Reports

Small Business Administration OIG

SBA’s Restaurant Revitalization Fund Program Award Practices

This SBA OIG pandemic oversight report reviewed the U.S. Small Business Administration’s Restaurant Revitalization Fund application review and approval process. The objective of this review was to determine whether the controls SBA implemented to award RRF program funds in accordance with the Act and other applicable guidance were effective. SBA developed an implementation plan including a risk framework that was intended to reduce the risk of making improper payments and awarding Restaurant Revitalization Funds (RRF) to ineligible recipients. However, the plan did not include all program...

Full Details: Oversight.gov Report Page

Audit | 3/26/2024

Small Business Administration OIG

Ending Active Collections on Delinquent COVID-19 Economic Injury Disaster Loans

The Small Business Administration's (SBA) Office of Inspector General (OIG) is issuing this management advisory to bring attention to concerns regarding SBA’s decision to end active collections on delinquent COVID-19 Economic Injury Disaster Loans (EIDL) with an outstanding balance of $100,000 or less. First, SBA’s decision to cease collections risks violating the Debt Collection Improvement Act of 1996, which prohibits ending collections on fraudulent, false, or misrepresented claims, because SBA OIG and other oversight agencies are continuing to work on identifying COVID-19 EIDL fraud that...

Full Details: Oversight.gov Report Page

Audit | 9/29/2023

1 - Open

To address concerns in the COVID-19 EIDL program, we recommend the Administrator direct the Associate Administrator for the Office of Capital Access to perform a comprehensive cost-benefit analysis, consistent with federal regulations, to include periodic comparisons of costs incurred and amounts collected on the portfolio of COVID-19 EIDLs of $100,000 or less to assess whether collection costs exceed recovery amounts.

2 - Open

To address concerns in the COVID-19 EIDL program, we recommend the Administrator direct the Associate Administrator for the Office of Capital Access to reevaluate and amend as appropriate the April 27, 2022 decision to end active collections contingent on the outcome of the more comprehensive cost-benefit analysis.

3 - Open

To address concerns in the COVID-19 EIDL program, we recommend the Administrator direct the Associate Administrator for the Office of Capital Access to ensure SBA does not end active collections pursuant to the April 27, 2022 decision on any COVID-19 EIDL of $100,000 or less made to borrowers who received multiple COVID-19 EIDLs that, when combined, exceed $100,000.

4 - Open

To address concerns in the COVID-19 EIDL program, we recommend the Administrator direct the Associate Administrator for the Office of Capital Access to ensure SBA does not end active collections on any COVID-19 EIDL that appears to be fraudulent, false, or misrepresented, including loans identified as such by OIG or other federal oversight entities, without 1) reviewing the loan application for fraud and 2) attempting active collection, at a minimum, regardless of the outcome of a comprehensive cost-benefit analysis.

5 - Open

To maximize the return to taxpayers, we recommend the Administrator direct the Associate Administrator for the Office of Capital Access to evaluate the COVID-19 EIDL portfolio, in collaboration with Treasury, to determine if selling the portfolio, including delinquent loans of $100,000 or less, is in the best interest of the government.

Small Business Administration OIG

SBA’s Oversight of Restaurant Revitalization Fund Recipients

We reviewed the U.S. Small Business Administration’s (SBA) oversight of Restaurant Revitalization Fund (RRF) recipients. The American Rescue Plan Act of 2021 authorized SBA to administer the RRF and provided $28.6 billion to assist eligible small businesses adversely affected by the Coronavirus Disease 2019 (COVID-19) pandemic. We determined program officials developed a plan for monitoring RRF award recipients use of funds and recovering unused or improperly awarded funds. However, program implementation was not executed in accordance with the plan. We made six recommendations for SBA to...

Full Details: Oversight.gov Report Page

Audit | 9/29/2023

Department of Homeland Security OIG

Ineffective Controls Over COVID-19 Funeral Assistance Leave the Program Susceptible to Waste and Abuse

The Federal Emergency Management Agency (FEMA) did not always implement effective internal controls to provide oversight of COVID-19 Funeral Assistance. FEMA’s funeral assistance program greatly expanded the universe of reimbursable expenses for deaths related to COVID-19, even beyond those specifically identified as ineligible under established FEMA policy, without establishing guardrails to ensure relief was limited to necessary expenses and serious needs as required by statute.

