Top Ten Management Challenges

U.S. Small Business Administration

December 2, 1999

Honorable Fred Thompson
Chairman
Committee on Government Affairs
SD-340 Dirksen Senate Office Building
Washington, DC 20510-6250

Dear Mr. Chairman:

This is in response to your request, dated September 22, 1999, for the ten most serious management challenges facing the Small Business Administration (SBA). You asked for our current assessment, including challenges that are particularly vulnerable to fraud, waste, error, or mismanagement, or agency programs or activities that otherwise pose significant risks. Our response is based on either specific reports, which are referenced in the individual write-up, or on general knowledge. Enclosed is the Office of Inspector General’s current list of challenges.

The current list contains part or all of eight of the ten challenges submitted last year. The two challenges that have been dropped from last year’s list were entitled "Recoveries in servicing and liquidation are not maximized" and "The Paperwork Reduction Act and the Privacy Act need to be rationalized with the Government Performance and Results Act to permit effective measurement of performance outcomes." The former was dropped because SBA has made substantial progress in liquidating its loan portfolio, including the sale of a group of loans it was servicing. Other sales are scheduled over the next few years. The latter challenge was dropped because it is an issue facing all agencies and the Congress; the solutions needed are outside the scope of SBA’s authority.

To focus better on the challenges faced by SBA, we made other changes from last year’s submission, which contained ten issues. Part of last year’s Loan Program Issue 1 ("Lenders are not held accountable for errors in loan processing and servicing") concerning the guarantee purchase controls remains as this year’s Loan Program Challenge 1 ("District Offices do not consistently apply SBA’s guarantee purchase requirements"). SBA recently agreed to establish a control process. We will assess its success at a future time.

We combined the need for better lender and borrower accountability (part of last year’s Loan Program Issues 1 and 2) into the new Loan Program Challenge 2 ("SBA needs to improve loan monitoring"). SBA has implemented some procedures during the past year, but plans to do more. We will be evaluating progress in this area over the next several fiscal years.

We added a new Loan Program challenge on the need for an effective oversight process for Small Business Lending Companies (SBLC). SBA conducted its first round of SBLC examinations this past year. Effective implementation of recommendations by SBA is essential to reduce program risks.

We split last year’s issue on "Fraud deterrence and detection requires continued emphasis" into two challenges this year ("Preventing loan agent fraud requires greater emphasis") and ("Borrowers in SBA’s business loan program need to have criminal background checks") to place increased emphasis on the two challenges. Legislation is needed to prevent fraud by performing routine criminal background checks (without fingerprints). SBA supported legislation regarding background checks on borrowers, and legislation was passed; however, the language was modified from SBA’s submission, and while it authorized criminal history checks, it did not require them. Without a firm requirement, the Federal Bureau of Investigation will not do criminal background checks without fingerprints.

The Minority Enterprise Development (MED) Program challenges also changed to some degree. Last year’s Issue 1 combined issues on "contract concentration" and "economic disadvantage." This year, they are presented as two separate challenges. Last year’s issue of "monitoring" has been combined with "economic disadvantage" because the monitoring that needed improvement was related to "economic disadvantage." This year’s third MED challenge ("limiting pass-through procurement activity") is basically the same as last year’s "excessive subcontracting" issue.

The two challenges on "information system controls" and "cost accounting" are basically the same as last year’s issues. SBA is making progress on both challenges, but implementation is a year or two away.

In response to your request that we identify programs that have questionable success in achieving results, we refer you to the three MED challenges. The problems associated with these challenges tend to limit widespread success in developing minority businesses because benefits are concentrated among relatively few participants, some participants continue to receive benefits after they are no longer qualified for the program, and many benefits pass through to large businesses.

We have included our responses to your remaining questions in the discussion on each challenge. If you or your staff have any questions, please do not hesitate to call me, or Peter McClintock, Deputy Inspector General, at (202) 205-6586.

	Sincerely,

	Phyllis K. Fong
	Inspector General

Enclosure

cc:

	Honorable Dan Burton
	Honorable Christopher S. Bond
	Honorable Jim Talent
	Honorable Harold Rogers
	Honorable Judd Gregg
	Honorable Jose E. Serrano
	Honorable Henry A. Waxman
	Honorable Nydia M. Velazquez
	Honorable Ernest F. Hollings
	Honorable Joseph I. Lieberman
	Honorable John F. Kerry
	Honorable John R. Kasich
	Honorable Pete V. Domenici
	Honorable Dick Armey

Management Challenges

U. S. Small Business Administration

December 1, 1999

LOAN PROGRAMS

Challenge 1. District Offices do not consistently apply guarantee purchase requirements.

