An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Risk Assessment of the Utah Office for Victims of Crime Subrecipient Monitoring Activities for the Office of Justice Programs Victim Assistance Grants, Salt Lake City, Utah
Over the last 5 years, the U.S. Small Business Administration’s (SBA) has been unable to pass a financial audit, receiving disclaimers of opinion year after year. The independent public auditor has been unable to offer an opinion on the financial state of SBA because it has not received sufficient evidence to support a number of balances. We reviewed SBA’s history of disclaimers and material weaknesses from fiscal years 2020 to 2024, open recommendations, and SBA’s new strategy for addressing material weaknesses and obtaining a clean audit opinion.
SBA’s accounting deficiencies were primarily related to administering an unprecedented amount of disaster assistance aid and guaranteed loan funds to help eligible small business owners and entrepreneurs adversely affected by the pandemic. Over the course of 18 months, the agency delivered 22.1 million pandemic assistance loans and grants, totaling $1.2 trillion. To address the systemic financial reporting deficiencies, SBA launched its Financial Statement Audit Remediation Strategy in January 2025 to resolve the seven material weaknesses and 56 open audit recommendations.
We made four recommendations to enhance implementation of SBA’s financial statements remediation strategy. We recommended the Administrator appoint a senior executive to lead the effort and emphasize audit remediation priorities through consistent agencywide communication. We also recommended that the remediation strategy be incorporated into SBA’s next strategic plan and individual performance plans to ensure accountability. SBA management agreed with all four recommendations.
The DoD and Department of State OIG Joint Audit of U.S. Assistance Provided in Support of Ukraine Through the Foreign Military Financing Program (Full Report is CUI)
This report presents a review of the U.S. Postal Regulatory Commission’s (PRC) information security program and practices for fiscal year (FY) 2025. The Federal Information Security Modernization Act, amended in 2014 (FISMA) requires agencies to develop, implement, and document agencywide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget.
In September 2025, the OIG issued a special report on the Peace Corps’ Information Technology environment. OIG contracted with technical subject matter experts to conduct three cybersecurity tests from January 2025 to March 2025. The three tests included a simulated phishing campaign, a review of the agency’s internal vulnerability management practices, and penetration tests that targeted critical Peace Corps systems.
While observing the agency’s security processes throughout the assessment, OIG found that the Peace Corps’ monitoring capabilities were able to identify the testing activities and demonstrate its incident response procedures. However, the cybersecurity tests also uncovered multiple vulnerabilities and misconfigurations, ranging from informational issues to critical severity risks that the Peace Corps needs to review and address.
