Social Security Administration Joins Other Agencies With $300M "IT Boondoggle"

alphadogg (971356) writes with news that the SSA has joined the long list of federal agencies with giant failed IT projects. From the article: "Six years ago the Social Security Administration embarked on an aggressive plan to replace outdated computer systems overwhelmed by a growing flood of disability claims. Nearly $300 million later, the new system is nowhere near ready and agency officials are struggling to salvage a project racked by delays and mismanagement, according to an internal report commissioned by the agency. In 2008, Social Security said the project was about two to three years from completion. Five years later, it was still two to three years from being done, according to the report by McKinsey and Co., a management consulting firm. Today, with the project still in the testing phase, the agency can't say when it will be completed or how much it will cost.

Legacy Systems.

[jellomizer]

Legacy Systems are built with 40 years of code and modifications to meet every requirement the user needs.

Then you have 5 years to build something new and try to catch 40 years worth of rules and logic.

Re:Legacy Systems.

[gunner_von_diamond]

racked by delays and mismanagement

40 years of code could mean 2-3 years of development, and then fixing a bug here and there and updating this or that every now and then. Just because some of the code is 40 years old does not equate to 40 years of development time.

5 years is a pretty long time to focus on straight dev time. Sounds like the mismanagement part had more of an impact than just using the excuse of it being a "legacy system". I realize that management always portays the timeline as 1/3 of what it will actually take to develop something, but wasting 5 years and $300 million... It's hard for me to think of a justification for that!

Re:Legacy Systems.

Hmm..
F-35:
Lockheed Martin

New system for Social Security primary contractor:
Lockheed Martin..

Yes perspective.. Yea' we wasted $300 million, but at least that is not as much as WE wasted on the F-35 project..
And lets double our CEO pay while we are at it.

http://www.washingtonpost.com/business/capitalbusiness/lockheed-ceo-hewsons-pay-doubles-to-25-million-in-2013/2014/03/21/c6390418-aebe-11e3-a49e-76adc9210f19_story.html

Re:Legacy Systems.

[mr_mischief]

Just think of it as a jobs program/economic stimulus/enrichment of a random company on the public dole. It makes perfect sense if you buy into the economic value of the government scaling big bureaucracies that depend on a competent contractor to help them scale so big being beneficial to the economy. Just think about how much more beneficial it is, then, to have it done three or four times to get it right.

On the other hand, consumers could have spent that money rather than paying the government to pay those extra contractor costs. But then again, consumers tend to over-spend anyway and corrode the economy. Sometimes that's to the point that the government has to choose between bailing out the banks and bailing out the consumers. Then again, the government encourages that, too. And of course rather than bailing out the consumers they bail out the banks so they can create more consumer debt and start all over.

The main difference between big government folks and small government folks, you see, isn't that one thinks the government is well intentioned and the other thinks it is evil and needs to be kept in check. That's certainly a factor, but it's not the main one. The main difference is that big government people have an idealized concept of the government as a doer of good. Small government people are skeptical that anything too big and too detached from the lives of real people can reasonably accomplish good things for the majority of people on a regular basis.

Re:Legacy Systems.

[AK+Marc]

Delays and mismanagement is standard for any large enterprise. The only difference is that corporations have more legal room to hide their mistakes.

Re:Legacy Systems.

[AK+Marc]

GAAP requires private companies to respond to FOI requests?

No, it's properly documented for the annual report, but listed as "one time write-off", often as part of an acquisition cost, with insufficient details to determine the actual cause. And when the company turns a multi-billion dollar profit, you can lose $300M on a single project without bankrupting the company.

Re:Legacy Systems.

[riverat1]

Around the year 2000 Nike lost something like $100 million in sales because of a failed SAP installation that cost them $400 million. How much did you hear about that?

Re:Legacy Systems.

[mattwarden]

Don't forget how you can't change anything about how the system works in a way that reduces the work of any particular role in the organization, or the relevant union will get very angry.

Re:Legacy Systems.