District Offices do not always follow SBA’s requirements when purchasing a guarantee from a lender relating to a defaulted SBA guaranteed loan, resulting in purchases that may not be justified. This occurs because there is an inherent conflict between the competing goals of maintaining good relationships with lenders for the purpose of increasing loan volume and denying liability on a guarantee when the lender has not complied with SBA requirements. Further, there has not been an adequate review process to detect poor decisions. Consequently, unnecessary expenditures are made.

A 1997 OIG audit report on business loan guarantee purchases found that SBA did not consistently administer purchases of guarantees properly. FY 1998 audits of early default loans have shown that some District Offices have been reluctant to deny liability on a guarantee even when the lender ignored SBA policies and procedures.

The 1997 guarantee purchase audit, which sampled loans purchased in FY 1995, found 29 percent of the decisions were not supported by sufficient documentation to make an informed decision, or claims were paid when information in the file suggested the claim should have been denied or reduced. A statistical projection of the audit results indicated that an estimated $102.9 million in purchases were not supported by sufficient documentation when the decision was made, and guarantees totaling $16.2 million should not have been honored.

Audits of individual defaulted loans have shown similar results. In one instance, a 1998 audit found that SBA purchased a guarantee for $420,000 even though the lender had evidence of a material discrepancy between the financial statements and the borrower’s copy of the income tax return. The loan authorization required the lender to verify the borrower’s tax return with the Internal Revenue Service before disbursement. This requirement was reinforced by a letter from the District Office to the lender during the loan approval process. The lender, however, disbursed the loan before obtaining the income tax verification or notifying SBA of a difference of $430,000 in losses per the financial statements and the borrowers’ copy of the income tax return. The District Office did not agree with OIG’s recommendation to recover the amount paid from the lender.

In another instance, SBA paid $189,400 to purchase a guarantee from a lender that neither followed prudent lending procedures nor complied with SBA requirements. The Loan Guaranty Agreement requires lenders to take actions that will, consistent with prudent closing practices, fully protect or preserve SBA’s interests. The lender did not verify debt owed to senior creditors, allowed the borrower to improperly execute a standby agreement, and failed to notify SBA of unremedied adverse changes in the borrower’s financial conditions after the loan application was submitted. The improperly executed standby agreement permitted a creditor of the borrower to foreclose on the collateral, which seriously hampered SBA’s ability to recover the full amount owed through liquidation. Initially, the District Office agreed with the recommendation to recover the amount paid, but later reversed the decision to initiate recovery action.

Action Needed

Implement a process to (1) address the inherent conflict of interest that exists at the District Office level, (2) improve the consistency and quality of the purchase decision through staff specialization and an economy of scale, and (3) ensure that the Agency denies liability or reduces the guarantee when a lender has failed to comply with SBA requirements.

Establish a procedure requiring District Offices to record guarantees that have been repaired and report those results to Headquarters.

Action Taken

The guarantee purchase decision-making process for the SBAExpress loan program has been centralized. The Fresno Commercial Loan Servicing Center is responsible for the entire purchase process, effective for all requests received on or after October 30, 1998.

The Little Rock Servicing Center is responsible for the purchase process for loans made under the Section 504 program (Certified Development Company Loan Program). Centralization for the Section 504 program was completed in 1996.

The Agency is in the process of developing procedures to improve the guarantee purchase process for the Section 7(a) program. Recently, SBA management has agreed to take the following actions:

SBA will contract for an independent review of 10 percent of all loan purchase requests processed by the field offices. The review will include all loans identified by OIG as candidates for denying or reducing liability if the lender requests the guarantee to be purchased. If the review shows that the loan should not have been purchased, SBA will initiate action to deny or repair the guarantee.

SBA will track loan purchases, by field office, to identify any offices having shortcomings in processing guarantee purchase requests and initiate action, such as training, to correct the situation.

Reports

Business Loan Guarantee Purchases, 9/30/97, Audit Report # 7-5-H-011-026

Emergent Business Capital, 7/13/98, Audit Report # 8-7-F-013-020

Arkansas Capital Corporation, 7/31/98, Audit Report # 8-6-F-008-023

Significant Open Recommendations

The 1997 audit report contained recommendations to improve the quality of purchase decisions and to establish a procedure to record repairs and report those results to the Office of Capital Access.

Regarding recommendations to seek recovery on the guarantees relating to Emergent Business Capital and Arkansas Capital Corporation , SBA is reviewing legal issues.

Challenge 2. SBA needs to improve loan monitoring.

Private lenders are performing much of the loan underwriting, servicing, and liquidation functions which, until recently, were performed by SBA staff. To ensure compliance with SBA requirements, SBA must establish a better lender oversight program, improve its ability to identify lenders needing improvements in their performance, and ensure that borrowers comply with the terms of the loan agreement.

