Audit Report 4-19:Audit of SBA’s Information Systems Controls for FY 2003
Date Issued: Thursday, April 29, 2004
Report Number: 4-19

On April 29, 2004, the OIG issued Audit Report 4-19, the Independent Public Accountant or IPA’s report regarding the Audit of SBA’s Information Systems Controls for FY 2003 as part of the IPA’s audit of SBA’s FY 2003 financial statements.  The IPA found that the SBA continued to make progress in implementing its information systems security program, but that improvements were still needed.  The report describes areas where controls could be strengthened, such as:  (1) entity-wide security program controls, (2) access controls, (3) application software development and program change controls, (4) system software controls, (5) segregation of duty controls, and (6) service continuity controls.