Full Details: Oversight.gov Report Page

Audit | 8/24/2023

1 - Open

We recommend that the FEMA Administrator resolve questioned costs totaling an estimated $24,438,662 for expenses deemed ineligible by FEMA’s Individual Assistance Program and Policy Guide and determine the amount of any debts owed by recipients for erroneous payments.

2 - Closed

We recommend that the FEMA Administrator resolve other questioned costs included in our report and determine the amount of any debts owed by recipients for erroneous payments. Other questioned costs requiring resolution include: a) $1,348,546 for awards issued to multiple applicants for the same decedents; b) $554,653 for awards issued for applications that exceeded the $9,000 per decedent award limit; and c) $591,805 for 93 applications for which FEMA did not adequately review eligibility criteria of the applications.

3 - Open

We recommend that the FEMA Administrator ensure that future iterations of the Individual Assistance Program and Policy Guide and supporting procedures (a) provide consistent guidance on eligibility of funeral expenses for all future disaster declarations; and (b) allow for reimbursement of only necessary expenses and serious needs, consistent with the law.

4 - Closed

We recommend that the FEMA Administrator strengthen and monitor improvement of FEMA’s COVID-19 Funeral Assistance training practices with particular focus on: a) distinguishing legitimate sources of potential duplication such as decedent’s name and social security number from potential duplications that arise due to FEMA using a repurposed Individual Assistance processing system, with a data field such as damaged dwelling address; b) preventing FEMA from reimbursing expenses exceeding the maximum $9,000 per decedent; and c) deducting financial assistance received from outside sources such as pre-need funeral arrangements, burial insurance, and assistance from other voluntary or government agencies.

5 - Open

We recommend that the FEMA Administrator ensure that FEMA provides its COVID-19 Funeral Assistance call center contractor the guidance and training necessary to meet the quality control and production monitoring metrics as prescribed by its agreement with the contractor.

Department of Homeland Security OIG

FEMA Did Not Effectively Manage the Distribution of COVID-19 Medical Supplies and Equipment

Although the Federal Emergency Management Agency (FEMA) worked with its strategic partners to deliver critical medical supplies and equipment in response to COVID-19, FEMA did not effectively manage the distribution process. Specifically, FEMA did not use the Logistics Supply Chain Management System (LSCMS), its system of record for managing the distribution process, to track about 30 percent of the critical medical resources shipped, as required.

Full Details: Oversight.gov Report Page

Audit | 7/20/2023

1 - Closed

We recommend the FEMA Administrator clarify existing guidance and ensure FEMA personnel use the Logistics Supply Chain Management System or an alternative integrated solution as the system of record during disaster response operations to manage the distribution of FEMA-owned commodities, supplies, and equipment as well as those sourced by FEMA from partners across the Federal Government, non-governmental organizations, and the private sector to fulfill state, local, tribal, and territorial requests.

2 - Open

We recommend the FEMA Administrator take action to develop and improve the Logistics Management Directorate’s internal controls, guidance, and system integration to obtain more accurate information that enhances logistics decision making regarding the fulfillment of commodity requests during disaster response operations. At a minimum, FEMA should: a. develop internal controls to ensure appropriate information related to facility types, intermediate locations, and transportation-only orders is accurately reported in the Logistics Supply Chain Management System or an alternative integrated solution; b. update guidance and deliver training to ensure there is a clear audit trail when aggregating distribution data on FEMA-owned commodities, supplies, and equipment as well as those sourced by FEMA from partners across the Federal Government, non-governmental organizations, and the private sector to fulfill state, local, tribal, and territorial requests; and c. improve integration between the Logistics Supply Chain Management System and the Web Emergency Operations Center Crisis Management System to ensure the systems are, to the extent practicable, compatible and share information as required by the Post-Katrina Emergency Management Reform Act of 2006.