[wideglide]

I beg to differ. Working 30+ years on airline reservation / check in systems and several 'data hubs' around these beasts. So far NO NEW FANCY data hub has replaced one of the mainframes ... And the software there is partially closer to 50 years than 40. Mostly 370-assembler with a dip of PL/1. The oldest program still in production (on our box here) was written in 1966, modified maybe times but about 20 % are still original. Now talk about a maintenance nightmare :-) But there were a gazillion of 'replacement / reengineering / rewrite' projects running from a few weeks to 8 years and costs by the truckload. No success so far and I'm still waiting for Roscoe / TSO to be replaced. So - overall : Nothing new here. But the next hot thing is just around the corner, the same architect that already botched 6 attempts is still pushing for the next replacement project. But I'll be retired by the time the mainframes are replaced ...

hire the girlsgonewild.com team, they can scale

[raymorris]

These government agencies need to hire some developers for whom a few million hits is just another day. Something like girlsgonewild.com gets more traffic than healthcare.gov, and handles it with two well-configured commodity servers.

Re:hire the girlsgonewild.com team, they can scale

[jeffmeden]

These government agencies need to hire some developers for whom a few million hits is just another day. Something like girlsgonewild.com gets more traffic than healthcare.gov, and handles it with two well-configured commodity servers.

Something tells me that with girlsgonewild.com, the "interaction" is mostly "client-side" so the, er, "workload" is actually minimal. And the use case count, I believe, still stands at 1, and they are at best appealing to exactly half of the US population. It's a bit different than a place like the Social Security Administration, an org that has taken on the unenviable task of managing retirement and disability insurance for *every goddamn american* which is a pretty ludicrous scope. If raw horsepower were the issue, yes bring in outside help. The real problem (or at least one of them) is that of all 65,000 employees, many of them have a specific task since the aforementioned scope is so grand. Try finding a way to economize when you are basically building a system for a small clerical office, and then doing it about 15,000 times with each iteration just different enough from the last to require constant rewrites.

Re:hire the girlsgonewild.com team, they can scale

These sites aren't developed by in house programmers.

Braidamaged, toxic, idiotic, retard conservative culture (You. You heard me. Did I fucking stutter?) has convinced everyone that nothing can be ever developed in house by a government, ever.

It all must be contracted out to whoever can bribe officials the best and can lie on their proposal the best. This method will always go over cost and under deliver. Every time. By design.

When the project blows up, conservatives blame the government and the cheating contractors are free repeat the process to line their pockets again.

Re:hire the girlsgonewild.com team, they can scale

[Curunir_wolf]

Braidamaged, toxic, idiotic, retard conservative culture (You. You heard me. Did I fucking stutter?) has convinced everyone that nothing can be ever developed in house by a government, ever.

It's known as "crony capitalism", or "Public-private-partnerships (PPP)", and we called it Fascism in the 1930's and 1940's. Leadership on the "progressive" or "liberal" side is at least as guilty of promoting these things as conservative culture, in fact it seems to be conservatives that want to back away from it, while the Democrats are doubling-down. It was the Democrat governor Mark Warner that handed all of Virginia's IT work over to Northrop Grumman many years ago. And, of course, the liberal appointees at Obama's HHS that outsourced the HealthCare.gov website for millions of dollars more than should have been spent to do it.

Missing Key Information

[NaCh0]

Until the vendors who are building this system get their company name in the headlines, the status quo will continue.

Re:Missing Key Information

[netsavior]

The contractor is Lockheed Martin, which is why it is not in the headlines.
Any time you ask them a question you get: "Well sorry, the reason it is late is classified." It is their typical scapegoat, so nobody even bothers asking them questions anymore.
"We have an excuse, we only work with the government, we didn't realize it actually had to work... we just thought we had to grease the right palms...Also we need more H1Bs please."

Re:Missing Key Information

[jcochran]

Oh good god...

