Why it Matters

The Small Business Administration, the federal agency tasked with supporting America's entrepreneurs and small business owners, is falling behind on critical operational improvements. A Government Accountability Office report released this month identifies 14 open SBA priority recommendations that remain unimplemented, leaving significant gaps in fraud prevention, cybersecurity, and IT management at an agency that oversees billions in federal lending and disaster relief programs.

The SBA administers loans, grants, and pandemic-related assistance programs that directly affect small business owners across the country. When the agency fails to implement GAO recommendations on fraud oversight and cybersecurity, taxpayers and legitimate small business borrowers bear the cost. Unaddressed vulnerabilities in these systems create opportunities for fraud, waste, and abuse.

Backlog of Compliance Requirements

In May 2025, the GAO identified 17 priority recommendations for the Small Business Administration. Over the past year, the agency has implemented only 3 of them. As of June, 14 priority recommendations remain open and unimplemented, according to the GAO report released publicly on June 15. GAO priority recommendations represent issues the agency itself has acknowledged as significant problems requiring urgent attention. The fact that the SBA has closed only 18 percent of these recommendations in the span of a year suggests either resource constraints, organizational resistance, or both.

Fraud and Cybersecurity Vulnerabilities

Two areas dominate the open SBA priority recommendations. The GAO identified improving oversight of COVID-19 pandemic programs as a priority area to help SBA strategically manage program fraud risks. It also emphasized addressing cybersecurity and IT management challenges as a priority area.

COVID-19 relief programs, including Paycheck Protection Program loans and Economic Injury Disaster Loans, became notorious for fraud. Billions in fraudulent claims have been prosecuted or remain under investigation years after the programs expired. Similarly, cybersecurity lapses at federal agencies have become a national security concern. Breaches affecting Social Security numbers, financial records, and other sensitive data have exposed millions of Americans.

GAO Priority Recommendations

Notably, the SBA report is not mandated by a specific congressional requester, committee, or legislation. The GAO report highlights and urges implementation of previously issued recommendations rather than issuing new ones. The full text of each individual recommendation is contained in a 4-page report that references the original GAO reports in which those recommendations were first made.

SBA Management Challenges

The slow implementation rate raises questions about the SBA's organizational capacity and leadership priorities. Whether the agency lacks resources, faces internal resistance to change, or simply has not made these recommendations an urgent priority is not clear from the report.

What Comes Next

The GAO report serves as a public record of the SBA's progress, or lack thereof. Congress can use these findings to pressure the SBA for faster implementation, to demand explanations for delays, or to condition future appropriations on progress.

Access the Legis1 platform for comprehensive political news, data, and insights.

Spot something wrong? Report an issue with this article