oversight

Small Business Administration: Better Planning and Controls Needed for Information Systems

Published by the Government Accountability Office on 1997-06-27.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                 United States General Accounting Office

GAO              Report to the Chairman, Committee on
                 Small Business, U.S. Senate



June 1997
                 SMALL BUSINESS
                 ADMINISTRATION
                 Better Planning and
                 Controls Needed For
                 Information Systems




GAO/AIMD-97-94
                   United States
GAO                General Accounting Office
                   Washington, D.C. 20548

                   Accounting and Information
                   Management Division

                   B-276775

                   June 27, 1997

                   The Honorable Christopher S. Bond
                   Chairman, Committee on Small Business
                   United States Senate

                   Dear Mr. Chairman:

                   This report contains the results of our review of the Small Business
                   Administration’s (SBA) efforts to develop a risk management database and
                   a loan monitoring system. SBA is developing the database to comply with
                   requirements of the Small Business Programs Improvement Act of 1996.
                   SBA is also planning to develop a loan monitoring system to help support
                   its oversight of increased lender responsibility for servicing loans. Funds
                   to develop the loan monitoring system were requested in the President’s
                   fiscal year 1998 budget request.

                   At your request, we reviewed (1) the status of SBA’s development and
                   implementation of the risk management database, (2) whether SBA has
                   established adequate processes and controls to ensure that the database
                   will contain complete and accurate loan data, and (3) whether SBA has
                   performed the planning steps needed to serve as a basis for funding the
                   development phase of the proposed loan monitoring system. To address
                   these issues, we conducted work at SBA’s headquarters in Washington,
                   D.C., and at the offices of an SBA contractor in New York, New York. We
                   conducted our work between March and May 1997, in accordance with
                   generally accepted government auditing standards. Details of our
                   objectives, scope, and methodology are presented in appendix I.


                   At the time of our review, SBA had completed development of a database
Results in Brief   structure and taken action to capture data and establish reporting
                   capabilities to comply with the requirements of the Small Business
                   Programs Improvement Act of 1996. SBA officials expect that the system
                   will be capturing the required data and that the reporting capabilities will
                   be developed before the June 30, 1997, deadline mandated by the act.

                   While SBA expects the system to be operational on time, it has not yet
                   established and implemented the controls needed to ensure that the risk
                   management database contains timely and accurate data which are also
                   required by the act. At this time, the database has missing or incorrect data
                   for about half the guaranteed loans because SBA has not yet effectively




                   Page 1                               GAO/AIMD-97-94 Small Business Administration
             B-276775




             implemented controls over lender reporting. SBA also has not yet
             established controls to identify missing or incorrect underwriting
             characteristics data on defaulted loans. Until it implements effective
             controls, SBA has no means of ensuring that the risk management database
             will be sufficiently timely and accurate for program management and
             decision-making purposes.

             Finally, SBA has not yet performed essential planning needed to serve as a
             basis for funding the development of the proposed loan monitoring
             system. To implement the information systems investment requirements of
             the Clinger-Cohen Act of 1996,1 the Office of Management and Budget
             (OMB) established criteria that major information systems investments
             should meet for funding in the fiscal year 1998 budget. SBA has not
             performed the planning needed to demonstrate that the loan monitoring
             system will meet three of the eight criteria, such as simplifying or
             redesigning work processes and demonstrating a positive return on
             investment. Without performing essential planning, SBA increases the risk
             that the loan monitoring system will not effectively meet the agency’s
             goals or provide the best return on investment.


             As part of its programs to expand access to capital and assist
Background   disadvantaged small businesses, SBA guarantees loans to small businesses
             that are unable to obtain financing under reasonable terms and conditions
             through normal business channels. It also makes physical disaster loans to
             small business and individual victims of natural disasters, and economic
             injury loans to small business victims of natural disasters. As of
             February 28, 1997, SBA reported having over $28 billion in loan guarantees
             and about $7 billion in direct loans outstanding.

