Skip to main content

Small Business Administration

Jump To:

Recent Reports

View More Reports

Open Recommendations (57 total)

IT Portfolio Management: OMB and Agencies Are Not Fully Addressing Selected Statutory Requirements

GAO-25-107041
Show
2 Open Recommendations
Agency Affected Recommendation Status
Small Business Administration The Administrator of the Small Business Administration should direct its agency CIO to work with OMB to ensure that annual reviews of their IT portfolio are conducted in conjunction with the Federal CIO and the Chief Operating Officer or Deputy Secretary (or equivalent), as prescribed by FITARA. (Recommendation 42)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of the Small Business Administration should direct its agency CIO to ensure they conduct a review in conjunction with the investment's program manager and in consultation with the Federal CIO, for major IT investments that have been designated as high risk for four consecutive quarters, as prescribed by FITARA, including identifying (1) the root causes of the high level of risk of the investment; (2) the extent to which these causes can be addressed (e.g., action items and due dates); and (3) the probability of future success (e.g., outcomes). (Recommendation 43)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

COVID-19 Relief: SBA and DOL Should Improve Processes to Identify and Recover Overpayments

GAO-25-106199
Show
3 Open Recommendations
Agency Affected Recommendation Status
Small Business Administration The Administrator of SBA should ensure that the Office of Capital Access expands and documents SBA's overpayment identification and recovery process for the PPP and COVID-19 EIDL program, as well as future programs, to include clear, formalized procedures for tracking all identified overpayments and subsequent recoveries. (Recommendation 3)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of SBA should ensure that the Office of Capital Access expands and documents loan review processes for the PPP and COVID-19 EIDL program and how loans are reviewed to identify overpayments. (Recommendation 1)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of SBA should ensure that the Office of Capital Access expands and documents the PPP guarantee purchase process to ensure that—prior to purchase approval—SBA has collected sufficient documentation to verify that lenders complied with program requirements. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

IT Modernization: SBA Urgently Needs to Address Risks on Newly Deployed System

GAO-25-106963
Show
5 Open Recommendations
Agency Affected Recommendation Status
Small Business Administration The Administrator of SBA should direct the Associate Administrator of SBA's Office of Government Contracting and Business Development to expeditiously address critical UCP project cybersecurity issues, including developing a plan for managing project cybersecurity risks and documenting a traceability analysis for project security requirements. (Recommendation 2)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that risks are identified and documented for IT modernization projects for all phases of the development lifecycle, including deployment. (Recommendation 7)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that security-related subject matter experts are involved in the contractor selection process for IT modernization projects. (Recommendation 12)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that parameters to categorize or analyze risks are clearly defined at the project level for IT modernization projects. (Recommendation 5)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Small Business Administration The Administrator of SBA should direct the Chief Information Officer to establish and implement policies and procedures to ensure that IT system acquisition plans and strategic plans for IT modernization projects contain all the information needed to manage cybersecurity risks, including how such risks will be managed, security milestones, how assets will be protected at a program or project level, and security-relevant criteria for selecting suppliers. (Recommendation 10)
Open
When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
View More Recommendations

Related Pages