A recently completed audit (draft report issued) of Section 7(a) loan processing found that lenders did not consistently comply with 22 key processing procedures. Of

240 loans reviewed, 172 procedural deficiencies were noted for 120 loans. The deficiencies involved ineligible purpose of the loan, adverse change in financial condition not reported to SBA, lack of repayment ability, lack of capital injection, and use of proceeds for an unapproved or ineligible purpose. The audit results showed that 28 loans (12 percent) with guarantees totaling $3.7 million had deficiencies that could cause SBA to question part or all of the guarantee if a purchase request were received from a lender. Four of five non-compliances with SBA requirements occurred when SBA had limited or no oversight of lenders’ processing and disbursing actions. The non-compliances could be reduced by increasing lender oversight. According to SBA guidelines, District

Offices should have visited each lender annually unless a waiver was justified. Out of 147 lenders in our sample, only 33 (22 percent) received field visits by district personnel during FYs 1996 and 1997.

In July 1998, GAO reported that at five district offices visited SBA had not performed an on-site review of about 96 percent of the lenders in the past 5 years. Further, in some cases there was no evidence that lenders who had been SBA lenders for 25 or more years had received an on-site review. GAO concluded that SBA had no systematic means, without conducting periodic on-site reviews, to help ensure that lenders’ actions did not render loans ineligible, uncreditworthy, or uncollectible, thus increasing the risk of loss to the Agency. Lender monitoring is particularly important as SBA moves from direct involvement in loan approvals to increased reliance on participating lenders to perform loan origination, servicing, and liquidation.

SBA does not have a system to capture and summarize lender information to provide the Agency with adequate performance measurement data for loan monitoring. Information such as loan volume, loan origination quality, delinquency rates, default rates, and liquidations is not readily available. Collecting such information would allow SBA to identify lenders with potential problems and provide oversight to ensure that lenders’ actions are in the best interest of the Government.

Action Needed

Establish organizational responsibilities for lender reviews to ensure that all lenders are reviewed periodically, the results are documented, and recommendations are made to correct any problems found.

Establish a schedule of lender reviews and adhere to the schedule.

Develop and implement a loan monitoring system that will enable SBA to evaluate the quality of a lender’s SBA portfolio. Factors to be considered should include loan volume, loan origination, loan seasoning, and delinquency and default rates.

Establish baseline goals and measures for lender processing errors and periodically compare performance to goals.

Action Taken

SBA initiated a new Quality Service Review (QSR) of all District Office functions in FY 1999. The review is designed to ensure that critical program risk areas are reviewed and to inform management of any problems or issues. Another goal of the QSR is to identify "best practices" of the District being reviewed and share the practice(s) with other District Offices. Ten reviews are scheduled each year. In

FY 1999, SBA completed 10 reviews.

SBA has completed the initial on-site reviews of Preferred Lender Program lenders. OIG will evaluate the reviews as part of an audit of lender oversight scheduled to begin in FY 2000. SBA will establish baseline loan processing error rates. During subsequent 3-year periods lenders will be reviewed and evaluated against the established baseline. Only lenders with minimal SBA loan portfolios will be excluded from this procedure.

SBA is taking steps to establish an oversight office that will be responsible for the oversight function of all lenders and the organizations responsible for conducting reviews, such as the Preferred Lender Review Branch.

SBA has initiated steps to develop and implement a loan monitoring system to evaluate lender performance. The system will collect such data on lenders as delinquency default rates, liquidations, loan payments, and loan origination.

Reports

Draft Report on Section 7(a) Loan Processing, 9/15/99, and related District Office reports

Few Reviews of Guaranteed Lenders Have Been Conducted, 6/98, GAO/GGD-98-85

Significant Open Recommendations

The OIG draft report contains a recommendation to establish baseline goals and measures for lender processing errors and periodically compare performance to goals. Management has agreed to take appropriate action. When implemented, that action should satisfy the audit recommendation.

Challenge 3. SBA needs an effective oversight process for SBLCs.

Small Business Lending Companies (SBLCs), like all Section 7(a) lenders, provide relatively high-risk, SBA-guaranteed loans to small businesses that meet eligibility criteria set by the Agency. Because they are not banking institutions, SBLCs are subject to review only by SBA. The Agency needs to ensure that its oversight process effectively monitors how the SBLCs administer their credit programs, identifies potential problems, and keeps SBA losses to a minimum. The Agency has initiated a comprehensive review process that provides the information required for oversight. SBA now needs to develop follow-up procedures to ensure that corrective actions are implemented in a systematic and timely manner.