             The Small Business Programs Improvement Act of 1996 required SBA to
             establish a risk management database that would provide timely and
             accurate information to identify loan underwriting, collections, recovery,
             and liquidation problems. The database would include data on guaranteed
             business loans and direct disaster loans. The 1996 act required SBA to start
             capturing data in the risk management database in January 1997, and have
             the system fully operational by June 30, 1997.




             1
              The Clinger-Cohen Act of 1996 provides an analytical framework for making information system
             investment decisions and managing information system development based on best industry practices.



             Page 2                                         GAO/AIMD-97-94 Small Business Administration
                        B-276775




                        SBA’s guaranteed loans are made and serviced by lenders who collect
                        payments and, in some cases, liquidate defaulted loans.2 Each lender is
                        required to send to SBA’s fiscal and transfer agent3 (1) a monthly report on
                        the status of the loans, including information on loan collections,
                        deferrals, and delinquencies and (2) loan guarantee fees that are due to
                        SBA. The fiscal and transfer agent processes the reports and remittances
                        and transmits a data file to SBA for its accounting and information systems,
                        including the new risk management database. Disaster loans are made and
                        serviced by SBA, and the accounting records for these loans are the source
                        of data for the risk management database.

                        In its fiscal year 1998 budget request, SBA presented plans for increased
                        reliance on lenders to service and liquidate defaulted small business loans.
                        To provide effective monitoring of the lenders’ activities, SBA plans to hire
                        personnel with expertise in lender oversight, establish financial
                        performance goals for private-sector partners, create a database for
                        tracking lender and portfolio performance, and develop a new loan
                        monitoring system to provide timely and accurate information to agency
                        management. SBA requested $18 million to improve portfolio management,
                        including about $9.5 million to develop the information system
                        improvements.


                        SBA has developed a database structure, made provisions for collecting
SBA Has Developed a     data, and begun entering data required by the Small Business Programs
Database Structure      Improvement Act of 1996. At the time the act was passed, SBA had a
and Started Capturing   database called the Electronic Loan Input Processing System (ELIPS) that
                        contained most of the required data elements. This included data to
Required Data           identify the borrower, lender, location, loan program, and loan status. To
                        respond to the requirements of the act, SBA decided to expand the ELIPS
                        database structure to include the required loan delinquency and
                        underwriting characteristics data.

                        As of May 1997, SBA was capturing loan status data in the risk management
                        database as required by the act and had recently issued instructions to
                        field offices for the collection of underwriting characteristics data.
                        Although the act required SBA to start capturing data in January 1997,


                        2
                         SBA requires some lenders to liquidate defaulted guaranteed loans on its behalf, while SBA itself
                        performs the liquidations on other defaulted loans.
                        3
                         SBA’s fiscal and transfer agent is a contractor who is responsible for reconciling guarantee fee
                        remittances from lenders to reported amounts, verifying that lenders remit the correct fees, and
                        transferring the fees to SBA.



                        Page 3                                            GAO/AIMD-97-94 Small Business Administration
                     B-276775




                     issuance of instructions for collecting the underwriting characteristics
                     data was delayed due to the lack of standards for calculating some of the
                     required ratios and because reaching a consensus on the calculations took
                     longer than expected. SBA does not expect the delay to affect the planned
                     operational date. According to the SBA official responsible for these
                     operations, field staff will have sufficient time to collect and enter the
                     required data in time for the database to be fully operational by June 30,
                     1997.

                     SBA developed a task order for a contractor to determine reporting
                     requirements for the database and develop software applications to
                     produce the reports, but had not issued the task order at the time of our
                     review. Although SBA was a few weeks behind its original schedule for
                     issuing the task order, SBA officials responsible for the risk management
                     database stated that they expect the work to be completed and the system
                     to be fully operational by the June 30, 1997, deadline.


                     SBA has not yet implemented effective controls to ensure that the risk
Controls Needed to   management database contains timely and accurate data as required by
Ensure Data          the Small Business Programs Improvement Act of 1996. Until such
Reliability          controls are implemented, SBA will not be able to rely on any analyses or
                     reports produced from the database.

