SBA IT Modernization Reporting Act

This bill tells the Small Business Administration (SBA) to fix problems in its tech systems based on a November 2024 Government Accountability Office (GAO) report about risks in a newly launched system. The SBA must create a clear plan to manage tech projects better. That plan must spell out how the agency finds risks early, ranks them, and connects each risk to a concrete fix. It also requires adding cyber risk info to project plans, having security experts help pick contractors, and following GAO best-practice guides for project schedules and cost estimates.

The SBA has 180 days after the law takes effect to send Congress an implementation plan and then must give a briefing 30 days later. For the public, the goal is safer, more reliable SBA websites and tools that small businesses use to apply for help and manage programs.

Key points

• Who is affected: The SBA and, indirectly, small businesses that use SBA online services.
• What changes: Stronger risk tracking, clear risk priorities, fixes tied to each risk, cyber risk info in plans, security experts in contractor choices, and GAO-based schedule and cost methods.
• When: Plan due 180 days after enactment; briefing due 30 days after the plan is submitted.