Audit Report 2-18: Audit of SBA’s 2001 Financial Statement - Information Systems Controls
Date Issued: Monday, May 6, 2002
Report Number: 2-18

On May 6, 2002, the OIG issued audit report 2-18, the Independent Public Accountant or IPA’s report regarding the Audit of SBA’s 2001 Financial Statement - Information Systems Controls.  The IPA found that the SBA had made progress toward implementing its security controls program.  However, there were seven areas where improvements were still needed, specifically:  (1) Entity-wide security controls (with five recommendations); (2) Access Controls (with six recommendations); (3) Application Software Development and Program Change Control (four recommendations); (4) System Software Controls (four recommendations); (5) Segregation of duty controls (three recommendations); (6) Service Continuity Controls (two recommendations); and (7) Review of Mainframe Operations (two recommendations).