I was a LM employee a few years back. Brought in on a project that was failing. And the main issue with the failure was their process.
For instance, LM was using Common Criteria and they were trying to get the system to EAL4. And frankly, getting there is quite doable. Unfortunately, management and the customers for the project didn't bother to actually understand anything about requirements.

For instance, in Common Criteria, your need to tailor the documents. An example would be this template being tailored to the system requirement:
FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of
failures occur: [assignment: list of types of failures in the TSF].

The above template is obviously intended to be tailored to include a list of possible or predictable failures upon which the system will still remain secure. But this is how LM tailored that little beauty:
FPT_FLS.1.1 The TSF shall preserve a secure state upon a partial system failure.

Notice how the tailoring totally removed anything concrete about the requirement? What kind of partial failure? How do you test it? When is it violated? etc, etc, etc, ad nasium.

And that kind of bullshit "tailoring" was done EVERYWHERE. There would be multi-hour meetings just change, tailor, and interpret specifications tailored that way. And any suggestion by anyone working in the trenches stating that the requirements were badly done and needed to be redone properly in order to actually get a functional system was met by "We can't do that, it would be too costly."

If the above paradigm was used on the Social Security project, I can definitely see why progress has been snail slow and over budget. They're most likely still attempting to get their specifications correct.

Re:Missing Key Information

[jeffmeden]

Until the vendors who are building this system get their company name in the headlines, the status quo will continue.

The other key information is this: The SSA has 65,000 employees and is in charge of a staggering $736B per year (as of 2011, and it continues to rise). And we are here having a pissing match about all the reasons that $300M is too much to spend on the system that is supposed to make sense of over 300 million "customers" (1 dollar per customer?) One half of one percent of their annual budget is too much to get this right? Most corps spend upwards of 10% of their annual revenue on IT, and surely the SSA is not most corps but the scope of what they do is really impossible to underestimate so a project in the hundreds of millions shouldn't make anyone flinch.

The real missing key information is exactly why this kind of story is surprising, on any level, to anyone? My gut says it's the fake shock of someone who would protest anything that came out of the SSA.

Re:Missing Key Information

[FrozenToothbrush]

Another huge thing is the continuous requirement changes from the government after the product is already developed.

A large IT project is late and over budget?

[jeffb+(2.718)]

I've never heard of such a thing. Thank goodness Slashdot is here to challenge our preconceptions.

Cue blaming the contractor ...

[gstoddart]

And, now they'll say it was all the fault of the contractor.

In reality, I suspect it's government infighting, poorly defined (and constantly changing) specs, and congress-critters trying to get a piece of the pie for their own districts.

They always blame the contractor but usually it's being managed by incompetent people without enough accountability and controls.

In fairness, I've seen a lot of legacy migrations fail, because it's often damned near impossible to understand the existing system well enough to write a replacement for it, and then you end up breaking everything which has been integrated with it for years.

I've been on a few large legacy replacement projects which fell squarely on their nose as the project progressed, largely because the system is vastly more complex than the initial analysis, and people make it impossible at every turn.

Re:Cue blaming the contractor ...

[Desler]

And why shouldn't they be blamed? These large contracting companies are largely incompetent. They get business by lobbying not competency.

Re:Cue blaming the contractor ...

[un1nsp1red]

In reality, I suspect it's government infighting, poorly defined (and constantly changing) specs, and congress-critters trying to get a piece of the pie for their own districts.

Sure, there's no doubt those things come into play. However, Lockheed isn't new here. They've dealt with plenty of government contracts, and they should be well aware of these conditions. Take your estimates and triple or quadruple them if you have to.

Re:Cue blaming the contractor ...

[kaiser423]

In fairness, I've seen a lot of legacy migrations fail, because it's often damned near impossible to understand the existing system well enough to write a replacement for it, and then you end up breaking everything which has been integrated with it for years.

Exactly. Nobody understands it all, nobody's around/in power long enough to see it through and often times there just isn't the political juice to make all of the silos cooperate effectively.

