The Small Business Administration continues to drag its heels in upgrading IT security, but recently increased its work to fix more than 30 recommendations, a new GAO report said Thursday.

The report is a follow-up to the Government Accountability Office’s September findings on management challenges that made eight recommendations, including their continuing complaints about IT security for the agency that hands out billions in loans and guarantees to small businesses.

The GAO also complained that SBA has not implemented more than 30 SBA recommendations related to IT security, but a senior SBA official said the fixes are in the process of being made.

That’s not enough, the report said.

SBA established policies to consolidate the number of its data centers and manage software licenses for IT investments.

However, contrary to Office of Management and Budget guidance, SBA had not conducted regular reviews of its operational IT investments to ensure that they continue to meet agency needs, the report said.

“Until SBA fully implements all of the required IT management initiatives, the agency cannot provide reasonable assurance that its IT investments are cost effective and meet agency goals or are effectively managed,” the report said.

To read the report, click here.

Read More About