Featured Stories
SBA IG: 'U.S. Small Business Administration Office of Inspector General - Open Recommendations'
WASHINGTON, June 21 (TNSrep) -- The Small Business Administration Inspector General issued the following report on March 11, 2026 entitled "U.S. Small Business Administration Office of Inspector General - Open Recommendations."
Here are excerpts:
* * *
The Office of Inspector General (OIG) is issuing this report to show those recommendations from U.S. Small Business Administration (SBA) Office of Inspector General (OIG) reports that remained open as of December 31, 2025. As of that date, there were 174 open OIG recommendations. SBA provided updates for certain recommendations prior to the date
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The Small Business Administration Inspector General issued the following report on March 11, 2026 entitled "U.S. Small Business Administration Office of Inspector General - Open Recommendations."
Here are excerpts:
* * *
The Office of Inspector General (OIG) is issuing this report to show those recommendations from U.S. Small Business Administration (SBA) Office of Inspector General (OIG) reports that remained open as of December 31, 2025. As of that date, there were 174 open OIG recommendations. SBA provided updates for certain recommendations prior to the dateof this report which may still be under review by OIG. The status of each recommendation is subject to change as we independently review SBA's ongoing implementation.
* * *
The report is posted at: https://www.sba.gov/document/report-us-small-business-administration-office-inspector-general-open-recommendations
[Category: IGIGRep]
SBA IG: 'Semiannual Report to Congress'
WASHINGTON, June 21 (TNSrep) -- The Small Business Administration Inspector General issued the following report on May 22, 2026 entitled "Semiannual Report to Congress."
Here is the message from the inspector general:
* * *
I am pleased to present the U.S. Small Business Administration (SBA) Office of Inspector General's (OIG) Spring 2026 Semiannual Report to Congress. This report summarizes OIG's activities from October 1, 2025 through March 31, 2026. As an independent watchdog for the American taxpayer, our ongoing oversight work has identified hundreds of billions of dollars in funds at risk
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The Small Business Administration Inspector General issued the following report on May 22, 2026 entitled "Semiannual Report to Congress."
Here is the message from the inspector general:
* * *
I am pleased to present the U.S. Small Business Administration (SBA) Office of Inspector General's (OIG) Spring 2026 Semiannual Report to Congress. This report summarizes OIG's activities from October 1, 2025 through March 31, 2026. As an independent watchdog for the American taxpayer, our ongoing oversight work has identified hundreds of billions of dollars in funds at riskor paid to ineligible borrowers, ensuring strict accountability across all SBA programs.
While we maintain our aggressive pursuit of pandemic-era fraud, we are strategically refocusing our oversight on the SBA's flagship initiatives to root out fraud in the programs that fuel America's small businesses. We are aligning our resources to fully support the agency's "zero tolerance" stance on fraud. Our current efforts are focused on combating fraud, holding wrongdoers accountable, and safeguarding the integrity of the vital resources meant for legitimate entrepreneurs.
Simultaneously, our law enforcement efforts have intensified to bring remaining pandemic aid fraudsters to justice. We are concentrating on complex criminal schemes involving the Shuttered Venue Operators Grant and the Restaurant Revitalization Fund. Taxpayers rightfully expect us to recover stolen funds, and our agents are working tirelessly to uncover abuses and return money to the U.S. Treasury.
Collaboration remains essential in accomplishing our mission. With the launch of the Administration's Task Force to Eliminate Fraud and the U.S. Department of Justice's creation of its National Fraud Enforcement Division -- which is establishing the first-of-its-kind National Fraud Detection Center -- we are amplifying our enforcement posture alongside our partners. By leveraging strategic data-sharing agreements with federal agencies and across the inspector general community, we are breaking down silos to aggressively intercept stolen federal funds.
* * *
The report is posted at: https://www.sba.gov/document/report-semiannual-report-congress
[Category: IGIGRep]
SBA IG: 'Fiscal Year 2025 Federal Information Security Modernization Act'
WASHINGTON, June 21 (TNSrep) -- The Small Business Administration Inspector General issued the following report (No. 26-10) on May 19, 2026 entitled "Fiscal Year 2025 Federal Information Security Modernization Act (FISMA)."
Here is the executive summary:
* * *
What OIG Reviewed
This report summarizes the results of our fiscal year (FY) 2025 Federal Information Security Modernization Act (FISMA) evaluation of the U.S. Small Business Administration's (SBA) information security program, which represents a point-in-time assessment of conditions observed during the review.
Our objective was to
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The Small Business Administration Inspector General issued the following report (No. 26-10) on May 19, 2026 entitled "Fiscal Year 2025 Federal Information Security Modernization Act (FISMA)."
Here is the executive summary:
* * *
What OIG Reviewed
This report summarizes the results of our fiscal year (FY) 2025 Federal Information Security Modernization Act (FISMA) evaluation of the U.S. Small Business Administration's (SBA) information security program, which represents a point-in-time assessment of conditions observed during the review.
