however, included a couple of 
recommendations that focused on conducting detailed analyses. 
We believe that SSA needed to determine workload projects and 
define requirements for effectively and efficiently delivering 
data exchange services to their agency partners.
    As of right now, those two recommendations remain open. So 
it is very difficult from our standpoint to know until SSA has 
actually done the analysis and started to implement against 
that analyses exactly how its online exchanges are affecting 
it.
    Mr. DAVIS. Okay, thank you. Mr. Croft, what difficulties do 
you face from an IT perspective when exchanging information 
with outside partners such as the States? For example, would it 
be more useful for incoming data if it were provided in a more 
consistent, standardized format?
    Mr. CROFT. Absolutely, yes, it would. Another point I would 
bring up, sir, is the uniformity of the exchanges in general. 
We do have many, many exchanges. We are probably the largest 
body that is exchanging data in the Federal Government. And all 
in all, it is going okay. It is a large workload, a growing 
workload. But we are needing to redo our core software, our 
core data exchange software, and we are actually in the process 
now of modernizing that software to make it more agile to deal 
with the multiple kinds of customer requests that we receive.
    I would also mention just in general around data exchanges, 
the IT generally is not the hardest part. The hardest part is, 
as you know, data definitions, but it is also the legal, fiscal 
kinds of things that go with interagency kinds of agreements 
like that.
    Mr. DAVIS. What lessons do you think you have learned so 
far from the implementation of the Access to Financial 
Institutions Program, the web-based electronic process for 
verifying financial account information?
    Mr. CROFT. It is going very well, but I would note that we 
piloted that for quite some time and really worked out the 
kinks before we took it operational. All in all, I would say 
that is a very effective and proper payment mechanism. And I 
really do not have any further comments to say except that it 
does take time to work out the business process, and the 
privacy angles, and all those kinds of things that go along 
with data exchange.
    So if you looked at it, it is like we just turned it on, 
but, in fact, we have been working on that in various pilot 
modes for some number of years.
    Mr. DAVIS. Well, one question that I have looking at this, 
again, in my multi-facility implementation experiences that are 
admittedly smaller scale than the Social Security 
Administration.
    Chairman JOHNSON. Can you summarize?
    Mr. DAVIS. Yes.
    [Laughter.]
    Mr. DAVIS. But if you could answer quickly one question for 
me, that would be very helpful. If you were to pick one or two 
statutes that need to be amended to allow better interchange of 
data, what would those be?
    Mr. CROFT. Sir, may I answer that for the record, please? I 
am not able to answer that quickly for you. I would rather give 
you a thoughtful answer than a quick answer.

    **Mr. Croft** Transcript Insert 2

    [GRAPHIC] [TIFF OMITTED] T0257.042
    
                                 

    Mr. DAVIS. Yeah, that would be great. Thank you. I yield 
back, Mr. Chairman.
    Chairman JOHNSON. Thank you. Mr. Croft, I noted in my 
opening statement I am disappointed to learn the panel of 
outside experts convened by Commissioner Astrue to provide 
independent systems technology advice was disbanded. I was even 
more disappointed to learn that the reports and minutes have 
been removed from Social Security's website.
    I would like to know why Social Security took those 
documents down and ask you which of the recommendations of that 
panel has Social Security acted on, and what specific actions 
have you taken or intend to take?
    Mr. Croft. I do not know the intricacies of why things come 
down off the website. I do not know if that was a requirement 
for a FACA panel when we disband them that we take that down. 
We certainly have all the information, though, and have shared 
that with the IG.
    Probably the most substantive information that I received 
from the panel was in the early part of it around the data 
center project. That was a more in-depth piece of work, and 
they made a number of recommendations in terms of our data 
center planning. And we were certainly very positive about 
using many of those.
    Another area where there was help from the panel, and this 
was also a while ago, but was in terms of authentication and 
the way we designed the authentication with the new online 
statement. It was not so much a panel deliberation, but we 
worked with one of the panel members on that.
    Chairman JOHNSON. Thank you, sir. Again, I thank you all 
for being here today and for your testimony.
    Innovations in technology will continue to drive the kind 
of service Americans expect and deserve. And Social Security 
must and will be held accountable.
    I thank you all for your attendance. And with that, the 
subcommittee stands adjourned.
    [Whereupon, at 4:08 p.m., the subcommittee was adjourned.]

    Questions For The Record

                              Kelly Croft

[GRAPHIC] [TIFF OMITTED] T0257.043

[GRAPHIC] [TIFF OMITTED] T0257.044

[GRAPHIC] [TIFF OMITTED] T0257.045

[GRAPHIC] [TIFF OMITTED] T0257.046

[GRAPHIC] [TIFF OMITTED] T0257.047

[GRAPHIC] [TIFF OMITTED] T0257.048

[GRAPHIC] [TIFF OMITTED] T0257.049

[GRAPHIC] [TIFF OMITTED] T0257.050

[GRAPHIC] [TIFF OMITTED] T0257.051

[GRAPHIC] [TIFF OMITTED] T0257.052

[GRAPHIC] [TIFF OMITTED] T0257.053

[GRAPHIC] [TIFF OMITTED] T0257.054

[GRAPHIC] [TIFF OMITTED] T0257.055

[GRAPHIC] [TIFF OMITTED] T0257.056

                                 