                     SBA is capturing data from multiple sources for the risk management
                     database—disaster loan status information from files maintained by the
                     SBA field office that services the loans, guaranteed loan status information
                     provided by lenders through SBA’s fiscal and transfer agent, underwriting
                     characteristics data collected by field staff from SBA’s loan files, monthly
                     loan transactional data, and historical data from existing program and
                     accounting databases. SBA officials told us they are confident that they
                     have complete and accurate status information for the disaster loans;
                     however, they acknowledged quality problems with the data reported by
                     lenders. The quality of status data reported by lenders is important to the
                     overall reliability of the database because guaranteed loans account for
                     about 80 percent of the dollar value of all loans to be included in the risk
                     management database.

                     According to SBA’s records, during the first 3 months of 1997, lenders
                     reported complete and accurate loan status data for only about 50 percent
                     of the guaranteed loans. Officials of SBA’s fiscal and transfer agent told us
                     that some of the initial data problems occurred because (1) many lenders



                     Page 4                               GAO/AIMD-97-94 Small Business Administration
B-276775




were not notified of the new reporting requirements due to wrong mailing
addresses in SBA’s records or (2) lenders misunderstood the reporting
requirements. The officials also told us that the chance of data errors
would be significantly reduced if lenders submitted data in digital
form—files submitted using diskettes or electronic data transfers—rather
than paper documents. About 75 percent of the loans are reported by
lenders using paper documents.

To reduce data quality problems, the fiscal and transfer agent established
controls to help identify incomplete and inaccurate data from lenders.
These controls include (1) edit checks to identify invalid data, such as
missing data in required data fields or invalid status codes and
(2) comparisons of loans reported by lenders with SBA’s records to identify
unreported loans. If the controls identify inaccurate or missing loan data,
the fiscal and transfer agent sends a notice to the lender requesting the
needed data. Officials of the SBA fiscal and transfer agent told us that these
controls have helped reduce unreported loans from 43 percent (79,000) in
January 1997 to 29 percent (54,000) in March 1997 out of the total SBA
guaranteed loans. Similarly, we were advised that errors for reported loans
decreased from about 27,000 to about 24,500 during the same period.

For underwriting characteristics data collected by its field offices, SBA has
developed edit checks to alert staff when they are entering invalid data or
not entering all required data for individual loans. However, SBA has not
established any controls to alert managers when data on defaulted loans
are not entered or incomplete data are entered into the database. SBA’s
Chief Financial Officer agreed that the addition of these controls would
serve to increase the reliability and integrity of the data, and agreed to
look into establishing controls for their database.

The lack of effective controls may be attributed, at least in part, to SBA not
developing data quality standards.4 Because SBA had to develop the
database within a few months and most of the data needed were already
captured in existing systems, SBA narrowly focused its system
development activities to begin with the development phase. Therefore,
SBA did not perform many steps normally completed in the definition



4
 The need for developing data standards, also referred to as data requirements, has been specified in
federal guidance, such as Federal Information Processing Standards Publication 38, for many years.
The definition of data requirements, as part of the data stewardship function, is also specified by the
Framework for Federal Financial Management Systems issued by the Joint Financial Management
Improvement Program in January 1995. One of the objectives of data stewardship is to provide
accurate, complete, timely, and reliable information. The framework establishes the requirements for
all federal financial systems and specifically covers guaranteed loan system requirements.



Page 5                                            GAO/AIMD-97-94 Small Business Administration
                     B-276775




                     phase of a project, including the development of data quality standards.5
                     Such standards define the timeliness, validity, accuracy, and availability
                     required for the intended system users to rely on the data for program
                     management and decision-making purposes. The standards also serve as a
                     basis for establishing adequate controls for data collection and processing.
                     Without data standards and implementation of effective controls to meet
                     the standards, SBA can not ensure that data in the risk management
                     database are sufficiently timely and accurate for the system’s intended
                     purpose.


