An OIG Audit Report found that the Social Security Administration found that “the FY 2011 financial statement audit again identified a significant deficiency for financial statement reporting. It should be noted that a financial statement significant deficiency in internal control does not necessarily rise to the level of a significant deficiency as defined in FISMA.”
SSA cited budget cuts as being responsible for the FISMA shortcomings. Specifically, the agency informed the OIG that,
Due to budget cuts, the Social Security Administration (SSA) stated that it did not update the System Security Plans for two of its general support systems and did not perform annual security tests on them.
The complete audit report is attached below.