                       Kelly Croft Attachment #1

[GRAPHIC] [TIFF OMITTED] T0257.057

[GRAPHIC] [TIFF OMITTED] T0257.058

[GRAPHIC] [TIFF OMITTED] T0257.059

[GRAPHIC] [TIFF OMITTED] T0257.060

[GRAPHIC] [TIFF OMITTED] T0257.061

[GRAPHIC] [TIFF OMITTED] T0257.062

[GRAPHIC] [TIFF OMITTED] T0257.063

[GRAPHIC] [TIFF OMITTED] T0257.064

[GRAPHIC] [TIFF OMITTED] T0257.065

[GRAPHIC] [TIFF OMITTED] T0257.066

[GRAPHIC] [TIFF OMITTED] T0257.067

[GRAPHIC] [TIFF OMITTED] T0257.068

[GRAPHIC] [TIFF OMITTED] T0257.069

[GRAPHIC] [TIFF OMITTED] T0257.070

[GRAPHIC] [TIFF OMITTED] T0257.071

[GRAPHIC] [TIFF OMITTED] T0257.072

[GRAPHIC] [TIFF OMITTED] T0257.073

[GRAPHIC] [TIFF OMITTED] T0257.074

[GRAPHIC] [TIFF OMITTED] T0257.075

[GRAPHIC] [TIFF OMITTED] T0257.076

[GRAPHIC] [TIFF OMITTED] T0257.077

[GRAPHIC] [TIFF OMITTED] T0257.078

[GRAPHIC] [TIFF OMITTED] T0257.079

[GRAPHIC] [TIFF OMITTED] T0257.080

[GRAPHIC] [TIFF OMITTED] T0257.081

[GRAPHIC] [TIFF OMITTED] T0257.082

[GRAPHIC] [TIFF OMITTED] T0257.083

[GRAPHIC] [TIFF OMITTED] T0257.084

[GRAPHIC] [TIFF OMITTED] T0257.085

[GRAPHIC] [TIFF OMITTED] T0257.086

[GRAPHIC] [TIFF OMITTED] T0257.087

[GRAPHIC] [TIFF OMITTED] T0257.088

[GRAPHIC] [TIFF OMITTED] T0257.089

[GRAPHIC] [TIFF OMITTED] T0257.090

[GRAPHIC] [TIFF OMITTED] T0257.091

[GRAPHIC] [TIFF OMITTED] T0257.092

[GRAPHIC] [TIFF OMITTED] T0257.093

[GRAPHIC] [TIFF OMITTED] T0257.094

[GRAPHIC] [TIFF OMITTED] T0257.095

[GRAPHIC] [TIFF OMITTED] T0257.096

[GRAPHIC] [TIFF OMITTED] T0257.097

[GRAPHIC] [TIFF OMITTED] T0257.098

[GRAPHIC] [TIFF OMITTED] T0257.099

[GRAPHIC] [TIFF OMITTED] T0257.100

[GRAPHIC] [TIFF OMITTED] T0257.101

[GRAPHIC] [TIFF OMITTED] T0257.102

[GRAPHIC] [TIFF OMITTED] T0257.103

[GRAPHIC] [TIFF OMITTED] T0257.104

[GRAPHIC] [TIFF OMITTED] T0257.105

[GRAPHIC] [TIFF OMITTED] T0257.106

[GRAPHIC] [TIFF OMITTED] T0257.107

[GRAPHIC] [TIFF OMITTED] T0257.108

                                 

                       Kelly Croft Attachment #2

[GRAPHIC] [TIFF OMITTED] T0257.109

[GRAPHIC] [TIFF OMITTED] T0257.110

[GRAPHIC] [TIFF OMITTED] T0257.111

[GRAPHIC] [TIFF OMITTED] T0257.112

[GRAPHIC] [TIFF OMITTED] T0257.113

[GRAPHIC] [TIFF OMITTED] T0257.114

[GRAPHIC] [TIFF OMITTED] T0257.115

[GRAPHIC] [TIFF OMITTED] T0257.116

[GRAPHIC] [TIFF OMITTED] T0257.117

[GRAPHIC] [TIFF OMITTED] T0257.118

[GRAPHIC] [TIFF OMITTED] T0257.119

[GRAPHIC] [TIFF OMITTED] T0257.120

[GRAPHIC] [TIFF OMITTED] T0257.121

[GRAPHIC] [TIFF OMITTED] T0257.122

[GRAPHIC] [TIFF OMITTED] T0257.123

[GRAPHIC] [TIFF OMITTED] T0257.124

[GRAPHIC] [TIFF OMITTED] T0257.125

[GRAPHIC] [TIFF OMITTED] T0257.126

                                 

                              Larry Freed

[GRAPHIC] [TIFF OMITTED] T0257.127

[GRAPHIC] [TIFF OMITTED] T0257.128

                                 

                             Valerie Melvin

[GRAPHIC] [TIFF OMITTED] T0257.129

[GRAPHIC] [TIFF OMITTED] T0257.130

[GRAPHIC] [TIFF OMITTED] T0257.131

                                 

    [Submissions for the Record follow:]
                           James Strassberger

[GRAPHIC] [TIFF OMITTED] T0257.132

[GRAPHIC] [TIFF OMITTED] T0257.133

[GRAPHIC] [TIFF OMITTED] T0257.134

[GRAPHIC] [TIFF OMITTED] T0257.135

                                 