                     SBA has not yet performed the essential planning needed to serve as a basis
Essential Planning   for funding the development phase of the proposed loan monitoring
Not Performed for    system. SBA has not conducted any benchmarking studies, defined system
Loan Monitoring      requirements, identified alternatives, or prepared benefit/cost or
                     return-on-investment analyses on the alternatives. Because SBA has
System               performed limited planning, this proposed information system investment
                     does not meet the OMB criteria for funding in fiscal year 1998.

                     SBA officials told us that, although this project was in the early conceptual
                     phase when the fiscal year 1998 budget request was submitted, funds were
                     requested because SBA needed to move quickly to develop a system to
                     meet increasing responsibilities for lender monitoring. In addition to SBA’s
                     plans to increase use of lenders for servicing and liquidating loans, the
                     Small Business Programs Improvement Act of 1996 gave lenders increased
                     authority to service and liquidate loans without prior SBA approval. With
                     this increased reliance on lenders and the need to monitor their activities,
                     SBA requested funds to develop a system even though the planning had not
                     yet been performed to define the system.

                     SBA’s planning for the loan monitoring system does not meet OMB’s criteria
                     for funding information system investments. In implementing the
                     information technology investment requirements of the Clinger-Cohen Act
                     of 1996, OMB specified eight criteria that major information system
                     investments should meet for funding in the fiscal year 1998 budget (see
                     appendix II). Four of the criteria relate to capital planning, one concerns
                     the use of an information architecture to align information technology
                     with mission goals, and three concern risk management. In comparing SBA


                     5
                      The development of an automated information system is a disciplined process with prescribed phases
                     that should be completed. Successful system development normally proceeds through the following
                     phases: (1) system planning and initiation, (2) requirements definition and analysis of alternatives,
                     (3) design and development, (4) programming and testing, and (5) implementation. There are a number
                     of planning activities associated with each phase.



                     Page 6                                          GAO/AIMD-97-94 Small Business Administration
B-276775




planning actions to these criteria, we found that SBA has not performed the
planning or analyses needed to demonstrate that the loan monitoring
system will meet three of the criteria. SBA has not performed the work
needed to (1) simplify or redesign work processes, (2) demonstrate a
positive return on investment, or (3) ensure that the proposed system is
consistent with the agency’s information architecture. Without performing
the planning actions to comply with the Clinger-Cohen Act, SBA increases
the risk that the loan monitoring system will not effectively meet its
mission goals or provide the best return on investment.

Concerning work processes, SBA has not yet analyzed the work processes
associated with lender monitoring or benchmarked them against other
organizations’ work processes to determine whether the processes need to
be simplified or redesigned to improve efficiency and effectiveness.
Subsequent to the budget submission, SBA officials began looking at
processes and systems used by other organizations to monitor lenders’
loan servicing activities. According to an SBA official involved in this effort,
SBA learned that the proposed loan monitoring system project may be
much more complex and costly than initially envisioned. For example,
other organizations studied use various approaches to collect loan
information electronically from lenders, while SBA’s lenders provide loan
information primarily on paper documents—as mentioned earlier, about
75 percent of the time. Nevertheless, SBA has not performed formal
benchmarking studies or analyses of alternatives to serve as a basis for
making system requirements decisions.

Concerning demonstrating a positive return on investment, SBA’s fiscal
year 1998 budget request stated that requiring lenders to service and
liquidate loans, requiring lenders to liquidate business chattel prior to SBA
purchase, and increasing SBA oversight will result in a reduced subsidy rate
for the guaranteed loans and a reduced need for appropriations in fiscal
year 1998 of $44.2 million. However, SBA does not have any studies or
analyses to support this estimate, according to the Deputy Chief Financial
Officer. In addition, SBA views the $18 million requested as the fiscal year
1998 portion of the project, and as the functional and technology
requirements are further defined, remaining costs associated with the
project in fiscal year 1999 and beyond will be known.

