Audit Report 3-20: Audit of SBA’s Information Systems Controls for FY 2002
Date Issued: Monday, March 31, 2003
Report Number: 3-20

On March 31, 2003, the OIG issued audit report 3-20, the Independent Public Accountant or IPA’s report regarding the Audit of SBA’s Information Systems Controls for FY 2002 as part of the IPA’s audit of SBA’s FY 2002 financial statements.  The IPA found that the SBA continued to make progress toward implementing its information systems security program, but that improvements were still needed in areas such as: (1) entity-wide security program controls; (2) access controls; (3) application software development and program change controls; (4) system software controls; (5) segregation of duty controls; (6) service continuity controls; (7) review of mainframe operations, and (8) JAAMS applications controls.