Our objective was todetermine the effectiveness of SBA's information security program and practices. The Office of Inspector General (OIG) contracted with an independent public accounting firm of auditors to assess SBA's adherence to FISMA requirements. The auditors used federal guidance issued by the Office of Management and Budget (OMB) to evaluate the agency's security controls and test a subset of systems for compliance with the requirements.
The guidance requires OIGs to use a 5-level maturity model to determine if domains, a defined area under specific control, were ad hoc, 1; defined, 2; consistently implemented, 3; managed and measurable, 4; or optimized, 5. Per OMB, a rating of managed and measurable (4) is the baseline for effective security controls. A rating of optimized (5) is above the baseline. Ratings of ad hoc, defined, and consistently implemented (1-3) are below the baseline.
What OIG Found
The auditors found SBA made progress in 1 of the 10 domains. The incident response domain was rated as optimized, exceeding the baseline for effective security controls. SBA regressed in three domains: information security and continuous monitoring, identity and access management, and risk and asset management.
Ultimately, the agency fell below the baseline for effective controls in 9 of the 10 domains. Specifically, the following three domains were rated as consistently implemented (3):
* Cybersecurity governance,
* Data protection and privacy
* Security training
The remaining six domains were rated as defined (2):
* Cybersecurity supply chain risk management,
* Risk and asset management,
* Configuration management,
* Identity and access management,
* Contingency planning,
* Information security continuous monitoring
Therefore, SBA's overall information security program has defined policies but it has not consistently implemented them, falling short of the OMB rating for effective security controls.
What OIG Recommended
There are 17 new recommendations to improve SBA's IT security program. Additionally, the agency continues to make progress on implementing 13 open recommendations from 4 prior evaluations (see Appendix 2).
Agency Response
SBA managers agreed and proposed corrective actions that resolved all 17 recommendations. Management plans to use software tools to complete security control assessments and automate risk management, establish or update policies and procedures where necessary, and centralize processes, among other improvements.
* * *
The report is posted at: https://www.sba.gov/document/report-26-10-fiscal-year-2025-federal-information-security-modernization-act-fisma
[Category: IGIGRep]
GSA IG: 'Unrestricted Summary: Audit of a GSA Information Technology System'
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report on March 26, 2026 entitled "Unrestricted Summary: Audit of a GSA Information Technology System."
Here are excerpts:
* * *
The GSA Office of Inspector General, Office of Audits conducted an audit of a GSA information technology (IT) system. Our audit objectives were to: (1) assess the security controls in place to protect the confidentiality, integrity, and availability of both the IT system and network resources; (2) assess the oversight of required security controls; and (3)
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report on March 26, 2026 entitled "Unrestricted Summary: Audit of a GSA Information Technology System."
Here are excerpts:
* * *
The GSA Office of Inspector General, Office of Audits conducted an audit of a GSA information technology (IT) system. Our audit objectives were to: (1) assess the security controls in place to protect the confidentiality, integrity, and availability of both the IT system and network resources; (2) assess the oversight of required security controls; and (3)determine whether the security controls in place meet the standards set by the Federal Information Security Modernization Act of 2014 and GSA IT policy.
We found that GSA needs to strengthen its oversight of the IT system to ensure sensitive data is protected. Our report included three findings and four recommendations related to IT security controls. The GSA Chief Information Officer agreed with our report recommendations.
Our report contains information that the GSA Office of Inspector General has determined is sensitive and, if disclosed, may adversely affect information security. Therefore, our report is restricted from public release.
* * *
The report is posted at: https://www.gsaig.gov/content/unrestricted-summary-audit-gsa-information-technology-system
GSA IG: 'Implementation Review of Corrective Action Plan: Audit of PBS National Capital Region's Asbestos Management in Building 40 of St. Elizabeths West Campus'
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report (No. A230046/P/R/R24003) on May 15, 2026 entitled "Implementation Review of Corrective Action Plan: Audit of PBS National Capital Region's Asbestos Management in Building 40 of the St. Elizabeths West Campus, Report Number A230046/P/R/R24003, May 1, 2024."
Here are excerpts:
* * *
We have completed an implementation review of the management actions taken in response to the recommendations contained in our May 2024 audit report, Audit of PBS National Capital Region's Asbestos
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report (No. A230046/P/R/R24003) on May 15, 2026 entitled "Implementation Review of Corrective Action Plan: Audit of PBS National Capital Region's Asbestos Management in Building 40 of the St. Elizabeths West Campus, Report Number A230046/P/R/R24003, May 1, 2024."
Here are excerpts:
* * *
We have completed an implementation review of the management actions taken in response to the recommendations contained in our May 2024 audit report, Audit of PBS National Capital Region's AsbestosManagement in Building 40 of the St. Elizabeths West Campus, Report Number A230046/P/R/R24003.
Objective
The objective of our review was to determine whether Public Buildings Service (PBS) has taken the actions as outlined in the corrective action plan for Audit of PBS National Capital Region's Asbestos Management in Building 40 of the St. Elizabeths West Campus (see Appendix A). To accomplish our objective we:
* Reviewed the original audit report to understand the recommendations and provide context to the corrective action plan;
* Met and corresponded with PBS management;
* Examined documentation submitted by PBS personnel to support completion of the corrective action plan steps; and
* Performed limited testing of PBS's implementation of the guidance and procedures contained in the submitted documentation.