Finally, SBA has not yet defined its requirements, analyzed alternatives to
meet the requirements, or completed other actions needed to propose a
specific system that would be consistent with its information architecture.
An SBA official responsible for this system development effort stated that



Page 7                                GAO/AIMD-97-94 Small Business Administration
                      B-276775




                      the agency is in the process of further defining this project and plans to
                      hire a contractor to perform a requirements analysis.


                      SBA has made progress in establishing a risk management database,
Conclusions           collecting the required data, and arranging for reporting capabilities.
                      However, until SBA establishes data quality standards for the database and
                      effectively implements the controls needed to ensure that the data are
                      sufficiently timely and accurate, the database will be unreliable and will
                      not meet the intent of the Small Business Programs Improvement Act of
                      1996.

                      While SBA’s proposal for a loan monitoring system has merit, the agency
                      has not performed the necessary planning mandated by the Clinger-Cohen
                      Act to provide a solid basis to begin developing such a system. Because
                      SBA has not performed the work needed to simplify or redesign work
                      processes, demonstrate a positive return on investment, or ensure that the
                      proposed system is consistent with the agency’s information architecture,
                      it faces increased risk that the development will fall short of expectations
                      and result in a system that does not effectively and efficiently meet its
                      objectives.


                      We recommend that the Administrator of the Small Business
Recommendations       Administration establish data quality standards for the risk management
                      database and implement a system of controls to ensure compliance with
                      the standards. For the proposed loan monitoring system, we recommend
                      that the Administrator not proceed with funding the system development
                      until adequate plans are prepared in accordance with the Clinger-Cohen
                      Act and OMB’s criteria for fiscal year 1998 information technology
                      investments. Further, in developing the plans, we recommend that the
                      Administrator

                  •   benchmark loan monitoring business processes and systems against
                      comparable processes used by other organizations and, if appropriate,
                      simplify or redesign work processes;
                  •   analyze the benefits and costs of the alternatives and use these to
                      demonstrate that the project will have a positive return-on-investment; and
                  •   ensure that the proposed information system is consistent with the
                      agency’s information architecture.




                      Page 8                               GAO/AIMD-97-94 Small Business Administration
                     B-276775




                     SBA’s comments and our evaluation are summarized below, and the
Agency Comments      comments are reprinted in appendix III. SBA was concerned about our
and Our Evaluation   findings and conclusions and suggested that the report be revised
                     significantly. We disagree and have not substantially revised our report.

                     Concerning the status of the development and implementation of the risk
                     management database, SBA asserted that it has taken reasonable and
                     prudent actions to meet the deadline for the congressionally mandated
                     project. SBA said our use of the Clinger-Cohen Act as a benchmark for
                     evaluating the project is not justified since the act does not address
                     congressionally mandated projects, especially those with extremely
                     challenging deadlines.

                     Although we did not use the Clinger-Cohen Act in our discussion of SBA’s
                     efforts to develop the risk management database because its development
                     was substantially completed, it does apply to all information system
                     projects whether or not they are congressionally mandated. Our report
                     focuses on a factual analysis of the status of SBA’s efforts to develop the
                     risk management database in order to meet the requirements of the Small
                     Business Programs Improvement Act of 1996.

                     SBA stated that the congressional deadline to complete the risk
                     management database precluded its ability to undertake a proper level of
                     system analysis, including establishment of data accuracy and reliability
                     standards. SBA said it decided to rely principally on loan data maintained in
                     existing agency databases, supplemented by limited underwriting data to
                     be captured by its field offices. The agency provided some information on
                     its efforts to capture data over the past year, and said it believes its actions
                     to use the fiscal and transfer agent will result in accurate and timely data
                     being input into the risk management database. SBA also noted that it plans
                     to enhance the quality of the data and identify other ways that the data can
                     be used to assess the portfolio risk. With regard to our recommendation to
                     establish data quality standards and implement a system of controls to
                     ensure compliance with the standards, SBA’s Chief Financial Officer agreed
                     that controls would serve to increase the reliability and integrity of the
                     data and agreed to look into establishing controls for the risk management
                     database.