3 - Open

We recommend the FEMA Administrator issue guidance and ensure a standardized process for collecting and maintaining documentation to confirm delivery and receipt of FEMA-owned commodities, supplies, and equipment, as well as those sourced by FEMA from partners across the Federal Government, non-governmental organizations, and the private sector to fulfill state, local, tribal, and territorial requests. At a minimum, the guidance and standardized process should: a. identify the required types of documentation to confirm delivery and receipt such as signed bills of lading, packing slips, and other forms; b. include controls to ensure the shipment documentation includes item descriptions and the specific quantity of items delivered and received; c. clarify the procedures for executing and documenting the delivery of commodities, supplies, and equipment to locations where no FEMA personnel are present to receive shipments; and d. establish appropriate repositories for delivery and receipt documentation.

Department of Homeland Security OIG

FEMA Did Not Provide Sufficient Oversight of Project Airbridge

The Federal Emergency Management Agency (FEMA) did not provide sufficient oversight of Project Airbridge, a COVID-19 initiative. Under unprecedented pressure to mitigate disruptions in global medical supply chains, FEMA established Project Airbridge.

Full Details: Oversight.gov Report Page

Department of Homeland Security OIG

FEMA’s Management of Mission Assignments to Other Federal Agencies Needs Improvement

Although the Federal Emergency Management Agency (FEMA) processed and obligated funds timely to other Federal agencies (OFA), it did not provide sufficient oversight to ensure OFAs used pandemic funding as required. Specifically, FEMA did not develop detailed cost estimates when initially establishing MAs, validate unliquidated and open obligations throughout the MA lifecycle, and verify cost eligibility against Public Assistance guidance before closing the MA.

Full Details: Oversight.gov Report Page

Audit | 9/30/2022

Department of Homeland Security OIG

FEMA Made Efforts to Address Inequities in Disadvantaged Communities Related to COVID-19 Community Vaccination Center Locations and Also Plans to Address Inequity in Future Operations

The Federal Emergency Management Agency (FEMA), in coordination with the Centers for Disease Control and Prevention (CDC) and other Federal and state partners, used the CDC Social Vulnerability Index (SVI) in an effort to identify and address inequities in minority and disadvantaged communities related to the locations of COVID-19 Community Vaccination Centers. Specifically, FEMA’s Civil Rights Advisory Group (CRAG) implemented a methodology that prioritized states based on the CDC SVI. This methodology sought to address differences in coronavirus disease 2019 (COVID-19) care and outcomes...

Full Details: Oversight.gov Report Page

Audit | 9/29/2022

Department of Homeland Security OIG

More than $2.6 Million in Potentially Fraudulent LWA Payments Were Linked to DHS Employees’ Identities

The Federal Emergency Management Agency (FEMA) did not implement controls to prevent state workforce agencies (SWA) from paying more than $2.6 million in Lost Wages Assistance (LWA) for potentially fraudulent claims made by Department of Homeland Security employees, or claimants who fraudulently used the identities of DHS employees to obtain LWA benefits.

Full Details: Oversight.gov Report Page

Audit | 9/28/2022

1 - Closed

: We recommend the FEMA Administrator develop and implement a standard risk assessment process before initiating new Federal
grant programs. This risk assessment should focus on identifying and evaluating program risks that may affect FEMA’s ability to prevent waste,
fraud, and abuse in its programs and mitigating those external risks to the extent practical.

2 - Closed

We recommend the FEMA Administrator conduct an after-action study of the Lost Wages Assistance program and update FEMA Individual Assistance programs based on the lessons learned from the study.

3 - Closed

We recommend the FEMA Administrator, when mandated to rely on eligibility determinations of non-FEMA programs, develop a process to assess the program controls and identify risk, where practical.

4 - Open

We recommend the Chief Human Capital Officer for DHS’ Management Directorate develop, implement, and communicate departmental
policies and procedures for the Unemployment Compensation for Federal Employees program to each component to ensure compliance with Federal requirements.

5 - Closed

We recommend the FEMA Administrator develop and implement a process to monitor whether grantees implement and use the controls attested to in FEMA-approved state administrative plans.

