Independent Auditors’ Report on SBA’s Fiscal Year 2024 Financial Statements

View Report

Title Full

This report presents the findings of an Independent Auditors’ Audit of SBA’s Fiscal Year 2024 Financial Statements.

Date Issued

Friday, November 15, 2024

Submitting OIG

Small Business Administration OIG

Agencies Reviewed/Investigated

Small Business Administration

Report Number

25-05

Report Description

The U.S. Small Business Administration (SBA) Office of Inspector General (OIG) contracted with the independent certified public accounting firm KPMG LLP to conduct an audit of SBA’s consolidated balance sheets as of September 30, 2024 and 2023 and the related notes to these statements. Our contract with KPMG required that the audit be performed in accordance with auditing standards generally accepted in the United States of America, Government Auditing Standards issued by the Comptroller General of the United States, and Office of Management and Budget (OMB) Bulletin No. 24-02, Audit Requirements for Federal Financial Statements.

In the audit, KPMG reported significant matters for which they were unable to obtain sufficient and appropriate audit evidence to provide a basis for an audit opinion on SBA’s balance sheet as of September 30, 2024. Accordingly, KPMG issued a disclaimer of opinion on the consolidated balance sheets as of September 30, 2024 and 2023.

The basis for the disclaimer was that due to inadequate processes and controls, SBA was unable to provide adequate evidential matter in support of a significant number of transactions and account balances related to the Paycheck Protection Program, Economic Injury Disaster Loan program, Restaurant Revitalization Fund, and the Shuttered Venue Operators Grant program.

As a result, KPMG was unable to determine whether any adjustments might have been necessary with respect to the following:

Credit program receivables and related foreclosed property,
Other than intragovernmental accounts receivable,
Downward re-estimate payable to Treasury, and
Loan Guarantee Liabilities and the related notes.

For the period that ended September 30, 2024, KPMG identified seven material weaknesses and two significant deficiencies in internal control over financial reporting. Appendixes I and II of this report describe details of KPMG’s conclusions about the material weaknesses and significant deficiencies. Appendix III describes instances of noncompliance with applicable laws or other matters required to be reported under Government Auditing Standards or OMB Bulletin No. 24-02.

We provided a draft of the KPMG report to SBA’s Chief Financial Officer, who concurred with its findings and recommendations and agreed to implement the recommendations. The Chief Financial Officer stated that SBA has undergone tremendous effort to strengthen internal controls, policies, and procedures and will continue remediation efforts in the coming audit year.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 22 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	Yes	$0	$0
Perform and update the program’s internal control risk assessment to identify and respond to changes to risks that may require updates to the design and implementation of effective monitoring controls over the review of the COVID-19 EIDLs portfolio.
2	Yes	$0	$0
Design and implement sufficient controls to identify COVID-19 EIDLs disbursed to ineligible recipients and implement an effective funds recovery plan to ensure COVID-19 EIDLs funds disbursed to ineligible recipients are recovered and reported accurately and in a timely manner. The plan should include an effective process to provide the information necessary to the Office of Planning, Performance, and the Chief Financial Officer to record any required accounting adjustments for accurate and timely financial reporting.
3	Yes	$0	$0
Identify all COVID-19 EIDLs with an incorrect status. Research and update the status of the identified COVID-19 EIDLs within the applicable systems of record for loan accounting.
4	Yes	$0	$0
Review and update the design, implementation, and operating effectiveness of controls over information technology program changes within the applicable systems of record for loan accounting to ensure changes are appropriate and function as intended.
5	Yes	$0	$0
Update existing process and controls documentation over the servicing and review of COVID19 EIDLs to ensure they are relevant, reliable, and based on implemented policies and procedures. Perform a regular review of implemented processes and controls to ensure they are in line with documented policies and procedures.
7	Yes	$0	$0
Design, implement, and document an effective PPP forgiveness review process for loan guarantees that were forgiven that addresses both the eligibility and the accuracy of the loan approval and forgiveness amounts.
8	Yes	$0	$0
Design and implement an effective funds recovery plan to ensure PPP funds disbursed on behalf of ineligible recipients are recovered and reported accurately in a timely manner. The plan should include an effective process to provide the information necessary to the Office of Performance, Planning, and the Chief Financial Officer to record any required accounting adjustments.
15	Yes	$0	$0
Design and implement effective follow-up procedures for RRF award recipients that are not complying with the program’s terms and to ensure complete, accurate, and timely reporting for the use of the award.
16	Yes	$0	$0
Design and implement an effective funds recovery plan and controls to ensure RRF awards disbursed to ineligible recipients or spent on ineligible expenses are recovered and reported accurately and in a timely manner. In conjunction with the Office of Planning, Performance, and the Chief Financial Officer, design and implement an effective process to provide the information necessary to record any required accounting adjustments.
18	Yes	$0	$0
Design and implement effective follow-up procedures for SVOG award recipients that are not complying with the program’s terms and to ensure complete, accurate, and timely reporting for the use of the award.
19	Yes	$0	$0
Design and implement an effective funds recovery plan and controls to ensure SVOG awards disbursed to ineligible recipients or spent on ineligible expenses are recovered and reported accurately and in a timely manner. In conjunction with the Office of Planning, Performance, and the Chief Financial Officer, design and implement an effective process to provide the information necessary to record any required accounting adjustments.
22	Yes	$0	$0
Design and implement effective controls and communication processes to timely obtain the information necessary from program offices to record any required accounting adjustments for programs created or expanded by the CARES Act and related legislation.
23	Yes	$0	$0
Continue implementing review controls in collaboration with relevant program offices for the PPP and COVID-19 EIDLs portfolios to accumulate relevant, complete, and accurate data on which to base the subsidy reestimate.
31	Yes	$0	$0
In conjunction with the Office of the Chief Financial Officer, review and evaluate the completed internal control risk assessments for programs that have a material impact on the financial statements at a process level. Develop a plan to respond in a timely manner, including the consideration of whether entity level controls, manual controls, general information technology controls, and system application controls are designed, implemented, and are operating at a sufficient precision level in accordance with management’s materiality threshold and will be sufficient for financial reporting purposes.
32	Yes	$0	$0
Design, implement, and monitor the operating effectiveness of key controls that respond to significant risks of material misstatements and compliance with relevant laws and regulations.
50	Yes	$0	$0
Perform a regular review and risk assessment of the implemented policies to ensure they are responding to relevant risks of noncompliance for the current fiscal year.
51	Yes	$0	$0
Design, implement, and document appropriate monitoring controls to address compliance with DCIA.
52	Yes	$0	$0
Reevaluate the operational infrastructure and system controls to address relevant risks of noncompliance and ensure that borrowers are notified timely of delinquency, and if applicable, subsequently referred to Treasury timely.
53	Yes	$0	$0
In conjunction with relevant program offices, perform and document a comprehensive internal control evaluation over all programs. This should include entity level controls, manual controls, general information technology controls, and system application controls covering key financial statement line items and risks.
54	Yes	$0	$0
Work with relevant program office management to communicate and respond to control testing results and update corrective action plans to remediate control deficiencies identified.
55	Yes	$0	$0
Update the existing policy and implement adequate controls to ensure that the statement of assurances provided by the program offices are adequately documented and reviewed for completeness and accuracy to provide a sufficient basis to support the Administrator’s statement of assurance.
56	Yes	$0	$0
Address the control deficiencies over transactions arising from the implementation of the CARES Act and related legislation by working with the Office of Capital Access and the Office of Disaster Recovery and Resilience to implement the recommendations in Appendix I – Material Weaknesses.