The U.S. Small Business Administration (SBA) said it’s working on a list of longstanding IT management problems previously flagged by the agency’s inspector general, and it estimates taking action on most of those by Aug. 30 of this year.
That list of promised IT management fixes – responding to problems that have been identified for several years by the agency’s inspector general (IG) – was identified in an SBA IG report published on March 29.
The IG said in a management advisory delivered to SBA Administrator Isabella Casillas Guzman that “OIG has reported on significant IT investment internal control issues over the last 6 years, which the agency has also identified without taking meaningful action to resolve.”
The IG said those issues include: “The governance board did not meet as required to oversee IT investments, performance against established baselines was not reported, critical system capabilities were missing, and corrective actions were not taken for underperforming investments.”
The IG said those IT management problems were evident in its review of “seven major investments, totaling $317 million during the FY 2020–2022 period.”
“We also identified the lack of business cases to justify new or modified investments,” the IG said. “In addition, post-implementation assessments were not performed to determine whether the investment fully met its objectives.”
“These issues require immediate attention as a strong IT governance framework enables the agency to achieve mission goals and objectives while safeguarding taxpayer funds,” the IG said. “An efficient IT framework will help the agency better deliver SBA programs and services, particularly in times of crisis.”
The IG said it offered six recommendations to SBA to correct the problems, and that the agency agreed with five of those and partially agreed with the other.
“To address these recommendations, the agency is planning to implement corrective measures, including updating applicable policies, procedures, and evidentiary documentation,” the IG said. “Management plans to use existing capabilities, schedule consistent Business Technology Investment Council meetings, and consistently perform IT investment monthly ratings.”
In a response to the IG’s findings, Stephen Kucharski, acting CIO at SBA, said that his office “continues to make progress building a strong IT governance framework that will enable the agency to achieve its mission goals and objectives, as well as promote risk reduction and value add to IT investments.”
“Through an extensive revision of its oversight policies and processes, IT investments will integrate under a unified IT governance framework to address essential entitywide controls,” he said. “The framework is still in development, but when operational, IT acquisitions and investments will be systematically reviewed for adherence to all Federal acquisition and security policies. We anticipate remediation of the below recommendations by August 30, 2024.”