Lawmaker looks to improve SBA’s IT modernization after critical GAO review

A leading House Democrat has introduced legislation that would require the Small Business Administration to improve its IT modernization projects after a watchdog report criticized its handling of a new federal contracting assistance system. 

The bill from Rep. Nydia Velázquez, D-N.Y. — ranking member of the House Small Business Committee — was introduced on Wednesday after a report from the Government Accountability Office flagged the agency’s challenges in developing a platform to help small businesses apply for and maintain certifications for SBA’s contracting programs. 

GAO’s assessment, which was published Nov. 6 but was not publicly released until Wednesday, reviewed SBA’s efforts to develop a Unified Certification Platform, or UCP. The watchdog said the modernization effort was initiated by SBA in 2023 “to help address shortcomings with the systems supporting the certification of small businesses for its contracting assistance programs.”

SBA said the goal of the project was to create a streamlined IT platform to improve management of its 8(a), HUBZone, VetCert and WOSB programs. The agency launched the UCP system on Oct. 18, but GAO said “work remains to develop additional, more complex functionality, secure the system and migrate data.”

GAO’s report made 14 recommendations to SBA, which included calling for the agency to address broader deficiencies in its oversight of IT modernization projects. These included recommending that SBA’s chief information officer establish policies and procedures around risk mitigation efforts and require stricter oversight of strategic planning efforts. 

In a statement to Nextgov/FCW, Velázquez — who initiated the watchdog’s review of SBA’s UCP modernization effort — said her bill would require the agency “to prioritize and address the gaps identified by GAO and help improve the SBA systems that America’s small businesses depend on.”

Velázquez’s proposal would mandate that SBA submit a plan to the House and Senate Small Business committees within 180 days of the bill’s passage detailing the actions it plans to take “to establish and implement policies and procedures to govern information technology modernization projects.”

The legislation outlines 11 areas that align with GAO’s recommendations for how the agency can improve its management of IT modernization projects. These include requiring SBA to define risk parameters, maintain risk management strategies and ensure that any IT acquisition plan and any strategic plan “contains information needed to manage cyber risks.”

“The SBA’s move toward a unified platform for all small business certifications is a welcome step that will improve the experience of and outcomes for small businesses participating in federal contracting programs,” Velázquez said. “Unfortunately, GAO has highlighted that SBA does not have consistent or sufficient risk management policies in place to oversee the development of major IT projects.”