                     Concerning whether SBA has performed the planning needed to serve as
                     the basis for funding the development of the proposed loan monitoring
                     system, SBA said the Clinger-Cohen Act was passed late last year and
                     imposes many new requirements on agencies as they plan for future



                     Page 9                                GAO/AIMD-97-94 Small Business Administration
B-276775




technology investments. SBA asserted that it is aggressively implementing
the Clinger-Cohen Act, but believes it is premature to apply the standards
of the act so strictly considering its recent enactment and evolving
implementation. Also in this regard, SBA disagreed with our
recommendation that the Administrator not proceed with funding the
system development until adequate plans are prepared in accordance with
the Clinger-Cohen Act and OMB’s criteria for fiscal year 1998 information
technology investments.

We disagree with SBA’s contention that it is premature to apply the
Clinger-Cohen Act. The requirements of the act were well known before
SBA submitted its fiscal year 1998 budget request. The act was signed into
law over a year ago on February 10, 1996, and became effective on
August 8, 1996. We believe that SBA should be complying with the act so
that it effectively manages its information technology investments. In
addition, many of the rudimentary planning actions necessary for effective
system development efforts—such as adequately defining systems
requirements, analyzing alternative ways of meeting requirements
including alternative system designs, and analyzing the benefits and costs
of the alternatives—have been required for many years by OMB circulars
(particularly A-130 and A-11), Federal Information Resources Management
Regulations, Federal Information Processing Standards, and other federal
guidance.

As to SBA’s disagreement with our recommendation, we believe that it is
imperative that SBA perform the essential planning before funding the
development phase because this system will directly support SBA’s mission
activities related to monitoring lenders’ servicing of billions of dollars of
guaranteed loans. The Clinger-Cohen Act established requirements aimed
at increasing the assurance that investments in information technology
help agencies meet their mission goals and provide the best return on
investment. In this regard, SBA has not performed the work needed to
(1) simplify or redesign work processes that this system will support,
(2) demonstrate a positive return on investment, or (3) ensure that the
proposed system is consistent with the agency’s information architecture.
As a result, it faces increased risk that the development will fall short of
expectations and result in a system that does not effectively and efficiently
meet its objectives. We believe that the $9.5 million information system
investment planned for fiscal year 1998, considered by SBA to be the initial
portion of a yet to be determined total investment, to be a substantial sum
that should be committed to developing the system only after the




Page 10                              GAO/AIMD-97-94 Small Business Administration
B-276775




necessary planning is completed and the project is shown to be a prudent
use of funds.

SBA said that we made no reference to the planning effort each year to
produce a 5-year information technology plan. According to SBA, this plan
documents its overall information technology strategy and details the
specific developmental efforts planned for the upcoming years. As part of
our work, we reviewed SBA’s latest 5-year information technology plan. We
note that the proposed loan monitoring system is not discussed in the
latest plan, and therefore, there is no need to discuss the plan in our
report.


We are sending copies of this report to the Ranking Minority Member of
the Committee on Small Business; other interested congressional
committees; the Administrator, Small Business Administration; the
Director, Office of Management and Budget; and other interested parties.
Copies will also be made available to others upon request.

I can be reached at (202) 512-6408 or by e-mail at
willemssenj.aimd@gao.gov, if you or your staff have any questions. Major
contributors to this report are listed in appendix IV.

