KPMG Management Letter Communicating Matters Relative to SBA's FY 2018 Financial Statement Audit

We contracted with the independent certified public accounting firm KPMG LLP (KPMG) to audit the U.S. Small Business Administration’s (SBA’s) consolidated financial statements for fiscal year 2018, ending September 30, 2018. The audit was performed in accordance with generally accepted government auditing standards; the Office of Management and Budget’s Bulletin No. 19‑01, Audit Requirements for Federal Financial Statements; the U.S. Government Accountability Office (GAO)/President’s Council on Integrity and Efficiency Financial Audit Manual; and GAO’s Federal Information System Controls Audit Manual.

The attached management letter represents matters that were identified during the audit. Specifically, KPMG reported that SBA did not

• properly configure the password application layer for an information technology resource, and
• comply with the requirements of the Debt Collection Improvement Act of 1996, as amended.

KPMG addressed recommendations to the Chief Information Officer and the Associate Administrator for Capital Access. We provided a draft of KPMG’s finding to these officials or their designees, who fully concurred with the findings. The officials or designees agreed or have already taken action to address the underlying conditions.