Typical SBLC borrowers are companies that have insufficient credit history or collateral to qualify for conventional business loans. Of approximately 7,000 Section 7(a) lenders, 14 are currently SBLCs. In FY 1999, SBA approved 4,445 SBLC loans valued at $2.4 billion, which was 24 percent of the total value of all Section 7(a) loans approved that year.

SBLCs are not reviewed by the Federal and State regulatory agencies that monitor the safety and soundness of financial institutions. Three SBLCs have been audited by OIG over the past seven years, but, until recently, they were not reviewed on a regular, ongoing basis. In FY 1998, the Agency began a program of comprehensive annual examinations of each SBLC with the support of another Federal regulatory agency. The results of these reviews, combined with previous work by OIG and GAO, confirmed the need for additional internal controls and improved risk management in the SBLCs. The findings also emphasized the need for SBA to exercise more effective oversight of the SBLC program.

Action Needed

Require each SBLC to establish an effective risk management system that will identify potential problems in a timely and accurate manner.

Ensure that SBA’s oversight process gives full consideration to the findings of the annual SBLC examinations and tracks the implementation of their recommendations.

Action Taken

In those instances where the examinations confirmed weaknesses in organizations that posed undue credit risk to the Agency and the program, SBA initiated corrective actions, including written correspondence and face-to-face meetings with these groups to work out constructive courses of action.

SBA referred loan file deficiencies of substantial magnitude to the OIG for review.

SBA tracked systemic deficiencies that require regulatory or procedural modification. These modifications are being incorporated into the Office of Lender Oversight Strategic Plan for implementation in FY 2000.

For SBLCs visited to date in the second year, examiners noted that steps were being taken in response to the first year recommendations, including lender process improvements, software applications development, and revisions to internal procedures.

Reports

Few Reviews of Guaranteed Lenders Have Been Conducted, 6/98, GAO/GGD-98-85

SBLC Examination Reports

Significant Open Recommendations

The reports mentioned above are not OIG products; therefore, there are no open audit or inspection recommendations.

MINORITY ENTERPRISE DEVELOPMENT

Challenge 4. More participating companies need to obtain contracting opportunities in the Section 8(a) program.

The Section 8(a) program provides significant contract support to a small number of the many eligible program participants. This occurs because SBA does not know the level of contract support, by industry, that is needed to overcome economic disadvantage nor does it have adequate procedures to preclude excessive contract awards. Consequently, some companies receive substantial benefits, while others receive little or none.

During FY 1998, when there were over 6,000 companies in the Section 8(a) program,

50 percent ($2.9 billion) of the dollar value of the contracts and modifications went to just 152 companies. (Section 8(a) contract modifications can be awarded to Section 8(a) companies after they leave the program.) One former company received over $140 million in Section 8(a) contract modifications during FY 1998.

Each of the top 10 companies (in terms of dollar value of Section 8(a) contracts and modifications) received an average of $56 million in Section 8(a) contracts and modifications in FY 1998. More than 3,000 Section 8(a) companies did not receive any contracts or modifications during the same period.

The purpose of the Section 8(a) program is to assist eligible small disadvantaged business concerns to compete in the American economy through business development. SBA has not determined how much contract support is required before a small disadvantaged business can compete in the American economy and, as such, has not determined an appropriate level of contract support that is needed to assist Section 8(a) companies.

Action Needed

Determine the levels of contract support that are required to overcome economic disadvantage and graduate participants once they reach those levels.

Actions Taken

SBA revised its regulations to limit participants (other than those owned by an Indian Tribe or an Alaskan Native Corporation) on sole-source awards to either five times the Standard Industrial Classification code criteria or $100 million, whichever is reached first. Once these levels are achieved, participants are still eligible for Section 8(a) competitive awards.

Reports

SBA’s FY 1998 Federal Managers Financial Integrity Act (FMFIA) Report to the President and the Congress

Significant Open Recommendations

SBA identified this challenge as a material weakness in the above report. There are no open audit report recommendations relating to this challenge.

Challenge 5. Participants who become wealthy are allowed to remain in the

Section 8(a) program and be considered economically disadvantaged.

Wealthy individuals are allowed to stay in the Section 8(a) program throughout a normal 9-year term of participation, contrary to the intent of the program. The Small Business Act requires that participants must be socially and economically disadvantaged, and it defines economic disadvantage as diminished capital and credit opportunities compared to owners of similar businesses that are not disadvantaged. SBA has not adequately determined the capital and credit opportunities available to non-disadvantaged owners. Further, a past evaluation found that many SBA employees did not have the ability to conduct these analyses. Therefore, participants may be allowed to continue to receive benefits even though they may not qualify for them, thus preventing those who do qualify from receiving benefits.

Section 8(a)(6)(A) of the Small Business Act states:

Economically disadvantaged individuals are those socially disadvantaged individuals whose ability to compete in the free enterprise system has been impaired due to diminished capital and credit opportunities as compared to others in the same business area who are not socially disadvantaged. In determining the degree of diminished credit and capital opportunities the Administration shall consider, but not be limited to, the assets and net worth of such socially disadvantaged individual.

According to its regulations, SBA reviews various factors when considering diminished capital and credit opportunities: personal income, personal net worth, the fair market value of all assets, and a comparison of the financial condition of the company with other small businesses in the same primary industry classification. While SBA obtains information on a number of factors when determining economic disadvantage, it relies primarily on one criterion: net worth. Net worth by itself, however, does not show whether an individual has diminished capital and credit opportunities. Further, the net worth dollar levels to remain economically disadvantaged -- $750,000 after excluding the value of the business and the primary residence – place participants in the upper tenth percentile of wealth for American families owning businesses, according to statistics in the Survey of Consumer Finances, conducted by the Federal Reserve Board in 1992.

In a 1994 audit of 50 large Section 8(a) companies, OIG found that 35 of the 50 participants were millionaires. Nevertheless, they were still classified as "economically disadvantaged." OIG also reported that SBA employees making these reviews erred in making net worth determinations and that these employees "did not always have the skills and time needed to adequately analyze personal net worth."

The law requires that SBA consider assets when determining economic disadvantage; however, SBA has not determined the level of assets needed to overcome economic disadvantage. The 1994 audit found that SBA employees did not determine whether the participant accumulated excessive total assets.

A February 1996 SBA evaluation of annual reviews conducted by field staff raised questions about the ability of the field staff to conduct such analyses. The report noted that the staff’s financial analyses were very poor; staff members did not fully understand the concepts of economic disadvantage, financial condition of the firm, and access to capital; and the annual reviews contained few comparisons of the condition of Section 8(a) firms with similar businesses.

Action Needed

Redefine "economic disadvantage" using objective, quantitative criteria that effectively measure capital and credit opportunities.

Based on this new definition, create an automated capital and credit-scoring model to evaluate capital and credit opportunities of applicants and participants.

Provide sufficient financial and analytical training to the business opportunity specialists to enable them to evaluate a company’s business profile and competitive potential.

Action Taken

SBA has added provisions to the regulations to close a loophole whereby Section 8(a) applicants and participants could transfer assets to family members.

Annual review procedures were modified and some training was provided to SBA field staff.

The Associate Deputy Administrator for Government Contracting and Minority Enterprise Development agreed to set up a task force to address certain aspects of economic disadvantage. He stated that the task force will begin by December 31, 1999, and will issue its recommendations by

June 30, 2000.

Reports

Audit Report on Section 8(a) Program Continuing Eligibility Reviews, 9/30/94, Report # 4-3-H-006-021

Significant Open Recommendations

There were 13 recommendations in the above report. Three recommendations still need to be implemented. These three recommendations concern

(1) modifying criteria used for determining one aspect of economic disadvantage,

(2) establishing a standard form for reporting net worth of Section 8(a) participants, and (3) establishing criteria for when these forms must be reviewed or compiled by an independent public accountant.

Challenge 6. SBA does not enforce its rules to limit pass-through procurement activity to non-Section 8(a) participants.

The Section 8(a) program is intended to be used exclusively for business development purposes to help small businesses owned by "socially" and "economically" disadvantaged persons compete on an equal basis in the mainstream of the American economy. To ensure that the business development aspects of the program accrue to its participants, SBA has rules to preclude a pass-through of a Federal contract to a non-participant; however, OIG audits have found that the rules are not enforced by SBA. As a result, many non-Section 8(a) companies benefit from the Section 8(a) program.

One rule limits the amount of a contract that can be subcontracted; however, the amount varies depending on the type of contract instrument used. For example, for service contracts, at least 50 percent of the cost of contract performance incurred for labor must be expended for employees of the Section 8(a) company. OIG auditors believe that excessive subcontracting is a common problem because determining labor cost is difficult and can be easily manipulated; therefore, little attention is given to the problem by Agency officials.

Another rule requires that supply contracts must either be filled by the manufacturer of the end item or by a company that meets SBA’s criteria for a "non-manufacturer."

SBA’s definition of a manufacturer has been liberally interpreted to allow a Section 8(a) company to make a minor modification to a finished product manufactured by another company. The product that is manufactured by the non-Section 8(a) company is considered to be a "basic material" for the new product; hence, the Section 8(a) company is credited with creating a new product. This occurs frequently with computer equipment, and OIG audits have found instances where 80 percent or more of the contract costs pass through to large computer manufacturers.