Sincerely yours,




Joel C. Willemssen
Director, Information Resources Management




Page 11                            GAO/AIMD-97-94 Small Business Administration
Contents



Letter                                                                                             1


Appendix I                                                                                        14

Objectives, Scope,
and Methodology
Appendix II                                                                                       16

OMB Criteria for
Funding Information
Systems
Appendix III                                                                                      19

Comments From the
Small Business
Administration
Appendix IV                                                                                       22

Major Contributors to
This Report




                        Abbreviations

                        ELIPS     Electronic Loan Input Processing System
                        OMB       Office of Management and Budget
                        SBA       Small Business Administration


                        Page 12                          GAO/AIMD-97-94 Small Business Administration
Page 13   GAO/AIMD-97-94 Small Business Administration
Appendix I

Objectives, Scope, and Methodology


              As requested by the Chairman of the Senate Committee on Small Business,
              our objectives were to review (1) the status of SBA’s development and
              implementation of its risk management database, (2) whether SBA has
              established adequate processes and controls to ensure that the risk
              management database will contain complete and accurate loan data, and
              (3) whether SBA has performed the planning steps needed to serve as a
              basis for funding the development phase of the proposed loan monitoring
              system.

              To ascertain the status of SBA’s development and implementation of its risk
              management database, we compared the database structure developed by
              SBA to the requirements of the Small Business Programs Improvement Act
              of 1996, interviewed SBA officials, and reviewed project documentation. To
              determine whether SBA had established adequate processes and controls to
              ensure that the risk management database will contain complete and
              accurate loan data as required by the act, we identified the processes and
              controls used to ensure that complete and accurate data are obtained and
              recorded from lenders and SBA field offices on the status of loans. We
              analyzed the processes and controls using the requirements specified in
              the Federal Information Processing Standards Publication 38 and the
              Framework for Federal Financial Management Systems issued by the Joint
              Financial Management Improvement Program in January 1995. We also
              reviewed summary records concerning reporting errors and missing data
              and reviewed reports showing the results of tests of software applications
              used to capture and enter data into the risk management database. SBA has
              a separate system from the risk management database that is used to meet
              the requirements of the Credit Reform Act. We did not examine that
              system or the accuracy of data in the system as part of our review.

              To determine whether SBA has performed the planning steps needed to
              serve as a basis for funding the development phase of the proposed loan
              monitoring system, we interviewed SBA officials and reviewed
              documentation on the actions taken by SBA to develop the proposal for the
              system. We compared these actions to the criteria required by the Office of
              Management and Budget for information technology projects contained in
              the fiscal year 1998 budget request.

              We conducted our work at SBA headquarters in Washington, D.C., and at
              offices of SBA’s fiscal and transfer agent in New York, New York. We
              performed our work between March 1997 and May 1997, in accordance
              with generally accepted government auditing standards.




              Page 14                             GAO/AIMD-97-94 Small Business Administration
Appendix I
Objectives, Scope, and Methodology




SBA provided written comments on a draft of this report. These comments
are presented and evaluated in our report and are reproduced in appendix
III.




Page 15                              GAO/AIMD-97-94 Small Business Administration
Appendix II

OMB Criteria for Funding Information
Systems




              Page 16       GAO/AIMD-97-94 Small Business Administration
Appendix II
OMB Criteria for Funding Information
Systems




Page 17                                GAO/AIMD-97-94 Small Business Administration
Appendix II
OMB Criteria for Funding Information
Systems




Page 18                                GAO/AIMD-97-94 Small Business Administration
Appendix III

Comments From the Small Business
Administration




               Page 19    GAO/AIMD-97-94 Small Business Administration
Appendix III
Comments From the Small Business
Administration




Page 20                            GAO/AIMD-97-94 Small Business Administration
Appendix III
Comments From the Small Business
Administration




Page 21                            GAO/AIMD-97-94 Small Business Administration
Appendix IV

Major Contributors to This Report


                       David G. Gill, Assistant Director
Accounting and         Mirko J. Dolak, Technical Asistant Director
Information            James R. Hamilton, Evaluator-In-Charge
Management Division,
Washington, D.C.




(511421)               Page 22                            GAO/AIMD-97-94 Small Business Administration
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 6015
Gaithersburg, MD 20884-6015

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (301) 258-4066, or TDD (301) 413-0006.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov




PRINTED ON    RECYCLED PAPER
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested