SBA faces fraud risks and IT security issues, IG says
The Small Business Administration has been inundated with potentially fraudulent offers for economic aid during the COVID-19 pandemic, at a time when increased workloads across the agency have distracted from the issues. computer security, the agency’s inspector general, Hannibal Ware, said Wednesday.
Economic relief programs associated with pandemic stimulus efforts, including the COVID-19 Economic Injury Disaster Loan (EIDL) program, were identified as one of the key management challenges for the SBA in the recent report. Office of the Inspector General (OIG) Biannual Report to Congress.
“COVID-19 relief efforts have diverted SBA resources from some day-to-day compliance activities. As a result, the SBA continues to experience security issues in the areas of user access, managing the configuration and security training,” the report said.
Ware told a Wednesday House Small Business Committee hearing that his office and oversight of the agency’s pandemic response efforts played a “critical role” in the recovery and economy of 4.2 billion in fiscal year 2021, with 366 indictments and 142 convictions associated with fraudulent activity in SBA’s direct lending programs. Still, he said the SBA lacks the resources to aggressively fight fraud, waste and abuse.
The SBA’s Office of Inspector General (OIG) identified $84 billion of potentially fraudulent activity in loans disbursed under the EIDL program, while the Paycheck Protection program recorded only $4.6 billion in potentially fraudulent activity. The SBA was directly responsible for overseeing the EIDL program, while private financial institutions played a key role in disbursing PPP funds.
Rep. Blaine Luetkemeyer (R-MO), a high-ranking member of the House Small Business Committee, described the SBA as the “one and only guardian” of the EIDL program and said the differences in its management from the PPP “do not cannot be overstated.”
The IG also said in its semi-annual report that inaccurate procurement data and eligibility issues within SBA programs undermined the reliability of contractor goal achievement, and noted significant challenges with IT investments and agency security checks.
Ware said “many safeguards have been put in place” in response to the pandemic, and added that some OIG recommendations to improve its security controls have been implemented in real time. He said the agency had taken steps to curb fraudulent activity by stopping bank number changes on loan applications and dealing with duplicate IP addresses.
But the IG acknowledged a longstanding lack of investment in IT security at the SBA, saying the agency’s current system development controls do not reflect the changing IT application landscape. He explained how some modernization efforts had apparently stalled, including the SBA’s beta certification management experiment, dubbed Beta Certify, which he said “still doesn’t work as promised.”
Asked about the additional resources needed to ensure that the OIG was performing effective oversight of the SBA’s pandemic response, Ware replied, “I think a reframing of the question might be: do we have enough oversight resources we will provide for pandemic lending several years after the pandemic?”
The SBA’s total IT expenditures in fiscal year 2021 were $128.9 million, compared to $140.9 million in 2020. The agency’s total IT investments for 2022 are $108.8 million, according to the Federal IT Dashboard. The agency is also one of the few to have established revolving funds, as permitted by the Government Technology Modernization Act. In its congressional budget justification, the agency said it plans to use the to support modernization projects in 2022, including cloud-based solutions and enterprise data capabilities to improve management. of its systems and services.