The non-manufacturer rule includes requirements that the Section 8(a) company must be engaged in wholesale or retail trade and must sell the item being supplied to the general public. This rule is intended to promote the business development of the retailer or wholesaler and to preclude brokering, packaging, or pass-through contracts.

In a June 1998 audit report, OIG recommended that the Associate Deputy Administrator for Government Contracting and Minority Enterprise Development (ADA/GC&MED) "provide definitive guidance and definitions to evaluate the manufacturing criteria at 13 CFR 121.406." The ADA/GC&MED agreed with the recommendation and stated that he planned to solicit comments from the business community and have specific discussions with businesses in computer-related industries. As of November 1999, SBA still had not clarified the manufacturing criteria.

Starting in 1997, SBA entered into Memoranda of Understanding (MOUs) with various agencies delegating Section 8(a) contract administration to those agencies. SBA should ensure that either SBA or the procuring agencies enforce the rules on excessive subcontracting and manufacturing.

Action Needed

Develop a formula for calculating labor costs that can be easily understood, uniformly enforced, and withstand manipulation. OIG has suggested that the calculation be based on a percentage of the total contract value, instead of one cost component; this method had been used in the past by the Agency.

Tighten the definition of "manufacturing" to preclude the practice of making only minor modifications to the products of other manufacturers.

Action Taken

On April 1, 1999, SBA published a request for comments in the Federal Register on the practice of making minor modifications to the products of others.

Reports

Audit of the Administration of the Section 8(a) Program Work Performance Requirements, 3/31/93, Report # 3-2-C-002-033

Audit Report on the National Oceanic and Atmospheric Administration Computer Workstation Contract, 6/18/98, Report # 8-7-002-017

Significant Open Recommendations

Two of the four recommendations in the 1993 audit report still need to be implemented. One concerns complying with non-manufacturer provisions on Section 8(a) contracts, and the second concerns monitoring compliance with the work performance requirement on Section 8(a) contracts. The recommendation to provide definitive guidance and definitions to evaluate manufacturing criteria contained in the 1998 report also has not been implemented.

GENERAL MANAGEMENT

Challenge 7. SBA needs to develop and implement a program-based cost accounting system.

The Chief Financial Officers Act of 1990 requires agencies to develop and report cost information and systematically measure performance. In addition, reliable and relevant cost information is essential for measuring efficiency, which should be included in SBA’s performance goals under the Government Performance and Results Act (GPRA). In 1995, the Federal Accounting Standards Advisory Board (FASAB) issued a Federal Financial Accounting Standard on cost accounting which provides guidance for the development of cost accounting systems. The FASAB also urged Chief Financial Officers to give priority to implementing its requirements.

Historically, a major impediment to the implementation of cost accounting within the Federal government has been the reluctance of program managers to pay much attention to financial management or to accept cost accounting as a useful management tool. Under current cost cutting initiatives and the GPRA requirement for performance measurement, program-based cost accounting information would be an invaluable tool for evaluating program efficiency within SBA and measuring results.

Action Needed

Determine how a program-based cost accounting system will be structured and used within SBA.

Identify milestones and assign resources to implement a program-based cost accounting system in a timely manner.

Action Taken

SBA developed a cost allocation methodology to assign FY 1998 costs to each major program, activity, and function. The methodology, however, was based on interviews with a small number of Agency employees, not actual time and cost data or a statistical sample of time and cost data. Consequently, it does not appear to provide the level of accuracy and reliability desirable for measuring program performance and improving efficiency.

For FY 1999, SBA refined its cost allocation methodology to obtain broader coverage of Agency activities. It relies on SBA managers completing a questionnaire covering their staffs’ activities over the preceding year. Again, the methodology does not use actual time and cost data; therefore, it does not provide the accuracy needed to measure program performance and improve efficiency.

SBA included development and implementation of a cost accounting system in its "Systems Modernization Initiative, Phase II," scheduled for completion in 2004.

Reports

SBA’s FY 1998 FMFIA Report to the President and the Congress

Significant Open Recommendations

The above report is not an OIG product; therefore, there are no open audit recommendations.

Challenge 8. Information system controls need improvement.

SBA programs and operations depend more and more on automated, often interconnected, systems and on electronic data rather than on manual processing and paper records. Current initiatives include paperless loan applications, use of digital signatures, expanded Internet access, and electronic data interchange. Reliable and accessible data is also essential for GPRA performance reporting. This increased reliance on automated systems has increased the risk of fraud, inappropriate disclosure of sensitive data, and disruption of critical operations and systems. To guard against such problems, SBA must take steps to understand its information security risks and implement policies and controls to reduce these risks.