* * *
The report is posted at: https://www.gsaig.gov/content/implementation-review-corrective-action-plan-audit-pbs-national-capital-regions-asbestos
GSA IG: 'GSA Is Not Consistently Addressing Deficient Security Fixtures at GSA-Controlled Facilities'
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report on March 24, 2026 entitled "GSA Is Not Consistently Addressing Deficient Security Fixtures at GSA-Controlled Facilities."
Here are excerpts:
* * *
Why We Performed This Audit
We performed this audit because of long-standing concerns over security vulnerabilities at GSA-controlled facilities, which include government-owned and leased office buildings, courthouses, land ports of entry, and warehouses. GSA has a responsibility to protect these facilities, working with the U.S.
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report on March 24, 2026 entitled "GSA Is Not Consistently Addressing Deficient Security Fixtures at GSA-Controlled Facilities."
Here are excerpts:
* * *
Why We Performed This Audit
We performed this audit because of long-standing concerns over security vulnerabilities at GSA-controlled facilities, which include government-owned and leased office buildings, courthouses, land ports of entry, and warehouses. GSA has a responsibility to protect these facilities, working with the U.S.Department of Homeland Security's Federal Protective Service (FPS).
Our audit objectives were to determine if GSA: (1) took actions to resolve or mitigate security fixture vulnerabilities identified in facility security assessments and (2) installed physical access control systems (PACS) that grant access to employees and contractors by electronically authenticating personal identity verification credentials at all active entry points in GSA-controlled facilities.
What We Found
The Interagency Security Committee's Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (RMP) establishes a single, formalized process for specifying the standards and guidelines to follow when determining federal facility security requirements. The RMP countermeasures outline the actions facilities must take to reduce the risk of a wide range of security threats unless a deviation is justified. Additionally, the RMP requires federal tenants to fund any approved countermeasures. In accordance with a 2023 memorandum of agreement between GSA and FPS, GSA is responsible for the installation, maintenance, and repair of security fixtures, such as [Redacted]*.
However, GSA is not consistently addressing deficient security fixtures at GSA-controlled facilities, leaving the facilities and occupants at risk from security threats. We found [Redacted]. We also found that at some facilities, [Redacted] and that, in some cases, [Redacted] . These deficiencies occurred because: (1) GSA staff were not consistently fulfilling their facility security responsibilities, (2) [Redacted] , and (3) funding constraints prevented the installation and upkeep of security fixtures.
What We Recommend
We recommend the GSA Administrator:
1. Enforce internal procedures to ensure that the Office of Mission Assurance and Office of Facilities Management perform their required facility security responsibilities.
2. In conjunction with FPS:
a. Conduct a nationwide assessment of outstanding deficient security fixtures.
b. Develop and implement a plan to repair, replace, or install security fixtures identified through the nationwide assessment.
c. [Redacted]
d. If GSA cannot secure funding to repair, replace, or install security fixtures, work with the Office of Management and Budget to establish a consistent funding stream to address current and future security fixture deficiencies.
GSA agreed with our report recommendations. GSA's response can be found in its entirety in Appendix D.
* * *
The report is posted at: https://www.gsaig.gov/content/gsa-not-consistently-addressing-deficient-security-fixtures-gsa-controlled-facilities
GSA IG: 'GSA Complied With the Payment Integrity Information Act for Fiscal Year 2025'
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report on May 15, 2026 entitled "GSA Complied with the Payment Integrity Information Act for Fiscal Year 2025."
Here are excerpts:
* * *
We performed an audit of GSA's compliance with the Payment Integrity Information Act of 2019 (PIIA) for Fiscal Year (FY) 2025. We have no reportable findings or recommendations resulting from this audit.
We performed this audit as a requirement under the PIIA. This law aims to improve efforts to identify and reduce government-wide improper payments.
... Show Full Article
WASHINGTON, June 21 (TNSrep) -- The General Services Administration Inspector General issued the following audit report on May 15, 2026 entitled "GSA Complied with the Payment Integrity Information Act for Fiscal Year 2025."
Here are excerpts:
* * *
We performed an audit of GSA's compliance with the Payment Integrity Information Act of 2019 (PIIA) for Fiscal Year (FY) 2025. We have no reportable findings or recommendations resulting from this audit.
We performed this audit as a requirement under the PIIA. This law aims to improve efforts to identify and reduce government-wide improper payments.The PIIA requires federal agencies to review their programs and identify those that are susceptible to significant improper payments. For programs identified, agencies are required to estimate, report, and reduce improper payments through corrective action. Within GSA, the Office of the Chief Financial Officer is responsible for financial reporting and ensuring compliance with the PIIA. The PIIA requires each agency's Office of Inspector General to assess agency compliance in six areas. Our audit objective was to determine if GSA complied with the PIIA for FY 2025.
* * *
The report is posted at: https://www.gsaig.gov/content/gsa-complied-payment-integrity-information-act-fiscal-year-2025