Last time I had to replace a whale of a system like this, we were able to target one silo and implement it there. You target one small silo, one manager of an area that you can hone in on and just focus your energies on getting through that. You rationalize the layout, put everything in databases, etc, etc such that it functionally can interoperate while being modern enough to adapt/change as you replace other silos. Then you move on to the next logical piece and build up from there while constantly refactoring.

This way you minimize your exposure, you minimize your need for political capital, you minimize the feature creep/scope change because there's just the one manager whom you stay aligned with daily, you gain understanding, etc. There's really no downside. The upside being that if you're thinking that "there's no way to section a part out" you immediately identify the problem of not knowing what the hell you're supposed to do and that you're without a modular architecture and solve that first!

Seriously, the DOD Test & Evaluation branch for all weapons, comms, and every other test lives, breathes and follows a "crawl, walk, run" principal where you try to bite off a little piece and then mature from there. The rest of the DOD still likes to just buy massive projects like this (JTTRS, JSF, etc anyone?!?), but the T&E community keeps maturing tech at a predictable, likely rate with minimal schedule/cost risk. You identify problems/show stoppers early and either cut off the bleeding or work around them.

If only IT and the government in general would accept this embedded idea of incremental growth it would be great. But alas, the government contracting offices really don't like that because it's hard to fit into the right CLINs, do EVMS on, etc, etc. So it's really rare to get the chance to properly approach these problems. So we satisfied the contracting office's need for one big large project on paper and in our organizational structure, but then had expeditionary teams doing "testing, prototyping and use case studies" that were actually doing the real work.

How much of this work has been, or was outsourced?

[ebusinessmedia1]

It would be interesting to know what % of this work was outsourced, or in-sourced, to foreign corporations/workers. Also, it would be interesting to know 1) how contracts for this work were let, and how they were monitored along the way; 2) what incentives for good work were included, or disincentives for bad work were included. Does anyone know?

Yeah right, "diability claims"

[smooth+wombat]

How man of us have either seen commercials or heard about lawyers colluding with doctors to get people to claim "disability" with the SSA even when they have nothing wrong with them?

This is definitely one of those programs which needs heavy monitoring to weed out waste and fraud, along with military procurement.

True story along the same lines. My dad had to appear in court regarding a disability (non SSA) claim one of the company employees claimed they had and why they couldn't come back to work.

During testimony, a video was shown of this person, who claimed they injured their back, lifting bags of cement over his shoulder and climbing up a ladder to do work. Obviously his claims were rejected and he was fired, but I'm sure we can find thousands of people on SSA "disability" who are doing the same thing.

Re:Yeah right, "diability claims"

[sandytaru]

I've heard about it, but I know precisely one person who is on SSI for disability - my sister who has schizophrenia - and she has the mental capabilities of a ten year old.

I have an acquaintance (not a friend, I don't like him) who threw out his back at work and tried for years to get SSI disability, to no avail. He was capable of working, he just didn't want to any more. (We have a lot of call centers here in town. Indoor work with no heavy lifting.) I think all the judges in his case knew that was his goal, which is why he kept getting turned down.

TL;DR - Despite what the commercials and stories say, I think the system is working as intended.

Re:Yeah right, "diability claims"

[weiserfireman]

I was in a meeting with our Workman's Comp Carrier recently

A representative of the carrier said "If a person doesn't return to work in 6 months, the odds are they will never work again in their life".

Made sense, 6 months is the disability term required to get SSI

its all about how the project is made

[Karmashock]

Contractors will give you two basic choices for contracts.

1. Pay for my time. Do what every you want, change what ever you want... but you pay for my time.

2. Specify the project in exact detail and the whole thing will get an over all bid to those specifications. Changes cost extra and may require an additional contract.

I'm assuming the government keeps going with option 1 and I'm thinking most of these issues would go away if they went with option 2.

Re:its all about how the project is made

[Tridus]

Speaking as a developer who works for a government, option 2 is rarely possible.