For several years, SBA’s financial statement audits have identified weaknesses related to controls over the Agency’s automated information systems. The audit of SBA’s FY 1997 financial statements noted the following issues, and most were also present in the audit of SBA’s FY 1998 financial statements:

Entity-Wide Security. SBA has not implemented a comprehensive entity-wide security program for its key information systems. The Office of the Chief Information Officer (OCIO) has developed a framework, but has not (a) performed necessary risk assessments, (b) prepared detailed security plans, (c) identified incompatible duties, and (d) established compensating controls for its key systems. OCIO stated that, because of a lack of resources, it has been unable to implement its entity-wide security program. As a result, unauthorized alteration and corruption of data could occur and remain undetected. OMB Circulars A-130 and A-123 require that agencies establish comprehensive entity-wide security programs.

Access Controls. Computer programmers had unnecessary privileges that permitted remote access to the Loan Accounting System (LAS) data and programs. This increased the risk that unauthorized activities and transactions could occur without detection. Information systems standards require that programmer access be held to an absolute minimum.

Application Development and Change Control. SBA implemented business software applications without formal certification and in the absence of Agency-wide standards for non-mainframe application development. The new Surety Bond system was put on-line prior to certification, and field offices were developing microcomputer applications without standards to ensure that the systems will (a) meet users’ needs; (b) provide useful, reliable, and accurate information; and (c) protect the Agency’s interests.

Service Continuity. SBA did not have service continuity plans in place for all of its systems. OCIO was developing a plan to address disruption of the LAS, but SBA had not arranged for alternative facilities for the Office of Financial Operations or Federal Financial System data processing. Should either of these facilities incur a disaster, SBA would suffer significant disruptions to key business activities. OMB Circulars A-130 and A-123 require agencies to take steps necessary to minimize risks that impact their ability to meet critical mission functions.

Data Authorization, Completeness, and Accuracy. Quality assurance controls for major applications did not ensure data accuracy, reliability, and completeness. For example, loan disbursements and balances were reported differently in the Data Communications System, Automated Loan Control System, and LAS. In addition, data entry edits did not preclude a $26,500 charge-off of accrued interest on an account that did not have accrued interest, nor prevent a change in loan status to "Paid-in-Full" on a loan with a $58,000 outstanding balance. In other cases, non-financial borrower information was missing or inaccurate. Although not affecting the financial statements directly, these problems weakened SBA’s ability to collect monies owed and recover collateral.

Segregation of Duties. OCIO and SBA field offices share security responsibility for the LAS. OCIO is the master security administrator, and the field offices are responsible for local security administration. Although OCIO had established a policy to prevent local security officers from having conflicting and incompatible duties, in 2 out of 15 offices surveyed, the security officer was also a liquidation supervisor. This created a segregation of duties issue because the same individuals had access to users’ passwords and identifications, as well as access and control over liquidation documents.

Action Needed

Improve information system and management controls in the areas of (1) entity-wide security, (2) access controls, (3) application development and change control, (4) service continuity, (5) data authorization, completeness, and accuracy, and (6) segregation of duties.

Action Taken

While improvements were made in FY 1999, particularly in service continuity planning, systems security issues remained generally the same through most of the year. In September 1999, the Agency established a senior management committee to implement an Agency-wide security program, allocated funds, and approved a plan to engage contractor support and hire additional staff for its information technology security program.

Reports

SBA's FY 1997 Financial Statements, 3/2/98, Audit Report # 8-7-H-008-010

SBA’s Information Systems Controls, 9/2/99, Audit Report # 9-19

Significant Open Recommendations

SBA has begun to implement OIG recommendations as described above.

FRAUD DETERRENCE AND DETECTION

Challenge 9. Preventing loan agent fraud requires greater emphasis.

Loan agents provide referral and loan application services to prospective borrowers or lenders for a fee. Some agents, particularly loan packagers, have been involved in a variety of fraudulent schemes, such as submitting false tax returns or other financial data, charging the borrower excessive fees, using fictitious names on SBA forms, exaggerating their ability to gain loan approval, acting in illegal collusion with officials of lending institutions, conspiring with borrowers to submit false loan packages, and performing other illegal acts. These schemes, which have been copied from one fraudulent agent to another, have resulted in loan purchases by SBA and, ultimately, the taxpayers.

In the 3-1/2 years ending June 30, 1999, in the Section 7(a) program alone, criminal investigations had been initiated on 60 individuals involving loan applications handled by 11 loan agents. The loan volume associated with these investigations exceeded $84 million. Allegations involving loan agents continue to be reported to OIG. Moreover, because the Internet allows everyone to reach a national audience, dishonest loan agents can expand the scope of their fraudulent activities. At the same time, the Agency may not have adequate staff to monitor loan agent activity.