5 - Closed

We recommend the FEMA Administrator develop and implement a process to monitor whether grantees implement and use the
controls attested to in FEMA-approved state administrative plans.

6 - Closed

We recommend the FEMA Administrator develop and implement a process to review state administrative plans for consistency and
ensure they include fraud prevention and mitigation strategies.

7 - Closed

We recommend the FEMA Administrator de-obligate and recover any monies determined to have been obtained fraudulently or other
improper payments through the Lost Wages Assistance program from the state workforce agencies.

Small Business Administration OIG

COVID-19 and Disaster Assistance Information Systems Security Controls

This report presents the results of our audit to determine whether the U.S. Small Business Administration (SBA) maintained effective management control activities and monitoring of the design and implementation of third-party operated SBA systems. SBA needed information technology systems from third-party service providers that could improve the system efficiency and productivity to process high transaction volumes, transmit data between other information systems, and safeguard the integrity and confidentiality of the personally identifiable information processed by the programs. We found the...

Full Details: Oversight.gov Report Page

Audit | 9/27/2022

1 - Open

Ensure the existing SBA System Development Methodology is updated to include supply chain risk-management practices as required by OMB Circular A-130 and high-value asset system designation guidance. Also, ensure high-value asset system risks are incorporated into the enterprise risk management framework, as recommended by OMB M-19-03 and SBA SOP 90 47 6.

10 - Open

Implement an automated process to document and monitor system changes as recommended by NIST SP 800-53 Rev. 5.

2 - Open

Communicate and enforce the SBA System Development Methodology in which a traceability matrix is used to ensure that system requirements can be tested and demonstrated in the operational system. Ensure all requirements are aligned with the contractual acceptance criteria.

3 - Open

Implement in updated agency guidance, the requirements of OMB Circular No. A-123 that stipulate a SOC 1 Type 2 report is needed for all new and existing financial systems. This guidance should also require confirmation at least annually that the controls are functioning as designed.

4 - Closed

Enforce the requirement to establish and implement internal controls to ensure appropriate program officials perform and document contract reviews to ensure that information security is appropriately addressed in the contracting language, as required by OMB Circular A-130 and SBA SOP 90 47 6.

5 - Open

In conjunction with the Enterprise Risk Management Board, implement enterprise-wide privacy risk mitigation practices that can be assimilated into new and existing system program designs.

6 - Open

Complete an initial assessment and authorization for each information system and all agency-designated common controls before operation.

7 - Open

Transition information systems and common controls to an ongoing authorization process (when eligible for such a process) with the formal approval of the respective authorizing officials or reauthorize information systems and common controls as needed, on a time or event-driven basis in accordance with agency risk tolerance, as required by OMB Circular No. A-130 and SOP 90 47 6.

8 - Open

Review and update POA&Ms at least quarterly as required by SOP 90 47 6.

9 - Closed

Ensure data-sharing agreements are reviewed annually as required by SBA SOP 90 47 6.

Date Range

Report Type

Report Category

Submitting Agency

State/Local Agency

State (State and Local Reports)

Fraud Type

Agency Reviewed

Related Organizations

Management Challenges

Any Recommendations

Any Open Recommendations

Reports

SBA’s Restaurant Revitalization Fund Program Award Practices

Ending Active Collections on Delinquent COVID-19 Economic Injury Disaster Loans

SBA’s Oversight of Restaurant Revitalization Fund Recipients

Ineffective Controls Over COVID-19 Funeral Assistance Leave the Program Susceptible to Waste and Abuse

FEMA Did Not Effectively Manage the Distribution of COVID-19 Medical Supplies and Equipment

FEMA Did Not Provide Sufficient Oversight of Project Airbridge

FEMA’s Management of Mission Assignments to Other Federal Agencies Needs Improvement

FEMA Made Efforts to Address Inequities in Disadvantaged Communities Related to COVID-19 Community Vaccination Center Locations and Also Plans to Address Inequity in Future Operations

More than $2.6 Million in Potentially Fraudulent LWA Payments Were Linked to DHS Employees’ Identities

COVID-19 and Disaster Assistance Information Systems Security Controls

Glossary

Glossary name will go here