Keep in mind that the "government" is a collection of departments, branches, sections, or whatever you call them. Those are run by managers, which are run by more managers, which all have their own agendas, budgets, and powers to protect. Now add in politicians at the top, who change pretty regularly and have very different goals from everyone else.

So, in the best case scenario, at the start of a project everyone agrees on what it needs to do, what needs to be replaced, and everything else. You have specs, and you know what the goals are. Great! Then an election happens. New party in power, and priorites change. Now it has to do something else.

Oh, then a manager retires and a new one comes in. Now it has to do something else.

A new law is passed, now it has to do something else.

Someone changed their mind, and now it has to do something else. ... on, and on, and on it goes. This happens *all the time*. And that's if the people actually know what they want, which in my experience often isn't true in itself (like the Air Force ERP that didn't know how many systems it was replacing).

In a case where there is clear goals and strong management, #2 works great. Often times things just change too much and the only sensible way to accomplish anything is to go with #1 and do the project in smaller, more manageable pieces.

Re:Really, We Get What We Deserve

[ISoldat53]

The same thing happens in the private sector too. We just don't hear as much about it.

Re:How much of this work has been, or was outsourc

[gstoddart]

And, then contrast that to how much controls were on the people who oversaw it, how well they communicated/knew the requirements, how often they changed them, and how much political infighting they did.

I've been on several projects trying to replace legacy systems. And, as often as not, the client is fighting among themselves, the definitions are either never nailed down or are constantly shifting, and the people involved have no actual experience in managing large scale IT projects.

I'm more likely to think this is a management issue than an issue with who was doing the work.

Ask anybody who has been involved in such a project.

I was on one project that had 11 PMs (no, I'm not kidding), all with their own agenda, and no two of them could ever agree on anything.

It was a truly terrible experience. The people in charge of the existing technology didn't want change and actively sabotaged stuff. The various stakeholders were all trying to carve out their own little fiefdom, the users weren't consulted until late into the project, and the specs might as well have been written in smoke.

The people trying to actually build it were constantly being told "no, don't do that, do this" only to have someone else say "why the hell are you doing this when we told you to do that?". Heck, I've left a meeting one day where everybody said "OK, we agree to do this", only to have a directive come down a day later which said "we can't possibly do that".

Combine that with vastly complex legacy systems nobody really fully understands, because it's been hacked, extended, patched, and a zillion other things for a few decades and you end up with a complete mess.

As I've said elsewhere in this thread, my money is on a failure of the owners of the project to actually take ownership and responsibility, instead of endlessly changing their mind and finding other people to blame. Documenting all of the bullshit becomes a full time job, because you need to CYA for when things go wrong later.

Some problems simply can't be fixed with good technical staff. Because the technical staff is just there to be yelled at and be scapegoats for management incompetence.

No, they can't resist changing things

[Bruce66423]

The reality is that governments - be it in defence or eslewhere - are always moving the goal posts, and the contractors are running to catch up. So in theory option 2 is the best, but it usually doesn't work out as well as it really ought to. The UK is currently playing the same game with a new system for welfare benefits, and it's equally disasterous. And remember - the private sector is often as bad, they usually get to bury their mistakes without publicity!

Re:Sounds Like Beta

What are you talking about? Socialism?
It was Lockheed Martin that did this work.
A for profit company you know. Private business ALWAYS does it better right?
Good thing Lockheed Martin NEVER bungles a sweet Gov contract.
CEO got $25 million last YEAR for pay.. It's not like that is a significant portion of the wasted $300 million or anything.
That by the way was a raise.. Her pay doubled.
I mean, just because they waste millions of tax payers $$ every year does not mean that they should get poverty wages like little people.
Do you know how many pay offs, I mean donations they had to get to steal, I mean get awarded all that tax payer money??
I mean, think of all the time spent on the bribes, I mean sponsored outings, with policy makers!
It's hard work to drink all that booze and eat all that lobster!

Oh, wait, maybe you are just confusing crony capitalism and corruption with socialism.. Yea' maybe that is it.