To address concerns about some agents’ activities, SBA’s Committee on Loan Packager Reforms in 1996 recommended establishing a code of conduct, training curriculum, database of packagers, and improved disclosure of fees. Moreover, a March 1998 OIG inspection report identified efficient ways to reduce fraud by loan packagers and other loan agents. To avoid fraud, criminal background checks are needed on all loan agents. Legislation is needed to enable SBA to use social security numbers for background checks.

Action Needed

Submit a legislative proposal requiring that (1) all loan agents provide SBA with the information necessary to conduct a criminal background check, including a social security number, and (2) SBA conduct criminal background checks on all loan agents.

Identify loan agents and track their association with individual loans.

Action Taken

OIG recently submitted to the Agency for further action, a legislative proposal making loan agents subject to National Crime Information Center (NCIC) criminal history checks.

SBA’s Office of Financial Assistance (OFA) has drafted a revision of the compensation agreement to be used as a first step in registering loan agents. This form is currently going through the Agency’s internal clearance process.

OFA is working with the Office of the Chief Information Officer on the collection and tracking of relevant data elements for a loan agent monitoring system. OFA plans to have full implementation during FY 2001.

Report

Loan Agents and the Section 7(a) Program, March 1998, Inspection Report # 98-03-01.

Significant Open Recommendations

Final action on the first recommendations has not been completed because of the lack of statutory authority, as summarized above. Other actions to address the second recommendation are in process.

Challenge 10. Borrowers in SBA's business loan program need to have criminal history background checks.

Borrowers who do not disclose past criminal histories have higher rates of default on SBA loans than those who either disclose their records or have no criminal histories. SBA does not have sufficient statutory authority to perform routine background checks. As a result, losses are higher than necessary.

Past OIG studies have revealed problems with the accuracy of the criminal history information provided by loan applicants on SBA’s Form 912, Statement of Personal History. To determine the extent of the problem, OIG initiated proactive investigations called Operations Cleansweep and Cleansweep II. Operation Cleansweep showed that almost 12 percent of the defaulted loans involved borrowers who failed to disclose their criminal records. A number of audits have also documented misrepresentation by borrowers of their criminal history. Most recently, an audit of 240 loans found that 8 percent of the 429 borrowers failed to disclose their criminal records.

After Cleansweep II, OIG estimated, based on lending at $11 billion per year, that the potential loss to the Government stemming from these false certifications could exceed $27 million. To avoid significant losses, criminal background checks are needed on all applicants.

Both the Congress and the Administrator have expressed support for a more rigorous check of an applicant's criminal history. The Small Business Reauthorization Act of 1997 (Public Law 105-135) authorized an expanded check on criminal histories of loan applicants. Subtitle D – Miscellaneous Provisions, Section 231, Subsection B, Background Checks, states that

Prior to the approval of any loan made pursuant to this subsection . . . the Administrator may [emphasis added] verify the applicant’s criminal background, or lack thereof, through the best available means, including, if possible [emphasis added], use of the NCIC computer system at the Federal Bureau of Investigation.

While useful, the law does not require a criminal background check on every applicant. Unless an agency is granted a Special Purpose Code (SPC) allowing access for administrative purposes, the FBI's National Crime Information Center can be used to check on an applicant's criminal history only in support of a criminal investigation. To obtain an SPC, the requesting agency must have a legislative requirement. The language contained in Public Law 105-135 does not meet this test.

Verification of the criminal history of all business loan applicants would allow SBA to: (1) detect fraudulent applications early in the process, so they may be referred for appropriate criminal and/or civil action; (2) reduce the Government's losses by preventing fraudulent loans from being disbursed; and (3) provide a heightened level of deterrence through increased enforcement actions. The SBA OIG believes there is no other effective, efficient method available to achieve these goals while allowing for the uninterrupted flow of the loan process. OIG estimates that the start-up cost for initiating such a verification program would be approximately $1 million.

Action Needed

Legislation requiring that (1) all business loan applicants provide SBA with the information necessary to conduct a criminal background check, including a social security number, and (2) SBA conduct criminal background checks on all business loan applicants.

Sufficient funding to permit OIG to perform background checks on all business loan applicants.

Action Taken

SBA supported a change in legislation, but the final language passed by the Congress did not provide the authority needed.

Reports

Fraud Detection in SBA Programs, November 1997, Inspection Report # 97-11-01

Operation Cleansweep Memorandum

Significant Open Recommendations

Final action has not been completed because of the lack of statutory authority, as summarized above.