Unlike liberal Texas

[raymorris]

Unlike Texas, where the state government employs thousands of programmers because they are so liberal. I just got out of a meeting with a bunch of government programmers from Texas. They'll all tell you the same thing - getting stuff done within red tape of a government agency takes them twice as long as long as it took them in the private sector jobs - unless there is a federal grant or contract involved, in which case it takes twenty times as long.

One project they did last year was for a federal government contract, for OSHA. They spent a year and a half developing the system, then during the beta test OSHA cancelled the project. This is after the feds had them write a system where it would print all the database records on paper, to be sent to the feds, who would manually enter it into a computer file, then send that file back to Texas, right back to the same agency who had sent it to them in the first place. That's about typical for the federal government. Government is one thing - it's supposed to be fair and deliberate, not far and efficient. The FEDERAL government is something else entirely.

Business as usual....

[erp_consultant]

I have worked for a number of government agencies and large contractors. This story does not surprise me in the least. What WOULD surprise me is to find a story where one of these large scale IT projects actually got completed on time and on budget. Now there's a story.

Probably a rehash for some but here is, in my opinion, the reasons these projects continue to fail:

1) The procurement and bidding process is flawed, particularly at the federal level. Many firms are forbidden to place bids on projects because that lack this or that credential. As a result, it's the same old players time and time again. IBM. Deloitte. Oracle. Honeywell. Lockheed Martin. Both the Democrats and Republicans know that it's broken and both of them have had a chance to fix it but don't.
2) Governments insist on doing "fixed bid" (i.e. flat rate) projects. In my experience, fixed bid projects almost always turn out poorly, Particularly for large scale projects. What ends up happening is that the project (for whatever reason) falls behind. But the deliverable dates stay the same. Eventually the contractor has to either go back and ask for more money, do the work at a loss, or start cutting corners.
3) Government managers, by and large, don't understand the concept of a budget. Often there are no consequences for finishing late or going over budget. They will still have a job tomorrow.
4) This one happens every time...you go into the project as 50/50 partners with a commitment from the client that they will devote X number of hours per week to the project and hold up their end. The problem is that the government managers have other stuff to do and can't devote X number of hours per week. If you're lucky you get X/2 hours per week. So critical decisions have to wait and delays occur.
5) For some government managers, big big projects are something they have no experience with. Last week they were trying to decide what color coffee maker to get for the break room. This week, they are installing SAP.
6) From the article..."It was supposed to replace 54 separate, antiquated computer systems used by state Social Security offices to process disability claims.". That is not a misprint. 54 antiquated systems. That is a huge undertaking. I would be willing to bet that at least a few of them have no documentation whatsoever. And the only person that knows how to run it retired a few years back. Good luck trying to unravel that mess.
7) The magic bullet theory. Time and time again I hear these management bozos (not just government ones either) spout off about how 'Software package X' is going to revolutionize how you do business..massive efficiency...streamlined processes. Bullshit. The software is only going to be as good as the decisions that are made along the way. And if you make mistakes on a few major decisions these really large software suites (SAP, etc.) can be nearly impossible to change once you start using them.
8) Team members that don't have a stake in the success of the project. Joe in accounting has been using the old antiquated system for the past 23 years. He's retiring in a few years. Do you really think that Joe wants to learn a brand new system? Not fucking likely. He won't get a raise or a bonus for all the extra work and he'll end up having to train his replacement. Meanwhile, his government manager has limited options for those that don't want to play.
9) Managers are unwilling, or unable, to change their convoluted business processes that are the root cause of these un-maintainable systems in the first place. Politics.
10) Lack of documentation. More than once I have been on projects where there is not a single page of documentation describing how the current systems works or what to do if something goes wrong. So you have to sit down and figure it all out yourself and that can take a lot of time.

Typical client exchange:

Me: "So tell me, why do you process Voucher payments in this fashion?"
Client: "Cause that's how Joe showed me to do it when he trained me."
Me: "And why di